Re: [PATCH 2/2] virtio_net: fix race in RX VQ processing

From: Jason Wang
Date: Mon Jul 08 2013 - 23:28:52 EST

Next message: Michael Ellerman: "Re: [PATCH v2 2/2] perf tools: Make Power7 events available for perf"
Previous message: Stephen Rothwell: "Re: linux-next: manual merge of the vhost tree with thetarget-updates tree"
In reply to: Michael S. Tsirkin: "Re: [PATCH 2/2] virtio_net: fix race in RX VQ processing"
Next in thread: Asias He: "Re: [PATCH 2/2] virtio_net: fix race in RX VQ processing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/08/2013 05:04 PM, Michael S. Tsirkin wrote:
> virtio net called virtqueue_enable_cq on RX path after napi_complete, so
> with NAPI_STATE_SCHED clear - outside the implicit napi lock.
> This violates the requirement to synchronize virtqueue_enable_cq wrt
> virtqueue_add_buf. In particular, used event can move backwards,
> causing us to lose interrupts.
> In a debug build, this can trigger panic within START_USE.
>
> Jason Wang reports that he can trigger the races artificially,
> by adding udelay() in virtqueue_enable_cb() after virtio_mb().
>
> However, we must call napi_complete to clear NAPI_STATE_SCHED before
> polling the virtqueue for used buffers, otherwise napi_schedule_prep in
> a callback will fail, causing us to lose RX events.
>
> To fix, call virtqueue_enable_cb_prepare with NAPI_STATE_SCHED
> set (under napi lock), later call virtqueue_poll with
> NAPI_STATE_SCHED clear (outside the lock).
>
> Reported-by: Jason Wang <jasowang@xxxxxxxxxx>
> Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
> ---

Tested-by: Jason Wang <jasowang@xxxxxxxxxx>
Acked-by: Jason Wang <jasowang@xxxxxxxxxx>
> drivers/net/virtio_net.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index 5305bd1..fbdd79a 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -622,8 +622,9 @@ again:
>
> /* Out of packets? */
> if (received < budget) {
> + unsigned r = virtqueue_enable_cb_prepare(rq->vq);
> napi_complete(napi);
> - if (unlikely(!virtqueue_enable_cb(rq->vq)) &&
> + if (unlikely(virtqueue_poll(rq->vq, r)) &&
> napi_schedule_prep(napi)) {
> virtqueue_disable_cb(rq->vq);
> __napi_schedule(napi);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Ellerman: "Re: [PATCH v2 2/2] perf tools: Make Power7 events available for perf"
Previous message: Stephen Rothwell: "Re: linux-next: manual merge of the vhost tree with thetarget-updates tree"
In reply to: Michael S. Tsirkin: "Re: [PATCH 2/2] virtio_net: fix race in RX VQ processing"
Next in thread: Asias He: "Re: [PATCH 2/2] virtio_net: fix race in RX VQ processing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]