From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Rusty Russell <rusty@rustcorp.com.au>,
"Michael S. Tsirkin" <mst@redhat.com>,
Andrey Vagin <avagin@openvz.org>,
Jason Wang <jasowang@redhat.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.10 12/62] virtio: delete napi structures from netdev before releasing memory
Date: Mon, 13 Jan 2014 16:26:37 -0800 [thread overview]
Message-ID: <20140114002710.810322145@linuxfoundation.org> (raw)
In-Reply-To: <20140114002710.464561569@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Vagin <avagin@openvz.org>
[ Upstream commit d4fb84eefe5164f6a6ea51d0a9e26280c661a0dd ]
free_netdev calls netif_napi_del too, but it's too late, because napi
structures are placed on vi->rq. netif_napi_add() is called from
virtnet_alloc_queues.
general protection fault: 0000 [#1] SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in: ip6table_filter ip6_tables iptable_filter ip_tables virtio_balloon pcspkr virtio_net(-) i2c_pii
CPU: 1 PID: 347 Comm: rmmod Not tainted 3.13.0-rc2+ #171
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: ffff8800b779c420 ti: ffff8800379e0000 task.ti: ffff8800379e0000
RIP: 0010:[<ffffffff81322e19>] [<ffffffff81322e19>] __list_del_entry+0x29/0xd0
RSP: 0018:ffff8800379e1dd0 EFLAGS: 00010a83
RAX: 6b6b6b6b6b6b6b6b RBX: ffff8800379c2fd0 RCX: dead000000200200
RDX: 6b6b6b6b6b6b6b6b RSI: 0000000000000001 RDI: ffff8800379c2fd0
RBP: ffff8800379e1dd0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff8800379c2f90
R13: ffff880037839160 R14: 0000000000000000 R15: 00000000013352f0
FS: 00007f1400e34740(0000) GS:ffff8800bfb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f464124c763 CR3: 00000000b68cf000 CR4: 00000000000006e0
Stack:
ffff8800379e1df0 ffffffff8155beab 6b6b6b6b6b6b6b2b ffff8800378391c0
ffff8800379e1e18 ffffffff8156499b ffff880037839be0 ffff880037839d20
ffff88003779d3f0 ffff8800379e1e38 ffffffffa003477c ffff88003779d388
Call Trace:
[<ffffffff8155beab>] netif_napi_del+0x1b/0x80
[<ffffffff8156499b>] free_netdev+0x8b/0x110
[<ffffffffa003477c>] virtnet_remove+0x7c/0x90 [virtio_net]
[<ffffffff813ae323>] virtio_dev_remove+0x23/0x80
[<ffffffff813f62ef>] __device_release_driver+0x7f/0xf0
[<ffffffff813f6ca0>] driver_detach+0xc0/0xd0
[<ffffffff813f5f28>] bus_remove_driver+0x58/0xd0
[<ffffffff813f72ec>] driver_unregister+0x2c/0x50
[<ffffffff813ae65e>] unregister_virtio_driver+0xe/0x10
[<ffffffffa0036942>] virtio_net_driver_exit+0x10/0x6ce [virtio_net]
[<ffffffff810d7cf2>] SyS_delete_module+0x172/0x220
[<ffffffff810a732d>] ? trace_hardirqs_on+0xd/0x10
[<ffffffff810f5d4c>] ? __audit_syscall_entry+0x9c/0xf0
[<ffffffff81677f69>] system_call_fastpath+0x16/0x1b
Code: 00 00 55 48 8b 17 48 b9 00 01 10 00 00 00 ad de 48 8b 47 08 48 89 e5 48 39 ca 74 29 48 b9 00 02 20 00 00 00
RIP [<ffffffff81322e19>] __list_del_entry+0x29/0xd0
RSP <ffff8800379e1dd0>
---[ end trace d5931cd3f87c9763 ]---
Fixes: 986a4f4d452d (virtio_net: multiqueue support)
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/virtio_net.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1285,6 +1285,11 @@ static void virtnet_config_changed(struc
static void virtnet_free_queues(struct virtnet_info *vi)
{
+ int i;
+
+ for (i = 0; i < vi->max_queue_pairs; i++)
+ netif_napi_del(&vi->rq[i].napi);
+
kfree(vi->rq);
kfree(vi->sq);
}
next prev parent reply other threads:[~2014-01-14 1:09 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-14 0:26 [PATCH 3.10 00/62] 3.10.27-stable review Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 01/62] irqchip: renesas-irqc: Fix irqc_probe error handling Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 02/62] clocksource: em_sti: Set cpu_possible_mask to fix SMP broadcast Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 03/62] gpio-rcar: R-Car GPIO IRQ share interrupt Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 04/62] HID: Revert "Revert "HID: Fix logitech-dj: missing Unifying device issue"" Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 05/62] IPv6: Fixed support for blackhole and prohibit routes Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 06/62] net: do not pretend FRAGLIST support Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 07/62] rds: prevent BUG_ON triggered on congestion update to loopback Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 08/62] macvtap: Do not double-count received packets Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 09/62] macvtap: update file current position Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 10/62] tun: " Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 11/62] macvtap: signal truncated packets Greg Kroah-Hartman
2014-01-14 0:26 ` Greg Kroah-Hartman [this message]
