On 2015/05/21 14:05, sfel...@gmail.com wrote: > From: Scott Feldman <sfel...@gmail.com> > > In review of Simon's patchset "rocker: transaction fixes". it was noted > that rocker->neigh_tbl_next_index was unprotected in the call path below > and could race with other contexts calling rocker_port_ipv4_neigh(): > > arp_process() > neigh_update() > rocker_neigh_update() > rocker_port_ipv4_neigh() > > To fix, move the neigh_update() event processing to process contexts and > hold rtnl_lock to call rocker_port_ipv4_neigh(). This will protect > rocker->neigh_tbl_next_index accesses and is more consistent with the rest > of the driver code where non-I/O processing is done under process context > with rtnl_lock held.
Hi Scott, Thank you for fixing this. Note that this also fixes incorrect use of GFP_KERNEL in __rocker_port_mem_alloc() and rocker_wait_event_timeout() in interrupt context, as well as the neigh_tbl_next_index problem stated above. There seem to be another transactions performed in interrupt context or process context with bh disabled, where we cannot call rocker_wait_event_timeout() which could sleep. Problematic cases I have found so far are those through br_set_state(): - br_stp_rcv() ... -> br_set_state() ... -> rocker_port_attr_set() - del_nbp() -> br_stp_disable_port() -> br_set_state() ... Thanks, Toshiaki Makita -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
