* macvtap bug: using smp_processor_id() in preemptible code
@ 2013-08-07 14:43 Thomas Huth
2013-08-07 15:26 ` Eric Dumazet
0 siblings, 1 reply; 11+ messages in thread
From: Thomas Huth @ 2013-08-07 14:43 UTC (permalink / raw)
To: netdev; +Cc: Vlad Yasevich, David S. Miller, Eric Dumazet
Hi,
I am using macvtap (via KVM/virsh) on a s390 box. With the latest
kernel source from linux-next master branch, I suddenly get the
following error messages in the dmesg output:
BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45891/45892
caller is macvtap_do_read+0x45c/0x600 [macvtap]
CPU: 1 PID: 45892 Comm: vhost-45891 Not tainted 3.11.0-bisecttest #13
000000010cab3a00 000000010cab3a10 0000000000000002 0000000000000000
000000010cab3aa0 000000010cab3a18 000000010cab3a18 00000000001127b4
0000000000000000 0000000000000001 0000000000000000 000000010000000b
0000000000000060 000003fe00000008 0000000000000000 000000010cab3a70
00000000006ea2f0 00000000001127b4 000000010cab3a00 000000010cab3a50
Call Trace:
([<00000000001126ee>] show_trace+0x126/0x144)
[<00000000001127d2>] show_stack+0xc6/0xd4
[<000000000068bcec>] dump_stack+0x74/0xd8
[<0000000000481066>] debug_smp_processor_id+0xf6/0x114
[<000003ff802e9a18>] macvtap_do_read+0x45c/0x600 [macvtap]
[<000003ff802e9c1c>] macvtap_recvmsg+0x60/0x88 [macvtap]
[<000003ff80318c5e>] handle_rx+0x5b2/0x800 [vhost_net]
[<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
[<000000000015f3ac>] kthread+0xd8/0xe4
[<00000000006934a6>] kernel_thread_starter+0x6/0xc
[<00000000006934a0>] kernel_thread_starter+0x0/0xc
2 locks held by vhost-45891/45892:
#0: (&vq->mutex){+.+...}, at: [<000003ff80318718>] handle_rx+0x6c/0x800 [vhost_net]
#1: (rcu_read_lock){.+.+..}, at: [<000003ff802e98fe>] macvtap_do_read+0x342/0x600 [macvtap]
Apart from these "annoying" error messages (they are repeated
continually while the KVM guest is running / macvtap is in use),
everything still seems to work fine, though.
Since everything was still working fine in v3.10, I did some bisecting
and it seems like this commit introduced this problem:
commit: ac4e4af1e59e16a018527ffa58d9d3f30bb96ca9
Subject: macvtap: Consistently use rcu functions
I am not sure how to proceed here, this is my first bug report in this
area, so advice is welcome...
Regards,
Thomas Huth
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: macvtap bug: using smp_processor_id() in preemptible code
2013-08-07 14:43 macvtap bug: using smp_processor_id() in preemptible code Thomas Huth
@ 2013-08-07 15:26 ` Eric Dumazet
2013-08-08 8:25 ` Thomas Huth
0 siblings, 1 reply; 11+ messages in thread
From: Eric Dumazet @ 2013-08-07 15:26 UTC (permalink / raw)
To: Thomas Huth; +Cc: netdev, Vlad Yasevich, David S. Miller, Eric Dumazet
On Wed, 2013-08-07 at 16:43 +0200, Thomas Huth wrote:
> Hi,
>
> I am using macvtap (via KVM/virsh) on a s390 box. With the latest
> kernel source from linux-next master branch, I suddenly get the
> following error messages in the dmesg output:
>
> BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45891/45892
> caller is macvtap_do_read+0x45c/0x600 [macvtap]
> CPU: 1 PID: 45892 Comm: vhost-45891 Not tainted 3.11.0-bisecttest #13
> 000000010cab3a00 000000010cab3a10 0000000000000002 0000000000000000
> 000000010cab3aa0 000000010cab3a18 000000010cab3a18 00000000001127b4
> 0000000000000000 0000000000000001 0000000000000000 000000010000000b
> 0000000000000060 000003fe00000008 0000000000000000 000000010cab3a70
> 00000000006ea2f0 00000000001127b4 000000010cab3a00 000000010cab3a50
> Call Trace:
> ([<00000000001126ee>] show_trace+0x126/0x144)
> [<00000000001127d2>] show_stack+0xc6/0xd4
> [<000000000068bcec>] dump_stack+0x74/0xd8
> [<0000000000481066>] debug_smp_processor_id+0xf6/0x114
> [<000003ff802e9a18>] macvtap_do_read+0x45c/0x600 [macvtap]
> [<000003ff802e9c1c>] macvtap_recvmsg+0x60/0x88 [macvtap]
> [<000003ff80318c5e>] handle_rx+0x5b2/0x800 [vhost_net]
> [<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
> [<000000000015f3ac>] kthread+0xd8/0xe4
> [<00000000006934a6>] kernel_thread_starter+0x6/0xc
> [<00000000006934a0>] kernel_thread_starter+0x0/0xc
> 2 locks held by vhost-45891/45892:
> #0: (&vq->mutex){+.+...}, at: [<000003ff80318718>] handle_rx+0x6c/0x800 [vhost_net]
> #1: (rcu_read_lock){.+.+..}, at: [<000003ff802e98fe>] macvtap_do_read+0x342/0x600 [macvtap]
>
> Apart from these "annoying" error messages (they are repeated
> continually while the KVM guest is running / macvtap is in use),
> everything still seems to work fine, though.
