From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Stephen Hemminger <sthemmin@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.18 14/88] hv_netvsc: fix schedule in RCU context
Date: Thu, 27 Sep 2018 11:02:55 +0200 [thread overview]
Message-ID: <20180927090302.216926722@linuxfoundation.org> (raw)
In-Reply-To: <20180927090300.631426620@linuxfoundation.org>
4.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Hemminger <stephen@networkplumber.org>
[ Upstream commit 018349d70f28a78d5343b3660cb66e1667005f8a ]
When netvsc device is removed it can call reschedule in RCU context.
This happens because canceling the subchannel setup work could (in theory)
cause a reschedule when manipulating the timer.
To reproduce, run with lockdep enabled kernel and unbind
a network device from hv_netvsc (via sysfs).
[ 160.682011] WARNING: suspicious RCU usage
[ 160.707466] 4.19.0-rc3-uio+ #2 Not tainted
[ 160.709937] -----------------------------
[ 160.712352] ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section!
[ 160.723691]
[ 160.723691] other info that might help us debug this:
[ 160.723691]
[ 160.730955]
[ 160.730955] rcu_scheduler_active = 2, debug_locks = 1
[ 160.762813] 5 locks held by rebind-eth.sh/1812:
[ 160.766851] #0: 000000008befa37a (sb_writers#6){.+.+}, at: vfs_write+0x184/0x1b0
[ 160.773416] #1: 00000000b097f236 (&of->mutex){+.+.}, at: kernfs_fop_write+0xe2/0x1a0
[ 160.783766] #2: 0000000041ee6889 (kn->count#3){++++}, at: kernfs_fop_write+0xeb/0x1a0
[ 160.787465] #3: 0000000056d92a74 (&dev->mutex){....}, at: device_release_driver_internal+0x39/0x250
[ 160.816987] #4: 0000000030f6031e (rcu_read_lock){....}, at: netvsc_remove+0x1e/0x250 [hv_netvsc]
[ 160.828629]
[ 160.828629] stack backtrace:
[ 160.831966] CPU: 1 PID: 1812 Comm: rebind-eth.sh Not tainted 4.19.0-rc3-uio+ #2
[ 160.832952] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v1.0 11/26/2012
[ 160.832952] Call Trace:
[ 160.832952] dump_stack+0x85/0xcb
[ 160.832952] ___might_sleep+0x1a3/0x240
[ 160.832952] __flush_work+0x57/0x2e0
[ 160.832952] ? __mutex_lock+0x83/0x990
[ 160.832952] ? __kernfs_remove+0x24f/0x2e0
[ 160.832952] ? __kernfs_remove+0x1b2/0x2e0
[ 160.832952] ? mark_held_locks+0x50/0x80
[ 160.832952] ? get_work_pool+0x90/0x90
[ 160.832952] __cancel_work_timer+0x13c/0x1e0
[ 160.832952] ? netvsc_remove+0x1e/0x250 [hv_netvsc]
[ 160.832952] ? __lock_is_held+0x55/0x90
[ 160.832952] netvsc_remove+0x9a/0x250 [hv_netvsc]
[ 160.832952] vmbus_remove+0x26/0x30
[ 160.832952] device_release_driver_internal+0x18a/0x250
[ 160.832952] unbind_store+0xb4/0x180
[ 160.832952] kernfs_fop_write+0x113/0x1a0
[ 160.832952] __vfs_write+0x36/0x1a0
[ 160.832952] ? rcu_read_lock_sched_held+0x6b/0x80
[ 160.832952] ? rcu_sync_lockdep_assert+0x2e/0x60
[ 160.832952] ? __sb_start_write+0x141/0x1a0
[ 160.832952] ? vfs_write+0x184/0x1b0
[ 160.832952] vfs_write+0xbe/0x1b0
[ 160.832952] ksys_write+0x55/0xc0
[ 160.832952] do_syscall_64+0x60/0x1b0
[ 160.832952] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 160.832952] RIP: 0033:0x7fe48f4c8154
Resolve this by getting RTNL earlier. This is safe because the subchannel
work queue does trylock on RTNL and will detect the race.
