Re: [PATCH 0/1] Fix race in ipmi timer cleanup
From: Corey Minyard
Date: Wed Aug 28 2019 - 18:32:48 EST
On Wed, Aug 28, 2019 at 04:36:24PM -0400, Jes Sorensen wrote:
> From: Jes Sorensen <jsorensen@xxxxxx>
>
> I came across this in 4.16, but I believe the bug is still present
> in current 5.x, even if it is less likely to trigger.
>
> Basially stop_timer_and_thread() only calls del_timer_sync() if
> timer_running == true. However smi_mod_timer enables the timer before
> setting timer_running = true.
All the modifications/checks for timer_running should be done under
the si_lock. It looks like a lock is missing in shutdown_smi(),
probably starting before setting interrupt_disabled to true and
after stop_timer_and_thread. I think that is the right fix for
this problem.
-corey
>
> I was able to reproduce this in 4.16 running the following on a host
>
> while :; do rmmod ipmi_si ; modprobe ipmi_si; done
>
> while rebooting the BMC on it in parallel.
>
> 5.2 moves the error handling around and does it more centralized, but
> relying on timer_running still seems dubious to me.
>
> static void smi_mod_timer(struct smi_info *smi_info, unsigned long new_val)
> {
> if (!smi_info->timer_can_start)
> return;
> smi_info->last_timeout_jiffies = jiffies;
> mod_timer(&smi_info->si_timer, new_val);
> smi_info->timer_running = true;
> }
>
> static inline void stop_timer_and_thread(struct smi_info *smi_info)
> {
> if (smi_info->thread != NULL) {
> kthread_stop(smi_info->thread);
> smi_info->thread = NULL;
> }
>
> smi_info->timer_can_start = false;
> if (smi_info->timer_running)
> del_timer_sync(&smi_info->si_timer);
> }
>
> Cheers,
> Jes
>
> Jes Sorensen (1):
> ipmi_si_intf: Fix race in timer shutdown handling
>
> drivers/char/ipmi/ipmi_si_intf.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> --
> 2.21.0
>