Jason Wessel wrote:
>
> The netpoll_cleanup handler can hang the kernel if there is no work in the
> work queue because a call to cancel_rearming_delayed_work() with no work
> goes into an infinite loop.
This should not be true any longer, cancel_rearming_delayed_work() should work
correctly in any case.
Could you please clarify?
> @@ -771,30 +771,32 @@ void netpoll_cleanup(struct netpoll *np)
>
> [...snip...]
>
> + if (atomic_dec_and_test(&npinfo->refcnt)) {
> + skb_queue_purge(&npinfo->arp_tx);
> + skb_queue_purge(&npinfo->txq);
> + if (delayed_work_pending(&npinfo->tx_work)) {
> cancel_rearming_delayed_work(&npinfo->tx_work);
> flush_scheduled_work();
But this "if (delayed_work_pending())" is racy anyway?
Oleg.
On Thu, 31 May 2007 01:01:37 +0400
Oleg Nesterov <[email protected]> wrote:
> Jason Wessel wrote:
> >
> > The netpoll_cleanup handler can hang the kernel if there is no work in the
> > work queue because a call to cancel_rearming_delayed_work() with no work
> > goes into an infinite loop.
>
> This should not be true any longer, cancel_rearming_delayed_work() should work
> correctly in any case.
>
> Could you please clarify?
We need a 2.6.21.x fix.
> > @@ -771,30 +771,32 @@ void netpoll_cleanup(struct netpoll *np)
> >
> > [...snip...]
> >
> > + if (atomic_dec_and_test(&npinfo->refcnt)) {
> > + skb_queue_purge(&npinfo->arp_tx);
> > + skb_queue_purge(&npinfo->txq);
> > + if (delayed_work_pending(&npinfo->tx_work)) {
> > cancel_rearming_delayed_work(&npinfo->tx_work);
> > flush_scheduled_work();
>
> But this "if (delayed_work_pending())" is racy anyway?
>
I guess so, a bit.
On 05/30, Andrew Morton wrote:
>
> On Thu, 31 May 2007 01:01:37 +0400
> Oleg Nesterov <[email protected]> wrote:
>
> > Jason Wessel wrote:
> > >
> > > The netpoll_cleanup handler can hang the kernel if there is no work in the
> > > work queue because a call to cancel_rearming_delayed_work() with no work
> > > goes into an infinite loop.
> >
> > This should not be true any longer, cancel_rearming_delayed_work() should work
> > correctly in any case.
> >
> > Could you please clarify?
>
> We need a 2.6.21.x fix.
Ah, OK, sorry for noise.
> > > @@ -771,30 +771,32 @@ void netpoll_cleanup(struct netpoll *np)
> > >
> > > [...snip...]
> > >
> > > + if (atomic_dec_and_test(&npinfo->refcnt)) {
> > > + skb_queue_purge(&npinfo->arp_tx);
> > > + skb_queue_purge(&npinfo->txq);
> > > + if (delayed_work_pending(&npinfo->tx_work)) {
> > > cancel_rearming_delayed_work(&npinfo->tx_work);
> > > flush_scheduled_work();
> >
> > But this "if (delayed_work_pending())" is racy anyway?
> >
>
> I guess so, a bit.
How about this COMPLETELY UNTESTED patch? (it borrows Tejun's double flush
trick).
--- n/net/core/netpoll.c~ 2007-05-31 02:12:37.000000000 +0400
+++ n/net/core/netpoll.c 2007-05-31 02:13:39.000000000 +0400
@@ -773,8 +773,16 @@ void netpoll_cleanup(struct netpoll *np)
if (atomic_dec_and_test(&npinfo->refcnt)) {
skb_queue_purge(&npinfo->arp_tx);
skb_queue_purge(&npinfo->txq);
- cancel_rearming_delayed_work(&npinfo->tx_work);
+
flush_scheduled_work();
+ /*
+ * the next invocation of queue_process() can't
+ * re-schedule ->tx_work because ->txq is empty
+ */
+ if (!cancel_delayed_work(&npinfo->tx_work)) {
+ /* may be queued, wait for completion */
+ flush_scheduled_work();
+ }
kfree(npinfo);
}