Re: [PATCH] mm:Avoid soft lockup due to possible attempt of double locking object's lock in __delete_object

From: nick <xerofoify@gmail.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm:Avoid soft lockup due to possible attempt of double locking object's lock in __delete_object
Date: Wed, 31 Aug 2016 09:24:27 -0400	[thread overview]
Message-ID: <e2e8b8fc-3deb-aa23-c54e-43f12dd0a941@gmail.com> (raw)
In-Reply-To: <20160831075421.GA15732@e104818-lin.cambridge.arm.com>


On 2016-08-31 03:54 AM, Catalin Marinas wrote:
> On Tue, Aug 30, 2016 at 02:35:12PM -0400, Nicholas Krause wrote:
>> This fixes a issue in the current locking logic of the function,
>> __delete_object where we are trying to attempt to lock the passed
>> object structure's spinlock again after being previously held
>> elsewhere by the kmemleak code. Fix this by instead of assuming
>> we are the only one contending for the object's lock their are
>> possible other users and create two branches, one where we get
>> the lock when calling spin_trylock_irqsave on the object's lock
>> and the other when the lock is held else where by kmemleak.
> 
> Have you actually got a deadlock that requires this fix?
> 
Yes I have got a deadlock that this does fix.
Nick
>> --- a/mm/kmemleak.c
>> +++ b/mm/kmemleak.c
>> @@ -631,12 +631,19 @@ static void __delete_object(struct kmemleak_object *object)
>>  
>>  	/*
>>  	 * Locking here also ensures that the corresponding memory block
>> -	 * cannot be freed when it is being scanned.
>> +	 * cannot be freed when it is being scanned. Further more the
>> +	 * object's lock may have been previously holded by another holder
>> +	 * in the kmemleak code, therefore attempt to lock the object's lock
>> +	 * before holding it and unlocking it.
>>  	 */
>> -	spin_lock_irqsave(&object->lock, flags);
>> -	object->flags &= ~OBJECT_ALLOCATED;
>> -	spin_unlock_irqrestore(&object->lock, flags);
>> -	put_object(object);
>> +	if (spin_trylock_irqsave(&object->lock, flags)) {
>> +		object->flags &= ~OBJECT_ALLOCATED;
>> +		spin_unlock_irqrestore(&object->lock, flags);
>> +		put_object(object);
>> +	} else {
>> +		object->flags &= ~OBJECT_ALLOCATED;
>> +		put_object(object);
>> +	}
> 
> NAK. This lock here is needed, as described in the comment, to prevent
> an object being freed while it is being scanned. The scan_object()
> function acquires the same lock and checks for OBJECT_ALLOCATED before
> accessing the memory (which could be vmalloc'ed for example, so freeing
> would cause a page fault).
> 

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>