>
> Since everything was still working fine in v3.10, I did some bisecting
> and it seems like this commit introduced this problem:
>
> commit: ac4e4af1e59e16a018527ffa58d9d3f30bb96ca9
> Subject: macvtap: Consistently use rcu functions
>
> I am not sure how to proceed here, this is my first bug report in this
> area, so advice is welcome...
Please try following fix :
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
index a98fb0e..1c7aab4 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -912,8 +912,11 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q,
done:
rcu_read_lock();
vlan = rcu_dereference(q->vlan);
- if (vlan)
+ if (vlan) {
+ preempt_disable();
macvlan_count_rx(vlan, copied - vnet_hdr_len, ret == 0, 0);
+ preempt_enable();
+ }
rcu_read_unlock();
return ret ? ret : copied;
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: macvtap bug: using smp_processor_id() in preemptible code
2013-08-07 15:26 ` Eric Dumazet
@ 2013-08-08 8:25 ` Thomas Huth
2013-08-08 13:21 ` Eric Dumazet
0 siblings, 1 reply; 11+ messages in thread
From: Thomas Huth @ 2013-08-08 8:25 UTC (permalink / raw)
To: Eric Dumazet; +Cc: netdev, Vlad Yasevich, David S. Miller, Eric Dumazet
Hi,
Am Wed, 07 Aug 2013 08:26:51 -0700
schrieb Eric Dumazet <eric.dumazet@gmail.com>:
> On Wed, 2013-08-07 at 16:43 +0200, Thomas Huth wrote:
> >
> > I am using macvtap (via KVM/virsh) on a s390 box. With the latest
> > kernel source from linux-next master branch, I suddenly get the
> > following error messages in the dmesg output:
> >
> > BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45891/45892
> > caller is macvtap_do_read+0x45c/0x600 [macvtap]
> > CPU: 1 PID: 45892 Comm: vhost-45891 Not tainted 3.11.0-bisecttest #13
> > 000000010cab3a00 000000010cab3a10 0000000000000002 0000000000000000
> > 000000010cab3aa0 000000010cab3a18 000000010cab3a18 00000000001127b4
> > 0000000000000000 0000000000000001 0000000000000000 000000010000000b
> > 0000000000000060 000003fe00000008 0000000000000000 000000010cab3a70
> > 00000000006ea2f0 00000000001127b4 000000010cab3a00 000000010cab3a50
> > Call Trace:
> > ([<00000000001126ee>] show_trace+0x126/0x144)
> > [<00000000001127d2>] show_stack+0xc6/0xd4
> > [<000000000068bcec>] dump_stack+0x74/0xd8
> > [<0000000000481066>] debug_smp_processor_id+0xf6/0x114
> > [<000003ff802e9a18>] macvtap_do_read+0x45c/0x600 [macvtap]
> > [<000003ff802e9c1c>] macvtap_recvmsg+0x60/0x88 [macvtap]
> > [<000003ff80318c5e>] handle_rx+0x5b2/0x800 [vhost_net]
> > [<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
> > [<000000000015f3ac>] kthread+0xd8/0xe4
> > [<00000000006934a6>] kernel_thread_starter+0x6/0xc
> > [<00000000006934a0>] kernel_thread_starter+0x0/0xc
> > 2 locks held by vhost-45891/45892:
> > #0: (&vq->mutex){+.+...}, at: [<000003ff80318718>] handle_rx+0x6c/0x800 [vhost_net]
> > #1: (rcu_read_lock){.+.+..}, at: [<000003ff802e98fe>] macvtap_do_read+0x342/0x600 [macvtap]
> >
> > Apart from these "annoying" error messages (they are repeated
> > continually while the KVM guest is running / macvtap is in use),
> > everything still seems to work fine, though.
