Re: [PATCH v4a 00/38] timers: Use timer_shutdown*() before freeing timer

To: Steven Rostedt <rostedt@xxxxxxxxxxx>
Subject: Re: [PATCH v4a 00/38] timers: Use timer_shutdown*() before freeing timers
Cc: linux-kernel@xxxxxxxxxxxxxxx, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Stephen Boyd <sboyd@xxxxxxxxxx>, Anna-Maria Gleixner <anna-maria@xxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, rcu@xxxxxxxxxxxxxxx, linux-doc@xxxxxxxxxxxxxxx, linux-s390@xxxxxxxxxxxxxxx, linux-sh@xxxxxxxxxxxxxxx, linux-edac@xxxxxxxxxxxxxxx, cgroups@xxxxxxxxxxxxxxx, linux-block@xxxxxxxxxxxxxxx, linux-acpi@xxxxxxxxxxxxxxx, linux-atm-general@xxxxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, linux-pm@xxxxxxxxxxxxxxx, drbd-dev@xxxxxxxxxxxxxxxx, linux-bluetooth@xxxxxxxxxxxxxxx, openipmi-developer@xxxxxxxxxxxxxxxxxxxxx, linux-media@xxxxxxxxxxxxxxx, dri-devel@xxxxxxxxxxxxxxxxxxxxx, linaro-mm-sig@xxxxxxxxxxxxxxxx, intel-gfx@xxxxxxxxxxxxxxxxxxxxx, linux-input@xxxxxxxxxxxxxxx, linux-parisc@xxxxxxxxxxxxxxx, linux-leds@xxxxxxxxxxxxxxx, intel-wired-lan@xxxxxxxxxxxxxxxx, linux-usb@xxxxxxxxxxxxxxx, linux-wireless@xxxxxxxxxxxxxxx, linux-scsi@xxxxxxxxxxxxxxx, linux-staging@xxxxxxxxxxxxxxx, linux-ext4@xxxxxxxxxxxxxxx, linux-nilfs@xxxxxxxxxxxxxxx, bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxx, coreteam@xxxxxxxxxxxxx, lvs-devel@xxxxxxxxxxxxxxx, linux-afs@xxxxxxxxxxxxxxxxxxx, linux-nfs@xxxxxxxxxxxxxxx, tipc-discussion@xxxxxxxxxxxxxxxxxxxxx, alsa-devel@xxxxxxxxxxxxxxxx
From: Guenter Roeck <linux@xxxxxxxxxxxx>
Date: Sat, 5 Nov 2022 07:18:17 -0700
On Sat, Nov 05, 2022 at 02:00:24AM -0400, Steven Rostedt wrote:
> Back in April, I posted an RFC patch set to help mitigate a common issue
> where a timer gets armed just before it is freed, and when the timer
> goes off, it crashes in the timer code without any evidence of who the
> culprit was. I got side tracked and never finished up on that patch set.
> Since this type of crash is still our #1 crash we are seeing in the field,
> it has become a priority again to finish it.
> The last version of that patch set is here:
> I'm calling this version 4a as it only has obvious changes were the timer that
> is being shutdown is in the same function where it will be freed or released,
> as this series should be "safe" for adding. I'll be calling the other patches
> 4b for the next merge window.

Just in case you didn't notice:

Looking through the resulting code, I think some of the remaining
calls to del_singleshot_timer_sync() can be converted as well.

The calls in drivers/staging/wlan-ng/prism2usb.c:prism2sta_disconnect_usb()
are obvious (the containing data structure is freed in the same function).
For drivers/char/tpm/tpm-dev-common.c:tpm_common_release(), the containing
data structure is freed in the calling code.


