Re: [NETPOLL] netconsole: fix soft lockup when removing module
From: Oleg Nesterov
Date: Sun Jul 01 2007 - 13:35:49 EST
Jarek Poplawski wrote:
>
> #1
> Until kernel ver. 2.6.21 (including) cancel_rearming_delayed_work()
> required a work function should always (unconditionally) rearm with
> delay > 0 - otherwise it would endlessly loop. This patch replaces
> this function with cancel_delayed_work(). Later kernel versions don't
> require this, so here it's only for uniformity.
But 2.6.22 doesn't need this change, why it was merged?
In fact, I suspect this change adds a race,
> --- a/net/core/netpoll.c
> +++ b/net/core/netpoll.c
> @@ -72,7 +72,8 @@ static void queue_process(struct work_struct *work)
> netif_tx_unlock(dev);
> local_irq_restore(flags);
>
> - schedule_delayed_work(&npinfo->tx_work, HZ/10);
> + if (atomic_read(&npinfo->refcnt))
> + schedule_delayed_work(&npinfo->tx_work, HZ/10);
> return;
> }
> netif_tx_unlock(dev);
> @@ -785,9 +786,15 @@ void netpoll_cleanup(struct netpoll *np)
> if (atomic_dec_and_test(&npinfo->refcnt)) {
> skb_queue_purge(&npinfo->arp_tx);
> skb_queue_purge(&npinfo->txq);
> - cancel_rearming_delayed_work(&npinfo->tx_work);
> + cancel_delayed_work(&npinfo->tx_work);
> flush_scheduled_work();
Suppose that ->refcnt == 1, and queue_process() was preempted just after
atomic_read(&npinfo->refcnt).
netpoll_cleanup() comes, cancel_delayed_work() does nothing, flush_scheduled_work()
sleeps.
queue_process() gets CPU, re-schedules ->tx_work, and returns.
flush_scheduled_work() completes, netpoll_cleanup() frees npinfo and returns
while ->tx_work is pending.
No?
Oleg.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/