| Message ID | 1320217652.30178.1.camel@edumazet-laptop |
|---|---|
| State | Superseded, archived |
| Delegated to: | David Miller |
| Headers | show |
El 02/11/2011 8:07, Eric Dumazet escribió: > Le mercredi 02 novembre 2011 à 09:04 +0400, Misha Labjuk a écrit : >> 2011/11/2 Eric Dumazet <eric.dumazet@gmail.com>: >>> >>> On what kind of NIC this is happening ? >>> >> >> Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit >> Ethernet controller (rev 02) >> Kernel driver in use: r8169 > > OK thanks, could you try the following patch as well ? > > If we release reorder_q.lock, we must not keep a dangling pointer (tmp) > and restart the whole loop. > > diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c > index 34b2dde..bf8d50c 100644 > --- a/net/l2tp/l2tp_core.c > +++ b/net/l2tp/l2tp_core.c > @@ -397,6 +397,7 @@ static void l2tp_recv_dequeue(struct l2tp_session *session) > * expect to send up next, dequeue it and any other > * in-sequence packets behind it. > */ > +start: > spin_lock_bh(&session->reorder_q.lock); > skb_queue_walk_safe(&session->reorder_q, skb, tmp) { > if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) { > @@ -433,7 +434,7 @@ static void l2tp_recv_dequeue(struct l2tp_session *session) > */ > spin_unlock_bh(&session->reorder_q.lock); > l2tp_recv_dequeue_skb(session, skb); > - spin_lock_bh(&session->reorder_q.lock); > + goto start; > } > > out: > > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > > I've been using this same exact patch on an old kernel since a while ago. I had one system that crashed here, now decommissioned. After some testing I was unable to reproduce the bug in another systems but on the one that exhibited the problem it fixed the crashes. Regards, Jorge
Thanks!! Panic disappeared. 2011/11/2 Eric Dumazet <eric.dumazet@gmail.com>: > OK thanks, could you try the following patch as well ? > > If we release reorder_q.lock, we must not keep a dangling pointer (tmp) > and restart the whole loop. > > diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c > index 34b2dde..bf8d50c 100644 > --- a/net/l2tp/l2tp_core.c > +++ b/net/l2tp/l2tp_core.c > @@ -397,6 +397,7 @@ static void l2tp_recv_dequeue(struct l2tp_session *session) > * expect to send up next, dequeue it and any other > * in-sequence packets behind it. > */ > +start: > spin_lock_bh(&session->reorder_q.lock); > skb_queue_walk_safe(&session->reorder_q, skb, tmp) { > if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) { > @@ -433,7 +434,7 @@ static void l2tp_recv_dequeue(struct l2tp_session *session) > */ > spin_unlock_bh(&session->reorder_q.lock); > l2tp_recv_dequeue_skb(session, skb); > - spin_lock_bh(&session->reorder_q.lock); > + goto start; > } > > out: > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c index 34b2dde..bf8d50c 100644 --- a/net/l2tp/l2tp_core.c +++ b/net/l2tp/l2tp_core.c @@ -397,6 +397,7 @@ static void l2tp_recv_dequeue(struct l2tp_session *session) * expect to send up next, dequeue it and any other * in-sequence packets behind it. */ +start: spin_lock_bh(&session->reorder_q.lock); skb_queue_walk_safe(&session->reorder_q, skb, tmp) { if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) { @@ -433,7 +434,7 @@ static void l2tp_recv_dequeue(struct l2tp_session *session) */ spin_unlock_bh(&session->reorder_q.lock); l2tp_recv_dequeue_skb(session, skb); - spin_lock_bh(&session->reorder_q.lock); + goto start; } out: