On Tue, Dec 26, 2017 at 07:59:55PM +0100, Willy Tarreau wrote:
Guys,
Chris reported the bug below and confirmed that reverting commit 9704f81 (ipv6: grab rt->rt6i_ref before allocating pcpu rt) seems to have fixed the issue for him. This patch is a94b9367 in mainline.
I personally have no opinion on the patch, just found it because it was the only one touching this area between 4.14.8 and 4.14.9 :-)
Should this be reverted or maybe fixed differently ?
Hi Willy,
This seems to be fixed upstream:
commit 951f788a80ff8b6339c5c1ab888b0d4b4352efd8 Author: Eric Dumazet edumazet@google.com Date: Sun Oct 8 21:07:18 2017 -0700
ipv6: fix a BUG in rt6_get_pcpu_route()
Ido reported following splat and provided a patch.
[ 122.221814] BUG: using smp_processor_id() in preemptible [00000000] code: sshd/2672 [ 122.221845] caller is debug_smp_processor_id+0x17/0x20 [ 122.221866] CPU: 0 PID: 2672 Comm: sshd Not tainted 4.14.0-rc3-idosch-next-custom #639 [ 122.221880] Hardware name: Mellanox Technologies Ltd. MSN2100-CB2FO/SA001017, BIOS 5.6.5 06/07/2016 [ 122.221893] Call Trace: [ 122.221919] dump_stack+0xb1/0x10c [ 122.221946] ? _atomic_dec_and_lock+0x124/0x124 [ 122.221974] ? ___ratelimit+0xfe/0x240 [ 122.222020] check_preemption_disabled+0x173/0x1b0 [ 122.222060] debug_smp_processor_id+0x17/0x20 [ 122.222083] ip6_pol_route+0x1482/0x24a0 ...
I believe we can simplify this code path a bit, since we no longer hold a read_lock and need to release it to avoid a dead lock.
By disabling BH, we make sure we'll prevent code re-entry and rt6_get_pcpu_route()/rt6_make_pcpu_route() run on the same cpu.
Fixes: 66f5d6ce53e6 ("ipv6: replace rwlock with rcu and spinlock in fib6_table") Reported-by: Ido Schimmel idosch@mellanox.com Signed-off-by: Eric Dumazet edumazet@google.com Tested-by: Ido Schimmel idosch@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
Which itself would depend on:
commit d3843fe5fd45be0e04a251a2cc68893c859a31bd Author: Wei Wang weiwan@google.com Date: Fri Oct 6 12:06:06 2017 -0700
ipv6: replace dst_hold() with dst_hold_safe() in routing code
Which applies with a small conflict.