From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Miles Lane <miles.lane@gmail.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
Herbert Xu <herbert@gondor.hengli.com.au>,
LKML <linux-kernel@vger.kernel.org>,
"David S.Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
"Pekka Savola (ipv6)" <pekkas@netcore.fi>,
James Morris <jmorris@namei.org>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Patrick McHardy <kaber@trash.net>
Subject: Re: 2.6.36-rc5-git1 -- include/linux/netpoll.h:67 invoked rcu_dereference_check() without protection!
Date: Wed, 22 Sep 2010 11:21:24 -0700 [thread overview]
Message-ID: <20100922182124.GF2435@linux.vnet.ibm.com> (raw)
In-Reply-To: <C481C327-3E01-45CE-B2FF-A863E1AD8744@gmail.com>
On Wed, Sep 22, 2010 at 01:43:26PM -0400, Miles Lane wrote:
> That worked for me.
> Thanks!
Thank you, Eric and Miles!!!
Miles, you tested the version with irqs_disabled(), correct?
I have queued that version, hopefully Ingo will like it better than
he liked my earlier attempts... ;-)
Thanx, Paul
> Miles
>
> This message sent using my interplanetary mobile messaging device.
>
> On Sep 22, 2010, at 10:27 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>
> > Le mercredi 22 septembre 2010 à 08:38 +0200, Eric Dumazet a écrit :
> >> Le mercredi 22 septembre 2010 à 00:22 -0400, Miles Lane a écrit :
> >>> [ INFO: suspicious rcu_dereference_check() usage. ]
> >>> ---------------------------------------------------
> >>> include/linux/netpoll.h:67 invoked rcu_dereference_check() without protection!
> >>>
> >>> other info that might help us debug this:
> >>>
> >>>
> >>> rcu_scheduler_active = 1, debug_locks = 1
> >>> 1 lock held by avahi-daemon/1597:
> >>> #0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffffa03673b7>]
> >>> udpv6_sendmsg+0x6c2/0x9e6 [ipv6]
> >>>
> >>> stack backtrace:
> >>> Pid: 1597, comm: avahi-daemon Not tainted 2.6.36-rc5 #13
> >>> Call Trace:
> >>> [<ffffffff810618d7>] lockdep_rcu_dereference+0x9d/0xa6
> >>> [<ffffffff8129d543>] netif_rx+0x4e/0x1a7
> >>> [<ffffffff8102fe4e>] ? get_parent_ip+0x11/0x41
> >>> [<ffffffff8129d7e3>] netif_rx_ni+0x1e/0x58
> >>> [<ffffffffa0352d50>] ip6_dev_loopback_xmit+0xc0/0xc7 [ipv6]
> >>> [<ffffffffa0352ef0>] ip6_finish_output2+0x199/0x3b6 [ipv6]
> >>> [<ffffffffa035401c>] ip6_finish_output+0xf0f/0xf27 [ipv6]
> >>> [<ffffffff8131e08a>] ? csum_partial_copy_from_user+0xb4/0xea
> >>> [<ffffffff812968a8>] ? csum_partial_copy_fromiovecend+0x178/0x1bd
> >>> [<ffffffffa035418c>] ip6_output+0x158/0x161 [ipv6]
> >>> [<ffffffff8102fe4e>] ? get_parent_ip+0x11/0x41
> >>> [<ffffffffa035262d>] ip6_local_out+0x5d/0x62 [ipv6]
> >>> [<ffffffffa0352a98>] ip6_push_pending_frames+0x466/0x524 [ipv6]
> >>> [<ffffffffa0366a93>] udp_v6_push_pending_frames+0x27f/0x2fb [ipv6]
> >>> [<ffffffffa03673b7>] ? udpv6_sendmsg+0x6c2/0x9e6 [ipv6]
> >>> [<ffffffffa03674ba>] udpv6_sendmsg+0x7c5/0x9e6 [ipv6]
> >>> [<ffffffff812fb634>] ? inet_sendmsg+0x0/0x11f
> >>> [<ffffffff812fb746>] inet_sendmsg+0x112/0x11f
> >>> [<ffffffff812fb634>] ? inet_sendmsg+0x0/0x11f
> >>> [<ffffffff8128ca91>] sock_sendmsg+0xe7/0x108
> >>> [<ffffffff810a4c3b>] ? might_fault+0x63/0xb3
> >>> [<ffffffff810a4c84>] ? might_fault+0xac/0xb3
> >>> [<ffffffff810a4c3b>] ? might_fault+0x63/0xb3
> >>> [<ffffffff8128d346>] sys_sendmsg+0x24f/0x2d6
> >>> [<ffffffff8102fe4e>] ? get_parent_ip+0x11/0x41
> >>> [<ffffffff81031ef7>] ? sub_preempt_count+0x92/0xa6
> >>> [<ffffffff810570ce>] ? __srcu_read_unlock+0x3b/0x57
> >>> [<ffffffff81001f9c>] ? sysret_check+0x27/0x62
> >>> [<ffffffff81001f6b>] system_call_fastpath+0x16/0x1b#
> >>
> >> Oh well.
> >>
> >> Thanks for the report. Could you please test following patch ?
> >>
> >>
> >> [PATCH] rcu: rcu_dereference_bh() is hard irq safe
> >>
> >> rcu_dereference_bh() doesnt know yet about hard irq being disabled, so
> >> lockdep can trigger in netpoll_rx() after commit f0f9deae9e7c4 (netpoll:
> >> Disable IRQ around RCU dereference in netpoll_rx)
> >>
> >> Reported-by: Miles Lane <miles.lane@gmail.com>
> >> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
> >> ---
> >> diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
> >> index 9fbc54a..435c502 100644
> >> --- a/include/linux/rcupdate.h
> >> +++ b/include/linux/rcupdate.h
> >> @@ -454,7 +454,7 @@ static inline notrace void rcu_read_unlock_sched_notrace(void)
> >> * Makes rcu_dereference_check() do the dirty work.
> >> */
> >> #define rcu_dereference_bh(p) \
> >> - rcu_dereference_check(p, rcu_read_lock_bh_held())
> >> + rcu_dereference_check(p, rcu_read_lock_bh_held() || in_irq())
> >
> > oops, I meant irqs_disabled() here, not in_irq()
> >
> >>
> >> /**
> >> * rcu_dereference_sched - fetch RCU-protected pointer, checking for RCU-sched
> >>
> >
> >
prev parent reply other threads:[~2010-09-22 18:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-22 4:22 2.6.36-rc5-git1 -- include/linux/netpoll.h:67 invoked rcu_dereference_check() without protection! Miles Lane
2010-09-22 6:38 ` Eric Dumazet
2010-09-22 14:27 ` Eric Dumazet
2010-09-22 17:43 ` Miles Lane
2010-09-22 18:21 ` Paul E. McKenney [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100922182124.GF2435@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=herbert@gondor.hengli.com.au \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=miles.lane@gmail.com \
--cc=pekkas@netcore.fi \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.