leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4265f161b6
linux/drivers
History
Christian Borntraeger 4265f161b6 virtio: fix race in enable_cb 
There is a race in virtio_net, dealing with disabling/enabling the callback.
I saw the following oops:

kernel BUG at /space/kvm/drivers/virtio/virtio_ring.c:218!
illegal operation: 0001 [#1] SMP
Modules linked in: sunrpc dm_mod
CPU: 2 Not tainted 2.6.25-rc1zlive-host-10623-gd358142-dirty #99
Process swapper (pid: 0, task: 000000000f85a610, ksp: 000000000f873c60)
Krnl PSW : 0404300180000000 00000000002b81a6 (vring_disable_cb+0x16/0x20)
           R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:3 PM:0 EA:3
Krnl GPRS: 0000000000000001 0000000000000001 0000000010005800 0000000000000001
           000000000f3a0900 000000000f85a610 0000000000000000 0000000000000000
           0000000000000000 000000000f870000 0000000000000000 0000000000001237
           000000000f3a0920 000000000010ff74 00000000002846f6 000000000fa0bcd8
Krnl Code: 00000000002b819a: a7110001           tmll    %r1,1
           00000000002b819e: a7840004           brc     8,2b81a6
           00000000002b81a2: a7f40001           brc     15,2b81a4
          >00000000002b81a6: a51b0001           oill    %r1,1
           00000000002b81aa: 40102000           sth     %r1,0(%r2)
           00000000002b81ae: 07fe               bcr     15,%r14
           00000000002b81b0: eb7ff0380024       stmg    %r7,%r15,56(%r15)
           00000000002b81b6: a7f13e00           tmll    %r15,15872
Call Trace:
([<000000000fa0bcd0>] 0xfa0bcd0)
 [<00000000002b8350>] vring_interrupt+0x5c/0x6c
 [<000000000010ab08>] do_extint+0xb8/0xf0
 [<0000000000110716>] ext_no_vtime+0x16/0x1a
 [<0000000000107e72>] cpu_idle+0x1c2/0x1e0

The problem can be triggered with a high amount of host->guest traffic.
I think its the following race:

poll says netif_rx_complete
poll calls enable_cb
enable_cb opens the interrupt mask
a new packet comes, an interrupt is triggered----\
enable_cb sees that there is more work           |
enable_cb disables the interrupt                 |
       .                                         V
       .                            interrupt is delivered
       .                            skb_recv_done does atomic napi test, ok
 some waiting                       disable_cb is called->check fails->bang!
       .
poll would do napi check
poll would do disable_cb

