softirqs are invoked while bottom halves are masked (was: Re: [PATCH] [PATCH] Fix deadlock in af_packet while stressing raw ethernet socket interface)
Thomas De Schampheleire
patrickdepinguin+linuxppc at gmail.com
Tue Jul 12 19:23:28 EST 2011
Hi,
I'm adding the linuxppc-dev mailing list since this may be pointing to
an irq/softirq problem in the powerpc architecture-specific code...
On Tue, Jul 12, 2011 at 8:58 AM, Eric Dumazet <eric.dumazet at gmail.com> wrote:
> Le mardi 12 juillet 2011 à 08:38 +0200, Ronny Meeus a écrit :
>> On Tue, Jul 12, 2011 at 5:27 AM, David Miller <davem at davemloft.net> wrote:
>> > From: Ronny Meeus <ronny.meeus at gmail.com>
>> > Date: Sat, 11 Jun 2011 07:04:09 +0200
>> >
>> >> I was running a test: 1 application was sending raw Ethernet packets
>> >> on a physical looped interface while a second application was
>> >> receiving packets, so the latter application receives each packet 2
>> >> times (once while sending from the context of the first application
>> >> and a second time while receiving from the hardware). After some
>> >> time, the test blocks due to a spinlock reentrance issue in
>> >> af_packet. Both the sending application and the softIRQ receiving
>> >> packets enter the spinlock code. After applying the patch below, the
>> >> issue is resolved.
>> >>
>> >> Signed-off-by: Ronny Meeus <ronny.meeus at gmail.com>
>> >
>> > The packet receive hooks should always be called with software
>> > interrupts disabled, it is a bug if this is not happening. Your
>> > patch should not be necessary at all.
>> >
>> >
>>
>> Can you be a bit more specific on where the software interrupts should
>> be disabled?
>>
>> Below you find the information I get after switching on the spin_lock
>> issue detection in the kernel.
>> In this run also I-PIPE was active but this issue is also seen with
>> I-PIPE disabled.
>>
>
> This seems a bug, but in softirq handling in your arch
>
>> [ 96.450034] BUG: spinlock recursion on CPU#0, send_eth_socket/1907
>> [ 96.540451] lock: eaeb8c9c, .magic: dead4ead, .owner:
>> send_eth_socket/1907, .owner_cpu: 0
>> [ 96.656060] Call Trace: (unreliable)0161000 success=90] [c000789c]
>> show_stack+0x78/0x18c160001
>> [ 96.827988] [efff3dd0] [c01e2a50] spin_bug+0xa8/0xc0=0000162000 succ
>> [ 96.920712] [efff3df0] [c01e2b9c] do_raw_spin_lock+0x70/0x1c4ount=0000163000
>> [ 97.022823] [efff3e20] [c0388d88] _raw_spin_lock+0x10/0x2001
>> [ 97.121800] [efff3e30] [c03391a0] tpacket_rcv+0x274/0x61c164001
>> [ 97.219733] [efff3e80] [c02d5970] __netif_receive_skb+0x1a8/0x36c0000165001
>> [ 97.326001] [efff3eb0] [c02d6234] netif_receive_skb+0x98/0xacess=0000166001
>> [ 97.427060] [efff3ee0] [c029e6c4] ingress_rx_default_dqrr+0x42c/0x4b8
>> [ 97.504194] [efff3f10] [c02ba524] qman_poll_dqrr+0x1e0/0x284
>> [ 97.571948] [efff3f50] [c029ff3c] dpaa_eth_poll+0x34/0xd0
>> [ 97.636579] [efff3f70] [c02d6514] net_rx_action+0xc0/0x1e8
>> [ 97.702256] [efff3fa0] [c0034d28] __do_softirq+0x138/0x210
>> [ 97.767928] [efff3ff0] [c0010128] call_do_softirq+0x14/0x24
>> [ 97.834641] [ec479a90] [c0004a00] do_softirq+0xb4/0xec
>
> We got an IRQ, and we start do_softirq() from irq_exit()
>
>> [ 97.896148] [ec479ab0] [c0034a44] irq_exit+0x60/0xb8
>> [ 97.955573] [ec479ac0] [c000a490] __ipipe_do_IRQ+0x88/0xc0
>> [ 98.021253] [ec479ae0] [c0070214] __ipipe_sync_stage+0x1f0/0x27c
>> [ 98.093176] [ec479b20] [c0009f28] __ipipe_handle_irq+0x1b8/0x1e8
>> [ 98.165106] [ec479b50] [c000a210] __ipipe_grab_irq+0x18c/0x1bc
>> [ 98.234947] [ec479b80] [c0011520] __ipipe_ret_from_except+0x0/0xc
>> [ 98.307915] --- Exception: 501 at __packet_get_status+0x48/0x70
>> [ 98.307920] LR = __packet_get_status+0x44/0x70
>> [ 98.436082] [ec479c40] [00000578] 0x578 (unreliable)
>> [ 98.495524] [ec479c50] [c0338360] packet_lookup_frame+0x48/0x70
>> [ 98.566405] [ec479c60] [c03391b4] tpacket_rcv+0x288/0x61c
>
> Here we were in BH disabled section, since dev_queue_xmit() contains :
>
> rcu_read_lock_bh()
>
>
>> [ 98.631037] [ec479cb0] [c02d762c] dev_hard_start_xmit+0x164/0x588
>> [ 98.704003] [ec479cf0] [c0338d6c] packet_sendmsg+0x8c4/0x988
>> [ 98.771758] [ec479d70] [c02c3838] sock_sendmsg+0x90/0xb4
>> [ 98.835348] [ec479e40] [c02c4420] sys_sendto+0xdc/0x120
>> [ 98.897891] [ec479f10] [c02c57d0] sys_socketcall+0x148/0x210
>> [ 98.965648] [ec479f40] [c001084c] ret_from_syscall+0x0/0x3c
>> [ 99.032361] --- Exception: c01 at 0x48051f00
>> [ 99.032365] LR = 0x4808e030
>> [ 100.563009] BUG: spinlock lockup on CPU#0, send_eth_socket/1907, eaeb8c9c
>> [ 100.644283] Call Trace:
>> [ 100.673480] [efff3db0] [c000789c] show_stack+0x78/0x18c (unreliable)
>> [ 100.749589] [efff3df0] [c01e2c94] do_raw_spin_lock+0x168/0x1c4
>> [ 100.819430] [efff3e20] [c0388d88] _raw_spin_lock+0x10/0x20
>> [ 100.885102] [efff3e30] [c03391a0] tpacket_rcv+0x274/0x61c
>> [ 100.949733] [efff3e80] [c02d5970] __netif_receive_skb+0x1a8/0x36c
>> [ 101.022699] [efff3eb0] [c02d6234] netif_receive_skb+0x98/0xac
>> [ 101.091497] [efff3ee0] [c029e6c4] ingress_rx_default_dqrr+0x42c/0x4b8
>> [ 101.168628] [efff3f10] [c02ba524] qman_poll_dqrr+0x1e0/0x284
>> [ 101.236385] [efff3f50] [c029ff3c] dpaa_eth_poll+0x34/0xd0
>> [ 101.301016] [efff3f70] [c02d6514] net_rx_action+0xc0/0x1e8
>> [ 101.366692] [efff3fa0] [c0034d28] __do_softirq+0x138/0x210
>> [ 101.432364] [efff3ff0] [c0010128] call_do_softirq+0x14/0x24
>> [ 101.499078] [ec479a90] [c0004a00] do_softirq+0xb4/0xec
>> [ 101.560585] [ec479ab0] [c0034a44] irq_exit+0x60/0xb8
>> [ 101.620003] [ec479ac0] [c000a490] __ipipe_do_IRQ+0x88/0xc0
>> [ 101.685678] [ec479ae0] [c0070214] __ipipe_sync_stage+0x1f0/0x27c
>> [ 101.757601] [ec479b20] [c0009f28] __ipipe_handle_irq+0x1b8/0x1e8
>> [ 101.829523] [ec479b50] [c000a210] __ipipe_grab_irq+0x18c/0x1bc
