* [PATCH] megaraid: fix use of delayed work
@ 2012-12-04 11:33 Xiaotian Feng
2012-12-04 15:39 ` Tejun Heo
2012-12-04 15:54 ` [PATCH 1/2] megaraid: fix BUG_ON() from incorrect " Tejun Heo
0 siblings, 2 replies; 7+ messages in thread
From: Xiaotian Feng @ 2012-12-04 11:33 UTC (permalink / raw)
To: linux-kernel, tj
Cc: Xiaotian Feng, Xiaotian Feng, Neela Syam Kolli,
James E.J. Bottomley, linux-scsi
megaraid use INIT_WORK to declare a hotplug_work, but cast the hotplug_work
from work_struct to delayed_work and schedule_delayed_work on it. This is
very dangerous, as other part of delayed_work might be kernel memories allocated
by others.
With commit 8852aac, schedule_delayed_work() will check dwork->timer before
queue_work, this will cause megaraid code to hit the BUG_ON in workqueue code.
Change megaraid code to use delayed work.
Signed-off-by: Xiaotian Feng <dannyfeng@tencent.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Neela Syam Kolli <megaraidlinux@lsi.com>
Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
Cc: linux-scsi@vger.kernel.org
---
drivers/scsi/megaraid/megaraid_sas.h | 2 +-
drivers/scsi/megaraid/megaraid_sas_base.c | 14 ++++++--------
2 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h
index 16b7a72..3b2365c 100644
--- a/drivers/scsi/megaraid/megaraid_sas.h
+++ b/drivers/scsi/megaraid/megaraid_sas.h
@@ -1276,7 +1276,7 @@ struct megasas_evt_detail {
} __attribute__ ((packed));
struct megasas_aen_event {
- struct work_struct hotplug_work;
+ struct delayed_work hotplug_work;
struct megasas_instance *instance;
};
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index d2c5366..e4f2baa 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -2060,9 +2060,9 @@ megasas_service_aen(struct megasas_instance *instance, struct megasas_cmd *cmd)
} else {
ev->instance = instance;
instance->ev = ev;
- INIT_WORK(&ev->hotplug_work, megasas_aen_polling);
- schedule_delayed_work(
- (struct delayed_work *)&ev->hotplug_work, 0);
+ INIT_DELAYED_WORK(&ev->hotplug_work,
+ megasas_aen_polling);
+ schedule_delayed_work(&ev->hotplug_work, 0);
}
}
}
@@ -4352,8 +4352,7 @@ megasas_suspend(struct pci_dev *pdev, pm_message_t state)
/* cancel the delayed work if this work still in queue */
if (instance->ev != NULL) {
struct megasas_aen_event *ev = instance->ev;
- cancel_delayed_work_sync(
- (struct delayed_work *)&ev->hotplug_work);
+ cancel_delayed_work_sync(&ev->hotplug_work);
instance->ev = NULL;
}
@@ -4545,8 +4544,7 @@ static void __devexit megasas_detach_one(struct pci_dev *pdev)
/* cancel the delayed work if this work still in queue*/
if (instance->ev != NULL) {
struct megasas_aen_event *ev = instance->ev;
- cancel_delayed_work_sync(
- (struct delayed_work *)&ev->hotplug_work);
+ cancel_delayed_work_sync(&ev->hotplug_work);
instance->ev = NULL;
}
@@ -5190,7 +5188,7 @@ static void
megasas_aen_polling(struct work_struct *work)
{
struct megasas_aen_event *ev =
- container_of(work, struct megasas_aen_event, hotplug_work);
+ container_of(work, struct megasas_aen_event, hotplug_work.work);
struct megasas_instance *instance = ev->instance;
union megasas_evt_class_locale class_locale;
struct Scsi_Host *host;
--
1.7.9.6 (Apple Git-31.1)
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH] megaraid: fix use of delayed work
2012-12-04 11:33 [PATCH] megaraid: fix use of delayed work Xiaotian Feng
@ 2012-12-04 15:39 ` Tejun Heo
2012-12-04 15:57 ` Tejun Heo
2012-12-04 15:54 ` [PATCH 1/2] megaraid: fix BUG_ON() from incorrect " Tejun Heo
1 sibling, 1 reply; 7+ messages in thread
From: Tejun Heo @ 2012-12-04 15:39 UTC (permalink / raw)
To: Xiaotian Feng
Cc: linux-kernel, Xiaotian Feng, Neela Syam Kolli,
James E.J. Bottomley, linux-scsi
On Tue, Dec 04, 2012 at 07:33:54PM +0800, Xiaotian Feng wrote:
> megaraid use INIT_WORK to declare a hotplug_work, but cast the hotplug_work
> from work_struct to delayed_work and schedule_delayed_work on it. This is
> very dangerous, as other part of delayed_work might be kernel memories allocated
> by others.
