From patchwork Tue Jul 28 08:44:56 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 30289 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@bilbo.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from ozlabs.org (ozlabs.org [203.10.76.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx.ozlabs.org", Issuer "CA Cert Signing Authority" (verified OK)) by bilbo.ozlabs.org (Postfix) with ESMTPS id 15911B7B67 for ; Tue, 28 Jul 2009 18:46:53 +1000 (EST) Received: by ozlabs.org (Postfix) id 05CA1DDD1C; Tue, 28 Jul 2009 18:46:53 +1000 (EST) Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 5FE11DDD1B for ; Tue, 28 Jul 2009 18:46:52 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752785AbZG1Iqm (ORCPT ); Tue, 28 Jul 2009 04:46:42 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752754AbZG1Iqm (ORCPT ); Tue, 28 Jul 2009 04:46:42 -0400 Received: from gw1.cosmosbay.com ([212.99.114.194]:57546 "EHLO gw1.cosmosbay.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752753AbZG1Iql (ORCPT ); Tue, 28 Jul 2009 04:46:41 -0400 Received: from [127.0.0.1] (localhost [127.0.0.1]) by gw1.cosmosbay.com (8.13.7/8.13.7) with ESMTP id n6S8ivkq021329; Tue, 28 Jul 2009 10:44:57 +0200 Message-ID: <4A6EBA88.8030205@cosmosbay.com> Date: Tue, 28 Jul 2009 10:44:56 +0200 From: Eric Dumazet User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: Igor M Podlesny CC: Andrew Morton , bugzilla-daemon@bugzilla.kernel.org, bugme-daemon@bugzilla.kernel.org, netdev@vger.kernel.org, Pavel Emelyanov , "Paul E. McKenney" , "David S. Miller" Subject: Re: [Bugme-new] [Bug 13760] New: 2.6.30 kernel locks up with pppoe in back trace (regression) References: <20090722134557.2457c5f5.akpm@linux-foundation.org> <43d009740907222339n50ebe411ya6453dc5a294b9a0@mail.gmail.com> <20090723000100.d74d6b1c.akpm@linux-foundation.org> <43d009740907272340g7f98ed55lfff38bfedd867a99@mail.gmail.com> In-Reply-To: <43d009740907272340g7f98ed55lfff38bfedd867a99@mail.gmail.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (gw1.cosmosbay.com [0.0.0.0]); Tue, 28 Jul 2009 10:45:02 +0200 (CEST) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Igor M Podlesny a écrit : > [...] >> Could have been a problem in net core, perhaps. >> >> Below is a ppp fix from 2.6.31, but it seems unlikely to fix your problem. >> >> It would help if we could see that trace, please. A digital photo >> would suit. > > Here it is: > > http://bugzilla.kernel.org/attachment.cgi?id=22516 > > (It's 2.6.30.3) > Looking at this, I believe net_assign_generic() is not safe. Two cpus could try to expand/update the array at same time, one update could be lost. register_pernet_gen_device() has a mutex to guard against concurrent calls, but net_assign_generic() has no locking at all. I doubt this is the reason of the crash, still worth to mention it... [PATCH] net: net_assign_generic() is not SMP safe Two cpus could try to expand/update the array at same time, one update could be lost during the copy of old array. Re-using net_mutex is an easy way to fix this, it was used right before to allocate the 'id' Signed-off-by: Eric Dumazet --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index b7292a2..9c31ad1 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -467,15 +467,17 @@ int net_assign_generic(struct net *net, int id, void *data) BUG_ON(!mutex_is_locked(&net_mutex)); BUG_ON(id == 0); + mutex_lock(&net_mutex); ng = old_ng = net->gen; if (old_ng->len >= id) goto assign; ng = kzalloc(sizeof(struct net_generic) + id * sizeof(void *), GFP_KERNEL); - if (ng == NULL) + if (ng == NULL) { + mutex_unlock(&net_mutex); return -ENOMEM; - + } /* * Some synchronisation notes: * @@ -494,6 +496,7 @@ int net_assign_generic(struct net *net, int id, void *data) call_rcu(&old_ng->rcu, net_generic_release); assign: ng->ptr[id - 1] = data; + mutex_unlock(&net_mutex); return 0; } EXPORT_SYMBOL_GPL(net_assign_generic);