]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob - releases/3.11.7/l2tp-must-disable-bh-before-calling-l2tp_xmit_skb.patch
projects / thirdparty / kernel / stable-queue.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
4.9-stable patches
[thirdparty/kernel/stable-queue.git] / releases / 3.11.7 / l2tp-must-disable-bh-before-calling-l2tp_xmit_skb.patch
1 From d74d8a563ec79425464d7a8aeaa1796724fea7bc Mon Sep 17 00:00:00 2001
2 From: Eric Dumazet <edumazet@google.com>
3 Date: Thu, 10 Oct 2013 06:30:09 -0700
4 Subject: l2tp: must disable bh before calling l2tp_xmit_skb()
5
6 From: Eric Dumazet <edumazet@google.com>
7
8 [ Upstream commit 455cc32bf128e114455d11ad919321ab89a2c312 ]
9
10 François Cachereul made a very nice bug report and suspected
11 the bh_lock_sock() / bh_unlok_sock() pair used in l2tp_xmit_skb() from
12 process context was not good.
13
14 This problem was added by commit 6af88da14ee284aaad6e4326da09a89191ab6165
15 ("l2tp: Fix locking in l2tp_core.c").
16
17 l2tp_eth_dev_xmit() runs from BH context, so we must disable BH
18 from other l2tp_xmit_skb() users.
19
20 [ 452.060011] BUG: soft lockup - CPU#1 stuck for 23s! [accel-pppd:6662]
21 [ 452.061757] Modules linked in: l2tp_ppp l2tp_netlink l2tp_core pppoe pppox
22 ppp_generic slhc ipv6 ext3 mbcache jbd virtio_balloon xfs exportfs dm_mod
23 virtio_blk ata_generic virtio_net floppy ata_piix libata virtio_pci virtio_ring virtio [last unloaded: scsi_wait_scan]
24 [ 452.064012] CPU 1
25 [ 452.080015] BUG: soft lockup - CPU#2 stuck for 23s! [accel-pppd:6643]
26 [ 452.080015] CPU 2
27 [ 452.080015]
28 [ 452.080015] Pid: 6643, comm: accel-pppd Not tainted 3.2.46.mini #1 Bochs Bochs
29 [ 452.080015] RIP: 0010:[<ffffffff81059f6c>] [<ffffffff81059f6c>] do_raw_spin_lock+0x17/0x1f
30 [ 452.080015] RSP: 0018:ffff88007125fc18 EFLAGS: 00000293
31 [ 452.080015] RAX: 000000000000aba9 RBX: ffffffff811d0703 RCX: 0000000000000000
32 [ 452.080015] RDX: 00000000000000ab RSI: ffff8800711f6896 RDI: ffff8800745c8110
33 [ 452.080015] RBP: ffff88007125fc18 R08: 0000000000000020 R09: 0000000000000000
34 [ 452.080015] R10: 0000000000000000 R11: 0000000000000280 R12: 0000000000000286
35 [ 452.080015] R13: 0000000000000020 R14: 0000000000000240 R15: 0000000000000000
36 [ 452.080015] FS: 00007fdc0cc24700(0000) GS:ffff8800b6f00000(0000) knlGS:0000000000000000
37 [ 452.080015] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
38 [ 452.080015] CR2: 00007fdb054899b8 CR3: 0000000074404000 CR4: 00000000000006a0
39 [ 452.080015] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
40 [ 452.080015] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
41 [ 452.080015] Process accel-pppd (pid: 6643, threadinfo ffff88007125e000, task ffff8800b27e6dd0)
42 [ 452.080015] Stack:
43 [ 452.080015] ffff88007125fc28 ffffffff81256559 ffff88007125fc98 ffffffffa01b2bd1
44 [ 452.080015] ffff88007125fc58 000000000000000c 00000000029490d0 0000009c71dbe25e
45 [ 452.080015] 000000000000005c 000000080000000e 0000000000000000 ffff880071170600
46 [ 452.080015] Call Trace:
47 [ 452.080015] [<ffffffff81256559>] _raw_spin_lock+0xe/0x10
