From patchwork Mon Aug 2 13:46:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhen Lei X-Patchwork-Id: 490339 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:1185:0:0:0:0 with SMTP id f5csp1940430jas; Mon, 2 Aug 2021 06:47:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxGaIxf12EKtz/UCXlIk/lexrNMO0mcG84nTeWAuBPyqSFgj0k2lJGW1BLju5uXFb9rl7Ft X-Received: by 2002:a05:6e02:1a05:: with SMTP id s5mr444502ild.232.1627912079862; Mon, 02 Aug 2021 06:47:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627912079; cv=none; d=google.com; s=arc-20160816; b=ZLVop/lhaf4GuuGnCiWvaGJA5i3qrDlb56amIulVFcIchO3UK7ZiTY92NiTevUQAz5 JZYXPqUxO6rpVqrW2X8Kc/om3Y7DyqhOwdhn8/D1MUwKeA3TyqBybeQVQuccZxEK7fFN jJ5GSoAx4Peyyg4xE9rXu6SDQB3Qe40RVJ4IFtZ7j+EHGmOWuZzOm2D2N5gno792Uswx oireOm9PF92BKKYI8ReqMzq4sohBYLZ0ZaQtJGQN2z+Z+SplRXwR0P9R6FxAgY/ak1wE fUb0qvhxmSgrLTWlkMZMKRntr4K8w4L/7Vy9OpOWENp9y4/Z4jMEs0KLnm7f08CL6rAP PTrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=kF/BgjNERbN0AEF3ZTku6VPgu2vetjASlvlruxHPwpQ=; b=0KM6d7tRlc/je+5+/LSk9Odtj2HQkfA8lSGbLESUA+5TAdtkPM6p6B0FDgudJ91w7N YUGkfaZncilihUv25ic+a9raIMlusGHEy5Hpwpc/im9LVvCXO/muZjRY0C/MoYR2E2Vo /oQ4C+EVWtGDdQy+zNBS7yKqOjxTBhY3d+C4VqA1ctFnI80kAdZrKXR2TCV5liVbFUiH 9epgHyB5Ls3U2s5HhXdhoO0B7fUyATuObyFLjtdUi98q9Y01TA9H8ha7AYxKnHPcFHgv hH2hCwHM6mXChMgpEixI95aSg6JF0gg+pCqTDjkCx67WvvxGLzXqz3meBjgAVfi+GkLu Gpig== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y11si15278928ilu.1.2021.08.02.06.47.59; Mon, 02 Aug 2021 06:47:59 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234273AbhHBNsH (ORCPT + 12 others); Mon, 2 Aug 2021 09:48:07 -0400 Received: from szxga02-in.huawei.com ([45.249.212.188]:12437 "EHLO szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234371AbhHBNrg (ORCPT ); Mon, 2 Aug 2021 09:47:36 -0400 Received: from dggemv711-chm.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4GdfNc5hgHzck40; Mon, 2 Aug 2021 21:43:44 +0800 (CST) Received: from dggpemm500006.china.huawei.com (7.185.36.236) by dggemv711-chm.china.huawei.com (10.1.198.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Mon, 2 Aug 2021 21:47:17 +0800 Received: from thunder-town.china.huawei.com (10.174.179.0) by dggpemm500006.china.huawei.com (7.185.36.236) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Mon, 2 Aug 2021 21:47:16 +0800 From: Zhen Lei To: Greg Kroah-Hartman , stable CC: Zhen Lei , Anna-Maria Gleixner , Mike Galbraith , Sasha Levin , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , linux-kernel Subject: [PATCH 4.4 09/11] futex: Avoid freeing an active timer Date: Mon, 2 Aug 2021 21:46:22 +0800 Message-ID: <20210802134624.1934-10-thunder.leizhen@huawei.com> X-Mailer: git-send-email 2.26.0.windows.1 In-Reply-To: <20210802134624.1934-1-thunder.leizhen@huawei.com> References: <20210802134624.1934-1-thunder.leizhen@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.174.179.0] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To dggpemm500006.china.huawei.com (7.185.36.236) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Thomas Gleixner [ Upstream commit 97181f9bd57405b879403763284537e27d46963d ] Alexander reported a hrtimer debug_object splat: ODEBUG: free active (active state 0) object type: hrtimer hint: hrtimer_wakeup (kernel/time/hrtimer.c:1423) debug_object_free (lib/debugobjects.c:603) destroy_hrtimer_on_stack (kernel/time/hrtimer.c:427) futex_lock_pi (kernel/futex.c:2740) do_futex (kernel/futex.c:3399) SyS_futex (kernel/futex.c:3447 kernel/futex.c:3415) do_syscall_64 (arch/x86/entry/common.c:284) entry_SYSCALL64_slow_path (arch/x86/entry/entry_64.S:249) Which was caused by commit: cfafcd117da0 ("futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()") ... losing the hrtimer_cancel() in the shuffle. Where previously the hrtimer_cancel() was done by rt_mutex_slowlock() we now need to do it manually. Reported-by: Alexander Levin Signed-off-by: Thomas Gleixner Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Fixes: cfafcd117da0 ("futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()") Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1704101802370.2906@nanos Signed-off-by: Ingo Molnar Signed-off-by: Zhen Lei --- kernel/futex.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.26.0.106.g9fadedd diff --git a/kernel/futex.c b/kernel/futex.c index e7c2e552aef4ae6..6d47b7dc1cfbee7 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -2960,8 +2960,10 @@ out_unlock_put_key: out_put_key: put_futex_key(&q.key); out: - if (to) + if (to) { + hrtimer_cancel(&to->timer); destroy_hrtimer_on_stack(&to->timer); + } return ret != -EINTR ? ret : -ERESTARTNOINTR; uaddr_faulted: