From 6bc2aea166eb66a36e7ae3979af85faf80f7d2e3 Mon Sep 17 00:00:00 2001 From: Zygo Blaxell Date: Fri, 12 Jun 2009 13:37:50 -0400 Subject: [PATCH] LIB: remove unmatched write_lock() in gen_pool_destroy There is a call to write_lock() in gen_pool_destroy which is not balanced by any corresponding write_unlock(). This causes problems with preemption because the preemption-disable counter is incremented in the write_lock() call, but never decremented by a write_unlock() call. This bug is difficult to observe in the field because only two in-tree drivers call gen_pool_destroy, and one of them is non-x86 arch-specific code. To fix this, I have chosen removing the write_lock() over adding a write_unlock() because the lock in question is inside a structure which is being freed. Any other thread that waited to acquire such a lock while gen_pool_destroy was running would find itself holding a lock in recently-freed or about-to-be-freed memory. Using a pool while it is in the process of being destroyed is a bug that must be resolved outside of the gen_pool_destroy function. Signed-off-by: Zygo Blaxell --- lib/genalloc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/genalloc.c b/lib/genalloc.c index f6d276db2d58..eed2bdb865e7 100644 --- a/lib/genalloc.c +++ b/lib/genalloc.c @@ -85,7 +85,6 @@ void gen_pool_destroy(struct gen_pool *pool) int bit, end_bit; - write_lock(&pool->lock); list_for_each_safe(_chunk, _next_chunk, &pool->chunks) { chunk = list_entry(_chunk, struct gen_pool_chunk, next_chunk); list_del(&chunk->next_chunk); -- 2.39.5