2014-01-14 0:26 ` [PATCH 3.10 13/62] packet: fix send path when running with proto == 0 Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 14/62] ipv6: dont count addrconf generated routes against gc limit Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 15/62] net: drop_monitor: fix the value of maxattr Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 16/62] net: unix: allow set_peek_off to fail Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 17/62] tg3: Initialize REG_BASE_ADDR at PCI config offset 120 to 0 Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 18/62] netvsc: dont flush peers notifying work during setting mtu Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 19/62] ipv6: fix illegal mac_header comparison on 32bit Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 20/62] net: unix: allow bind to fail on mutex lock Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 22/62] net: inet_diag: zero out uninitialized idiag_{src,dst} fields Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 23/62] drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl() Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 25/62] net: fec: fix potential use after free Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 26/62] ipv6: always set the new created dsts from in ip6_rt_copy Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 27/62] rds: prevent dereference of a NULL device Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 28/62] net: rose: restore old recvmsg behavior Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 29/62] vlan: Fix header ops passthru when doing TX VLAN offload Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 30/62] virtio_net: fix error handling for mergeable buffers Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 31/62] virtio-net: make all RX paths handle errors consistently Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 32/62] virtio_net: dont leak memory or block when too many frags Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 33/62] virtio-net: fix refill races during restore Greg Kroah-Hartman
2014-01-14 0:26 ` [PATCH 3.10 34/62] net: llc: fix use after free in llc_ui_recvmsg Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 35/62] netpoll: Fix missing TXQ unlock and and OOPS Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 36/62] bridge: use spin_lock_bh() in br_multicast_set_hash_max Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 37/62] net: Loosen constraints for recalculating checksum in skb_segment() Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 38/62] ARM: fix footbridge clockevent device Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 39/62] ARM: fix "bad mode in ... handler" message for undefined instructions Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 40/62] ARM: dts: exynos5250: Fix MDMA0 clock number Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 41/62] ARM: shmobile: kzm9g: Fix coherent DMA mask Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 42/62] ARM: shmobile: armadillo: " Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 43/62] ARM: shmobile: mackerel: " Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 45/62] parisc: Ensure full cache coherency for kmap/kunmap Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 46/62] ahci: add PCI ID for Marvell 88SE9170 SATA controller Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 47/62] clk: clk-divider: fix divisor > 255 bug Greg Kroah-Hartman
2014-01-14 0:27 ` Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 48/62] clk: samsung: exynos4: Correct SRC_MFC register Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 49/62] clk: samsung: exynos5250: Add CLK_IGNORE_UNUSED flag for the sysreg clock Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 50/62] clk: exynos5250: fix sysmmu_mfc{l,r} gate clocks Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 51/62] mfd: rtsx_pcr: Disable interrupts before cancelling delayed works Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 52/62] ACPI / TPM: fix memory leak when walking ACPI namespace Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 53/62] ACPI / Battery: Add a _BIX quirk for NEC LZ750/LS Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 54/62] mac80211: move "bufferable MMPDU" check to fix AP mode scan Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 55/62] intel_pstate: Add X86_FEATURE_APERFMPERF to cpu match parameters Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 56/62] SCSI: sd: Reduce buffer size for vpd request Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 57/62] netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 58/62] x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 59/62] sched: Fix race on toggling cfs_bandwidth_used Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 60/62] sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 61/62] sched: Fix hrtimer_cancel()/rq->lock deadlock Greg Kroah-Hartman
2014-01-14 0:27 ` [PATCH 3.10 62/62] sched: Guarantee new group-entities always have weight Greg Kroah-Hartman
2014-01-14 3:02 ` [PATCH 3.10 00/62] 3.10.27-stable review Guenter Roeck
2014-01-14 23:12 ` Greg Kroah-Hartman
2014-01-14 19:30 ` Shuah Khan
2014-01-14 23:12 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140114002710.810322145@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=avagin@openvz.org \
--cc=davem@davemloft.net \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=rusty@rustcorp.com.au \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.