On 13.04.2018 10:32, Kohli, Gaurav wrote:
> Hi ,
> 
> I have checked below code and it seems we are calling debug_object_free
> twice, ideally we should deactivate and later we
> have to destroy.
> 
> 1st call -> percpu_counter_destroy->debug_percpu_counter_deactivate ->
> debug_object_free
> 2nd call ->
> debug_object_free
> 
> 
> 
> static bool percpu_counter_fixup_free(void *addr, enum debug_obj_state
> state)
> {
>         struct percpu_counter *fbc = addr;
> 
>         switch (state) {
>         case ODEBUG_STATE_ACTIVE:
>                 percpu_counter_destroy(fbc);  -> first call
>                 debug_object_free(fbc, &percpu_counter_debug_descr); 2nd


Having looked at the code I'd say this is indeed buggy. I'd say it
stemmed from same cargo culting since timer_fixup_free follows the same
structure of code, except that in del_timer_sync there is no code which
does debug_object_free. The situation is similar in work_fixup_free.

So at this point I guess the question is whether we want to leave the
debug_object_free call in percpu_counter_fixup_free and just remove
debug_percpu_counter_deactivate and open-code the call to
debug_object_deactivate in percpu_counter_destroy. Or remove the
explicit call in percpu_counter_fixup_free and leave
debug_percpu_counter_deactivate.


In the end it's a matter of style, so perhaps Tejun, as the maintainer,
has the final say what style he prefers. Personally, I'd go for the
former solution so that the percpu follows the style of the rest of the
kernel.

> call
>                 return true;
>         default:
>                 return false;
>         }
> }
> 
> 
> We are seeing one issue, where one list contain garbage data in
> obj_hash, just before element of that is percpu_counter but
> still not sure as it is very difficult to reproduce.
> 
> Can some one please review above code or can we remove one instance of
> debug_object_free from above code.
> 
> Regards
> Gaurav
> 

Reply via email to