mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-16 00:06:46 +07:00
9b4aec647a
In rare cases during shutdown the following general protection fault can happen: general protection fault: 0000 [#1] SMP Modules linked in: batman_adv(O-) [...] CPU: 3 PID: 1714 Comm: rmmod Tainted: G O 4.6.0-rc6+ #1 [...] Call Trace: [<ffffffffa0363294>] batadv_hardif_disable_interface+0x29a/0x3a6 [batman_adv] [<ffffffffa0373db4>] batadv_softif_destroy_netlink+0x4b/0xa4 [batman_adv] [<ffffffff813b52f3>] __rtnl_link_unregister+0x48/0x92 [<ffffffff813b9240>] rtnl_link_unregister+0xc1/0xdb [<ffffffff8108547c>] ? bit_waitqueue+0x87/0x87 [<ffffffffa03850d2>] batadv_exit+0x1a/0xf48 [batman_adv] [<ffffffff810c26f9>] SyS_delete_module+0x136/0x1b0 [<ffffffff8144dc65>] entry_SYSCALL_64_fastpath+0x18/0xa8 [<ffffffff8108aaca>] ? trace_hardirqs_off_caller+0x37/0xa6 Code: 89 f7 e8 21 bd 0d e1 4d 85 e4 75 0e 31 f6 48 c7 c7 50 d7 3b a0 e8 50 16 f2 e0 49 8b 9c 24 28 01 00 00 48 85 db 0f 84 b2 00 00 00 <48> 8b 03 4d 85 ed 48 89 45 c8 74 09 4c 39 ab f8 00 00 00 75 1c RIP [<ffffffffa0371852>] batadv_purge_outstanding_packets+0x1c8/0x291 [batman_adv] RSP <ffff88001da5fd78> ---[ end trace 803b9bdc6a4a952b ]--- Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt It does not happen often, but may potentially happen when frequently shutting down and reinitializing an interface. With some carefully placed msleep()s/mdelay()s it can be reproduced easily. The issue is, that on interface removal, any still running worker thread of a forwarding packet will race with the interface purging routine to free a forwarding packet. Temporarily giving up a spin-lock to be able to sleep in the purging routine is not safe. Furthermore, there is a potential general protection fault not just for the purging side shown above, but also on the worker side: Temporarily removing a forw_packet from the according forw_{bcast,bat}_list will make it impossible for the purging routine to catch and cancel it. # How this patch tries to fix it: With this patch we split the queue purging into three steps: Step 1), removing forward packets from the queue of an interface and by that claim it as our responsibility to free. Step 2), we are either lucky to cancel a pending worker before it starts to run. Or if it is already running, we wait and let it do its thing, except two things: Through the claiming in step 1) we prevent workers from a) re-arming themselves. And b) prevent workers from freeing packets which we still hold in the interface purging routine. Finally, step 3, we are sure that no forwarding packets are pending or even running anymore on the interface to remove. We can then safely free the claimed forwarding packets. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
124 lines
4.6 KiB
C
124 lines
4.6 KiB
C
/* Copyright (C) 2007-2016 B.A.T.M.A.N. contributors:
|
|
*
|
|
* Marek Lindner, Simon Wunderlich
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of version 2 of the GNU General Public
|
|
* License as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef _NET_BATMAN_ADV_SEND_H_
|
|
#define _NET_BATMAN_ADV_SEND_H_
|
|
|
|
#include "main.h"
|
|
|
|
#include <linux/compiler.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/types.h>
|
|
|
|
#include "packet.h"
|
|
|
|
struct sk_buff;
|
|
|
|
void batadv_forw_packet_free(struct batadv_forw_packet *forw_packet,
|
|
bool dropped);
|
|
struct batadv_forw_packet *
|
|
batadv_forw_packet_alloc(struct batadv_hard_iface *if_incoming,
|
|
struct batadv_hard_iface *if_outgoing,
|
|
atomic_t *queue_left,
|
|
