On Mon, Nov 20, 2017 at 11:51:47PM +0100, Rasmus Villemoes wrote: > This reverts commit 92266d6ef60c2381c980c6cdcb2a5c1667b36b49, which > was simply wrong: In the case where domain is NULL, we now use the > wrong offsetof() in the list_first_entry macro, so we don't actually > fetch the ->cookie value, but rather the eight bytes located > sizeof(struct list_head) further into the struct async_entry. > > On 64 bit, that's the data member, while on 32 bit, we get a u64 built > from func and data in some order. > > I think the bug happens to be harmless in practice: It obviously only > affects callers which pass a NULL domain, and AFAICT the only such > caller is > > async_synchronize_full() -> > async_synchronize_full_domain(NULL) -> > async_synchronize_cookie_domain(ASYNC_COOKIE_MAX, NULL) > > and the ASYNC_COOKIE_MAX means that in practice we end up waiting for > the async_global_pending list to be empty - but it would break if > somebody happened to pass (void*)-1 as the data element to > async_schedule, and of course also if somebody ever does a > async_synchronize_cookie_domain(, NULL) with a "finite" cookie value. > > Cc: stable@xxxxxxxxxxxxxxx # 3.10+ > Signed-off-by: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx> Ughh... indeed. Acked-by: Tejun Heo <tj@xxxxxxxxxx> Sorry about that. Can you please resend the patch w/ Andrew Morton cc'd? I think it'd be best to route this through -mm. Thanks. -- tejun