Re: [PATCH 2/4 v6] lib: debugobjects: add global free list and the counter
From: Yang Shi
Date: Mon Feb 12 2018 - 13:49:09 EST
On 2/12/18 8:25 AM, Thomas Gleixner wrote:
On Tue, 6 Feb 2018, Yang Shi wrote:
+ /*
+ * Reuse objs from the global free list, they will be reinitialized
+ * when allocating
+ */
+ while (obj_nr_tofree > 0 && (obj_pool_free < obj_pool_min_free)) {
+ raw_spin_lock_irqsave(&pool_lock, flags);
+ obj = hlist_entry(obj_to_free.first, typeof(*obj), node);
This is racy vs. the worker thread. Assume obj_nr_tofree = 1:
CPU0 CPU1
worker
lock(&pool_lock); while (obj_nr_tofree > 0 && ...) {
obj = hlist_entry(obj_to_free); lock(&pool_lock);
hlist_del(obj);
obj_nr_tofree--;
...
unlock(&pool_lock);
obj = hlist_entry(obj_to_free);
hlist_del(obj); <------- NULL pointer dereference
Not what you want, right? The counter or the list head need to be rechecked
after the lock is acquired.
Yes, you are right. Will fix the race in newer version.
Regards,
Yang
+ hlist_del(&obj->node);
+ obj_nr_tofree--;
+ hlist_add_head(&obj->node, &obj_pool);
+ obj_pool_free++;
+ raw_spin_unlock_irqrestore(&pool_lock, flags);
+ }
Thanks,
tglx