Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3534601imu; Mon, 7 Jan 2019 05:14:09 -0800 (PST) X-Google-Smtp-Source: ALg8bN4DC6jBFD/3EgytQSpWWxManRmhH+k4UA79Pf/dH4wI4HyVH6LEgdEBi16hQw1xOVBG/A3a X-Received: by 2002:a62:37c3:: with SMTP id e186mr64522363pfa.251.1546866849640; Mon, 07 Jan 2019 05:14:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546866849; cv=none; d=google.com; s=arc-20160816; b=GVkmfyrJt6mP3q7ywXvx9khBtQnZB1cpPhG4j1tzVjRDUOaQG/5ftLUST0hdTCai/2 ZI30qD+7owKaZ1oDvuds1rnKYobqoUBlKufMJFZK/l5TtQHliSoGbV+ngbEb2sBjOoKx U2etTghRFH9sQShhspJXYWR8kqkJ3Fyx/w4GwJRnR2rKa/SHsuTt8LWrlbJPbfGmNDK+ sjs0hTDnfbC1WYjRJyE+PTLiyqM4lr/xTHdBowVqWeGnyT/NpIZ5BRd8XKWDorhoSsbk yBOssQ9xhn+4k37E2TrugBU10qRnRzZ0UuxxH6I1qEz1+cqiSVdpiD8kgUF9jXdFWlJM tY3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cArl6RzX9MWmclYQ4umt30IJj/npPFxmGoVmVpQq99A=; b=I+NYkYn4sGSfPi0ja11kYngdTSJvGyBUDBy4JFHay0X7pUJwTphMkvZGk+y/L3PpOo MSF5lgKH3xUrIx8QIxF+oAOI9A5LFqXhDp3+XqxJ4NSSR8xhwZdjRe3+639lL1nNppxY IqUE1CZEEgzXdSVoACmyA7VLrPtgBfCCofR2eA66fmmm+kdXeBSvuAZNlX+tWBD/0Np+ 1x5hpfhrsZ+/1WdRgg1StWG9qEWoeJrCUKJVn/U0wdVWxirrAySjQd2FwmjnvF675Szb stKVVxeRszRWyP2gpxbYT8+52eAwnt6STmPNmW1NULV2iavxu7klHXYv+V3+Ohwo22kF 6EtA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mxpDITJt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 80si29516702pfz.11.2019.01.07.05.13.53; Mon, 07 Jan 2019 05:14:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mxpDITJt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731394AbfAGNKw (ORCPT + 99 others); Mon, 7 Jan 2019 08:10:52 -0500 Received: from mail.kernel.org ([198.145.29.99]:55996 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730973AbfAGNIz (ORCPT ); Mon, 7 Jan 2019 08:08:55 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 788DA21855; Mon, 7 Jan 2019 13:08:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1546866535; bh=rIBEgWswjgMhHQC91tJ3AHwqvZWhv7gV07Jh5pf7MPw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mxpDITJtczfbrxOLdFEdPKyds20o9y6GAlmG+xqiVNeuIODx4CKyYarR9WORWrxuL nL0txPUGET3/aj4XZbXKtprrwzkkeYPTIOzzobgcd1lBkBZx6zbQqp07h7t7j3H43S KrVy43D4btZH0xr4s+4ABtS6yvUIxvKBQp0hOalI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lorenzo Bianconi , Eric Dumazet , "David S. Miller" Subject: [PATCH 4.9 25/71] gro_cell: add napi_disable in gro_cells_destroy Date: Mon, 7 Jan 2019 13:32:54 +0100 Message-Id: <20190107105334.215497628@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190107105330.280153213@linuxfoundation.org> References: <20190107105330.280153213@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Lorenzo Bianconi [ Upstream commit 8e1da73acded4751a93d4166458a7e640f37d26c ] Add napi_disable routine in gro_cells_destroy since starting from commit c42858eaf492 ("gro_cells: remove spinlock protecting receive queues") gro_cell_poll and gro_cells_destroy can run concurrently on napi_skbs list producing a kernel Oops if the tunnel interface is removed while gro_cell_poll is running. The following Oops has been triggered removing a vxlan device while the interface is receiving traffic [ 5628.948853] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 5628.949981] PGD 0 P4D 0 [ 5628.950308] Oops: 0002 [#1] SMP PTI [ 5628.950748] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.20.0-rc6+ #41 [ 5628.952940] RIP: 0010:gro_cell_poll+0x49/0x80 [ 5628.955615] RSP: 0018:ffffc9000004fdd8 EFLAGS: 00010202 [ 5628.956250] RAX: 0000000000000000 RBX: ffffe8ffffc08150 RCX: 0000000000000000 [ 5628.957102] RDX: 0000000000000000 RSI: ffff88802356bf00 RDI: ffffe8ffffc08150 [ 5628.957940] RBP: 0000000000000026 R08: 0000000000000000 R09: 0000000000000000 [ 5628.958803] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000040 [ 5628.959661] R13: ffffe8ffffc08100 R14: 0000000000000000 R15: 0000000000000040 [ 5628.960682] FS: 0000000000000000(0000) GS:ffff88803ea00000(0000) knlGS:0000000000000000 [ 5628.961616] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5628.962359] CR2: 0000000000000008 CR3: 000000000221c000 CR4: 00000000000006b0 [ 5628.963188] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 5628.964034] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 5628.964871] Call Trace: [ 5628.965179] net_rx_action+0xf0/0x380 [ 5628.965637] __do_softirq+0xc7/0x431 [ 5628.966510] run_ksoftirqd+0x24/0x30 [ 5628.966957] smpboot_thread_fn+0xc5/0x160 [ 5628.967436] kthread+0x113/0x130 [ 5628.968283] ret_from_fork+0x3a/0x50 [ 5628.968721] Modules linked in: [ 5628.969099] CR2: 0000000000000008 [ 5628.969510] ---[ end trace 9d9dedc7181661fe ]--- [ 5628.970073] RIP: 0010:gro_cell_poll+0x49/0x80 [ 5628.972965] RSP: 0018:ffffc9000004fdd8 EFLAGS: 00010202 [ 5628.973611] RAX: 0000000000000000 RBX: ffffe8ffffc08150 RCX: 0000000000000000 [ 5628.974504] RDX: 0000000000000000 RSI: ffff88802356bf00 RDI: ffffe8ffffc08150 [ 5628.975462] RBP: 0000000000000026 R08: 0000000000000000 R09: 0000000000000000 [ 5628.976413] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000040 [ 5628.977375] R13: ffffe8ffffc08100 R14: 0000000000000000 R15: 0000000000000040 [ 5628.978296] FS: 0000000000000000(0000) GS:ffff88803ea00000(0000) knlGS:0000000000000000 [ 5628.979327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5628.980044] CR2: 0000000000000008 CR3: 000000000221c000 CR4: 00000000000006b0 [ 5628.980929] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 5628.981736] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 5628.982409] Kernel panic - not syncing: Fatal exception in interrupt [ 5628.983307] Kernel Offset: disabled Fixes: c42858eaf492 ("gro_cells: remove spinlock protecting receive queues") Signed-off-by: Lorenzo Bianconi Acked-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- include/net/gro_cells.h | 1 + 1 file changed, 1 insertion(+) --- a/include/net/gro_cells.h +++ b/include/net/gro_cells.h @@ -86,6 +86,7 @@ static inline void gro_cells_destroy(str for_each_possible_cpu(i) { struct gro_cell *cell = per_cpu_ptr(gcells->cells, i); + napi_disable(&cell->napi); netif_napi_del(&cell->napi); __skb_queue_purge(&cell->napi_skbs); }