The fix is to let enable_cb not disable the interrupt again, but expect the
caller to do the cleanup if it returns false. In that case, the interrupt is
only disabled, if the napi test_set_bit was successful.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cleaned up doco)
2008-03-17 22:58:21 +11:00
..
acorn/char Fix default compose table initialization 2008-03-03 14:53:16 -08:00
acpi ACPI: Remove ACPI_CUSTOM_DSDT_INITRD option 2008-03-15 11:58:04 -07:00
amba
ata [libata] Add support for the RB500 PATA CompactFlash 2008-03-10 20:54:05 -04:00
atm atm: replace remaining __FUNCTION__ occurrences 2008-03-05 18:38:07 -08:00
auxdisplay
base drivers: fix dma_get_required_mask 2008-03-10 16:33:33 -07:00
block virtio: Fix sysfs bits to have proper block symlink 2008-03-17 22:58:15 +11:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-12 13:08:09 -07:00
cdrom make cdrom.c:check_for_audio_disc() static 2008-03-04 11:28:41 +01:00
char char: riscom, fix rc_board indexing 2008-03-13 13:11:43 -07:00
clocksource
connector CONNECTOR: make cn_already_initialized static 2008-02-26 18:42:44 -08:00
cpufreq [CPUFREQ] fix section mismatch warnings 2008-03-05 14:45:31 -05:00
cpuidle ACPI, cpuidle: Clarify C-state description in sysfs 2008-02-14 00:09:55 -05:00
crypto [HIFN]: Fix invalid config ifdefs for RNG support 2008-02-15 19:15:05 +08:00
dca DCA: convert struct class_device to struct device. 2008-02-08 15:33:33 -08:00
dio
dma iop-adma.c: replace remaining __FUNCTION__ occurrences 2008-03-13 10:57:09 -07:00
edac
eisa
firewire firewire: fw-ohci: shut up false compiler warning on PPC32 2008-03-14 00:57:00 +01:00
firmware dmi: prevent linked list corruption 2008-02-23 17:12:15 -08:00
gpio gpio/pca953x bugfix: mark as can_sleep 2008-03-10 18:01:19 -07:00
hid HID: add USB IDs for MacBook 3rd generation 2008-02-13 17:08:04 +01:00
hwmon hwmon: normal_i2c arrays should be const 2008-02-18 21:58:15 -05:00
i2c i2c: chips subdirectory is deprecated 2008-03-12 14:15:00 +01:00
ide ide: update references to Documentation/ide/ide.txt (v2) 2008-03-07 21:53:50 +01:00
ieee1394 ieee1394: sbp2: fix for SYM13FW500 bridge (Datafab disk) 2008-03-14 00:56:59 +01:00
infiniband IPoIB: Allocate priv->tx_ring with vmalloc() 2008-03-12 07:51:03 -07:00
input i8042: use SGI_HAS_I8042 to select SGI i8042 handlinig 2008-03-10 18:01:20 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-12 13:08:09 -07:00
leds PWM LED driver 2008-02-08 09:22:38 -08:00
lguest lguest: Revert 1ce70c4fac, fix real problem. 2008-03-11 09:35:58 +11:00
macintosh [POWERPC] Fix build of modular drivers/macintosh/apm_emu.c 2008-03-13 10:09:27 +11:00
mca
md md: reduce CPU wastage on idle md array with a write-intent bitmap 2008-03-10 18:01:19 -07:00
media V4L/DVB (7219): zoran: Fix namespace conflicts with Zoran 'GPIO_MAX' enum 2008-02-18 12:18:28 -03:00
memstick memstick: add support for JMicron jmb38x MemoryStick host controller 2008-03-10 18:01:19 -07:00
message [SCSI] mpt fusion: don't oops if NumPhys==0 2008-03-05 14:57:57 -06:00
mfd sm501: add support for the SM502 programmable PLL 2008-03-04 16:35:13 -08:00
misc Merge branches 'release', 'ejd', 'sony' and 'wmi' into release 2008-03-13 01:59:52 -04:00
mmc tifm_sd: DATA_CARRY is not boolean in tifm_sd_transfer_data() 2008-03-15 09:24:21 -07:00
mtd UBI: mtd/ubi/vtbl.c: fix memory leak 2008-03-04 11:03:09 +02:00
net virtio: fix race in enable_cb 2008-03-17 22:58:21 +11:00
nubus
of
oprofile d_path: Make get_dcookie() use a struct path argument 2008-02-14 21:17:08 -08:00
parisc [PARISC] make ptr_to_pide() static 2008-03-15 19:17:12 -07:00
parport parport: section fixup 2008-02-13 16:21:19 -08:00
pci Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/pci-2.6 2008-03-13 13:16:22 -07:00
pcmcia PCI: drivers/pcmcia/i82092.c: fix up after pci_bus_region changes 2008-02-21 15:34:35 -08:00
pnp PNP: disable PNP motherboard resources that overlap PCI BARs 2008-03-12 12:39:36 -07:00
power
ps3 [POWERPC] PS3: Update sys-manager button events 2008-02-14 22:11:01 +11:00
rapidio docbook: fix rapidio source files 2008-03-03 10:47:13 -08:00
rtc rtc: add support for the S-35390A RTC chip 2008-03-04 16:35:09 -08:00
s390 [S390] zcrypt: fix ap_device_list handling 2008-03-05 12:37:19 +01:00
sbus
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2008-03-05 17:49:59 -08:00
serial of_serial: fix section mismatch warnings 2008-03-10 18:01:17 -07:00
sh maple: fix device detection 2008-02-26 14:12:09 +09:00
sn
spi spi_bitbang: short transfer status fix 2008-03-13 13:11:43 -07:00
ssb ssb: Add pcibios_enable_device() return value check 2008-03-04 18:36:35 -05:00
tc
telephony
thermal thermal: fix generic thermal I/F for hwmon 2008-03-13 01:49:01 -04:00
uio UIO: fix Greg's stupid changes 2008-02-21 15:27:07 -08:00
usb USB: fix ehci unlink regressions 2008-03-10 16:42:27 -07:00
video fbdev: add BF52x EZkit Display driver 2008-03-10 18:01:20 -07:00
virtio virtio: fix race in enable_cb 2008-03-17 22:58:21 +11:00
w1 ds1wm: report bus reset error 2008-03-04 16:35:12 -08:00
watchdog [WATCHDOG] make watchdog/hpwdt.c:asminline_call() static 2008-03-06 21:32:21 +00:00
xen
zorro
Kconfig memstick: initial commit for Sony MemoryStick support 2008-02-09 11:08:34 -08:00
Makefile memstick: initial commit for Sony MemoryStick support 2008-02-09 11:08:34 -08:00