Fixes: 7b2ee50c0cd5 ("hv_netvsc: common detach logic")
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/netvsc_drv.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -2172,17 +2172,15 @@ static int netvsc_remove(struct hv_devic
cancel_delayed_work_sync(&ndev_ctx->dwork);
- rcu_read_lock();
- nvdev = rcu_dereference(ndev_ctx->nvdev);
-
- if (nvdev)
+ rtnl_lock();
+ nvdev = rtnl_dereference(ndev_ctx->nvdev);
+ if (nvdev)
cancel_work_sync(&nvdev->subchan_work);
/*
* Call to the vsc driver to let it know that the device is being
* removed. Also blocks mtu and channel changes.
*/
- rtnl_lock();
vf_netdev = rtnl_dereference(ndev_ctx->vf_netdev);
if (vf_netdev)
netvsc_unregister_vf(vf_netdev);
@@ -2194,7 +2192,6 @@ static int netvsc_remove(struct hv_devic
list_del(&ndev_ctx->list);
rtnl_unlock();
- rcu_read_unlock();
hv_set_drvdata(dev, NULL);
next prev parent reply other threads:[~2018-09-27 9:02 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-27 9:02 [PATCH 4.18 00/88] 4.18.11-stable review Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 01/88] gso_segment: Reset skb->mac_len after modifying network header Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 02/88] ipv6: fix possible use-after-free in ip6_xmit() Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 03/88] net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 04/88] net: hp100: fix always-true check for link up state Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 05/88] pppoe: fix reception of frames with no mac header Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 06/88] qmi_wwan: set DTR for modems in forced USB2 mode Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 07/88] udp4: fix IP_CMSG_CHECKSUM for connected sockets Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 08/88] tls: dont copy the key out of tls12_crypto_info_aes_gcm_128 Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 09/88] tls: zero the crypto information from tls_context before freeing Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 10/88] tls: clear key material from kernel memory when do_tls_setsockopt_conf fails Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 11/88] neighbour: confirm neigh entries when ARP packet is received Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 12/88] udp6: add missing checks on edumux packet processing Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 13/88] net/sched: act_sample: fix NULL dereference in the data path Greg Kroah-Hartman
2018-09-27 9:02 ` Greg Kroah-Hartman [this message]
2018-09-27 9:02 ` [PATCH 4.18 15/88] net: dsa: mv88e6xxx: Fix ATU Miss Violation Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 16/88] socket: fix struct ifreq size in compat ioctl Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 17/88] tls: fix currently broken MSG_PEEK behavior Greg Kroah-Hartman
2018-09-27 9:02 ` [PATCH 4.18 18/88] bnxt_en: Fix VF mac address regression Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 19/88] ipv6: use rt6_info members when dst is set in rt6_fill_node Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 20/88] net/ipv6: do not copy dst flags on rt init Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 21/88] net: mvpp2: let phylink manage the carrier state Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 22/88] net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 23/88] NFC: Fix possible memory corruption when handling SHDLC I-Frame commands Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 24/88] NFC: Fix the number of pipes Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 25/88] ASoC: wm9712: fix replace codec to component Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 26/88] ASoC: cs4265: fix MMTLR Data switch control Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 27/88] ASoC: tas6424: Save last fault register even when clear Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 28/88] ASoC: rsnd: fixup not to call clk_get/set under non-atomic Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 29/88] ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 30/88] ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 31/88] ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 32/88] ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 33/88] ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 34/88] ALSA: firewire-digi00x: fix memory leak of private data Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 35/88] ALSA: firewire-tascam: " Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 36/88] ALSA: fireworks: fix memory leak of response buffer at error path Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 37/88] ALSA: oxfw: fix memory leak for model-dependent data " Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 38/88] ALSA: oxfw: fix memory leak of discovered stream formats " Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 39/88] ALSA: oxfw: fix memory leak of private data Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 40/88] mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 41/88] mtd: rawnand: denali: fix a race condition when DMA is kicked Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 42/88] platform/x86: dell-smbios-wmi: Correct a memory leak Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 43/88] platform/x86: alienware-wmi: " Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 44/88] xen/netfront: dont bug in case of too many frags Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 