From: Pan Xinhui <[email protected]>
It's safe and more reasonable to unlock memtype_lock right after
rbt_memtype_check_insert. It's not cool to call kfree, pr_info, etc with
this lock held. So move spin_unlock a little ahead.
memory_lock protects data stored in rb-tree, if *new* succeed to be
stored into the rb-tree, we might hit panic. Because we access *new* in
dprintk "cattr_name(new->type)". data stored in the rb-tree might be
freed at any possbile time. It's abviously wrong to access such data
without lock. So save new->type to actual_type, and use actual_type in
dprintk.
Signed-off-by: Pan Xinhui <[email protected]>
---
change from V1:
fix an access of *new* without memtype_lock held.
---
arch/x86/mm/pat.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index 188e3e0..f3c49fa 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -538,22 +538,20 @@ int reserve_memtype(u64 start, u64 end, enum page_cache_mode req_type,
new->type = actual_type;
spin_lock(&memtype_lock);
-
err = rbt_memtype_check_insert(new, new_type);
+ actual_type = new->type;
+ spin_unlock(&memtype_lock);
+
if (err) {
pr_info("x86/PAT: reserve_memtype failed [mem %#010Lx-%#010Lx], track %s, req %s\n",
start, end - 1,
cattr_name(new->type), cattr_name(req_type));
kfree(new);
- spin_unlock(&memtype_lock);
-
return err;
}
- spin_unlock(&memtype_lock);
-
dprintk("reserve_memtype added [mem %#010Lx-%#010Lx], track %s, req %s, ret %s\n",
- start, end - 1, cattr_name(new->type), cattr_name(req_type),
+ start, end - 1, cattr_name(actual_type), cattr_name(req_type),
new_type ? cattr_name(*new_type) : "-");
return err;
--
1.9.1
On Tue, 21 Jul 2015, Pan Xinhui wrote:
> diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
> index 188e3e0..f3c49fa 100644
> --- a/arch/x86/mm/pat.c
> +++ b/arch/x86/mm/pat.c
> @@ -538,22 +538,20 @@ int reserve_memtype(u64 start, u64 end, enum page_cache_mode req_type,
> new->type = actual_type;
>
> spin_lock(&memtype_lock);
> -
> err = rbt_memtype_check_insert(new, new_type);
> + actual_type = new->type;
What's the point of this? new->type is set to actual_type 5 lines above.
Thanks,
tglx
hi, tglx
thanks for your reply :)
On 2015年07月21日 16:10, Thomas Gleixner wrote:
> On Tue, 21 Jul 2015, Pan Xinhui wrote:
>> diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
>> index 188e3e0..f3c49fa 100644
>> --- a/arch/x86/mm/pat.c
>> +++ b/arch/x86/mm/pat.c
>> @@ -538,22 +538,20 @@ int reserve_memtype(u64 start, u64 end, enum page_cache_mode req_type,
>> new->type = actual_type;
>>
>> spin_lock(&memtype_lock);
>> -
>> err = rbt_memtype_check_insert(new, new_type);
>> + actual_type = new->type;
>
> What's the point of this? new->type is set to actual_type 5 lines above.
191 int rbt_memtype_check_insert(struct memtype *new,
192 enum page_cache_mode *ret_type)
193 {
194 int err = 0;
195
196 err = memtype_rb_check_conflict(&memtype_rbroot, new->start, new->end,
197 new->type, ret_type);
198
199 if (!err) {
200 if (ret_type)
201 new->type = *ret_type;
202
So new->type might be set to *ret_type.
136 if (match->type != found_type && newtype == NULL)
137 goto failure;
138
139 dprintk("Overlap at 0x%Lx-0x%Lx\n", match->start, match->end);
140 found_type = match->type;
141
142 node = rb_next(&match->rb);
143 while (node) {
144 match = container_of(node, struct memtype, rb);
145
146 if (match->start >= end) /* Checked all possible matches */
147 goto success;
148
149 if (is_node_overlap(match, start, end) &&
150 match->type != found_type) {
151 goto failure;
152 }
153
154 node = rb_next(&match->rb);
155 }
156 success:
157 if (newtype)
158 *newtype = found_type;
So *ret_type might be set to found_type(match->type),
The call train is deep, it took me long time to review them.
As actual_type != new->type is possible, we need save new->type to actual_type.
thanks
xinhui
>
> Thanks,
>
> tglx
>
On Tue, 21 Jul 2015, Pan Xinhui wrote:
> So *ret_type might be set to found_type(match->type),
>
> The call train is deep, it took me long time to review them.
> As actual_type != new->type is possible, we need save new->type to actual_type.
Fair enough. But that wants to have a comment in the code as any
casual reader will trip over this.
Thanks,
tglx