> >
> > Since everything was still working fine in v3.10, I did some bisecting
> > and it seems like this commit introduced this problem:
> >
> > commit: ac4e4af1e59e16a018527ffa58d9d3f30bb96ca9
> > Subject: macvtap: Consistently use rcu functions
> >
> > I am not sure how to proceed here, this is my first bug report in this
> > area, so advice is welcome...
>
> Please try following fix :
>
> diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
> index a98fb0e..1c7aab4 100644
> --- a/drivers/net/macvtap.c
> +++ b/drivers/net/macvtap.c
> @@ -912,8 +912,11 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q,
> done:
> rcu_read_lock();
> vlan = rcu_dereference(q->vlan);
> - if (vlan)
> + if (vlan) {
> + preempt_disable();
> macvlan_count_rx(vlan, copied - vnet_hdr_len, ret == 0, 0);
> + preempt_enable();
> + }
> rcu_read_unlock();
>
> return ret ? ret : copied;
Thank you very much for your fast reply and the fix, it indeed fixes
the messages about macvtap_do_read!
However, I now noticed that there are more messages, which I just did
not see before because my dmesg output was already flooded with the
messages about macvtap_do_read. The other messages are all about
macvlan_start_xmit:
BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45897/45898
caller is macvlan_start_xmit+0x10a/0x1b4 [macvlan]
CPU: 1 PID: 45898 Comm: vhost-45897 Not tainted 3.11.0-bisecttest #16
00000001189b3960 00000001189b3970 0000000000000002 0000000000000000
00000001189b3a00 00000001189b3978 00000001189b3978 00000000001127b4
0000000000000000 0000000000000001 0000000000000000 000000000000000b
0000000000000060 000003fe00000008 0000000000000000 00000001189b39d0
00000000006ea2f0 00000000001127b4 00000001189b3960 00000001189b39b0
Call Trace:
([<00000000001126ee>] show_trace+0x126/0x144)
[<00000000001127d2>] show_stack+0xc6/0xd4
[<000000000068bdb8>] dump_stack+0x74/0xd4
[<0000000000481132>] debug_smp_processor_id+0xf6/0x114
[<000003ff802b72ca>] macvlan_start_xmit+0x10a/0x1b4 [macvlan]
[<000003ff802ea69a>] macvtap_get_user+0x982/0xbc4 [macvtap]
[<000003ff802ea92a>] macvtap_sendmsg+0x4e/0x60 [macvtap]
[<000003ff8031947c>] handle_tx+0x494/0x5ec [vhost_net]
[<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
[<000000000015f3ac>] kthread+0xd8/0xe4
[<000000000069356e>] kernel_thread_starter+0x6/0xc
[<0000000000693568>] kernel_thread_starter+0x0/0xc
2 locks held by vhost-45897/45898:
#0: (&vq->mutex){+.+.+.}, at: [<000003ff8031903c>] handle_tx+0x54/0x5ec [vhost_net]
#1: (rcu_read_lock){.+.+..}, at: [<000003ff802ea53c>] macvtap_get_user+0x824/0xbc4 [macvtap]
Do you also have got an idea how to silence these messages?
Thomas
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: macvtap bug: using smp_processor_id() in preemptible code
2013-08-08 8:25 ` Thomas Huth
@ 2013-08-08 13:21 ` Eric Dumazet
2013-08-08 13:56 ` Thomas Huth
0 siblings, 1 reply; 11+ messages in thread
From: Eric Dumazet @ 2013-08-08 13:21 UTC (permalink / raw)
To: Thomas Huth; +Cc: netdev, Vlad Yasevich, David S. Miller, Eric Dumazet
On Thu, 2013-08-08 at 10:25 +0200, Thomas Huth wrote:
> Hi,
> Thank you very much for your fast reply and the fix, it indeed fixes
> the messages about macvtap_do_read!
