* [PATCH] percpu_ref: don't refer to ref->data if it isn't allocated
@ 2020-10-09 4:03 Ming Lei
2020-10-09 4:35 ` Eric Biggers
2020-10-09 18:32 ` Jens Axboe
0 siblings, 2 replies; 3+ messages in thread
From: Ming Lei @ 2020-10-09 4:03 UTC (permalink / raw)
To: Jens Axboe; +Cc: linux-block, Ming Lei
We can't check ref->data->confirm_switch directly in __percpu_ref_exit(), since
ref->data may not be allocated in one not-initialized refcount.
Fixes: 2b0d3d3e4fcf ("percpu_ref: reduce memory footprint of percpu_ref in fast path")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
---
lib/percpu-refcount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
index b6350d13538a..e59eda07305e 100644
--- a/lib/percpu-refcount.c
+++ b/lib/percpu-refcount.c
@@ -109,7 +109,7 @@ static void __percpu_ref_exit(struct percpu_ref *ref)
if (percpu_count) {
/* non-NULL confirm_switch indicates switching in progress */
- WARN_ON_ONCE(ref->data->confirm_switch);
+ WARN_ON_ONCE(ref->data && ref->data->confirm_switch);
free_percpu(percpu_count);
ref->percpu_count_ptr = __PERCPU_REF_ATOMIC_DEAD;
}
--
2.25.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] percpu_ref: don't refer to ref->data if it isn't allocated
2020-10-09 4:03 [PATCH] percpu_ref: don't refer to ref->data if it isn't allocated Ming Lei
@ 2020-10-09 4:35 ` Eric Biggers
2020-10-09 18:32 ` Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Eric Biggers @ 2020-10-09 4:35 UTC (permalink / raw)
To: Ming Lei; +Cc: Jens Axboe, linux-block
On Fri, Oct 09, 2020 at 12:03:56PM +0800, Ming Lei wrote:
> We can't check ref->data->confirm_switch directly in __percpu_ref_exit(), since
> ref->data may not be allocated in one not-initialized refcount.
>
> Fixes: 2b0d3d3e4fcf ("percpu_ref: reduce memory footprint of percpu_ref in fast path")
> Signed-off-by: Ming Lei <ming.lei@redhat.com>
Please don't forget:
Reported-by: syzbot+fd15ff734dace9e16437@syzkaller.appspotmail.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] percpu_ref: don't refer to ref->data if it isn't allocated
2020-10-09 4:03 [PATCH] percpu_ref: don't refer to ref->data if it isn't allocated Ming Lei
2020-10-09 4:35 ` Eric Biggers
@ 2020-10-09 18:32 ` Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2020-10-09 18:32 UTC (permalink / raw)
To: Ming Lei; +Cc: linux-block
On 10/8/20 10:03 PM, Ming Lei wrote:
> We can't check ref->data->confirm_switch directly in __percpu_ref_exit(), since
> ref->data may not be allocated in one not-initialized refcount.
Added with reported-by.
--
Jens Axboe
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-10-09 18:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-09 4:03 [PATCH] percpu_ref: don't refer to ref->data if it isn't allocated Ming Lei
2020-10-09 4:35 ` Eric Biggers
2020-10-09 18:32 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).