Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1771628imm; Thu, 27 Sep 2018 02:11:08 -0700 (PDT) X-Google-Smtp-Source: ACcGV61IrlIfoQCmr8jsGdEik3/dUaCIgYxCaQOj0AjHwyesuE2j4Sp90eJrjUdKOkZEv1iZGk20 X-Received: by 2002:a63:6781:: with SMTP id b123-v6mr12221pgc.151.1538039468766; Thu, 27 Sep 2018 02:11:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538039468; cv=none; d=google.com; s=arc-20160816; b=HHEWDQoEpR4Pe421WQLzFK5tK4o5dk2IHIIVdp2x3ZsixCEfrQjndmeaqeJEDHqB8g jEC/66nqMQZGITVFBUL/ZzUjoy0m5UH44it8IcrxAjEg3gmPwtiz0fW2i1UFO5eoDGvA KChzRr4WVxVqzFx+Lc2LMj0jxHredFwZ5isE2VR/T3IhFWie6oLBfk+QqBvQao8NdmuV qEmudjwpwMJa2Wkz+ZrCjjVvlPfIoSIpcXXZnagQow0sV4k6BjmEfbz7SYrYsNG1zwkl iOaui+666XueZ8X7iFupTeYjnMIg0Gl6TiAZt84FE8Cu+CPWhIi6DhswcYx57GzLkyx2 PRHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=uTJ9VfPj5HyCG3JQA/gw1Prf6NqK273xuvEUwhGzr6E=; b=H+7pfmyLMk5RyTFOcNN1RmmGSANHHJfn0cb/uaOzH7Yhq1NN1+9s9fRcBv5OXiUpHW pWxoicBNUlxtaF3ffCguF0FL8ZIiG8UnZL2O/7kka8O25g+9AvDfZogXm8L6GbEVz3TM R0PI8I3iAWoI3DfAzYLPPbIH96gFWPsD2XZlEcQFhfclFWt2xzjGVWq617iceeTb548W oX668jV9VPgGi3tnAvOkz88n22TCe5AS3qLBS/visfnEM2LQxmvBWsllRboGWQJwNy3G pGumhqdZK6sKZU/ugYj6FtQpGROoyybNzTnCh0W/ObyFyUTW+MCFkgPstiO3OeHWCAAt Xuwg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f2-v6si1437268pgh.661.2018.09.27.02.10.53; Thu, 27 Sep 2018 02:11:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728359AbeI0P1M (ORCPT + 99 others); Thu, 27 Sep 2018 11:27:12 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:55100 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727057AbeI0P1M (ORCPT ); Thu, 27 Sep 2018 11:27:12 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 7C09310A4; Thu, 27 Sep 2018 09:09:56 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stephen Hemminger , Haiyang Zhang , "David S. Miller" Subject: [PATCH 4.18 14/88] hv_netvsc: fix schedule in RCU context Date: Thu, 27 Sep 2018 11:02:55 +0200 Message-Id: <20180927090302.216926722@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180927090300.631426620@linuxfoundation.org> References: <20180927090300.631426620@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Stephen Hemminger [ Upstream commit 018349d70f28a78d5343b3660cb66e1667005f8a ] When netvsc device is removed it can call reschedule in RCU context. This happens because canceling the subchannel setup work could (in theory) cause a reschedule when manipulating the timer. To reproduce, run with lockdep enabled kernel and unbind a network device from hv_netvsc (via sysfs). [ 160.682011] WARNING: suspicious RCU usage [ 160.707466] 4.19.0-rc3-uio+ #2 Not tainted [ 160.709937] ----------------------------- [ 160.712352] ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! [ 160.723691] [ 160.723691] other info that might help us debug this: [ 160.723691] [ 160.730955] [ 160.730955] rcu_scheduler_active = 2, debug_locks = 1 [ 160.762813] 5 locks held by rebind-eth.sh/1812: [ 160.766851] #0: 000000008befa37a (sb_writers#6){.