> However, I now noticed that there are more messages, which I just did
> not see before because my dmesg output was already flooded with the
> messages about macvtap_do_read. The other messages are all about
> macvlan_start_xmit:
>
> BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45897/45898
> caller is macvlan_start_xmit+0x10a/0x1b4 [macvlan]
> CPU: 1 PID: 45898 Comm: vhost-45897 Not tainted 3.11.0-bisecttest #16
> 00000001189b3960 00000001189b3970 0000000000000002 0000000000000000
> 00000001189b3a00 00000001189b3978 00000001189b3978 00000000001127b4
> 0000000000000000 0000000000000001 0000000000000000 000000000000000b
> 0000000000000060 000003fe00000008 0000000000000000 00000001189b39d0
> 00000000006ea2f0 00000000001127b4 00000001189b3960 00000001189b39b0
> Call Trace:
> ([<00000000001126ee>] show_trace+0x126/0x144)
> [<00000000001127d2>] show_stack+0xc6/0xd4
> [<000000000068bdb8>] dump_stack+0x74/0xd4
> [<0000000000481132>] debug_smp_processor_id+0xf6/0x114
> [<000003ff802b72ca>] macvlan_start_xmit+0x10a/0x1b4 [macvlan]
> [<000003ff802ea69a>] macvtap_get_user+0x982/0xbc4 [macvtap]
> [<000003ff802ea92a>] macvtap_sendmsg+0x4e/0x60 [macvtap]
> [<000003ff8031947c>] handle_tx+0x494/0x5ec [vhost_net]
> [<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
> [<000000000015f3ac>] kthread+0xd8/0xe4
> [<000000000069356e>] kernel_thread_starter+0x6/0xc
> [<0000000000693568>] kernel_thread_starter+0x0/0xc
> 2 locks held by vhost-45897/45898:
> #0: (&vq->mutex){+.+.+.}, at: [<000003ff8031903c>] handle_tx+0x54/0x5ec [vhost_net]
> #1: (rcu_read_lock){.+.+..}, at: [<000003ff802ea53c>] macvtap_get_user+0x824/0xbc4 [macvtap]
>
> Do you also have got an idea how to silence these messages?
Sure, please try following cumulative patch, thanks !
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
index a98fb0e..b51db2a 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -818,10 +818,13 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
skb_shinfo(skb)->tx_flags |= SKBTX_DEV_ZEROCOPY;
skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
}
- if (vlan)
+ if (vlan) {
+ local_bh_disable();
macvlan_start_xmit(skb, vlan->dev);
- else
+ local_bh_enable();
+ } else {
kfree_skb(skb);
+ }
rcu_read_unlock();
return total_len;
@@ -912,8 +915,11 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q,
done:
rcu_read_lock();
vlan = rcu_dereference(q->vlan);
- if (vlan)
+ if (vlan) {
+ preempt_disable();
macvlan_count_rx(vlan, copied - vnet_hdr_len, ret == 0, 0);
+ preempt_enable();
+ }
rcu_read_unlock();
return ret ? ret : copied;
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: macvtap bug: using smp_processor_id() in preemptible code
2013-08-08 13:21 ` Eric Dumazet
@ 2013-08-08 13:56 ` Thomas Huth
2013-08-08 14:04 ` Eric Dumazet
2013-08-08 15:06 ` [PATCH] macvtap: fix two races Eric Dumazet
0 siblings, 2 replies; 11+ messages in thread
From: Thomas Huth @ 2013-08-08 13:56 UTC (permalink / raw)
To: Eric Dumazet; +Cc: netdev, Vlad Yasevich, David S. Miller, Eric Dumazet
Am Thu, 08 Aug 2013 06:21:12 -0700
schrieb Eric Dumazet <eric.dumazet@gmail.com>:
> On Thu, 2013-08-08 at 10:25 +0200, Thomas Huth wrote:
>
> > Thank you very much for your fast reply and the fix, it indeed fixes
> > the messages about macvtap_do_read!
