iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20acbd9a7a
linux/net
History
David Howells 20acbd9a7a rxrpc: Lock around calling a kernel service Rx notification 
Place a spinlock around the invocation of call->notify_rx() for a kernel
service call and lock again when ending the call and replace the
notification pointer with a pointer to a dummy function.

This is required because it's possible for rxrpc_notify_socket() to be
called after the call has been ended by the kernel service if called from
the asynchronous work function rxrpc_process_call().

However, rxrpc_notify_socket() currently only holds the RCU read lock when
invoking ->notify_rx(), which means that the afs_call struct would need to
be disposed of by call_rcu() rather than by kfree().

But we shouldn't see any notifications from a call after calling
rxrpc_kernel_end_call(), so a lock is required in rxrpc code.

Without this, we may see the call wait queue as having a corrupt spinlock:

    BUG: spinlock bad magic on CPU#0, kworker/0:2/1612
    general protection fault: 0000 [#1] SMP
    ...
    Workqueue: krxrpcd rxrpc_process_call
    task: ffff88040b83c400 task.stack: ffff88040adfc000
    RIP: 0010:spin_bug+0x161/0x18f
    RSP: 0018:ffff88040adffcc0 EFLAGS: 00010002
    RAX: 0000000000000032 RBX: 6b6b6b6b6b6b6b6b RCX: ffffffff81ab16cf
    RDX: ffff88041fa14c01 RSI: ffff88041fa0ccb8 RDI: ffff88041fa0ccb8
    RBP: ffff88040adffcd8 R08: 00000000ffffffff R09: 00000000ffffffff
    R10: ffff88040adffc60 R11: 000000000000022c R12: ffff88040aca2208
    R13: ffffffff81a58114 R14: 0000000000000000 R15: 0000000000000000
    ....
    Call Trace:
     do_raw_spin_lock+0x1d/0x89
     _raw_spin_lock_irqsave+0x3d/0x49
     ? __wake_up_common_lock+0x4c/0xa7
     __wake_up_common_lock+0x4c/0xa7
     ? __lock_is_held+0x47/0x7a
     __wake_up+0xe/0x10
     afs_wake_up_call_waiter+0x11b/0x122 [kafs]
     rxrpc_notify_socket+0x12b/0x258
     rxrpc_process_call+0x18e/0x7d0
     process_one_work+0x298/0x4de
     ? rescuer_thread+0x280/0x280
     worker_thread+0x1d1/0x2ae
     ? rescuer_thread+0x280/0x280
     kthread+0x12c/0x134
     ? kthread_create_on_node+0x3a/0x3a
     ret_from_fork+0x27/0x40

In this case, note the corrupt data in EBX.  The address of the offending
afs_call is in R12, plus the offset to the spinlock.

Signed-off-by: David Howells <dhowells@redhat.com>
2017-11-02 15:07:18 +00:00
..
6lowpan
9p
802
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-05 18:19:22 -07:00
appletalk
atm net: atm/mpc: Stop using open-coded timer .data field 2017-10-25 13:07:37 +09:00
ax25 net: ax25: Convert timers to use timer_setup() 2017-10-25 12:03:56 +09:00
batman-adv batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation 2017-10-17 08:09:47 +02:00
bluetooth Bluetooth: Use bt_dev_err and bt_dev_info when possible 2017-10-30 12:25:45 +02:00
bpf bpf: add meta pointer for direct access 2017-09-26 13:36:44 -07:00
bridge net: bridge: add notifications for the bridge dev on vlan change 2017-11-02 15:53:40 +09:00
caif
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-22 13:39:14 +01:00
ceph libceph: don't allow bidirectional swap of pg-upmap-items 2017-09-19 20:34:29 +02:00
core net: Add extack to fib_notifier_info 2017-11-01 11:50:43 +09:00
dcb
dccp net: dccp: ccids: lib: packet_history: use swap macro in tfrc_rx_hist_swap 2017-11-01 12:05:49 +09:00
decnet net: decnet: dn_nsp_out: use swap macro in dn_mk_ack_header 2017-11-01 12:05:49 +09:00
dns_resolver KEYS: Fix race between updating and finding a negative key 2017-10-18 09:12:40 +01:00
dsa net: sched: move the can_offload check from binding phase to rule insertion phase 2017-11-02 16:10:39 +09:00
ethernet
hsr net: hsr: Convert timers to use timer_setup() 2017-10-25 13:00:27 +09:00
ieee802154 Merge remote-tracking branch 'net-next/master' 2017-10-18 17:40:18 +02:00
ife MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-02 15:23:39 +09:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-02 15:23:39 +09:00
ipx net: ipx: mark expected switch fall-through 2017-10-18 14:13:08 +01:00
iucv
kcm kcm: Remove redundant unlikely() 2017-09-26 09:54:06 -07:00
key
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-02 15:23:39 +09:00
l3mdev
lapb net/lapb: Convert timers to use timer_setup() 2017-10-18 12:39:36 +01:00
llc net: LLC: Convert timers to use timer_setup() 2017-10-25 12:06:25 +09:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-30 21:09:24 +09:00
mac802154 mac802154: Fix MAC header and payload encrypted 2017-09-20 13:37:16 +02:00
mpls ip_tunnel: fix building with NET_IP_TUNNEL=m 2017-10-12 12:21:11 -07:00
ncsi net/ncsi: Fix length of GVI response packet 2017-10-21 01:56:38 +01:00
netfilter bpf: Add file mode configuration into bpf maps 2017-10-20 13:32:59 +01:00
netlabel
netlink netlink: Allow ext_ack to carry non-error messages 2017-11-01 11:50:43 +09:00
netrom net: netrom: nr_route: mark expected switch fall-throughs 2017-11-01 20:46:41 +09:00
nfc net: nfc: llcp_core: use setup_timer() helper. 2017-09-25 13:19:20 -07:00
nsh
openvswitch openvswitch: conntrack: mark expected switch fall-through 2017-10-22 02:01:26 +01:00
packet net: af_packet: Convert timers to use timer_setup() 2017-10-25 13:01:12 +09:00
phonet net: phonet: mark phonet_protocol as const 2017-10-07 23:15:08 +01:00
psample MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
qrtr net: qrtr: Support decoding incoming v2 packets 2017-10-11 15:28:39 -07:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-30 21:09:24 +09:00
rfkill
rose net: rose: mark expected switch fall-throughs 2017-10-22 02:02:26 +01:00
rxrpc rxrpc: Lock around calling a kernel service Rx notification 2017-11-02 15:07:18 +00:00
sched net: sched: remove tc_can_offload check from egdev call 2017-11-02 16:10:39 +09:00
sctp sctp: fix error return code in sctp_send_add_streams() 2017-11-01 21:24:41 +09:00
smc smc: add SMC rendezvous protocol 2017-10-26 18:00:29 +09:00
strparser strparser: Use delayed work instead of timer for msg timeout 2017-10-25 10:37:11 +09:00
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-30 21:09:24 +09:00
switchdev
tipc net: tipc: Convert timers to use timer_setup() 2017-11-01 12:38:45 +09:00
tls
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-30 21:09:24 +09:00
vmw_vsock vsock: always call vsock_init_tables() 2017-10-26 17:45:58 +09:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-30 21:09:24 +09:00
x25 net: x25: mark expected switch fall-throughs 2017-10-22 03:08:46 +01:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-02 15:23:39 +09:00
compat.c net: compat: assert the size of cmsg copied in is as expected 2017-09-20 15:36:18 -07:00
Kconfig
Makefile
socket.c
sysctl_net.c