github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
49d7872377
linux/net
History
Yanmin Zhang 49d7872377 ipv4: fix the rcu race between free_fib_info and ip_route_output_slow 
[ Upstream commit e49cc0da72 ]

We hit a kernel OOPS.

<3>[23898.789643] BUG: sleeping function called from invalid context at
/data/buildbot/workdir/ics/hardware/intel/linux-2.6/arch/x86/mm/fault.c:1103
<3>[23898.862215] in_atomic(): 0, irqs_disabled(): 0, pid: 10526, name:
Thread-6683
<4>[23898.967805] HSU serial 0000:00:05.1: 0000:00:05.2:HSU serial prevented me
to suspend...
<4>[23899.258526] Pid: 10526, comm: Thread-6683 Tainted: G        W
3.0.8-137685-ge7742f9 #1
<4>[23899.357404] HSU serial 0000:00:05.1: 0000:00:05.2:HSU serial prevented me
to suspend...
<4>[23899.904225] Call Trace:
<4>[23899.989209]  [<c1227f50>] ? pgtable_bad+0x130/0x130
<4>[23900.000416]  [<c1238c2a>] __might_sleep+0x10a/0x110
<4>[23900.007357]  [<c1228021>] do_page_fault+0xd1/0x3c0
<4>[23900.013764]  [<c18e9ba9>] ? restore_all+0xf/0xf
<4>[23900.024024]  [<c17c007b>] ? napi_complete+0x8b/0x690
<4>[23900.029297]  [<c1227f50>] ? pgtable_bad+0x130/0x130
<4>[23900.123739]  [<c1227f50>] ? pgtable_bad+0x130/0x130
<4>[23900.128955]  [<c18ea0c3>] error_code+0x5f/0x64
<4>[23900.133466]  [<c1227f50>] ? pgtable_bad+0x130/0x130
<4>[23900.138450]  [<c17f6298>] ? __ip_route_output_key+0x698/0x7c0
<4>[23900.144312]  [<c17f5f8d>] ? __ip_route_output_key+0x38d/0x7c0
<4>[23900.150730]  [<c17f63df>] ip_route_output_flow+0x1f/0x60
<4>[23900.156261]  [<c181de58>] ip4_datagram_connect+0x188/0x2b0
<4>[23900.161960]  [<c18e981f>] ? _raw_spin_unlock_bh+0x1f/0x30
<4>[23900.167834]  [<c18298d6>] inet_dgram_connect+0x36/0x80
<4>[23900.173224]  [<c14f9e88>] ? _copy_from_user+0x48/0x140
<4>[23900.178817]  [<c17ab9da>] sys_connect+0x9a/0xd0
<4>[23900.183538]  [<c132e93c>] ? alloc_file+0xdc/0x240
<4>[23900.189111]  [<c123925d>] ? sub_preempt_count+0x3d/0x50

Function free_fib_info resets nexthop_nh->nh_dev to NULL before releasing
fi. Other cpu might be accessing fi. Fixing it by delaying the releasing.

With the patch, we ran MTBF testing on Android mobile for 12 hours
and didn't trigger the issue.

Thank Eric for very detailed review/checking the issue.