48 [ 452.080015] [<ffffffffa01b2bd1>] l2tp_xmit_skb+0x189/0x4ac [l2tp_core]
49 [ 452.080015] [<ffffffffa01c2d36>] pppol2tp_sendmsg+0x15e/0x19c [l2tp_ppp]
50 [ 452.080015] [<ffffffff811c7872>] __sock_sendmsg_nosec+0x22/0x24
51 [ 452.080015] [<ffffffff811c83bd>] sock_sendmsg+0xa1/0xb6
52 [ 452.080015] [<ffffffff81254e88>] ? __schedule+0x5c1/0x616
53 [ 452.080015] [<ffffffff8103c7c6>] ? __dequeue_signal+0xb7/0x10c
54 [ 452.080015] [<ffffffff810bbd21>] ? fget_light+0x75/0x89
55 [ 452.080015] [<ffffffff811c8444>] ? sockfd_lookup_light+0x20/0x56
56 [ 452.080015] [<ffffffff811c9b34>] sys_sendto+0x10c/0x13b
57 [ 452.080015] [<ffffffff8125cac2>] system_call_fastpath+0x16/0x1b
58 [ 452.080015] Code: 81 48 89 e5 72 0c 31 c0 48 81 ff 45 66 25 81 0f 92 c0 5d c3 55 b8 00 01 00 00 48 89 e5 f0 66 0f c1 07 0f b6 d4 38 d0 74 06 f3 90 <8a> 07 eb f6 5d c3 90 90 55 48 89 e5 9c 58 0f 1f 44 00 00 5d c3
59 [ 452.080015] Call Trace:
60 [ 452.080015] [<ffffffff81256559>] _raw_spin_lock+0xe/0x10
61 [ 452.080015] [<ffffffffa01b2bd1>] l2tp_xmit_skb+0x189/0x4ac [l2tp_core]
62 [ 452.080015] [<ffffffffa01c2d36>] pppol2tp_sendmsg+0x15e/0x19c [l2tp_ppp]
63 [ 452.080015] [<ffffffff811c7872>] __sock_sendmsg_nosec+0x22/0x24
64 [ 452.080015] [<ffffffff811c83bd>] sock_sendmsg+0xa1/0xb6
65 [ 452.080015] [<ffffffff81254e88>] ? __schedule+0x5c1/0x616
66 [ 452.080015] [<ffffffff8103c7c6>] ? __dequeue_signal+0xb7/0x10c
67 [ 452.080015] [<ffffffff810bbd21>] ? fget_light+0x75/0x89
68 [ 452.080015] [<ffffffff811c8444>] ? sockfd_lookup_light+0x20/0x56
69 [ 452.080015] [<ffffffff811c9b34>] sys_sendto+0x10c/0x13b
70 [ 452.080015] [<ffffffff8125cac2>] system_call_fastpath+0x16/0x1b
71 [ 452.064012]
72 [ 452.064012] Pid: 6662, comm: accel-pppd Not tainted 3.2.46.mini #1 Bochs Bochs
73 [ 452.064012] RIP: 0010:[<ffffffff81059f6e>] [<ffffffff81059f6e>] do_raw_spin_lock+0x19/0x1f
74 [ 452.064012] RSP: 0018:ffff8800b6e83ba0 EFLAGS: 00000297
75 [ 452.064012] RAX: 000000000000aaa9 RBX: ffff8800b6e83b40 RCX: 0000000000000002
76 [ 452.064012] RDX: 00000000000000aa RSI: 000000000000000a RDI: ffff8800745c8110
77 [ 452.064012] RBP: ffff8800b6e83ba0 R08: 000000000000c802 R09: 000000000000001c
78 [ 452.064012] R10: ffff880071096c4e R11: 0000000000000006 R12: ffff8800b6e83b18
79 [ 452.064012] R13: ffffffff8125d51e R14: ffff8800b6e83ba0 R15: ffff880072a589c0
80 [ 452.064012] FS: 00007fdc0b81e700(0000) GS:ffff8800b6e80000(0000) knlGS:0000000000000000
81 [ 452.064012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
82 [ 452.064012] CR2: 0000000000625208 CR3: 0000000074404000 CR4: 00000000000006a0
83 [ 452.064012] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
84 [ 452.064012] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
85 [ 452.064012] Process accel-pppd (pid: 6662, threadinfo ffff88007129a000, task ffff8800744f7410)
86 [ 452.064012] Stack:
87 [ 452.064012] ffff8800b6e83bb0 ffffffff81256559 ffff8800b6e83bc0 ffffffff8121c64a
88 [ 452.064012] ffff8800b6e83bf0 ffffffff8121ec7a ffff880072a589c0 ffff880071096c62
89 [ 452.064012] 0000000000000011 ffffffff81430024 ffff8800b6e83c80 ffffffff8121f276
90 [ 452.064012] Call Trace:
91 [ 452.064012] <IRQ>
