Re: [BUG 3.12.rc4] Oops: unable to handle kernel paging requestduring shutdown

From: Veaceslav Falico
Date: Mon Oct 28 2013 - 13:42:20 EST


On Mon, Oct 28, 2013 at 11:35:09AM -0600, Bjorn Helgaas wrote:
On Mon, Oct 28, 2013 at 11:30 AM, Veaceslav Falico <vfalico@xxxxxxxxxx> wrote:
On Mon, Oct 28, 2013 at 11:23:41AM -0600, Bjorn Helgaas wrote:

[+cc Veaceslav]

On Sun, Oct 27, 2013 at 3:24 PM, Greg Kroah-Hartman
<gregkh@xxxxxxxxxxxxxxxxxxx> wrote:

On Sun, Oct 27, 2013 at 09:13:29PM +0000, Linus Torvalds wrote:

.. and one more case of freeing a delayed work object (likely a kobject
again):

This time it looks like it's in the PCI layer, freeing the msi irq
information.

It looks like that code simply does

kobject_del(&entry->kobj);
kobject_put(&entry->kobj);
list_del(&entry->list);
kfree(entry);

and the problem is that the "entry->kobj" may have *other* references
to it, thanks to people accessing it through /sys, so despite doing a
kojbect_del/kobject_put(), it's not at all ok to then do a "kfree()"
on it. The embedded kobj might still be in use.

Afaik, that code should do the kfree() on the kobject in the _release_
method, not synchronously like that.

We already have a msi_kobj_release(), I'm wondering why that doesn't
do the kfree().

Bjorn? Yinghai? Greg, comments about that msi kobj usage?


Ick, it really should be doing a kfree() in the release only. Bjorn has
had a bunch of changes in this area recently, perhaps they are in
linux-next waiting for 3.13, and I've talked to him about getting rid of
all of the kobjects for msi files, as I don't think it's needed at all.


IIRC, you said you might take a look at converting this to attributes
on the train back home, so I haven't looked into it myself :)

Bjorn, don't you have a fix for this problem already done somewhere?


Yep, this is clearly wrong, and Veaceslav has a patch that moves the
kfree() to the release function. I've been waiting for a consolidated
repost of all his MSI-related fixes, but maybe he's been waiting for
*me*.


https://lkml.org/lkml/2013/10/9/170

My patchset is ready to be applied, in its v2 state.

Except that the bits with kobject_del() (theoretical race) - which are done
in your patch "kobject: remove kset from sysfs immediately in
kset_unregister()", though I didn't see it accepted.

Should I re-send the patchset?

Can you please repost it? That will be easier for me than digging
individual messages out of the archives. Thanks, and sorry for my
confusion.

Will rebase and repost, sorry for all the noise about it :).

Thank you!


Bjorn
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/