2014-04-16 05:32:36

by Daeseok Youn

[permalink] [raw]
Subject: [PATCH 1/2] workqueue: fix bugs in wq_update_unbound_numa() failure path


wq_update_unbound_numa() failure path has the following two bugs.
- alloc_unbound_pwq() is called without holding wq->mutex;
however, if the allocation fails, it jumps to out_unlock
which tries to unlock wq->mutex.

- The function should switch to dfl_pwq on failure
but didn't do so after alloc_unbound_pwq() failure.

Fix it by regrabbing wq->mutex and jumping to use_dfl_pwq on
alloc_unbound_pwq() failure.

Signed-off-by: Daeseok Youn <[email protected]>
---
kernel/workqueue.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 0ee63af..3150b21 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -4100,7 +4100,8 @@ static void wq_update_unbound_numa(struct workqueue_struct *wq, int cpu,
if (!pwq) {
pr_warning("workqueue: allocation failed while updating NUMA affinity of \"%s\"\n",
wq->name);
- goto out_unlock;
+ mutex_lock(&wq->mutex);
+ goto use_dfl_pwq;
}

/*
--
1.7.4.4


2014-04-16 16:22:44

by Lai Jiangshan

[permalink] [raw]
Subject: Re: [PATCH 1/2] workqueue: fix bugs in wq_update_unbound_numa() failure path

Acked.

On Wed, Apr 16, 2014 at 1:32 PM, Daeseok Youn <[email protected]> wrote:
>
> wq_update_unbound_numa() failure path has the following two bugs.
> - alloc_unbound_pwq() is called without holding wq->mutex;
> however, if the allocation fails, it jumps to out_unlock
> which tries to unlock wq->mutex.
>
> - The function should switch to dfl_pwq on failure
> but didn't do so after alloc_unbound_pwq() failure.
>
> Fix it by regrabbing wq->mutex and jumping to use_dfl_pwq on
> alloc_unbound_pwq() failure.
>
> Signed-off-by: Daeseok Youn <[email protected]>
> ---
> kernel/workqueue.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/workqueue.c b/kernel/workqueue.c
> index 0ee63af..3150b21 100644
> --- a/kernel/workqueue.c
> +++ b/kernel/workqueue.c
> @@ -4100,7 +4100,8 @@ static void wq_update_unbound_numa(struct workqueue_struct *wq, int cpu,
> if (!pwq) {
> pr_warning("workqueue: allocation failed while updating NUMA affinity of \"%s\"\n",
> wq->name);
> - goto out_unlock;
> + mutex_lock(&wq->mutex);
> + goto use_dfl_pwq;
> }
>
> /*
> --
> 1.7.4.4
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2014-04-16 17:30:38

by Tejun Heo

[permalink] [raw]
Subject: Re: [PATCH 1/2] workqueue: fix bugs in wq_update_unbound_numa() failure path

On Wed, Apr 16, 2014 at 02:32:29PM +0900, Daeseok Youn wrote:
>
> wq_update_unbound_numa() failure path has the following two bugs.
> - alloc_unbound_pwq() is called without holding wq->mutex;
> however, if the allocation fails, it jumps to out_unlock
> which tries to unlock wq->mutex.
>
> - The function should switch to dfl_pwq on failure
> but didn't do so after alloc_unbound_pwq() failure.
>
> Fix it by regrabbing wq->mutex and jumping to use_dfl_pwq on
> alloc_unbound_pwq() failure.
>
> Signed-off-by: Daeseok Youn <[email protected]>

Applied to wq/for-3.15-fixes.

Thanks.

--
tejun