[PATCH v3] nvme: rdma/tcp: fix list corruption with anatt timer
Maurizio Lombardi
mlombard at redhat.com
Wed Apr 28 07:39:11 BST 2021
út 27. 4. 2021 v 22:02 odesílatel Martin Wilck <mwilck at suse.com> napsal:
> The code doesn't use add_timer(), only mod_timer() and
> del_timer_sync(). And we didn't observe a crash upon add_timer(). What
> we observed was that a timer had been enqueued multiple times, and the
> kernel crashes in expire_timers()->detach_timer(), when it encounters
> an already detached entry in the timer list.
How can a timer end up enqueued multiple times?
It's safe to call mod_timer() against both an active or an inactive timer
and mod_timer() is thread-safe also.
IMO the problem is due to the fact that timer_setup() could end up
being called against
an active, pending timer.
timer_setup() doesn't take any lock and modifies the pprev pointer and
the timer's flags
Maurizio
More information about the Linux-nvme
mailing list