From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Dexuan Cui <decui@microsoft.com>
Cc: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
driverdev-devel@linuxdriverproject.org, olaf@aepfle.de,
apw@canonical.com, jasowang@redhat.com, kys@microsoft.com,
haiyangz@microsoft.com, rolf.neugebauer@docker.com,
dave.scott@docker.com, ian.campbell@docker.com
Subject: Re: [PATCH v3] Drivers: hv: vmbus: fix the race when querying & updating the percpu list
Date: Tue, 31 May 2016 18:26:54 +0200 [thread overview]
Message-ID: <87twhefb1t.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <1463896966-4745-1-git-send-email-decui@microsoft.com> (Dexuan Cui's message of "Sat, 21 May 2016 23:02:46 -0700")
Dexuan Cui <decui@microsoft.com> writes:
> There is a rare race when we remove an entry from the global list
> hv_context.percpu_list[cpu] in hv_process_channel_removal() ->
> percpu_channel_deq() -> list_del(): at this time, if vmbus_on_event() ->
> process_chn_event() -> pcpu_relid2channel() is trying to query the list,
> we can get the kernel fault.
>
> Similarly, we also have the issue in the code path: vmbus_process_offer() ->
> percpu_channel_enq().
>
> We can resolve the issue by disabling the tasklet when updating the list.
>
> The patch also moves vmbus_release_relid() to a later place where
> the channel has been removed from the per-cpu and the global lists.
>
> Reported-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
> Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
> Signed-off-by: Dexuan Cui <decui@microsoft.com>
Tested 4.7-rc1 with this path applied and kernel always crashes on boot
(WS2016TP5, 12 CPU SMP guest, Generation 2):
[ 5.464251] hv_vmbus: Hyper-V Host Build:14300-10.0-1-0.1006; Vmbus version:4.0
[ 5.471666] hv_vmbus: Unknown GUID: f8e65716-3cb3-4a06-9a60-1889c5cccab5
[ 5.472143] BUG: unable to handle kernel paging request at 000000079fff5288
[ 5.477107] IP: [<ffffffffa0004b91>] vmbus_onoffer+0x311/0x570 [hv_vmbus]
[ 5.477107] PGD 0
[ 5.477107] Oops: 0000 [#1] SMP
[ 5.477107] Modules linked in: hv_vmbus
[ 5.477107] CPU: 11 PID: 189 Comm: kworker/11:1 Not tainted 4.7.0-rc1_dc1_test+ #262
[ 5.477107] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v1.0 11/26/2012
[ 5.477107] Workqueue: hv_vmbus_con vmbus_onmessage_work [hv_vmbus]
[ 5.477107] task: ffff8801796e4480 ti: ffff8801796e8000 task.ti: ffff8801796e8000
[ 5.477107] RIP: 0010:[<ffffffffa0004b91>] [<ffffffffa0004b91>] vmbus_onoffer+0x311/0x570 [hv_vmbus]
[ 5.477107] RSP: 0018:ffff8801796ebc50 EFLAGS: 00010286
[ 5.477107] RAX: 00000000ffff8801 RBX: ffff880032641000 RCX: 0000000000000050
[ 5.477107] RDX: 0000000000040000 RSI: 0000000000000000 RDI: ffff880032641000
[ 5.477107] RBP: ffff8801796ebd10 R08: 0000000000000001 R09: 0000000000000001
[ 5.477107] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000010
[ 5.477107] R13: 4a063cb3f8e65716 R14: b5caccc58918609a R15: ffffffffa0008b60
[ 5.477107] FS: 0000000000000000(0000) GS:ffff88017c000000(0000) knlGS:0000000000000000
[ 5.477107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5.477107] CR2: 000000079fff5288 CR3: 0000000032613000 CR4: 00000000001406e0
[ 5.477107] Stack:
[ 5.477107] ffff880032641780 ffff88003264102c 0010010000000046 ffffffffa000646e
[ 5.477107] ffff8801796e5090 ffff8801796e4480 00000000004f827d 0000000000000001
[ 5.477107] 0000000000000000 ffff8801796ebce8 ffffffff810eaebc 00000000796e5058
[ 5.477107] Call Trace:
[ 5.477107] [<ffffffff810eaebc>] ? __lock_acquire+0x3dc/0x730
[ 5.477107] [<ffffffffa0005263>] vmbus_onmessage+0x33/0xa0 [hv_vmbus]
[ 5.477107] [<ffffffffa0001371>] vmbus_onmessage_work+0x21/0x30 [hv_vmbus]
[ 5.653321] [<ffffffff810abd1f>] process_one_work+0x1ff/0x6d0
[ 5.653321] [<ffffffff810abca1>] ? process_one_work+0x181/0x6d0
[ 5.653321] [<ffffffff810ac23e>] worker_thread+0x4e/0x490
[ 5.653321] [<ffffffff810ac1f0>] ? process_one_work+0x6d0/0x6d0
[ 5.653321] [<ffffffff810ac1f0>] ? process_one_work+0x6d0/0x6d0
[ 5.653321] [<ffffffff810b31b1>] kthread+0x101/0x120
[ 5.653321] [<ffffffff81739cef>] ret_from_fork+0x1f/0x40
[ 5.653321] [<ffffffff810b30b0>] ? kthread_create_on_node+0x250/0x250
[ 5.653321] Code: 74 24 08 48 c7 c7 60 6c 00 a0 e8 0a 9e 1b e1 b8 10 00 00 00 66 89 44 24 16 44 89 e6 48 89 df e8 f6 f9 ff ff 41 8b 87 f4 02 00 00 <48> 8b 14 c5 80 12 03 a0 f0 ff 42 10 48 8b 42 08 a8 02 75 f8 0f
[ 5.653321] RIP [<ffffffffa0004b91>] vmbus_onoffer+0x311/0x570 [hv_vmbus]
[ 5.653321] RSP <ffff8801796ebc50>
[ 5.653321] CR2: 000000079fff5288
[ 5.653321] ---[ end trace 62df6070997f1f10 ]---
[ 5.653321] Kernel panic - not syncing: Fatal exception
[ 5.653321] Kernel Offset: disabled
[ 5.653321] ---[ end Kernel panic - not syncing: Fatal exception
[ 5.653480] ------------[ cut here ]------------
I can investigate it tomorrow if this doesn't reproduce for you.
<skip>
--
Vitaly
next prev parent reply other threads:[~2016-05-31 16:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-22 6:02 [PATCH v3] Drivers: hv: vmbus: fix the race when querying & updating the percpu list Dexuan Cui
2016-05-31 16:26 ` Vitaly Kuznetsov [this message]
2016-06-01 6:39 ` Dexuan Cui
2016-06-01 8:58 ` Vitaly Kuznetsov
2016-06-01 10:01 ` Dexuan Cui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87twhefb1t.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=apw@canonical.com \
--cc=dave.scott@docker.com \
--cc=decui@microsoft.com \
--cc=driverdev-devel@linuxdriverproject.org \
--cc=gregkh@linuxfoundation.org \
--cc=haiyangz@microsoft.com \
--cc=ian.campbell@docker.com \
--cc=jasowang@redhat.com \
--cc=kys@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf@aepfle.de \
--cc=rolf.neugebauer@docker.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.