92 [ 452.064012] [<ffffffff81256559>] _raw_spin_lock+0xe/0x10
93 [ 452.064012] [<ffffffff8121c64a>] spin_lock+0x9/0xb
94 [ 452.064012] [<ffffffff8121ec7a>] udp_queue_rcv_skb+0x186/0x269
95 [ 452.064012] [<ffffffff8121f276>] __udp4_lib_rcv+0x297/0x4ae
96 [ 452.064012] [<ffffffff8121c178>] ? raw_rcv+0xe9/0xf0
97 [ 452.064012] [<ffffffff8121f4a7>] udp_rcv+0x1a/0x1c
98 [ 452.064012] [<ffffffff811fe385>] ip_local_deliver_finish+0x12b/0x1a5
99 [ 452.064012] [<ffffffff811fe54e>] ip_local_deliver+0x53/0x84
100 [ 452.064012] [<ffffffff811fe1d0>] ip_rcv_finish+0x2bc/0x2f3
101 [ 452.064012] [<ffffffff811fe78f>] ip_rcv+0x210/0x269
102 [ 452.064012] [<ffffffff8101911e>] ? kvm_clock_get_cycles+0x9/0xb
103 [ 452.064012] [<ffffffff811d88cd>] __netif_receive_skb+0x3a5/0x3f7
104 [ 452.064012] [<ffffffff811d8eba>] netif_receive_skb+0x57/0x5e
105 [ 452.064012] [<ffffffff811cf30f>] ? __netdev_alloc_skb+0x1f/0x3b
106 [ 452.064012] [<ffffffffa0049126>] virtnet_poll+0x4ba/0x5a4 [virtio_net]
107 [ 452.064012] [<ffffffff811d9417>] net_rx_action+0x73/0x184
108 [ 452.064012] [<ffffffffa01b2cc2>] ? l2tp_xmit_skb+0x27a/0x4ac [l2tp_core]
109 [ 452.064012] [<ffffffff810343b9>] __do_softirq+0xc3/0x1a8
110 [ 452.064012] [<ffffffff81013b56>] ? ack_APIC_irq+0x10/0x12
111 [ 452.064012] [<ffffffff81256559>] ? _raw_spin_lock+0xe/0x10
112 [ 452.064012] [<ffffffff8125e0ac>] call_softirq+0x1c/0x26
113 [ 452.064012] [<ffffffff81003587>] do_softirq+0x45/0x82
114 [ 452.064012] [<ffffffff81034667>] irq_exit+0x42/0x9c
115 [ 452.064012] [<ffffffff8125e146>] do_IRQ+0x8e/0xa5
116 [ 452.064012] [<ffffffff8125676e>] common_interrupt+0x6e/0x6e
117 [ 452.064012] <EOI>
118 [ 452.064012] [<ffffffff810b82a1>] ? kfree+0x8a/0xa3
119 [ 452.064012] [<ffffffffa01b2cc2>] ? l2tp_xmit_skb+0x27a/0x4ac [l2tp_core]
120 [ 452.064012] [<ffffffffa01b2c25>] ? l2tp_xmit_skb+0x1dd/0x4ac [l2tp_core]
121 [ 452.064012] [<ffffffffa01c2d36>] pppol2tp_sendmsg+0x15e/0x19c [l2tp_ppp]
122 [ 452.064012] [<ffffffff811c7872>] __sock_sendmsg_nosec+0x22/0x24
123 [ 452.064012] [<ffffffff811c83bd>] sock_sendmsg+0xa1/0xb6
124 [ 452.064012] [<ffffffff81254e88>] ? __schedule+0x5c1/0x616
125 [ 452.064012] [<ffffffff8103c7c6>] ? __dequeue_signal+0xb7/0x10c
126 [ 452.064012] [<ffffffff810bbd21>] ? fget_light+0x75/0x89
127 [ 452.064012] [<ffffffff811c8444>] ? sockfd_lookup_light+0x20/0x56
128 [ 452.064012] [<ffffffff811c9b34>] sys_sendto+0x10c/0x13b
129 [ 452.064012] [<ffffffff8125cac2>] system_call_fastpath+0x16/0x1b
130 [ 452.064012] Code: 89 e5 72 0c 31 c0 48 81 ff 45 66 25 81 0f 92 c0 5d c3 55 b8 00 01 00 00 48 89 e5 f0 66 0f c1 07 0f b6 d4 38 d0 74 06 f3 90 8a 07 <eb> f6 5d c3 90 90 55 48 89 e5 9c 58 0f 1f 44 00 00 5d c3 55 48
131 [ 452.064012] Call Trace:
132 [ 452.064012] <IRQ> [<ffffffff81256559>] _raw_spin_lock+0xe/0x10
133 [ 452.064012] [<ffffffff8121c64a>] spin_lock+0x9/0xb
134 [ 452.064012] [<ffffffff8121ec7a>] udp_queue_rcv_skb+0x186/0x269
135 [ 452.064012] [<ffffffff8121f276>] __udp4_lib_rcv+0x297/0x4ae
136 [ 452.064012] [<ffffffff8121c178>] ? raw_rcv+0xe9/0xf0
137 [ 452.064012] [<ffffffff8121f4a7>] udp_rcv+0x1a/0x1c