+.+}, at: vfs_write+0x184/0x1b0 [ 160.773416] #1: 00000000b097f236 (&of->mutex){+.+.}, at: kernfs_fop_write+0xe2/0x1a0 [ 160.783766] #2: 0000000041ee6889 (kn->count#3){++++}, at: kernfs_fop_write+0xeb/0x1a0 [ 160.787465] #3: 0000000056d92a74 (&dev->mutex){....}, at: device_release_driver_internal+0x39/0x250 [ 160.816987] #4: 0000000030f6031e (rcu_read_lock){....}, at: netvsc_remove+0x1e/0x250 [hv_netvsc] [ 160.828629] [ 160.828629] stack backtrace: [ 160.831966] CPU: 1 PID: 1812 Comm: rebind-eth.sh Not tainted 4.19.0-rc3-uio+ #2 [ 160.832952] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v1.0 11/26/2012 [ 160.832952] Call Trace: [ 160.832952] dump_stack+0x85/0xcb [ 160.832952] ___might_sleep+0x1a3/0x240 [ 160.832952] __flush_work+0x57/0x2e0 [ 160.832952] ? __mutex_lock+0x83/0x990 [ 160.832952] ? __kernfs_remove+0x24f/0x2e0 [ 160.832952] ? __kernfs_remove+0x1b2/0x2e0 [ 160.832952] ? mark_held_locks+0x50/0x80 [ 160.832952] ? get_work_pool+0x90/0x90 [ 160.832952] __cancel_work_timer+0x13c/0x1e0 [ 160.832952] ? netvsc_remove+0x1e/0x250 [hv_netvsc] [ 160.832952] ? __lock_is_held+0x55/0x90 [ 160.832952] netvsc_remove+0x9a/0x250 [hv_netvsc] [ 160.832952] vmbus_remove+0x26/0x30 [ 160.832952] device_release_driver_internal+0x18a/0x250 [ 160.832952] unbind_store+0xb4/0x180 [ 160.832952] kernfs_fop_write+0x113/0x1a0 [ 160.832952] __vfs_write+0x36/0x1a0 [ 160.832952] ? rcu_read_lock_sched_held+0x6b/0x80 [ 160.832952] ? rcu_sync_lockdep_assert+0x2e/0x60 [ 160.832952] ? __sb_start_write+0x141/0x1a0 [ 160.832952] ? vfs_write+0x184/0x1b0 [ 160.832952] vfs_write+0xbe/0x1b0 [ 160.832952] ksys_write+0x55/0xc0 [ 160.832952] do_syscall_64+0x60/0x1b0 [ 160.832952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 160.832952] RIP: 0033:0x7fe48f4c8154 Resolve this by getting RTNL earlier. This is safe because the subchannel work queue does trylock on RTNL and will detect the race. Fixes: 7b2ee50c0cd5 ("hv_netvsc: common detach logic") Signed-off-by: Stephen Hemminger Reviewed-by: Haiyang Zhang Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/hyperv/netvsc_drv.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -2172,17 +2172,15 @@ static int netvsc_remove(struct hv_devic cancel_delayed_work_sync(&ndev_ctx->dwork); - rcu_read_lock(); - nvdev = rcu_dereference(ndev_ctx->nvdev); - - if (nvdev) + rtnl_lock(); + nvdev = rtnl_dereference(ndev_ctx->nvdev); + if (nvdev) cancel_work_sync(&nvdev->subchan_work); /* * Call to the vsc driver to let it know that the device is being * removed. Also blocks mtu and channel changes. */ - rtnl_lock(); vf_netdev = rtnl_dereference(ndev_ctx->vf_netdev); if (vf_netdev) netvsc_unregister_vf(vf_netdev); @@ -2194,7 +2192,6 @@ static int netvsc_remove(struct hv_devic list_del(&ndev_ctx->list); rtnl_unlock(); - rcu_read_unlock(); hv_set_drvdata(dev, NULL);