This is a note to let you know that I've just added the patch titled
tipc: fix nametbl_lock soft lockup at node/link events
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
tipc-fix-nametbl_lock-soft-lockup-at-node-link-events.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Thu Jun 15 16:35:05 CEST 2017
From: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@xxxxxxxxxxxx>
Date: Tue, 24 Jan 2017 13:00:43 +0100
Subject: tipc: fix nametbl_lock soft lockup at node/link events
From: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@xxxxxxxxxxxx>
[ Upstream commit 93f955aad4bacee5acebad141d1a03cd51f27b4e ]
We trigger a soft lockup as we grab nametbl_lock twice if the node
has a pending node up/down or link up/down event while:
- we process an incoming named message in tipc_named_rcv() and
perform an tipc_update_nametbl().
- we have pending backlog items in the name distributor queue
during a nametable update using tipc_nametbl_publish() or
tipc_nametbl_withdraw().
The following are the call chain associated:
tipc_named_rcv() Grabs nametbl_lock
tipc_update_nametbl() (publish/withdraw)
tipc_node_subscribe()/unsubscribe()
tipc_node_write_unlock()
<< lockup occurs if an outstanding node/link event
exits, as we grabs nametbl_lock again >>
tipc_nametbl_withdraw() Grab nametbl_lock
tipc_named_process_backlog()
tipc_update_nametbl()
<< rest as above >>
The function tipc_node_write_unlock(), in addition to releasing the
lock processes the outstanding node/link up/down events. To do this,
we need to grab the nametbl_lock again leading to the lockup.
In this commit we fix the soft lockup by introducing a fast variant of
node_unlock(), where we just release the lock. We adapt the
node_subscribe()/node_unsubscribe() to use the fast variants.
Reported-and-Tested-by: John Thompson <thompa.atl@xxxxxxxxx>
Acked-by: Ying Xue <ying.xue@xxxxxxxxxxxxx>
Acked-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx>
Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/tipc/node.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -263,6 +263,11 @@ static void tipc_node_write_lock(struct
write_lock_bh(&n->lock);
}
+static void tipc_node_write_unlock_fast(struct tipc_node *n)
+{
+ write_unlock_bh(&n->lock);
+}
+
static void tipc_node_write_unlock(struct tipc_node *n)
{
struct net *net = n->net;
@@ -417,7 +422,7 @@ void tipc_node_subscribe(struct net *net
}
tipc_node_write_lock(n);
list_add_tail(subscr, &n->publ_list);
- tipc_node_write_unlock(n);
+ tipc_node_write_unlock_fast(n);
tipc_node_put(n);
}
@@ -435,7 +440,7 @@ void tipc_node_unsubscribe(struct net *n
}
tipc_node_write_lock(n);
list_del_init(subscr);
- tipc_node_write_unlock(n);
+ tipc_node_write_unlock_fast(n);
tipc_node_put(n);
}
Patches currently in stable-queue which might be from parthasarathy.bhuvaragan@xxxxxxxxxxxx are
queue-4.9/tipc-fix-connection-refcount-error.patch
queue-4.9/tipc-fix-nametbl_lock-soft-lockup-at-node-link-events.patch
queue-4.9/tipc-ignore-requests-when-the-connection-state-is-not-connected.patch
queue-4.9/tipc-add-subscription-refcount-to-avoid-invalid-delete.patch