From: Eric Dumazet <dada1@cosmosbay•com>
To: Igor M Podlesny <for.poige+bugzilla.kernel.org@gmail•com>
Cc: Andrew Morton <akpm@linux-foundation•org>,
bugzilla-daemon@bugzilla•kernel.org,
bugme-daemon@bugzilla•kernel.org, netdev@vger•kernel.org,
Pavel Emelyanov <xemul@openvz•org>,
"Paul E. McKenney" <paulmck@linux•vnet.ibm.com>,
"David S. Miller" <davem@davemloft•net>
Subject: Re: [Bugme-new] [Bug 13760] New: 2.6.30 kernel locks up with pppoe in back trace (regression)
Date: Tue, 28 Jul 2009 10:44:56 +0200 [thread overview]
Message-ID: <4A6EBA88.8030205@cosmosbay.com> (raw)
In-Reply-To: <43d009740907272340g7f98ed55lfff38bfedd867a99@mail.gmail.com>
Igor M Podlesny a écrit :
> [...]
>> Could have been a problem in net core, perhaps.
>>
>> Below is a ppp fix from 2.6.31, but it seems unlikely to fix your problem.
>>
>> It would help if we could see that trace, please. A digital photo
>> would suit.
>
> Here it is:
>
> http://bugzilla.kernel.org/attachment.cgi?id=22516
>
> (It's 2.6.30.3)
>
Looking at this, I believe net_assign_generic() is not safe.
Two cpus could try to expand/update the array at same time, one update could be lost.
register_pernet_gen_device() has a mutex to guard against concurrent
calls, but net_assign_generic() has no locking at all.
I doubt this is the reason of the crash, still worth to mention it...
[PATCH] net: net_assign_generic() is not SMP safe
Two cpus could try to expand/update the array at same time, one update
could be lost during the copy of old array.
Re-using net_mutex is an easy way to fix this, it was used right
before to allocate the 'id'
Signed-off-by: Eric Dumazet <eric.dumazet@gmail•com>
---
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index b7292a2..9c31ad1 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -467,15 +467,17 @@ int net_assign_generic(struct net *net, int id, void *data)
BUG_ON(!mutex_is_locked(&net_mutex));
BUG_ON(id == 0);
+ mutex_lock(&net_mutex);
ng = old_ng = net->gen;
if (old_ng->len >= id)
goto assign;
ng = kzalloc(sizeof(struct net_generic) +
id * sizeof(void *), GFP_KERNEL);
- if (ng == NULL)
+ if (ng == NULL) {
+ mutex_unlock(&net_mutex);
return -ENOMEM;
-
+ }
/*
* Some synchronisation notes:
*
@@ -494,6 +496,7 @@ int net_assign_generic(struct net *net, int id, void *data)
call_rcu(&old_ng->rcu, net_generic_release);
assign:
ng->ptr[id - 1] = data;
+ mutex_unlock(&net_mutex);
return 0;
}
EXPORT_SYMBOL_GPL(net_assign_generic);
next prev parent reply other threads:[~2009-07-28 8:46 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-13760-10286@http.bugzilla.kernel.org/>
2009-07-22 20:45 ` [Bugme-new] [Bug 13760] New: 2.6.30 kernel locks up with pppoe in back trace (regression) Andrew Morton
2009-07-23 6:39 ` Igor M Podlesny
2009-07-23 7:01 ` Andrew Morton
2009-07-23 16:15 ` David Miller
2009-07-23 17:51 ` Andrew Morton
2009-07-23 17:53 ` David Miller
2009-07-23 19:11 ` Jarek Poplawski
2009-07-25 3:33 ` Herbert Xu
2009-07-25 4:41 ` Igor M Podlesny
2009-07-28 6:40 ` Igor M Podlesny
2009-07-28 8:44 ` Eric Dumazet [this message]
2009-07-28 9:51 ` Pavel Emelyanov
2009-07-28 12:30 ` Eric Dumazet
2009-07-28 12:36 ` [PATCH] net: net_assign_generic() fix Eric Dumazet
2009-07-28 13:03 ` Pavel Emelyanov
2009-07-28 13:16 ` Eric Dumazet
2009-07-28 13:22 ` Eric Dumazet
2009-07-28 13:47 ` [PATCH] pppol2tp: calls unregister_pernet_gen_device() at unload time Eric Dumazet
2009-07-28 14:29 ` Cyrill Gorcunov
2009-07-28 17:46 ` [PATCH] pppoe: fix race at init time Eric Dumazet
2009-07-28 18:48 ` Cyrill Gorcunov
2009-07-29 3:55 ` Igor M Podlesny
2009-07-29 4:33 ` Eric Dumazet
2009-07-29 14:46 ` Cyrill Gorcunov
2009-08-12 23:40 ` David Miller
2009-08-14 16:42 ` Cyrill Gorcunov
2009-07-29 9:43 ` [PATCH] pppoe: fix /proc/net/pppoe Eric Dumazet
2009-07-30 21:19 ` David Miller
2009-08-02 19:28 ` [PATCH] pppol2tp: calls unregister_pernet_gen_device() at unload time David Miller
2009-08-02 19:27 ` [PATCH] net: net_assign_generic() fix David Miller
2009-07-23 16:14 ` [Bugme-new] [Bug 13760] New: 2.6.30 kernel locks up with pppoe in back trace (regression) David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A6EBA88.8030205@cosmosbay.com \
--to=dada1@cosmosbay$(echo .)com \
--cc=akpm@linux-foundation$(echo .)org \
--cc=bugme-daemon@bugzilla$(echo .)kernel.org \
--cc=bugzilla-daemon@bugzilla$(echo .)kernel.org \
--cc=davem@davemloft$(echo .)net \
--cc=for.poige+bugzilla.kernel.org@gmail$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=paulmck@linux$(echo .)vnet.ibm.com \
--cc=xemul@openvz$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox