From: David S. Miller Date: Tue, 15 Sep 2015 21:53:46 +0000 (-0700) Subject: Merge branch 'ip6tunnel_dst' X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=244b7f4324895e7c796cc94e8a8f70288ed20bdc;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git Merge branch 'ip6tunnel_dst' Martin KaFai Lau says: ==================== ipv6: Fix dst_entry refcnt bugs in ip6_tunnel v4: - Fix a compilation error in patch 5 when CONFIG_LOCKDEP is turned on and re-test it v3: - Merge a 'if else if' test in patch 4 - Use rcu_dereference_protected in patch 5 to fix a sparse check when CONFIG_SPARSE_RCU_POINTER is enabled v2: - Add patch 4 and 5 to remove the spinlock v1: This patch series is to fix the dst refcnt bugs in ip6_tunnel. Patch 1 and 2 are the prep works. Patch 3 is the fix. I can reproduce the bug by adding and removing the ip6gre tunnel while running a super_netperf TCP_CRR test. I get the following trace by adding WARN_ON_ONCE(newrefcnt < 0) to dst_release(): [ 312.760432] ------------[ cut here ]------------ [ 312.774664] WARNING: CPU: 2 PID: 10263 at net/core/dst.c:288 dst_release+0xf3/0x100() [ 312.776041] Modules linked in: k10temp coretemp hwmon ip6_gre ip6_tunnel tunnel6 ipmi_devintf ipmi_ms\ ghandler ip6table_filter ip6_tables xt_NFLOG nfnetlink_log nfnetlink xt_comment xt_statistic iptable_fil\ ter ip_tables x_tables nfsv3 nfs_acl nfs fscache lockd grace mptctl netconsole autofs4 rpcsec_gss_krb5 a\ uth_rpcgss oid_registry sunrpc ipv6 dm_mod loop iTCO_wdt iTCO_vendor_support serio_raw rtc_cmos pcspkr i\ 2c_i801 i2c_core lpc_ich mfd_core ehci_pci ehci_hcd e1000e mlx4_en ptp pps_core vxlan udp_tunnel ip6_udp\ _tunnel mlx4_core sg button ext3 jbd mpt2sas raid_class [ 312.785302] CPU: 2 PID: 10263 Comm: netperf Not tainted 4.2.0-rc8-00046-g4db9b63-dirty #15 [ 312.791695] Hardware name: Quanta Freedom /Windmill-EP, BIOS F03_3B04 09/12/2013 [ 312.792965] ffffffff819dca2c ffff8811dfbdf6f8 ffffffff816537de ffff88123788fdb8 [ 312.794263] 0000000000000000 ffff8811dfbdf738 ffffffff81052646 ffff8811dfbdf768 [ 312.795593] ffff881203a98180 00000000ffffffff ffff88242927a000 ffff88120a2532e0 [ 312.796946] Call Trace: [ 312.797380] [] dump_stack+0x45/0x57 [ 312.798288] [] warn_slowpath_common+0x86/0xc0 [ 312.799699] [] warn_slowpath_null+0x1a/0x20 [ 312.800852] [] dst_release+0xf3/0x100 [ 312.801834] [] ip6_tnl_dst_store+0x48/0x70 [ip6_tunnel] [ 312.803738] [] ip6gre_xmit2+0x536/0x720 [ip6_gre] [ 312.804774] [] ip6gre_tunnel_xmit+0x16a/0x410 [ip6_gre] [ 312.805986] [] dev_hard_start_xmit+0x23b/0x390 [ 312.808810] [] ? neigh_destroy+0xef/0x140 [ 312.809843] [] __dev_queue_xmit+0x48c/0x4f0 [ 312.813931] [] dev_queue_xmit_sk+0x13/0x20 [ 312.814993] [] neigh_direct_output+0x12/0x20 [ 312.817448] [] ip6_finish_output2+0x183/0x460 [ipv6] [ 312.818762] [] ? find_next_bit+0x15/0x20 [ 312.819671] [] ip6_finish_output+0x89/0xe0 [ipv6] [ 312.820720] [] ip6_output+0x44/0xe0 [ipv6] [ 312.821762] [] ? nf_hook_slow+0x69/0xc0 [ 312.823123] [] ip6_xmit+0x242/0x4c0 [ipv6] [ 312.824073] [] ? ac6_proc_exit+0x20/0x20 [ipv6] [ 312.825116] [] inet6_csk_xmit+0x61/0xa0 [ipv6] [ 312.826127] [] tcp_transmit_skb+0x4f0/0x9b0 [ 312.827441] [] tcp_connect+0x637/0x7a0 [ 312.828327] [] tcp_v6_connect+0x2d6/0x550 [ipv6] [ 312.829581] [] __inet_stream_connect+0x95/0x2f0 [ 312.830600] [] ? hrtimer_try_to_cancel+0x1a/0xf0 [ 312.833456] [] ? timerqueue_add+0x59/0xb0 [ 312.834407] [] inet_stream_connect+0x38/0x50 [ 312.835886] [] SYSC_connect+0xb7/0xf0 [ 312.840035] [] ? do_setitimer+0x1b3/0x200 [ 312.840983] [] ? alarm_setitimer+0x3a/0x70 [ 312.841941] [] SyS_connect+0xe/0x10 [ 312.842818] [] entry_SYSCALL_64_fastpath+0x12/0x6a [ 312.844206] ---[ end trace 43f3ecd86c3b1313 ]--- ==================== Signed-off-by: David S. Miller --- 244b7f4324895e7c796cc94e8a8f70288ed20bdc