> > However, I now noticed that there are more messages, which I just did
> > not see before because my dmesg output was already flooded with the
> > messages about macvtap_do_read. The other messages are all about
> > macvlan_start_xmit:
> >
> > BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45897/45898
> > caller is macvlan_start_xmit+0x10a/0x1b4 [macvlan]
> > CPU: 1 PID: 45898 Comm: vhost-45897 Not tainted 3.11.0-bisecttest #16
> > 00000001189b3960 00000001189b3970 0000000000000002 0000000000000000
> > 00000001189b3a00 00000001189b3978 00000001189b3978 00000000001127b4
> > 0000000000000000 0000000000000001 0000000000000000 000000000000000b
> > 0000000000000060 000003fe00000008 0000000000000000 00000001189b39d0
> > 00000000006ea2f0 00000000001127b4 00000001189b3960 00000001189b39b0
> > Call Trace:
> > ([<00000000001126ee>] show_trace+0x126/0x144)
> > [<00000000001127d2>] show_stack+0xc6/0xd4
> > [<000000000068bdb8>] dump_stack+0x74/0xd4
> > [<0000000000481132>] debug_smp_processor_id+0xf6/0x114
> > [<000003ff802b72ca>] macvlan_start_xmit+0x10a/0x1b4 [macvlan]
> > [<000003ff802ea69a>] macvtap_get_user+0x982/0xbc4 [macvtap]
> > [<000003ff802ea92a>] macvtap_sendmsg+0x4e/0x60 [macvtap]
> > [<000003ff8031947c>] handle_tx+0x494/0x5ec [vhost_net]
> > [<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
> > [<000000000015f3ac>] kthread+0xd8/0xe4
> > [<000000000069356e>] kernel_thread_starter+0x6/0xc
> > [<0000000000693568>] kernel_thread_starter+0x0/0xc
> > 2 locks held by vhost-45897/45898:
> > #0: (&vq->mutex){+.+.+.}, at: [<000003ff8031903c>] handle_tx+0x54/0x5ec [vhost_net]
> > #1: (rcu_read_lock){.+.+..}, at: [<000003ff802ea53c>] macvtap_get_user+0x824/0xbc4 [macvtap]
> >
> > Do you also have got an idea how to silence these messages?
>
> Sure, please try following cumulative patch, thanks !
>
> diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
> index a98fb0e..b51db2a 100644
> --- a/drivers/net/macvtap.c
> +++ b/drivers/net/macvtap.c
> @@ -818,10 +818,13 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
> skb_shinfo(skb)->tx_flags |= SKBTX_DEV_ZEROCOPY;
> skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
> }
> - if (vlan)
> + if (vlan) {
> + local_bh_disable();
> macvlan_start_xmit(skb, vlan->dev);
> - else
> + local_bh_enable();
> + } else {
> kfree_skb(skb);
> + }
> rcu_read_unlock();
>
> return total_len;
> @@ -912,8 +915,11 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q,
> done:
> rcu_read_lock();
> vlan = rcu_dereference(q->vlan);
> - if (vlan)
> + if (vlan) {
> + preempt_disable();
> macvlan_count_rx(vlan, copied - vnet_hdr_len, ret == 0, 0);
> + preempt_enable();
> + }
> rcu_read_unlock();
>
> return ret ? ret : copied;
This patch now silences all error messages! Great, thank you very much!
If you submit this patch, you can add my
Tested-by: Thomas Huth <thuth@linux.vnet.ibm.com>
if you like.
Thomas
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: macvtap bug: using smp_processor_id() in preemptible code
2013-08-08 13:56 ` Thomas Huth
@ 2013-08-08 14:04 ` Eric Dumazet
2013-08-08 15:06 ` [PATCH] macvtap: fix two races Eric Dumazet
1 sibling, 0 replies; 11+ messages in thread
From: Eric Dumazet @ 2013-08-08 14:04 UTC (permalink / raw)
To: Thomas Huth; +Cc: netdev, Vlad Yasevich, David S. Miller, Eric Dumazet
On Thu, 2013-08-08 at 15:56 +0200, Thomas Huth wrote:
> This patch now silences all error messages! Great, thank you very much!
> If you submit this patch, you can add my
> Tested-by: Thomas Huth <thuth@linux.vnet.ibm.com>
> if you like.
Sure, I'll send a proper/official patch asap, thanks !
