On Wed, Sep 25, 2013 at 03:30:14PM -0600, Bjorn Helgaas wrote:
On Wed, Sep 25, 2013 at 3:08 PM, Bjorn Helgaas <bhelgaas@xxxxxxxxxx> wrote:
Also, I think it is incorrect that free_msi_irqs() does this:
if (entry->kobj.parent) {
kobject_del(&entry->kobj);
kobject_put(&entry->kobj);
}
list_del(&entry->list);
kfree(entry);
I think the "kfree(entry)" should be in msi_kobj_release() instead.
Oh, I see you fixed this in patch 3/3. I hadn't read that far yet :)
Did you find these problems by inspection, or is there some easy way
to trigger bad behavior? Just wondering if this is some way I can
reproduce the problem.
Hi,
I've first found it by building with CONFIG_DEBUG_KOBJECT_RELEASE and
CONFIG_DEBUG_OBJECTS - it shows that it's freeing an object in an active
state (I'm just running insmod/rmmod tg3 concurently, but I guess it's
reproducible with any driver that uses msi/x).
Without CONFIG_DEBUG_OBJECTS it's also reproducible, and without
CONFIG_DEBUG_KOBJECT_RELEASE it's really hard to reproduce, but still
reproducible (I've hit it with tg3 as a slave of bonding and concurently
running rmmod bonding/ifup bond0 - though it's really hard). It just panics
in kobject_put(), iirc.
So, with those CONFIG_DEBUG_* it's easily triggerable, without - quite
hard.
Hope that helps.
p.s. I'll adress your other comments tomorrow already, it's quite late here
and I don't want to do something stupid now :).
Thanks a lot!
Bjorn
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html