>
> With commit 8852aac, schedule_delayed_work() will check dwork->timer before
> queue_work, this will cause megaraid code to hit the BUG_ON in workqueue code.
> Change megaraid code to use delayed work.
>
> Signed-off-by: Xiaotian Feng <dannyfeng@tencent.com>
> Cc: Tejun Heo <tj@kernel.org>
> Cc: Neela Syam Kolli <megaraidlinux@lsi.com>
> Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
> Cc: linux-scsi@vger.kernel.org
Urgh... what the.... Didn't see that one coming. I'm gonna push this
to Linus through the workqueue tree.
Thanks for the fix.
--
tejun
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] megaraid: fix use of delayed work
2012-12-04 15:39 ` Tejun Heo
@ 2012-12-04 15:57 ` Tejun Heo
0 siblings, 0 replies; 7+ messages in thread
From: Tejun Heo @ 2012-12-04 15:57 UTC (permalink / raw)
To: Xiaotian Feng
Cc: linux-kernel, Xiaotian Feng, Neela Syam Kolli,
James E.J. Bottomley, linux-scsi
Hello, again, Xiaotian.
On Tue, Dec 04, 2012 at 07:39:39AM -0800, Tejun Heo wrote:
> Urgh... what the.... Didn't see that one coming. I'm gonna push this
> to Linus through the workqueue tree.
>
> Thanks for the fix.
It seems like megaraid doesn't have any reason to use delayed_work at
all. It can use a plain work and cancel_work_sync() instead. Maybe
it was doing the container_of() thing because workqueue didn't use to
have cancel_work_sync()? Anyways, please convert it to use plain
work_struct post 3.7.
Thanks.
--
tejun
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] megaraid: fix BUG_ON() from incorrect use of delayed work
2012-12-04 11:33 [PATCH] megaraid: fix use of delayed work Xiaotian Feng
2012-12-04 15:39 ` Tejun Heo
@ 2012-12-04 15:54 ` Tejun Heo
2012-12-04 15:55 ` [PATCH 2/2] workqueue: convert BUG_ON()s in __queue_delayed_work() to WARN_ON_ONCE()s Tejun Heo
2012-12-05 11:02 ` [PATCH 1/2] megaraid: fix BUG_ON() from incorrect use of delayed work Daniel Vacek
1 sibling, 2 replies; 7+ messages in thread
From: Tejun Heo @ 2012-12-04 15:54 UTC (permalink / raw)
To: Xiaotian Feng
Cc: linux-kernel, Xiaotian Feng, Neela Syam Kolli,
James E.J. Bottomley, linux-scsi
>From c1d390d8e6128b050f0f66b1c33d390760deb3f4 Mon Sep 17 00:00:00 2001
From: Xiaotian Feng <xtfeng@gmail.com>
Date: Tue, 4 Dec 2012 19:33:54 +0800
megaraid use INIT_WORK to declare a hotplug_work, but cast the
hotplug_work from work_struct to delayed_work and
schedule_delayed_work on it. This is very dangerous, as other part of
delayed_work might be kernel memories allocated by others.
With commit 8852aac ("workqueue: mod_delayed_work_on() shouldn't queue
timer on 0 delay"), schedule_delayed_work() will check dwork->timer
before queue_work even when @delay is 0, this causes megaraid code to
hit the BUG_ON() in workqueue code. Change megaraid code to use
delayed work.
