[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a9ef4575-bfb9-c854-ea71-0a5e1af97f5d@codeaurora.org>
Date: Tue, 17 Apr 2018 11:59:44 +0530
From: "Kohli, Gaurav" <gkohli@...eaurora.org>
To: Tejun Heo <tj@...nel.org>
Cc: gregkh@...uxfoundation.org, nborisov@...e.com,
akpm@...ux-foundation.org, linux-arm-msm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] percpu_counter: Remove debug_object_free call twice
On 4/17/2018 3:18 AM, Tejun Heo wrote:
> On Fri, Apr 13, 2018 at 03:05:03PM +0530, Gaurav Kohli wrote:
>> During percpu_counter destroy, debug_object_free is calling
>> twice which may create race. So removing once instance of call
>> from debug_percpu_counter_deactivate.
> I don't quite follow. Can you please elaborate how it can be called
> twice?
Hi Tejun,
In percpu_counter_fixup_free function, first call is percpu_counter_destroy -> debug_percpu_counter_deactivate (this will set inactive and free the debug object as well for percpu counter) -> free_percpu (finally freeing the counters).
Below is the code snippet:
case DEBUG_STATE_ACTIVE:
percpu_counter_destroy(fbc); -> first call
debug_object_free(fbc, &percpu_counter_debug_descr); -> this will again call the same debug object free, if somehow counters will reinitialize between these two calls.
We are seeing one race condition issue where one object of db list is corrupted and just before object of that corrupted node is percpu_counter, Still i am not sure the reason of race as it is very
difficult to reproduce. But i have found this during code review. Please correct me, if i misunderstood this.
>
> Thanks.
>
>
--
Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.
Powered by blists - more mailing lists