45/88] xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 46/88] spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 47/88] Revert "PCI: Add ACS quirk for Intel 300 series" Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 48/88] ring-buffer: Allow for rescheduling when removing pages Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 49/88] crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2 Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 50/88] fork: report pid exhaustion correctly Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 51/88] mm: disable deferred struct page for 32-bit arches Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 52/88] mm: shmem.c: Correctly annotate new inodes for lockdep Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 53/88] Revert "rpmsg: core: add support to power domains for devices" Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 54/88] bpf/verifier: disallow pointer subtraction Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 55/88] Revert "uapi/linux/keyctl.h: dont use C++ reserved keyword as a struct member name" Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 56/88] scsi: target: iscsi: Use hex2bin instead of a re-implementation Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 57/88] scsi: target: iscsi: Use bin2hex " Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 58/88] Revert "ubifs: xattr: Dont operate on deleted inodes" Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 59/88] libata: mask swap internal and hardware tag Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 60/88] ocfs2: fix ocfs2 read block panic Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 61/88] drm/i915/bdw: Increase IPS disable timeout to 100ms Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 62/88] drm/nouveau: Reset MST branching unit before enabling Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 63/88] drm/nouveau: Only write DP_MSTM_CTRL when needed Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 64/88] drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend() Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 65/88] drm/nouveau: Fix deadlocks in nouveau_connector_detect() Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 66/88] drm/nouveau/drm/nouveau: Dont forget to cancel hpd_work on suspend/unload Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 67/88] drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 68/88] drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 69/88] drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 70/88] drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 71/88] drm/vc4: Fix the "no scaling" case on multi-planar YUV formats Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 72/88] drm: udl: Destroy framebuffer only if it was initialized Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 73/88] drm/amdgpu: add new polaris pci id Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 74/88] drm/atomic: Use drm_drv_uses_atomic_modeset() for debugfs creation Greg Kroah-Hartman
2018-09-27 10:43 ` Holger Hoffstätte
2018-09-27 12:37 ` Greg Kroah-Hartman
2018-09-27 13:26 ` Holger Hoffstätte
2018-09-27 13:53 ` Holger Hoffstätte
2018-09-27 14:05 ` Sean Paul
2018-09-27 14:18 ` Holger Hoffstätte
2018-09-27 19:00 ` Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 75/88] tty: vt_ioctl: fix potential Spectre v1 Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 76/88] ext4: check to make sure the rename(2)s destination is not freed Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 77/88] ext4: avoid divide by zero fault when deleting corrupted inline directories Greg Kroah-Hartman
2018-09-27 9:03 ` [PATCH 4.18 78/88] ext4: avoid arithemetic overflow that can trigger a BUG Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 79/88] ext4: recalucate superblock checksum after updating free blocks/inodes Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 80/88] ext4: fix online resizes handling of a too-small final block group Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 81/88] ext4: fix online resizing for bigalloc file systems with a 1k block size Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 82/88] ext4: dont mark mmp buffer head dirty Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 83/88] ext4: show test_dummy_encryption mount option in /proc/mounts Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 84/88] ext4, dax: add ext4_bmap to ext4_dax_aops Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 85/88] ext4, dax: set ext4_dax_aops for dax files Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 86/88] sched/fair: Fix vruntime_normalized() for remote non-migration wakeup Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 87/88] vmw_balloon: include asm/io.h Greg Kroah-Hartman
2018-09-27 9:04 ` [PATCH 4.18 88/88] iw_cxgb4: only allow 1 flush on user qps Greg Kroah-Hartman
[not found] ` <5bacd49d.1c69fb81.12c01.3b57@mx.google.com>
[not found] ` <7hwor72aeq.fsf@baylibre.com>
2018-09-27 19:01 ` [PATCH 4.18 00/88] 4.18.11-stable review Greg Kroah-Hartman
2018-09-27 20:00 ` Rafael David Tinoco
2018-09-28 4:51 ` Greg Kroah-Hartman
2018-09-27 20:09 ` Shuah Khan
2018-09-28 4:50 ` Greg Kroah-Hartman
2018-09-27 21:53 ` Guenter Roeck
2018-09-28 4:50 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180927090302.216926722@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=haiyangz@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=sthemmin@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).