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH] macvtap: fix two races
2013-08-08 13:56 ` Thomas Huth
2013-08-08 14:04 ` Eric Dumazet
@ 2013-08-08 15:06 ` Eric Dumazet
2013-08-09 17:16 ` Vlad Yasevich
2013-08-12 4:50 ` David Miller
1 sibling, 2 replies; 11+ messages in thread
From: Eric Dumazet @ 2013-08-08 15:06 UTC (permalink / raw)
To: Thomas Huth, David Miller; +Cc: netdev, Vlad Yasevich
From: Eric Dumazet <edumazet@google.com>
Since commit ac4e4af1e59e1 ("macvtap: Consistently use rcu functions"),
Thomas gets two different warnings :
BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45891/45892
caller is macvtap_do_read+0x45c/0x600 [macvtap]
CPU: 1 PID: 45892 Comm: vhost-45891 Not tainted 3.11.0-bisecttest #13
Call Trace:
([<00000000001126ee>] show_trace+0x126/0x144)
[<00000000001127d2>] show_stack+0xc6/0xd4
[<000000000068bcec>] dump_stack+0x74/0xd8
[<0000000000481066>] debug_smp_processor_id+0xf6/0x114
[<000003ff802e9a18>] macvtap_do_read+0x45c/0x600 [macvtap]
[<000003ff802e9c1c>] macvtap_recvmsg+0x60/0x88 [macvtap]
[<000003ff80318c5e>] handle_rx+0x5b2/0x800 [vhost_net]
[<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
[<000000000015f3ac>] kthread+0xd8/0xe4
[<00000000006934a6>] kernel_thread_starter+0x6/0xc
[<00000000006934a0>] kernel_thread_starter+0x0/0xc
And
BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45897/45898
caller is macvlan_start_xmit+0x10a/0x1b4 [macvlan]
CPU: 1 PID: 45898 Comm: vhost-45897 Not tainted 3.11.0-bisecttest #16
Call Trace:
([<00000000001126ee>] show_trace+0x126/0x144)
[<00000000001127d2>] show_stack+0xc6/0xd4
[<000000000068bdb8>] dump_stack+0x74/0xd4
[<0000000000481132>] debug_smp_processor_id+0xf6/0x114
[<000003ff802b72ca>] macvlan_start_xmit+0x10a/0x1b4 [macvlan]
[<000003ff802ea69a>] macvtap_get_user+0x982/0xbc4 [macvtap]
[<000003ff802ea92a>] macvtap_sendmsg+0x4e/0x60 [macvtap]
[<000003ff8031947c>] handle_tx+0x494/0x5ec [vhost_net]
[<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
[<000000000015f3ac>] kthread+0xd8/0xe4
[<000000000069356e>] kernel_thread_starter+0x6/0xc
[<0000000000693568>] kernel_thread_starter+0x0/0xc
2 locks held by vhost-45897/45898:
#0: (&vq->mutex){+.+.+.}, at: [<000003ff8031903c>] handle_tx+0x54/0x5ec [vhost_net]
#1: (rcu_read_lock){.+.+..}, at: [<000003ff802ea53c>] macvtap_get_user+0x824/0xbc4 [macvtap]
In the first case, macvtap_put_user() calls macvlan_count_rx()
in a preempt-able context, and this is not allowed.
In the second case, macvtap_get_user() calls
macvlan_start_xmit() with BH enabled, and this is not allowed.
Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Bisected-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Cc: Vlad Yasevich <vyasevic@redhat.com>
---
drivers/net/macvtap.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
index a98fb0e..b51db2a 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -818,10 +818,13 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
skb_shinfo(skb)->tx_flags |= SKBTX_DEV_ZEROCOPY;
skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
}
- if (vlan)
+ if (vlan) {
+ local_bh_disable();
macvlan_start_xmit(skb, vlan->dev);
- else
+ local_bh_enable();
+ } else {
kfree_skb(skb);
+ }
rcu_read_unlock();
return total_len;
@@ -912,8 +915,11 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q,
done:
rcu_read_lock();
vlan = rcu_dereference(q->vlan);
- if (vlan)
+ if (vlan) {
+ preempt_disable();
macvlan_count_rx(vlan, copied - vnet_hdr_len, ret == 0, 0);
+ preempt_enable();
+ }
rcu_read_unlock();
return ret ? ret : copied;
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH] macvtap: fix two races
2013-08-08 15:06 ` [PATCH] macvtap: fix two races Eric Dumazet
@ 2013-08-09 17:16 ` Vlad Yasevich
2013-08-09 17:41 ` Eric Dumazet