138 [ 452.064012] [<ffffffff811fe385>] ip_local_deliver_finish+0x12b/0x1a5
139 [ 452.064012] [<ffffffff811fe54e>] ip_local_deliver+0x53/0x84
140 [ 452.064012] [<ffffffff811fe1d0>] ip_rcv_finish+0x2bc/0x2f3
141 [ 452.064012] [<ffffffff811fe78f>] ip_rcv+0x210/0x269
142 [ 452.064012] [<ffffffff8101911e>] ? kvm_clock_get_cycles+0x9/0xb
143 [ 452.064012] [<ffffffff811d88cd>] __netif_receive_skb+0x3a5/0x3f7
144 [ 452.064012] [<ffffffff811d8eba>] netif_receive_skb+0x57/0x5e
145 [ 452.064012] [<ffffffff811cf30f>] ? __netdev_alloc_skb+0x1f/0x3b
146 [ 452.064012] [<ffffffffa0049126>] virtnet_poll+0x4ba/0x5a4 [virtio_net]
147 [ 452.064012] [<ffffffff811d9417>] net_rx_action+0x73/0x184
148 [ 452.064012] [<ffffffffa01b2cc2>] ? l2tp_xmit_skb+0x27a/0x4ac [l2tp_core]
149 [ 452.064012] [<ffffffff810343b9>] __do_softirq+0xc3/0x1a8
150 [ 452.064012] [<ffffffff81013b56>] ? ack_APIC_irq+0x10/0x12
151 [ 452.064012] [<ffffffff81256559>] ? _raw_spin_lock+0xe/0x10
152 [ 452.064012] [<ffffffff8125e0ac>] call_softirq+0x1c/0x26
153 [ 452.064012] [<ffffffff81003587>] do_softirq+0x45/0x82
154 [ 452.064012] [<ffffffff81034667>] irq_exit+0x42/0x9c
155 [ 452.064012] [<ffffffff8125e146>] do_IRQ+0x8e/0xa5
156 [ 452.064012] [<ffffffff8125676e>] common_interrupt+0x6e/0x6e
157 [ 452.064012] <EOI> [<ffffffff810b82a1>] ? kfree+0x8a/0xa3
158 [ 452.064012] [<ffffffffa01b2cc2>] ? l2tp_xmit_skb+0x27a/0x4ac [l2tp_core]
159 [ 452.064012] [<ffffffffa01b2c25>] ? l2tp_xmit_skb+0x1dd/0x4ac [l2tp_core]
160 [ 452.064012] [<ffffffffa01c2d36>] pppol2tp_sendmsg+0x15e/0x19c [l2tp_ppp]
161 [ 452.064012] [<ffffffff811c7872>] __sock_sendmsg_nosec+0x22/0x24
162 [ 452.064012] [<ffffffff811c83bd>] sock_sendmsg+0xa1/0xb6
163 [ 452.064012] [<ffffffff81254e88>] ? __schedule+0x5c1/0x616
164 [ 452.064012] [<ffffffff8103c7c6>] ? __dequeue_signal+0xb7/0x10c
165 [ 452.064012] [<ffffffff810bbd21>] ? fget_light+0x75/0x89
166 [ 452.064012] [<ffffffff811c8444>] ? sockfd_lookup_light+0x20/0x56
167 [ 452.064012] [<ffffffff811c9b34>] sys_sendto+0x10c/0x13b
168 [ 452.064012] [<ffffffff8125cac2>] system_call_fastpath+0x16/0x1b
169
170 Reported-by: François Cachereul <f.cachereul@alphalink.fr>
171 Tested-by: François Cachereul <f.cachereul@alphalink.fr>
172 Signed-off-by: Eric Dumazet <edumazet@google.com>
173 Cc: James Chapman <jchapman@katalix.com>
174 Signed-off-by: David S. Miller <davem@davemloft.net>
175 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
176 ---
177 net/l2tp/l2tp_ppp.c | 4 ++++
178 1 file changed, 4 insertions(+)
179
180 --- a/net/l2tp/l2tp_ppp.c
181 +++ b/net/l2tp/l2tp_ppp.c
182 @@ -353,7 +353,9 @@ static int pppol2tp_sendmsg(struct kiocb
183 goto error_put_sess_tun;
184 }
185
186 + local_bh_disable();
187 l2tp_xmit_skb(session, skb, session->hdr_len);
188 + local_bh_enable();
189
190 sock_put(ps->tunnel_sock);
191 sock_put(sk);
192 @@ -422,7 +424,9 @@ static int pppol2tp_xmit(struct ppp_chan
193 skb->data[0] = ppph[0];
194 skb->data[1] = ppph[1];
195
196 + local_bh_disable();
197 l2tp_xmit_skb(session, skb, session->hdr_len);
198 + local_bh_enable();
199
200 sock_put(sk_tun);
201 sock_put(sk);
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git