From: Pavel Emelyanov <xemul@openvz.org>
To: Eric Dumazet <dada1@cosmosbay.com>
Cc: Igor M Podlesny <for.poige+bugzilla.kernel.org@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
bugzilla-daemon@bugzilla.kernel.org,
bugme-daemon@bugzilla.kernel.org, netdev@vger.kernel.org,
Pavel Emelyanov <xemul@openvz.org>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [Bugme-new] [Bug 13760] New: 2.6.30 kernel locks up with pppoe in back trace (regression)
Date: Tue, 28 Jul 2009 13:51:54 +0400 [thread overview]
Message-ID: <4A6ECA3A.4050309@openvz.org> (raw)
In-Reply-To: <4A6EBA88.8030205@cosmosbay.com>
Eric Dumazet wrote:
> Igor M Podlesny a écrit :
>> [...]
>>> Could have been a problem in net core, perhaps.
>>>
>>> Below is a ppp fix from 2.6.31, but it seems unlikely to fix your problem.
>>>
>>> It would help if we could see that trace, please. A digital photo
>>> would suit.
>> Here it is:
>>
>> http://bugzilla.kernel.org/attachment.cgi?id=22516
>>
>> (It's 2.6.30.3)
>>
>
> Looking at this, I believe net_assign_generic() is not safe.
>
> Two cpus could try to expand/update the array at same time, one update could be lost.
>
> register_pernet_gen_device() has a mutex to guard against concurrent
> calls, but net_assign_generic() has no locking at all.
>
> I doubt this is the reason of the crash, still worth to mention it...
>
> [PATCH] net: net_assign_generic() is not SMP safe
>
> Two cpus could try to expand/update the array at same time, one update
> could be lost during the copy of old array.
How can this happen? The array is updated only during ->init routines
of the pernet_operations, which are called from under the net_mutex.
Do I miss anything?
> Re-using net_mutex is an easy way to fix this, it was used right
> before to allocate the 'id'
>
> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
> ---
>
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index b7292a2..9c31ad1 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -467,15 +467,17 @@ int net_assign_generic(struct net *net, int id, void *data)
> BUG_ON(!mutex_is_locked(&net_mutex));
> BUG_ON(id == 0);
>
> + mutex_lock(&net_mutex);
> ng = old_ng = net->gen;
> if (old_ng->len >= id)
> goto assign;
>
> ng = kzalloc(sizeof(struct net_generic) +
> id * sizeof(void *), GFP_KERNEL);
> - if (ng == NULL)
> + if (ng == NULL) {
> + mutex_unlock(&net_mutex);
> return -ENOMEM;
> -
> + }
> /*
> * Some synchronisation notes:
> *
> @@ -494,6 +496,7 @@ int net_assign_generic(struct net *net, int id, void *data)
> call_rcu(&old_ng->rcu, net_generic_release);
> assign:
> ng->ptr[id - 1] = data;
> + mutex_unlock(&net_mutex);
> return 0;
> }
> EXPORT_SYMBOL_GPL(net_assign_generic);
>
>
next prev parent reply other threads:[~2009-07-28 10:37 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-13760-10286@http.bugzilla.kernel.org/>
2009-07-22 20:45 ` [Bugme-new] [Bug 13760] New: 2.6.30 kernel locks up with pppoe in back trace (regression) Andrew Morton
2009-07-23 6:39 ` Igor M Podlesny
2009-07-23 7:01 ` Andrew Morton
2009-07-23 16:15 ` David Miller
2009-07-23 17:51 ` Andrew Morton
2009-07-23 17:53 ` David Miller
2009-07-23 19:11 ` Jarek Poplawski
2009-07-25 3:33 ` Herbert Xu
2009-07-25 4:41 ` Igor M Podlesny
2009-07-28 6:40 ` Igor M Podlesny
2009-07-28 8:44 ` Eric Dumazet
2009-07-28 9:51 ` Pavel Emelyanov [this message]
2009-07-28 12:30 ` Eric Dumazet
2009-07-28 12:36 ` [PATCH] net: net_assign_generic() fix Eric Dumazet
2009-07-28 13:03 ` Pavel Emelyanov
2009-07-28 13:16 ` Eric Dumazet
2009-07-28 13:22 ` Eric Dumazet
2009-07-28 13:47 ` [PATCH] pppol2tp: calls unregister_pernet_gen_device() at unload time Eric Dumazet
2009-07-28 14:29 ` Cyrill Gorcunov
2009-07-28 17:46 ` [PATCH] pppoe: fix race at init time Eric Dumazet
2009-07-28 18:48 ` Cyrill Gorcunov
2009-07-29 3:55 ` Igor M Podlesny
2009-07-29 4:33 ` Eric Dumazet
2009-07-29 14:46 ` Cyrill Gorcunov
2009-08-12 23:40 ` David Miller
2009-08-14 16:42 ` Cyrill Gorcunov
2009-07-29 9:43 ` [PATCH] pppoe: fix /proc/net/pppoe Eric Dumazet
2009-07-30 21:19 ` David Miller
2009-08-02 19:28 ` [PATCH] pppol2tp: calls unregister_pernet_gen_device() at unload time David Miller
2009-08-02 19:27 ` [PATCH] net: net_assign_generic() fix David Miller
2009-07-23 16:14 ` [Bugme-new] [Bug 13760] New: 2.6.30 kernel locks up with pppoe in back trace (regression) David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A6ECA3A.4050309@openvz.org \
--to=xemul@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=bugzilla-daemon@bugzilla.kernel.org \
--cc=dada1@cosmosbay.com \
--cc=davem@davemloft.net \
--cc=for.poige+bugzilla.kernel.org@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).