ipv6: fix a BUG in rt6_get_pcpu_route()
Ido reported following splat and provided a patch.
[ 122.221814] BUG: using smp_processor_id() in preemptible [00000000] code: sshd/2672
[ 122.221845] caller is debug_smp_processor_id+0x17/0x20
[ 122.221866] CPU: 0 PID: 2672 Comm: sshd Not tainted 4.14.0-rc3-idosch-next-custom #639
[ 122.221880] Hardware name: Mellanox Technologies Ltd. MSN2100-CB2FO/SA001017, BIOS 5.6.5 06/07/2016
[ 122.221893] Call Trace:
[ 122.221919] dump_stack+0xb1/0x10c
[ 122.221946] ? _atomic_dec_and_lock+0x124/0x124
[ 122.221974] ? ___ratelimit+0xfe/0x240
[ 122.222020] check_preemption_disabled+0x173/0x1b0
[ 122.222060] debug_smp_processor_id+0x17/0x20
[ 122.222083] ip6_pol_route+0x1482/0x24a0
...
I believe we can simplify this code path a bit, since we no longer
hold a read_lock and need to release it to avoid a dead lock.
By disabling BH, we make sure we'll prevent code re-entry and
rt6_get_pcpu_route()/rt6_make_pcpu_route() run on the same cpu.
Fixes: 66f5d6ce53 ("ipv6: replace rwlock with rcu and spinlock in fib6_table")
Reported-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Dumazet
David S. Miller
parent
51a0c00c6b
commit
951f788a80
@ -1136,15 +1136,7 @@ static struct rt6_info *rt6_make_pcpu_route(struct rt6_info *rt)
|
|||||||
dst_hold(&pcpu_rt->dst);
|
dst_hold(&pcpu_rt->dst);
|
||||||
p = this_cpu_ptr(rt->rt6i_pcpu);
|
p = this_cpu_ptr(rt->rt6i_pcpu);
|
||||||
prev = cmpxchg(p, NULL, pcpu_rt);
|
prev = cmpxchg(p, NULL, pcpu_rt);
|
||||||
if (prev) {
|
BUG_ON(prev);
|
||||||
/* If someone did it before us, return prev instead */
|
|
||||||
/* release refcnt taken by ip6_rt_pcpu_alloc() */
|
|
||||||
dst_release_immediate(&pcpu_rt->dst);
|
|
||||||
/* release refcnt taken by above dst_hold() */
|
|
||||||
dst_release_immediate(&pcpu_rt->dst);
|
|
||||||
dst_hold(&prev->dst);
|
|
||||||
pcpu_rt = prev;
|
|
||||||
}
|
|
||||||
|
|
||||||
rt6_dst_from_metrics_check(pcpu_rt);
|
rt6_dst_from_metrics_check(pcpu_rt);
|
||||||
return pcpu_rt;
|
return pcpu_rt;
|
||||||
@ -1739,31 +1731,25 @@ uncached_rt_out:
|
|||||||
struct rt6_info *pcpu_rt;
|
struct rt6_info *pcpu_rt;
|
||||||
|
|
||||||
dst_use_noref(&rt->dst, jiffies);
|
dst_use_noref(&rt->dst, jiffies);
|
||||||
|
local_bh_disable();
|
||||||
pcpu_rt = rt6_get_pcpu_route(rt);
|
pcpu_rt = rt6_get_pcpu_route(rt);
|
||||||
|
|
||||||
if (pcpu_rt) {
|
if (!pcpu_rt) {
|
||||||
rcu_read_unlock();
|
|
||||||
} else {
|
|
||||||
/* atomic_inc_not_zero() is needed when using rcu */
|
/* atomic_inc_not_zero() is needed when using rcu */
|
||||||
if (atomic_inc_not_zero(&rt->rt6i_ref)) {
|
if (atomic_inc_not_zero(&rt->rt6i_ref)) {
|
||||||
/* We have to do the read_unlock first
|
/* No dst_hold() on rt is needed because grabbing
|
||||||
* because rt6_make_pcpu_route() may trigger
|
|
||||||
* ip6_dst_gc() which will take the write_lock.
|
|
||||||
*
|
|
||||||
* No dst_hold() on rt is needed because grabbing
|
|
||||||
* rt->rt6i_ref makes sure rt can't be released.
|
* rt->rt6i_ref makes sure rt can't be released.
|
||||||
*/
|
*/
|
||||||
rcu_read_unlock();
|
|
||||||
pcpu_rt = rt6_make_pcpu_route(rt);
|
pcpu_rt = rt6_make_pcpu_route(rt);
|
||||||
rt6_release(rt);
|
rt6_release(rt);
|
||||||
} else {
|
} else {
|
||||||
/* rt is already removed from tree */
|
/* rt is already removed from tree */
|
||||||
rcu_read_unlock();
|
|
||||||
pcpu_rt = net->ipv6.ip6_null_entry;
|
pcpu_rt = net->ipv6.ip6_null_entry;
|
||||||
dst_hold(&pcpu_rt->dst);
|
dst_hold(&pcpu_rt->dst);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
local_bh_enable();
|
||||||
|
rcu_read_unlock();
|
||||||
trace_fib6_table_lookup(net, pcpu_rt, table->tb6_id, fl6);
|
trace_fib6_table_lookup(net, pcpu_rt, table->tb6_id, fl6);
|
||||||
return pcpu_rt;
|
return pcpu_rt;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user