2013-08-12 4:50 ` David Miller
1 sibling, 1 reply; 11+ messages in thread
From: Vlad Yasevich @ 2013-08-09 17:16 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Thomas Huth, David Miller, netdev
On 08/08/2013 11:06 AM, Eric Dumazet wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> Since commit ac4e4af1e59e1 ("macvtap: Consistently use rcu functions"),
> Thomas gets two different warnings :
>
> BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45891/45892
> caller is macvtap_do_read+0x45c/0x600 [macvtap]
> CPU: 1 PID: 45892 Comm: vhost-45891 Not tainted 3.11.0-bisecttest #13
> Call Trace:
> ([<00000000001126ee>] show_trace+0x126/0x144)
> [<00000000001127d2>] show_stack+0xc6/0xd4
> [<000000000068bcec>] dump_stack+0x74/0xd8
> [<0000000000481066>] debug_smp_processor_id+0xf6/0x114
> [<000003ff802e9a18>] macvtap_do_read+0x45c/0x600 [macvtap]
> [<000003ff802e9c1c>] macvtap_recvmsg+0x60/0x88 [macvtap]
> [<000003ff80318c5e>] handle_rx+0x5b2/0x800 [vhost_net]
> [<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
> [<000000000015f3ac>] kthread+0xd8/0xe4
> [<00000000006934a6>] kernel_thread_starter+0x6/0xc
> [<00000000006934a0>] kernel_thread_starter+0x0/0xc
>
> And
>
> BUG: using smp_processor_id() in preemptible [00000000] code: vhost-45897/45898
> caller is macvlan_start_xmit+0x10a/0x1b4 [macvlan]
> CPU: 1 PID: 45898 Comm: vhost-45897 Not tainted 3.11.0-bisecttest #16
> Call Trace:
> ([<00000000001126ee>] show_trace+0x126/0x144)
> [<00000000001127d2>] show_stack+0xc6/0xd4
> [<000000000068bdb8>] dump_stack+0x74/0xd4
> [<0000000000481132>] debug_smp_processor_id+0xf6/0x114
> [<000003ff802b72ca>] macvlan_start_xmit+0x10a/0x1b4 [macvlan]
> [<000003ff802ea69a>] macvtap_get_user+0x982/0xbc4 [macvtap]
> [<000003ff802ea92a>] macvtap_sendmsg+0x4e/0x60 [macvtap]
> [<000003ff8031947c>] handle_tx+0x494/0x5ec [vhost_net]
> [<000003ff8028f77c>] vhost_worker+0x15c/0x1c4 [vhost]
> [<000000000015f3ac>] kthread+0xd8/0xe4
> [<000000000069356e>] kernel_thread_starter+0x6/0xc
> [<0000000000693568>] kernel_thread_starter+0x0/0xc
> 2 locks held by vhost-45897/45898:
> #0: (&vq->mutex){+.+.+.}, at: [<000003ff8031903c>] handle_tx+0x54/0x5ec [vhost_net]
> #1: (rcu_read_lock){.+.+..}, at: [<000003ff802ea53c>] macvtap_get_user+0x824/0xbc4 [macvtap]
>
>
> In the first case, macvtap_put_user() calls macvlan_count_rx()
> in a preempt-able context, and this is not allowed.
>
> In the second case, macvtap_get_user() calls
> macvlan_start_xmit() with BH enabled, and this is not allowed.
>
> Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com>
> Bisected-by: Thomas Huth <thuth@linux.vnet.ibm.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Tested-by: Thomas Huth <thuth@linux.vnet.ibm.com>
> Cc: Vlad Yasevich <vyasevic@redhat.com>
> ---
> drivers/net/macvtap.c | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
> index a98fb0e..b51db2a 100644
> --- a/drivers/net/macvtap.c
> +++ b/drivers/net/macvtap.c
> @@ -818,10 +818,13 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
> skb_shinfo(skb)->tx_flags |= SKBTX_DEV_ZEROCOPY;
> skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
> }
> - if (vlan)
> + if (vlan) {
> + local_bh_disable();
> macvlan_start_xmit(skb, vlan->dev);
> - else
> + local_bh_enable();
> + } else {
> kfree_skb(skb);
> + }
> rcu_read_unlock();
>
> return total_len;
> @@ -912,8 +915,11 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q,
> done:
> rcu_read_lock();
> vlan = rcu_dereference(q->vlan);
> - if (vlan)
> + if (vlan) {
> + preempt_disable();
> macvlan_count_rx(vlan, copied - vnet_hdr_len, ret == 0, 0);
> + preempt_enable();
> + }
I was looking at this a bit more and I think this call to
macvlan_count_rx() is double counting the packets.