struct batadv_priv *bat_priv);
|
|
bool batadv_forw_packet_steal(struct batadv_forw_packet *packet, spinlock_t *l);
|
|
void batadv_forw_packet_ogmv1_queue(struct batadv_priv *bat_priv,
|
|
struct batadv_forw_packet *forw_packet,
|
|
unsigned long send_time);
|
|
|
|
int batadv_send_skb_to_orig(struct sk_buff *skb,
|
|
struct batadv_orig_node *orig_node,
|
|
struct batadv_hard_iface *recv_if);
|
|
int batadv_send_skb_packet(struct sk_buff *skb,
|
|
struct batadv_hard_iface *hard_iface,
|
|
const u8 *dst_addr);
|
|
int batadv_send_broadcast_skb(struct sk_buff *skb,
|
|
struct batadv_hard_iface *hard_iface);
|
|
int batadv_send_unicast_skb(struct sk_buff *skb,
|
|
struct batadv_neigh_node *neigh_node);
|
|
int batadv_add_bcast_packet_to_list(struct batadv_priv *bat_priv,
|
|
const struct sk_buff *skb,
|
|
unsigned long delay,
|
|
bool own_packet);
|
|
void
|
|
batadv_purge_outstanding_packets(struct batadv_priv *bat_priv,
|
|
const struct batadv_hard_iface *hard_iface);
|
|
bool batadv_send_skb_prepare_unicast_4addr(struct batadv_priv *bat_priv,
|
|
struct sk_buff *skb,
|
|
struct batadv_orig_node *orig_node,
|
|
int packet_subtype);
|
|
int batadv_send_skb_unicast(struct batadv_priv *bat_priv,
|
|
struct sk_buff *skb, int packet_type,
|
|
int packet_subtype,
|
|
struct batadv_orig_node *orig_node,
|
|
unsigned short vid);
|
|
int batadv_send_skb_via_tt_generic(struct batadv_priv *bat_priv,
|
|
struct sk_buff *skb, int packet_type,
|
|
int packet_subtype, u8 *dst_hint,
|
|
unsigned short vid);
|
|
int batadv_send_skb_via_gw(struct batadv_priv *bat_priv, struct sk_buff *skb,
|
|
unsigned short vid);
|
|
|
|
/**
|
|
* batadv_send_skb_via_tt - send an skb via TT lookup
|
|
* @bat_priv: the bat priv with all the soft interface information
|
|
* @skb: the payload to send
|
|
* @dst_hint: can be used to override the destination contained in the skb
|
|
* @vid: the vid to be used to search the translation table
|
|
*
|
|
* Look up the recipient node for the destination address in the ethernet
|
|
* header via the translation table. Wrap the given skb into a batman-adv
|
|
* unicast header. Then send this frame to the according destination node.
|
|
*
|
|
* Return: NET_XMIT_DROP in case of error or NET_XMIT_SUCCESS otherwise.
|
|
*/
|
|
static inline int batadv_send_skb_via_tt(struct batadv_priv *bat_priv,
|
|
struct sk_buff *skb, u8 *dst_hint,
|
|
unsigned short vid)
|
|
{
|
|
return batadv_send_skb_via_tt_generic(bat_priv, skb, BATADV_UNICAST, 0,
|
|
dst_hint, vid);
|
|
}
|
|
|
|
/**
|
|
* batadv_send_skb_via_tt_4addr - send an skb via TT lookup
|
|
* @bat_priv: the bat priv with all the soft interface information
|
|
* @skb: the payload to send
|
|
* @packet_subtype: the unicast 4addr packet subtype to use
|
|
* @dst_hint: can be used to override the destination contained in the skb
|
|
* @vid: the vid to be used to search the translation table
|
|
*
|
|
* Look up the recipient node for the destination address in the ethernet
|
|
* header via the translation table. Wrap the given skb into a batman-adv
|
|
* unicast-4addr header. Then send this frame to the according destination
|
|
* node.
|
|
*
|
|
* Return: NET_XMIT_DROP in case of error or NET_XMIT_SUCCESS otherwise.
|
|
*/
|
|
static inline int batadv_send_skb_via_tt_4addr(struct batadv_priv *bat_priv,
|
|
struct sk_buff *skb,
|
|
int packet_subtype,
|
|
u8 *dst_hint,
|
|
unsigned short vid)
|
|
{
|
|
return batadv_send_skb_via_tt_generic(bat_priv, skb,
|
|
BATADV_UNICAST_4ADDR,
|
|
packet_subtype, dst_hint, vid);
|
|
}
|
|
|
|
#endif /* _NET_BATMAN_ADV_SEND_H_ */
|