linux-hardened/include
Christian Borntraeger 4265f161b6 virtio: fix race in enable_cb
There is a race in virtio_net, dealing with disabling/enabling the callback.
I saw the following oops:

kernel BUG at /space/kvm/drivers/virtio/virtio_ring.c:218!
illegal operation: 0001 [#1] SMP
Modules linked in: sunrpc dm_mod
CPU: 2 Not tainted 2.6.25-rc1zlive-host-10623-gd358142-dirty #99
Process swapper (pid: 0, task: 000000000f85a610, ksp: 000000000f873c60)
Krnl PSW : 0404300180000000 00000000002b81a6 (vring_disable_cb+0x16/0x20)
           R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:3 PM:0 EA:3
Krnl GPRS: 0000000000000001 0000000000000001 0000000010005800 0000000000000001
           000000000f3a0900 000000000f85a610 0000000000000000 0000000000000000
           0000000000000000 000000000f870000 0000000000000000 0000000000001237
           000000000f3a0920 000000000010ff74 00000000002846f6 000000000fa0bcd8
Krnl Code: 00000000002b819a: a7110001           tmll    %r1,1
           00000000002b819e: a7840004           brc     8,2b81a6
           00000000002b81a2: a7f40001           brc     15,2b81a4
          >00000000002b81a6: a51b0001           oill    %r1,1
           00000000002b81aa: 40102000           sth     %r1,0(%r2)
           00000000002b81ae: 07fe               bcr     15,%r14
           00000000002b81b0: eb7ff0380024       stmg    %r7,%r15,56(%r15)
           00000000002b81b6: a7f13e00           tmll    %r15,15872
Call Trace:
([<000000000fa0bcd0>] 0xfa0bcd0)
 [<00000000002b8350>] vring_interrupt+0x5c/0x6c
 [<000000000010ab08>] do_extint+0xb8/0xf0
 [<0000000000110716>] ext_no_vtime+0x16/0x1a
 [<0000000000107e72>] cpu_idle+0x1c2/0x1e0

The problem can be triggered with a high amount of host->guest traffic.
I think its the following race:

poll says netif_rx_complete
poll calls enable_cb
enable_cb opens the interrupt mask
a new packet comes, an interrupt is triggered----\
enable_cb sees that there is more work           |
enable_cb disables the interrupt                 |
       .                                         V
       .                            interrupt is delivered
       .                            skb_recv_done does atomic napi test, ok
 some waiting                       disable_cb is called->check fails->bang!
       .
poll would do napi check
poll would do disable_cb

The fix is to let enable_cb not disable the interrupt again, but expect the
caller to do the cleanup if it returns false. In that case, the interrupt is
only disabled, if the napi test_set_bit was successful.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cleaned up doco)
2008-03-17 22:58:21 +11:00
..
acpi ACPI, cpuidle: Clarify C-state description in sysfs 2008-02-14 00:09:55 -05:00
asm-alpha CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-arm Merge branch 'omap-fixes' 2008-03-06 12:18:25 +00:00
asm-avr32 AVR32: Define PAGE_SHARED 2008-02-13 14:44:03 +01:00
asm-blackfin [Blackfin] arch: current_l1_stack_save is a pointer, so use NULL rather than 0 2008-03-05 19:02:23 -07:00
asm-cris cris: correct syscall numbers in unistd.h for timerfd_settime and timerfd_gettime 2008-03-04 16:35:16 -08:00
asm-frv FRV: Change the timerfd syscalls to be the same as i386 2008-02-20 19:58:16 -08:00
asm-generic percpu: fix DEBUG_PREEMPT per_cpu checking 2008-02-23 12:09:28 -08:00
asm-h8300 h8300: fix recent uaccess breakage 2008-03-13 13:11:43 -07:00
asm-ia64 [IA64] kprobes arch consolidation build fix 2008-03-06 09:49:01 -08:00
asm-m32r CONFIG_HIGHPTE vs. sub-page page tables. 2008-02-08 09:22:42 -08:00
asm-m68k m68k{,nommu}: Wire up new timerfd syscalls 2008-03-04 08:04:11 -08:00
asm-m68knommu m68k{,nommu}: Wire up new timerfd syscalls 2008-03-04 08:04:11 -08:00
asm-mips [MIPS] Clocksource: Only install r4k counter as clocksource if present. 2008-03-12 14:14:42 +00:00
asm-mn10300 Really unexport asm/page.h 2008-03-06 08:13:47 -08:00
asm-parisc [PARISC] futex: special case cmpxchg NULL in kernel space 2008-03-15 19:12:17 -07:00
asm-powerpc [POWERPC] 8xx: fix swap 2008-03-07 08:42:28 -06:00
asm-ppc [PPC] 8xx: swap bug-fix 2008-03-07 16:56:54 -06:00
asm-s390 Kprobes: indicate kretprobe support in Kconfig 2008-03-04 16:35:11 -08:00
asm-sh sh: Fix up the sh64 build. 2008-03-06 17:23:15 +09:00
asm-sparc [SPARC]: Add reboot_command[] extern decl to asm/system.h 2008-02-28 21:53:20 -08:00
asm-sparc64 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6 2008-03-04 20:20:32 -08:00
asm-um uml: x86_64 should copy %fs during fork 2008-02-08 09:22:43 -08:00
asm-v850 Add pgtable_t to remaining nommu architectures 2008-02-09 11:08:33 -08:00
asm-x86 x86: remove quicklists 2008-03-11 17:11:55 +01:00
asm-xtensa [XTENSA] Allow debugger to modify the WINDOWBASE register. 2008-02-13 17:45:36 -08:00
crypto [CRYPTO] skcipher: Fix section mismatches 2008-03-08 20:29:43 +08:00
keys
linux virtio: fix race in enable_cb 2008-03-17 22:58:21 +11:00
math-emu
media V4L/DVB (7192): Adds support for Genius TVGo A11MCE 2008-02-18 11:15:19 -03:00
mtd
net [NET]: Fix tbench regression in 2.6.25-rc1 2008-03-12 22:52:37 -07:00
pcmcia
rdma IB/core: Remove unused struct ib_device.flags member 2008-02-08 14:47:26 -08:00
rxrpc
scsi [SCSI] iscsi class: regression - fix races with state manipulation and blocking/unblocking 2008-03-05 12:04:09 -06:00
sound [ALSA] opl3 - Fix compilation without sequencer support 2008-02-22 14:20:08 -08:00
video atmel_lcdfb: backlight control 2008-02-06 10:41:16 -08:00
xen
Kbuild