>> [ 101.899363] [ec479b80] [c0011520] __ipipe_ret_from_except+0x0/0xc
>> [ 101.972333] --- Exception: 501 at __packet_get_status+0x48/0x70
>> [ 101.972338] LR = __packet_get_status+0x44/0x70
>> [ 102.100490] [ec479c40] [00000578] 0x578 (unreliable)
>> [ 102.159929] [ec479c50] [c0338360] packet_lookup_frame+0x48/0x70
>> [ 102.230810] [ec479c60] [c03391b4] tpacket_rcv+0x288/0x61c
>> [ 102.295442] [ec479cb0] [c02d762c] dev_hard_start_xmit+0x164/0x588
>> [ 102.368407] [ec479cf0] [c0338d6c] packet_sendmsg+0x8c4/0x988
>> [ 102.436162] [ec479d70] [c02c3838] sock_sendmsg+0x90/0xb4
>> [ 102.499747] [ec479e40] [c02c4420] sys_sendto+0xdc/0x120
>> [ 102.562296] [ec479f10] [c02c57d0] sys_socketcall+0x148/0x210
>> [ 102.630052] [ec479f40] [c001084c] ret_from_syscall+0x0/0x3c
>> [ 102.696773] --- Exception: c01 at 0x48051f00
>> [ 102.696777] LR = 0x4808e030
>>
Note that the reason we are seeing this problem, may be because the
kernel we are using contains some patches from Freescale.
Specifically, in dev_queue_xmit(), support is added for hardware queue
handling, just before entering the rcu_read_lock_bh():
if (dev->features & NETIF_F_HW_QDISC) {
txq = dev_pick_tx(dev, skb);
return dev_hard_start_xmit(skb, dev, txq);
}
/* Disable soft irqs for various locks below. Also
* stops preemption for RCU.
*/
rcu_read_lock_bh();
We just tried moving the escaping to dev_hard_start_xmit() after
taking the lock, but this gives a large number of other problems, e.g.
[ 78.662428] BUG: sleeping function called from invalid context at
mm/slab.c:3101
[ 78.751004] in_atomic(): 1, irqs_disabled(): 0, pid: 1908, name:
send_eth_socket
[ 78.839582] Call Trace:
[ 78.868784] [ec537b70] [c000789c] show_stack+0x78/0x18c (unreliable)
[ 78.944905] [ec537bb0] [c0022900] __might_sleep+0x100/0x118
[ 79.011636] [ec537bc0] [c00facc4] kmem_cache_alloc+0x48/0x118
[ 79.080446] [ec537be0] [c02cd0e8] __alloc_skb+0x50/0x130
[ 79.144047] [ec537c00] [c02cdf5c] skb_copy+0x44/0xc8
[ 79.203478] [ec537c20] [c029f904] dpa_tx+0x154/0x758
[ 79.262907] [ec537c80] [c02d78ec] dev_hard_start_xmit+0x424/0x588
[ 79.335878] [ec537cc0] [c02d7aac] dev_queue_xmit+0x5c/0x3a4
[ 79.402602] [ec537cf0] [c0338d4c] packet_sendmsg+0x8c4/0x988
[ 79.470363] [ec537d70] [c02c3838] sock_sendmsg+0x90/0xb4
[ 79.533960] [ec537e40] [c02c4420] sys_sendto+0xdc/0x120
[ 79.596514] [ec537f10] [c02c57d0] sys_socketcall+0x148/0x210
[ 79.664287] [ec537f40] [c001084c] ret_from_syscall+0x0/0x3c
[ 79.731015] --- Exception: c01 at 0x48051f00
[ 79.731019] LR = 0x4808e030
Note that this may just be the cause for us seeing this problem. If
indeed the main problem is irq_exit() invoking softirqs in a locked
context, then this patch adding hardware queue support is not really
relevant.
Any suggestions from the developers at linuxppc-dev are very welcome...
Thomas
More information about the Linuxppc-dev
mailing list