Signed-off-by: Yanmin Zhang <yanmin_zhang@linux.intel.com>
Signed-off-by: Kun Jiang <kunx.jiang@intel.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-06-10 00:33:02 +09:00
..
9p net/9p: Fix kernel crash with msize 512K 2011-10-03 11:40:22 -07:00
802 snap: remove one synchronize_net() 2011-05-23 16:29:24 -04:00
8021q vlan: reset headers on accel emulation path 2011-10-03 11:40:55 -07:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
ax25 net ax25: Reorder ax25_exit to remove races. 2012-04-27 09:51:21 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
bluetooth Bluetooth: hci_core: fix NULL-pointer dereference at unregister 2012-04-22 16:21:42 -07:00
bridge bridge: Do not send queries on multicast group leaves 2012-04-27 09:51:18 -07:00
caif net caif: Register properly as a pernet subsystem. 2012-02-03 09:19:03 -08:00
can can bcm: fix incomplete tx_setup fix 2011-11-11 09:36:45 -08:00
ceph ceph: fix file mode calculation 2011-07-19 11:25:04 -07:00
core net: In unregister_netdevice_notifier unregister the netdevices. 2012-05-21 09:39:59 -07:00
dcb net: dcbnl: Update copyright dates 2011-03-14 17:02:42 -07:00
dccp net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-15 18:31:35 -07:00
decnet net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
econet econet: Fix set-but-unused variable. 2011-04-17 00:15:22 -07:00
ethernet net: add IFF_SKB_TX_SHARED flag to priv_flags 2011-08-15 18:31:38 -07:00
ieee802154 ieee802154: Don't leak memory in ieee802154_nl_fill_phy 2011-06-13 18:03:22 -04:00
ipv4 ipv4: fix the rcu race between free_fib_info and ip_route_output_slow 2012-06-10 00:33:02 +09:00
ipv6 tcp: fix TCP_MAXSEG for established IPv6 passive sockets 2012-04-27 09:51:21 -07:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: iriap: Use seperate lockdep class for irias_objects->hb_spinlock 2011-06-06 17:00:35 -07:00
iucv [S390] irq: merge irq.c and s390_ext.c 2011-05-26 09:48:24 +02:00
key net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
l2tp net: l2tp: unlock socket lock before returning from l2tp_ip_sendmsg 2012-05-21 09:39:59 -07:00
lapb Net: lapb: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
llc llc: llc_cmsg_rcv was getting called after sk_eat_skb. 2012-01-06 14:14:06 -08:00
mac80211 mac80211: fix ADDBA declined after suspend with wowlan 2012-06-10 00:32:59 +09:00
netfilter ipvs: fix matching of fwmark templates during scheduling 2012-02-29 16:34:31 -08:00
netlabel Remove prefetch() from <linux/skbuff.h> and "netlabel_addrlist.h" 2011-05-22 21:43:41 -07:00
netlink netlink: fix races after skb queueing 2012-04-27 09:51:19 -07:00
netrom NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
packet make PACKET_STATISTICS getsockopt report consistently between ring and non-ring 2011-11-11 09:36:29 -08:00
phonet phonet: Check input from user before allocating 2012-04-27 09:51:19 -07:00
rds Remove printk from rds_sendmsg 2012-04-02 09:27:21 -07:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose rose_dev: fix memcpy-bug in rose_set_mac_address 2012-04-13 08:14:05 -07:00
rxrpc rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport() 2011-05-19 18:51:50 -04:00
sched netem: fix possible skb leak 2012-05-21 09:39:59 -07:00
sctp sctp: Allow struct sctp_event_subscribe to grow without breaking binaries 2012-04-27 09:51:18 -07:00
sunrpc nfsd: don't allow zero length strings in cache_parse() 2012-04-02 09:27:21 -07:00
tipc tipc: Revise timings used when sending link request messages 2011-05-10 16:04:02 -04:00
unix net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
wanrouter Fix common misspellings 2011-03-31 11:26:23 -03:00
wimax
wireless cfg80211: warn if db.txt is empty with CONFIG_CFG80211_INTERNAL_REGDB 2012-06-01 15:12:53 +08:00
x25 x25: Prevent skb overreads when checking call user data 2011-10-25 07:10:17 +02:00
xfrm xfrm: Access the replay notify functions via the registered callbacks 2012-04-02 09:27:21 -07:00
compat.c net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
Kconfig bpf: depends on MODULES 2011-04-29 10:20:53 -07:00
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
socket.c tcp: allow splice() to build full TSO packets 2012-04-27 09:51:18 -07:00
sysctl_net.c
TUNABLE