When NAPI_STATE_SCHED state is not set, enqueue_to_backlog()
will queue an IPI and add the backlog queue to the poll list. A packet
added by RPS onto the core could also add the NAPI backlog struct to the
poll list. This double addition to the list causes a crash -
2920.540304: <2> list_add double add: new=ffffffc076ed2930,
prev=ffffffc076ed2930, next=ffffffc076ed2850.
[<ffffffc000460dd4>] __list_add+0xcc/0xf0
2921.064962: <2> [<ffffffc000b44880>] rps_trigger_softirq+0x1c/0x40
2921.070779: <2> [<ffffffc000284a14>]
generic_smp_call_function_single_interrupt+0xe8/0x12c
2921.078678: <2> [<ffffffc00020d9ac>] handle_IPI+0x8c/0x1ec
2921.083796: <2> [<ffffffc000200714>] gic_handle_irq+0x94/0xb0
Fix this race for double addition to list by checking the NAPI state.
Acked-by: Sharat Masetty <smase...@qti.qualcomm.com>
Signed-off-by: Subash Abhinov Kasiviswanathan <subas...@codeaurora.org>
diff --git a/net/core/dev.c b/net/core/dev.c
index 6f561de..57d6d39 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3225,7 +3225,8 @@ static void rps_trigger_softirq(void *data)
{
struct softnet_data *sd = data;
- ____napi_schedule(sd, &sd->backlog);
+ if (!test_bit(NAPI_STATE_SCHED, &sd->backlog.state))
+ ____napi_schedule(sd, &sd->backlog);
sd->received_rps++;
}
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
