Re: [PATCH] mm:Avoid soft lockup due to possible attempt of double locking object's lock in __delete_object

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 2016-08-31 03:54 AM, Catalin Marinas wrote:
> On Tue, Aug 30, 2016 at 02:35:12PM -0400, Nicholas Krause wrote:
>> This fixes a issue in the current locking logic of the function,
>> __delete_object where we are trying to attempt to lock the passed
>> object structure's spinlock again after being previously held
>> elsewhere by the kmemleak code. Fix this by instead of assuming
>> we are the only one contending for the object's lock their are
>> possible other users and create two branches, one where we get
>> the lock when calling spin_trylock_irqsave on the object's lock
>> and the other when the lock is held else where by kmemleak.
> 
> Have you actually got a deadlock that requires this fix?
> 
Yes I have got a deadlock that this does fix.
Nick
>> --- a/mm/kmemleak.c
>> +++ b/mm/kmemleak.c
>> @@ -631,12 +631,19 @@ static void __delete_object(struct kmemleak_object *object)
>>  
>>  	/*
>>  	 * Locking here also ensures that the corresponding memory block
>> -	 * cannot be freed when it is being scanned.
>> +	 * cannot be freed when it is being scanned. Further more the
>> +	 * object's lock may have been previously holded by another holder
>> +	 * in the kmemleak code, therefore attempt to lock the object's lock
>> +	 * before holding it and unlocking it.
>>  	 */
>> -	spin_lock_irqsave(&object->lock, flags);
>> -	object->flags &= ~OBJECT_ALLOCATED;
>> -	spin_unlock_irqrestore(&object->lock, flags);
>> -	put_object(object);
>> +	if (spin_trylock_irqsave(&object->lock, flags)) {
>> +		object->flags &= ~OBJECT_ALLOCATED;
>> +		spin_unlock_irqrestore(&object->lock, flags);
>> +		put_object(object);
>> +	} else {
>> +		object->flags &= ~OBJECT_ALLOCATED;
>> +		put_object(object);
>> +	}
> 
> NAK. This lock here is needed, as described in the comment, to prevent
> an object being freed while it is being scanned. The scan_object()
> function acquires the same lock and checks for OBJECT_ALLOCATED before
> accessing the memory (which could be vmalloc'ed for example, so freeing
> would cause a page fault).
> 

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]