Signed-off-by: Xiaotian Feng <dannyfeng@tencent.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Neela Syam Kolli <megaraidlinux@lsi.com>
Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
Cc: linux-scsi@vger.kernel.org
---
drivers/scsi/megaraid/megaraid_sas.h | 2 +-
drivers/scsi/megaraid/megaraid_sas_base.c | 14 ++++++--------
2 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h
index 16b7a72..3b2365c 100644
--- a/drivers/scsi/megaraid/megaraid_sas.h
+++ b/drivers/scsi/megaraid/megaraid_sas.h
@@ -1276,7 +1276,7 @@ struct megasas_evt_detail {
} __attribute__ ((packed));
struct megasas_aen_event {
- struct work_struct hotplug_work;
+ struct delayed_work hotplug_work;
struct megasas_instance *instance;
};
diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index d2c5366..e4f2baa 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -2060,9 +2060,9 @@ megasas_service_aen(struct megasas_instance *instance, struct megasas_cmd *cmd)
} else {
ev->instance = instance;
instance->ev = ev;
- INIT_WORK(&ev->hotplug_work, megasas_aen_polling);
- schedule_delayed_work(
- (struct delayed_work *)&ev->hotplug_work, 0);
+ INIT_DELAYED_WORK(&ev->hotplug_work,
+ megasas_aen_polling);
+ schedule_delayed_work(&ev->hotplug_work, 0);
}
}
}
@@ -4352,8 +4352,7 @@ megasas_suspend(struct pci_dev *pdev, pm_message_t state)
/* cancel the delayed work if this work still in queue */
if (instance->ev != NULL) {
struct megasas_aen_event *ev = instance->ev;
- cancel_delayed_work_sync(
- (struct delayed_work *)&ev->hotplug_work);
+ cancel_delayed_work_sync(&ev->hotplug_work);
instance->ev = NULL;
}
@@ -4545,8 +4544,7 @@ static void __devexit megasas_detach_one(struct pci_dev *pdev)
/* cancel the delayed work if this work still in queue*/
if (instance->ev != NULL) {
struct megasas_aen_event *ev = instance->ev;
- cancel_delayed_work_sync(
- (struct delayed_work *)&ev->hotplug_work);
+ cancel_delayed_work_sync(&ev->hotplug_work);
instance->ev = NULL;
}
@@ -5190,7 +5188,7 @@ static void
megasas_aen_polling(struct work_struct *work)
{
struct megasas_aen_event *ev =
- container_of(work, struct megasas_aen_event, hotplug_work);
+ container_of(work, struct megasas_aen_event, hotplug_work.work);
struct megasas_instance *instance = ev->instance;
union megasas_evt_class_locale class_locale;
struct Scsi_Host *host;
--
1.7.11.7
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 2/2] workqueue: convert BUG_ON()s in __queue_delayed_work() to WARN_ON_ONCE()s
2012-12-04 15:54 ` [PATCH 1/2] megaraid: fix BUG_ON() from incorrect " Tejun Heo
@ 2012-12-04 15:55 ` Tejun Heo
2012-12-05 11:02 ` [PATCH 1/2] megaraid: fix BUG_ON() from incorrect use of delayed work Daniel Vacek
1 sibling, 0 replies; 7+ messages in thread
From: Tejun Heo @ 2012-12-04 15:55 UTC (permalink / raw)
To: Xiaotian Feng
Cc: linux-kernel, Xiaotian Feng, Neela Syam Kolli,
James E.J. Bottomley, linux-scsi
>From 87aa1e796ff6d491b5ed4e5663e5a4e449ac513b Mon Sep 17 00:00:00 2001
From: Tejun Heo <tj@kernel.org>
Date: Tue, 4 Dec 2012 07:40:39 -0800
8852aac25e ("workqueue: mod_delayed_work_on() shouldn't queue timer on
0 delay") unexpectedly uncovered a very nasty abuse of delayed_work in
megaraid - it allocated work_struct, used container_of() to cast it to
delayed_work and then pass that into queue_delayed_work().
Previously, this was okay because 0 @delay short-circuited to
queue_work() before doing anything with delayed_work. 8852aac25e
moved 0 @delay test into __queue_delayed_work() after sanity check on
delayed_work making megaraid trigger BUG_ON().
