Re: [PATCH] mm/backing-dev.c: fix crash when USB/SCSI device isdetached
From: Wu Fengguang
Date: Mon Jan 02 2012 - 04:57:15 EST
On Mon, Jan 02, 2012 at 06:38:21PM +0900, ïïïïÈ wrote:
> from Chanho Min <chanho.min@xxxxxxx>
>
> System may crash in backing-dev.c when removal SCSI device is detached.
> bdi task is killed by bdi_unregister()/'khubd', but task's point remains.
> Shortly afterward, If 'wb->wakeup_timer' is expired before
> del_timer()/bdi_forker_thread,
> wakeup_timer_fn() may wake up the dead thread which cause the crash.
> 'bdi->wb.task' should be NULL as this patch.
Is it some race condition between del_timer() and del_timer_sync()?
bdi_unregister() calls
del_timer_sync
bdi_wb_shutdown
kthread_stop
in turn, and del_timer_sync() should guarantee wakeup_timer_fn() is
no longer called to access the stopped task.
Thanks,
Fengguang
> Signed-off-by: Chanho Min <chanho.min@xxxxxxx>
> ---
> mm/backing-dev.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/mm/backing-dev.c b/mm/backing-dev.c
> index 71034f4..4378a5e 100644
> --- a/mm/backing-dev.c
> +++ b/mm/backing-dev.c
> @@ -607,6 +607,7 @@ static void bdi_wb_shutdown(struct backing_dev_info
> *bdi)
> if (bdi->wb.task) {
> thaw_process(bdi->wb.task);
> kthread_stop(bdi->wb.task);
> + bdi->wb.task = NULL;
> }
> }
>
> --
> 1.7.0.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/