In macvlan_handle_frame(), we call macvlan_count_rx() after we call
vlan->receive(). For macvtap, receive() function is essentially
macvtap_forward() which just tacks the data onto the queue.
Then, the above code counts the data again as we pull it off the queue
socket queue to give to the user.
-vlad
> rcu_read_unlock();
>
> return ret ? ret : copied;
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] macvtap: fix two races
2013-08-09 17:16 ` Vlad Yasevich
@ 2013-08-09 17:41 ` Eric Dumazet
2013-08-09 18:01 ` Vlad Yasevich
0 siblings, 1 reply; 11+ messages in thread
From: Eric Dumazet @ 2013-08-09 17:41 UTC (permalink / raw)
To: vyasevic; +Cc: Thomas Huth, David Miller, netdev
On Fri, 2013-08-09 at 13:16 -0400, Vlad Yasevich wrote:
> I was looking at this a bit more and I think this call to
> macvlan_count_rx() is double counting the packets.
>
> In macvlan_handle_frame(), we call macvlan_count_rx() after we call
> vlan->receive(). For macvtap, receive() function is essentially
> macvtap_forward() which just tacks the data onto the queue.
>
> Then, the above code counts the data again as we pull it off the queue
> socket queue to give to the user.
Hmm, it seems a different issue, and probably needs a patch on its own.
When was this problem added ?
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] macvtap: fix two races
2013-08-09 17:41 ` Eric Dumazet
@ 2013-08-09 18:01 ` Vlad Yasevich
0 siblings, 0 replies; 11+ messages in thread
From: Vlad Yasevich @ 2013-08-09 18:01 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Thomas Huth, David Miller, netdev
On 08/09/2013 01:41 PM, Eric Dumazet wrote:
> On Fri, 2013-08-09 at 13:16 -0400, Vlad Yasevich wrote:
>
>> I was looking at this a bit more and I think this call to
>> macvlan_count_rx() is double counting the packets.
>>
>> In macvlan_handle_frame(), we call macvlan_count_rx() after we call
>> vlan->receive(). For macvtap, receive() function is essentially
>> macvtap_forward() which just tacks the data onto the queue.
>>
>> Then, the above code counts the data again as we pull it off the queue
>> socket queue to give to the user.
>
> Hmm, it seems a different issue, and probably needs a patch on its own.
>
> When was this problem added ?
>
>
Looks like both macvlan and macvtap packet counting has been there since
the beginning...
-vlad
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] macvtap: fix two races
2013-08-08 15:06 ` [PATCH] macvtap: fix two races Eric Dumazet
2013-08-09 17:16 ` Vlad Yasevich
@ 2013-08-12 4:50 ` David Miller
1 sibling, 0 replies; 11+ messages in thread
From: David Miller @ 2013-08-12 4:50 UTC (permalink / raw)
To: eric.dumazet; +Cc: thuth, netdev, vyasevic
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Thu, 08 Aug 2013 08:06:14 -0700
> From: Eric Dumazet <edumazet@google.com>
>
> Since commit ac4e4af1e59e1 ("macvtap: Consistently use rcu functions"),
> Thomas gets two different warnings :
...
> And
...
> In the first case, macvtap_put_user() calls macvlan_count_rx()
> in a preempt-able context, and this is not allowed.
>
> In the second case, macvtap_get_user() calls
> macvlan_start_xmit() with BH enabled, and this is not allowed.
>
> Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com>
> Bisected-by: Thomas Huth <thuth@linux.vnet.ibm.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Tested-by: Thomas Huth <thuth@linux.vnet.ibm.com>
> Cc: Vlad Yasevich <vyasevic@redhat.com>
Applied and queued up for -stable, thanks.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2013-08-12 4:45 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-07 14:43 macvtap bug: using smp_processor_id() in preemptible code Thomas Huth
2013-08-07 15:26 ` Eric Dumazet
2013-08-08 8:25 ` Thomas Huth
2013-08-08 13:21 ` Eric Dumazet
2013-08-08 13:56 ` Thomas Huth
2013-08-08 14:04 ` Eric Dumazet
2013-08-08 15:06 ` [PATCH] macvtap: fix two races Eric Dumazet
2013-08-09 17:16 ` Vlad Yasevich
2013-08-09 17:41 ` Eric Dumazet
2013-08-09 18:01 ` Vlad Yasevich
2013-08-12 4:50 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.