Although megaraid is already fixed by c1d390d8e6 ("megaraid: fix
BUG_ON() from incorrect use of delayed work"), this patch converts
BUG_ON()s in __queue_delayed_work() to WARN_ON_ONCE()s so that such
abusers, if there are more, trigger warning but don't crash the
machine.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Xiaotian Feng <xtfeng@gmail.com>
---
kernel/workqueue.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 084aa47..1dae900 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -1361,8 +1361,8 @@ static void __queue_delayed_work(int cpu, struct workqueue_struct *wq,
WARN_ON_ONCE(timer->function != delayed_work_timer_fn ||
timer->data != (unsigned long)dwork);
- BUG_ON(timer_pending(timer));
- BUG_ON(!list_empty(&work->entry));
+ WARN_ON_ONCE(timer_pending(timer));
+ WARN_ON_ONCE(!list_empty(&work->entry));
/*
* If @delay is 0, queue @dwork->work immediately. This is for
--
1.7.11.7
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH 1/2] megaraid: fix BUG_ON() from incorrect use of delayed work
2012-12-04 15:54 ` [PATCH 1/2] megaraid: fix BUG_ON() from incorrect " Tejun Heo
2012-12-04 15:55 ` [PATCH 2/2] workqueue: convert BUG_ON()s in __queue_delayed_work() to WARN_ON_ONCE()s Tejun Heo
@ 2012-12-05 11:02 ` Daniel Vacek
2012-12-05 11:16 ` Daniel Vacek
1 sibling, 1 reply; 7+ messages in thread
From: Daniel Vacek @ 2012-12-05 11:02 UTC (permalink / raw)
To: Tejun Heo
Cc: Xiaotian Feng, linux-kernel, Xiaotian Feng, Neela Syam Kolli,
James E.J. Bottomley, linux-scsi
On Tue, Dec 4, 2012 at 4:54 PM, Tejun Heo <tj@kernel.org> wrote:
> @@ -5190,7 +5188,7 @@ static void
> megasas_aen_polling(struct work_struct *work)
> {
> struct megasas_aen_event *ev =
> - container_of(work, struct megasas_aen_event, hotplug_work);
> + container_of(work, struct megasas_aen_event, hotplug_work.work);
> struct megasas_instance *instance = ev->instance;
> union megasas_evt_class_locale class_locale;
> struct Scsi_Host *host;
-megasas_aen_polling(struct work_struct *work)
+megasas_aen_polling(struct delayed_work *work)
Not really sure. Just asking?
--nX
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCH 1/2] megaraid: fix BUG_ON() from incorrect use of delayed work
2012-12-05 11:02 ` [PATCH 1/2] megaraid: fix BUG_ON() from incorrect use of delayed work Daniel Vacek
@ 2012-12-05 11:16 ` Daniel Vacek
0 siblings, 0 replies; 7+ messages in thread
From: Daniel Vacek @ 2012-12-05 11:16 UTC (permalink / raw)
To: Tejun Heo
Cc: Xiaotian Feng, linux-kernel, Xiaotian Feng, Neela Syam Kolli,
James E.J. Bottomley, linux-scsi
On Wed, Dec 5, 2012 at 12:02 PM, Daniel Vacek <neelx.g@gmail.com> wrote:
> On Tue, Dec 4, 2012 at 4:54 PM, Tejun Heo <tj@kernel.org> wrote:
>> @@ -5190,7 +5188,7 @@ static void
>> megasas_aen_polling(struct work_struct *work)
>> {
>> struct megasas_aen_event *ev =
>> - container_of(work, struct megasas_aen_event, hotplug_work);
>> + container_of(work, struct megasas_aen_event, hotplug_work.work);
>> struct megasas_instance *instance = ev->instance;
>> union megasas_evt_class_locale class_locale;
>> struct Scsi_Host *host;
>
> -megasas_aen_polling(struct work_struct *work)
> +megasas_aen_polling(struct delayed_work *work)
>
> Not really sure. Just asking?
Never mind, it's ok. Now I get it. Sorry for the buzz.
--nX
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-12-05 11:16 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-12-04 11:33 [PATCH] megaraid: fix use of delayed work Xiaotian Feng
2012-12-04 15:39 ` Tejun Heo
2012-12-04 15:57 ` Tejun Heo
2012-12-04 15:54 ` [PATCH 1/2] megaraid: fix BUG_ON() from incorrect " Tejun Heo
2012-12-04 15:55 ` [PATCH 2/2] workqueue: convert BUG_ON()s in __queue_delayed_work() to WARN_ON_ONCE()s Tejun Heo
2012-12-05 11:02 ` [PATCH 1/2] megaraid: fix BUG_ON() from incorrect use of delayed work Daniel Vacek
2012-12-05 11:16 ` Daniel Vacek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).