From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754128AbbBNOC4 (ORCPT ); Sat, 14 Feb 2015 09:02:56 -0500 Received: from mx1.redhat.com ([209.132.183.28]:32840 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754040AbbBNOCy (ORCPT ); Sat, 14 Feb 2015 09:02:54 -0500 Date: Sat, 14 Feb 2015 15:00:48 +0100 From: Oleg Nesterov To: Nicholas Mc Guire Cc: Davidlohr Bueso , paulmck@linux.vnet.ibm.com, linux-kernel@vger.kernel.org, waiman.long@hp.com, peterz@infradead.org, raghavendra.kt@linux.vnet.ibm.com Subject: Re: BUG: spinlock bad magic on CPU#0, migration/0/9 Message-ID: <20150214140048.GA28535@redhat.com> References: <20150212003430.GA28656@linux.vnet.ibm.com> <1423710911.2046.50.camel@stgolabs.net> <20150212172805.GA20850@redhat.com> <20150212174144.GA21714@redhat.com> <20150212191009.GA26275@opentech.at> <20150212193734.GA28499@redhat.com> <20150212212746.GB30430@redhat.com> <20150213181752.GB11953@opentech.at> <20150213185328.GA19746@redhat.com> <20150214083555.GA30176@opentech.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150214083555.GA30176@opentech.at> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/14, Nicholas Mc Guire wrote: > > Basically if you call wait_for_completion_timeout and the timeout condition > occures you always need some way of notifying the completing end that it > should no longer call complete()/complete_all(). Sure. "struct completion" doesn't differ from any other object when it comes to use-after-free. > > OK, perhaps you can ack the fix I sent? > > the only question I still have is that there would be no matching > smp_wmb() to the smp_rmb() you are using (atleast I did not figure out where). You seem to assume that every rmb() must be paired with wmb(). This is not always true. But as for completion_done(), its rmb() pairs with "release" semantics of complete()->spin_unlock(), which is a "one way" barrier. Oleg.