percpu: fix pcpu_reclaim() locking

pcpu_reclaim() calls pcpu_depopulate_chunk() which makes use of pages array and bitmap returned by pcpu_get_pages_and_bitmap() and thus should be called under pcpu_alloc_mutex. pcpu_reclaim() released the mutex before calling depopulate leading to double free and other strange problems caused by the unexpected concurrent usages of pages array and bitmap. Fix it. Signed-off-by: Tejun Heo <tj@kernel.org> Reviewed-by: Christoph Lameter <cl@linux-foundation.org>

percpu: fix pcpu_reclaim() locking
pcpu_reclaim() calls pcpu_depopulate_chunk() which makes use of pages array and bitmap returned by pcpu_get_pages_and_bitmap() and thus should be called under pcpu_alloc_mutex. pcpu_reclaim() released the mutex before calling depopulate leading to double free and other strange problems caused by the unexpected concurrent usages of pages array and bitmap. Fix it. Signed-off-by: Tejun Heo <tj@kernel.org> Reviewed-by: Christoph Lameter <cl@linux-foundation.org>
Tejun Heo
1 parent 384be2b18a
Showing 1 changed file with 2 additions and 1 deletions Side-by-side Diff
mm/percpu.c
@@ -1181,12 +1181,13 @@
 	}
  
 	spin_unlock_irq(&pcpu_lock);
-	mutex_unlock(&pcpu_alloc_mutex);
  
 	list_for_each_entry_safe(chunk, next, &todo, list) {
 		pcpu_depopulate_chunk(chunk, 0, pcpu_unit_size);
 		free_pcpu_chunk(chunk);
 	}
+
+	mutex_unlock(&pcpu_alloc_mutex);
 }
  
 /**
...	...	@@ -1181,12 +1181,13 @@
1181	1181	}
1182	1182
1183	1183	spin_unlock_irq(&pcpu_lock);
1184		- mutex_unlock(&pcpu_alloc_mutex);
1185	1184
1186	1185	list_for_each_entry_safe(chunk, next, &todo, list) {
1187	1186	pcpu_depopulate_chunk(chunk, 0, pcpu_unit_size);
1188	1187	free_pcpu_chunk(chunk);
1189	1188	}
	1189	+
	1190	+ mutex_unlock(&pcpu_alloc_mutex);
1190	1191	}
1191	1192
1192	1193	/**