On 2/3/2022 1:05 AM, Michael Kelley (LINUX) wrote:
From: Tianyu Lan<ltykernel@xxxxxxxxx> Sent: Tuesday, February 1, 2022 8:32 AM
netvsc_device_remove() calls vunmap() inside which should not be
called in the interrupt context. Current code calls hv_unmap_memory()
in the free_netvsc_device() which is rcu callback and maybe called
in the interrupt context. This will trigger BUG_ON(in_interrupt())
in the vunmap(). Fix it via moving hv_unmap_memory() to netvsc_device_
remove().
I think this change can fail to call hv_unmap_memory() in an error case.
If netvsc_init_buf() fails after hv_map_memory() succeeds for the receive
buffer or for the send buffer, no corresponding hv_unmap_memory() will
be done. The failure in netvsc_init_buf() will cause netvsc_connect_vsp()
to fail, so netvsc_add_device() will "goto close" where free_netvsc_device()
will be called. But free_netvsc_device() no longer calls hv_unmap_memory(),
so it won't ever happen. netvsc_device_remove() is never called in this case
because netvsc_add_device() failed.
Hi Michael:
Thanks for your review. Nice catch and will fix in the next
version.
