linux/drivers/net/ppp
Gao Feng ddab82821f ppp: Fix a scheduling-while-atomic bug in del_chan
The PPTP set the pptp_sock_destruct as the sock's sk_destruct, it would
trigger this bug when __sk_free is invoked in atomic context, because of
the call path pptp_sock_destruct->del_chan->synchronize_rcu.

Now move the synchronize_rcu to pptp_release from del_chan. This is the
only one case which would free the sock and need the synchronize_rcu.

The following is the panic I met with kernel 3.3.8, but this issue should
exist in current kernel too according to the codes.

BUG: scheduling while atomic
__schedule_bug+0x5e/0x64
__schedule+0x55/0x580
? ppp_unregister_channel+0x1cd5/0x1de0 [ppp_generic]
? dev_hard_start_xmit+0x423/0x530
? sch_direct_xmit+0x73/0x170
__cond_resched+0x16/0x30
_cond_resched+0x22/0x30
wait_for_common+0x18/0x110
? call_rcu_bh+0x10/0x10
wait_for_completion+0x12/0x20
wait_rcu_gp+0x34/0x40
? wait_rcu_gp+0x40/0x40
synchronize_sched+0x1e/0x20
0xf8417298
0xf8417484
? sock_queue_rcv_skb+0x109/0x130
__sk_free+0x16/0x110
? udp_queue_rcv_skb+0x1f2/0x290
sk_free+0x16/0x20
__udp4_lib_rcv+0x3b8/0x650

Signed-off-by: Gao Feng <gfree.wind@vip.163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-31 21:59:01 -07:00
..
bsd_comp.c
Kconfig
Makefile
ppp_async.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
ppp_deflate.c
ppp_generic.c ppp: Fix false xmit recursion detect with two ppp devices 2017-07-18 11:20:33 -07:00
ppp_mppe.c ppp: mppe: Use vsnprintf extension %phN 2017-06-06 15:16:33 -04:00
ppp_mppe.h
ppp_synctty.c net: manual clean code which call skb_put_[data:zero] 2017-06-20 13:30:15 -04:00
pppoe.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
pppox.c
pptp.c ppp: Fix a scheduling-while-atomic bug in del_chan 2017-07-31 21:59:01 -07:00