[Let's CC more people - the thread started http://lkml.kernel.org/r/1480540516-6458-1-git-send-email-yuzhao@xxxxxxxxxx] On Fri 02-12-16 09:56:26, Dan Streetman wrote: > On Fri, Dec 2, 2016 at 9:44 AM, Michal Hocko <mhocko@xxxxxxxxxx> wrote: > > On Fri 02-12-16 15:38:48, Michal Hocko wrote: > >> On Fri 02-12-16 09:24:35, Dan Streetman wrote: > >> > On Fri, Dec 2, 2016 at 8:46 AM, Michal Hocko <mhocko@xxxxxxxxxx> wrote: > >> > > On Wed 30-11-16 13:15:16, Yu Zhao wrote: > >> > >> __unregister_cpu_notifier() only removes registered notifier from its > >> > >> linked list when CPU hotplug is configured. If we free registered CPU > >> > >> notifier when HOTPLUG_CPU=n, we corrupt the linked list. > >> > >> > >> > >> To fix the problem, we can either use a static CPU notifier that walks > >> > >> through each pool or just simply disable CPU notifier when CPU hotplug > >> > >> is not configured (which is perfectly safe because the code in question > >> > >> is called after all possible CPUs are online and will remain online > >> > >> until power off). > >> > >> > >> > >> v2: #ifdef for cpu_notifier_register_done during cleanup. > >> > > > >> > > this ifedfery is just ugly as hell. I am also wondering whether it is > >> > > really needed. __register_cpu_notifier and __unregister_cpu_notifier are > >> > > noops for CONFIG_HOTPLUG_CPU=n. So what's exactly that is broken here? > >> > > >> > hmm, that's interesting, __unregister_cpu_notifier is always a noop if > >> > HOTPLUG_CPU=n, but __register_cpu_notifier is only a noop if > >> > HOTPLUG_CPU=n *and* MODULE. If !MODULE, __register_cpu_notifier does > >> > >> OK, I've missed the MODULE part > >> > >> > actually register! This was added by commit > >> > 47e627bc8c9a70392d2049e6af5bd55fae61fe53 ('hotplug: Allow modules to > >> > use the cpu hotplug notifiers even if !CONFIG_HOTPLUG_CPU') and looks > >> > like it's to allow built-ins to register so they can notice during > >> > boot when cpus are initialized. > >> > >> I cannot say I wound understand the motivation but that is not really > >> all that important. > >> > >> > IMHO, that is the real problem - sure, without HOTPLUG_CPU, nobody > >> > should ever get a notification that a cpu is dying, but that doesn't > >> > mean builtins that register notifiers will never unregister their > >> > notifiers and then free them. > >> > >> Yes that is true. That suggests that __unregister_cpu_notifier should > >> the the symmetric thing to the __register_cpu_notifier for > >> CONFIG_MODULE, right? > > > > I meant the following. Completely untested > > agreed, but also needs the non-__ version, and kernel/cpu.c needs > tweaking to move those functions out of the #ifdef CONFIG_HOTPLUG_CPU > section. OK, this is still only compile tested. Yu Zhao, assuming you were able to trigger the original problem could you test with the below patch please? --- >From c812fe4e519914aa37f092d3a0321038fadcdde7 Mon Sep 17 00:00:00 2001 From: Michal Hocko <mhocko@xxxxxxxx> Date: Fri, 2 Dec 2016 16:06:56 +0100 Subject: [PATCH] hotplug: make register and unregister notifier API symmetric Yu Zhao has noticed that __unregister_cpu_notifier only unregisters its notifiers when HOTPLUG_CPU=y while the registration might succeed even when HOTPLUG_CPU=n if MODULE is enabled. This means that e.g. zswap might keep a stale notifier on the list on the manual clean up during the pool tear down and thus corrupt the list. Fix this issue by making unregister APIs symmetric to the register so there are no surprises. Fixes: 47e627bc8c9a ("[PATCH] hotplug: Allow modules to use the cpu hotplug notifiers even if !CONFIG_HOTPLUG_CPU") Cc: stable # zswap needs it 4.3+ Reported-by: Yu Zhao <yuzhao@xxxxxxxxxx> Signed-off-by: Michal Hocko <mhocko@xxxxxxxx> --- include/linux/cpu.h | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/include/linux/cpu.h b/include/linux/cpu.h index 797d9c8e9a1b..c8938eb21e34 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -105,22 +105,16 @@ extern bool cpuhp_tasks_frozen; { .notifier_call = fn, .priority = pri }; \ __register_cpu_notifier(&fn##_nb); \ } -#else /* #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) */ -#define cpu_notifier(fn, pri) do { (void)(fn); } while (0) -#define __cpu_notifier(fn, pri) do { (void)(fn); } while (0) -#endif /* #else #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) */ -#ifdef CONFIG_HOTPLUG_CPU extern int register_cpu_notifier(struct notifier_block *nb); extern int __register_cpu_notifier(struct notifier_block *nb); extern void unregister_cpu_notifier(struct notifier_block *nb); extern void __unregister_cpu_notifier(struct notifier_block *nb); -#else -#ifndef MODULE -extern int register_cpu_notifier(struct notifier_block *nb); -extern int __register_cpu_notifier(struct notifier_block *nb); -#else +#else /* #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) */ +#define cpu_notifier(fn, pri) do { (void)(fn); } while (0) +#define __cpu_notifier(fn, pri) do { (void)(fn); } while (0) + static inline int register_cpu_notifier(struct notifier_block *nb) { return 0; @@ -130,7 +124,6 @@ static inline int __register_cpu_notifier(struct notifier_block *nb) { return 0; } -#endif static inline void unregister_cpu_notifier(struct notifier_block *nb) { -- 2.10.2 -- Michal Hocko SUSE Labs -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>