LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: "Alan D. Brunelle" <Alan.Brunelle@hp.com>
To: Jens Axboe <jens.axboe@oracle.com>
Cc: linux-kernel@vger.kernel.org, npiggin@suse.de, dgc@sgi.com
Subject: Re: [PATCH 0/7] IO CPU affinity testing series
Date: Wed, 12 Mar 2008 12:41:30 -0400	[thread overview]
Message-ID: <47D807BA.7020102@hp.com> (raw)
In-Reply-To: <1205322940-20127-1-git-send-email-jens.axboe@oracle.com>


Subject: [PATCH] Fixed race: using potentially invalid pointer

When data->flags & CSD_FLAG_ALLOC is true, the data could be freed by the other processor before we check for CSD_FLAG_WAIT.

Also: removed old comment, doesn't quite fit anymore.

This is applied against Jens' git tree w/ the ia64 additional commit.

Signed-off-by: Alan D. Brunelle <alan.brunelle@hp.com>
---
 arch/ia64/kernel/smp.c   |    5 ++---
 arch/x86/kernel/smp_32.c |    5 ++---
 arch/x86/kernel/smp_64.c |    5 ++---
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/arch/ia64/kernel/smp.c b/arch/ia64/kernel/smp.c
index 521bc52..ad153e2 100644
--- a/arch/ia64/kernel/smp.c
+++ b/arch/ia64/kernel/smp.c
@@ -407,8 +407,7 @@ void __smp_call_function_single(int cpu, struct call_single_data *data)
 {
 	struct call_single_queue *dst;
 	unsigned long flags;
-	/* prevent preemption and reschedule on another processor */
-	int ipi;
+	int ipi, wait_done = data->flags & CSD_FLAG_WAIT;
 
 	/* Can deadlock when called with interrupts disabled */
 	WARN_ON((data->flags & CSD_FLAG_WAIT) && irqs_disabled());
@@ -424,7 +423,7 @@ void __smp_call_function_single(int cpu, struct call_single_data *data)
 	if (ipi)
 		send_IPI_single(cpu, IPI_CALL_FUNC_SINGLE);
 
-	if (data->flags & CSD_FLAG_WAIT) {
+	if (wait_done) {
 		/* Wait for response */
 		while (data->flags)
 			cpu_relax();
diff --git a/arch/x86/kernel/smp_32.c b/arch/x86/kernel/smp_32.c
index dcbb89c..8239814 100644
--- a/arch/x86/kernel/smp_32.c
+++ b/arch/x86/kernel/smp_32.c
@@ -638,8 +638,7 @@ void __smp_call_function_single(int cpu, struct call_single_data *data)
 	cpumask_t mask = cpumask_of_cpu(cpu);
 	struct call_single_queue *dst;
 	unsigned long flags;
-	/* prevent preemption and reschedule on another processor */
-	int ipi;
+	int ipi, wait_done = data->flags & CSD_FLAG_WAIT;
 
 	/* Can deadlock when called with interrupts disabled */
 	WARN_ON((data->flags & CSD_FLAG_WAIT) && irqs_disabled());
@@ -655,7 +654,7 @@ void __smp_call_function_single(int cpu, struct call_single_data *data)
 	if (ipi)
 		send_IPI_mask(mask, CALL_FUNCTION_SINGLE_VECTOR);
 
-	if (data->flags & CSD_FLAG_WAIT) {
+	if (wait_done) {
 		/* Wait for response */
 		while (data->flags)
 			cpu_relax();
diff --git a/arch/x86/kernel/smp_64.c b/arch/x86/kernel/smp_64.c
index 7e4e300..c89a4f7 100644
--- a/arch/x86/kernel/smp_64.c
+++ b/arch/x86/kernel/smp_64.c
@@ -458,8 +458,7 @@ void __smp_call_function_single(int cpu, struct call_single_data *data)
 	cpumask_t mask = cpumask_of_cpu(cpu);
 	struct call_single_queue *dst;
 	unsigned long flags;
-	/* prevent preemption and reschedule on another processor */
-	int ipi;
+	int ipi, wait_done = data->flags & CSD_FLAG_WAIT;
 
 	/* Can deadlock when called with interrupts disabled */
 	WARN_ON((data->flags & CSD_FLAG_WAIT) && irqs_disabled());
@@ -475,7 +474,7 @@ void __smp_call_function_single(int cpu, struct call_single_data *data)
 	if (ipi)
 		send_IPI_mask(mask, CALL_FUNCTION_SINGLE_VECTOR);
 
-	if (data->flags & CSD_FLAG_WAIT) {
+	if (wait_done) {
 		/* Wait for response */
 		while (data->flags)
 			cpu_relax();
-- 
1.5.2.5


  parent reply	other threads:[~2008-03-12 16:41 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-12 11:55 Jens Axboe
2008-03-12 11:55 ` [PATCH 1/7] x86-64: introduce fast variant of smp_call_function_single() Jens Axboe
2008-03-14 18:21   ` Jeremy Fitzhardinge
2008-03-16 18:45     ` Jens Axboe
2008-03-16 22:58       ` Jeremy Fitzhardinge
2008-03-17  2:24         ` Nick Piggin
2008-03-17  7:25         ` Jens Axboe
2008-03-12 11:55 ` [PATCH 2/7] x86-64: speedup and tweak smp_call_function_single() Jens Axboe
2008-03-12 11:55 ` [PATCH 3/7] x86: add fast smp_call_function_single() Jens Axboe
2008-03-12 11:55 ` [PATCH 4/7] block: split softirq handling into blk-softirq.c Jens Axboe
2008-03-12 11:55 ` [PATCH 5/7] Add interface for queuing work on a specific CPU Jens Axboe
2008-03-12 11:55 ` [PATCH 6/7] block: make kblockd_schedule_work() take the queue as parameter Jens Axboe
2008-03-12 11:55 ` [PATCH 7/7] block: add test code for testing CPU affinity Jens Axboe
2008-03-12 16:41 ` Alan D. Brunelle [this message]
2008-03-12 17:54   ` [PATCH 0/7] IO CPU affinity testing series Jens Axboe
2008-03-12 20:37 ` Max Krasnyanskiy
2008-03-13 12:13   ` Jens Axboe
2008-03-13 14:54 ` Alan D. Brunelle
2008-03-13 15:00   ` Jens Axboe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47D807BA.7020102@hp.com \
    --to=alan.brunelle@hp.com \
    --cc=dgc@sgi.com \
    --cc=jens.axboe@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=npiggin@suse.de \
    --subject='Re: [PATCH 0/7] IO CPU affinity testing series' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).