Skip to content

Commit b37f78f

Browse files
Subash Abhinov Kasiviswanathandavem330
Subash Abhinov Kasiviswanathan
authored and
davem330
committed
net: qualcomm: rmnet: Fix crash on real dev unregistration
With CONFIG_DEBUG_PREEMPT enabled, a crash with the following call stack was observed when removing a real dev which had rmnet devices attached to it. To fix this, remove the netdev_upper link APIs and instead use the existing information in rmnet_port and rmnet_priv to get the association between real and rmnet devs. BUG: sleeping function called from invalid context in_atomic(): 0, irqs_disabled(): 0, pid: 5762, name: ip Preemption disabled at: [<ffffff9d49043564>] debug_object_active_state+0xa4/0x16c Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: PC is at ___might_sleep+0x13c/0x180 LR is at ___might_sleep+0x17c/0x180 [<ffffff9d48ce0924>] ___might_sleep+0x13c/0x180 [<ffffff9d48ce09c0>] __might_sleep+0x58/0x8c [<ffffff9d49d6253c>] mutex_lock+0x2c/0x48 [<ffffff9d48ed4840>] kernfs_remove_by_name_ns+0x48/0xa8 [<ffffff9d48ed6ec8>] sysfs_remove_link+0x30/0x58 [<ffffff9d49b05840>] __netdev_adjacent_dev_remove+0x14c/0x1e0 [<ffffff9d49b05914>] __netdev_adjacent_dev_unlink_lists+0x40/0x68 [<ffffff9d49b08820>] netdev_upper_dev_unlink+0xb4/0x1fc [<ffffff9d494a29f0>] rmnet_dev_walk_unreg+0x6c/0xc8 [<ffffff9d49b00b40>] netdev_walk_all_lower_dev_rcu+0x58/0xb4 [<ffffff9d494a30fc>] rmnet_config_notify_cb+0xf4/0x134 [<ffffff9d48cd21b4>] raw_notifier_call_chain+0x58/0x78 [<ffffff9d49b028a4>] call_netdevice_notifiers_info+0x48/0x78 [<ffffff9d49b0b568>] rollback_registered_many+0x230/0x3c8 [<ffffff9d49b0b738>] unregister_netdevice_many+0x38/0x94 [<ffffff9d49b1e110>] rtnl_delete_link+0x58/0x88 [<ffffff9d49b201dc>] rtnl_dellink+0xbc/0x1cc [<ffffff9d49b2355c>] rtnetlink_rcv_msg+0xb0/0x244 [<ffffff9d49b5230c>] netlink_rcv_skb+0xb4/0xdc [<ffffff9d49b204f4>] rtnetlink_rcv+0x34/0x44 [<ffffff9d49b51af0>] netlink_unicast+0x1ec/0x294 [<ffffff9d49b51fdc>] netlink_sendmsg+0x320/0x390 [<ffffff9d49ae6858>] sock_sendmsg+0x54/0x60 [<ffffff9d49ae6f94>] ___sys_sendmsg+0x298/0x2b0 [<ffffff9d49ae98f8>] SyS_sendmsg+0xb4/0xf0 [<ffffff9d48c83770>] el0_svc_naked+0x24/0x28 Fixes: ceed73a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation") Fixes: 60d58f9 ("net: qualcomm: rmnet: Implement bridge mode") Signed-off-by: Subash Abhinov Kasiviswanathan <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent 9ab2323 commit b37f78f

File tree

1 file changed

+14
-54
lines changed

1 file changed

+14
-54
lines changed

drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c

Lines changed: 14 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -43,12 +43,6 @@
4343

4444
/* Local Definitions and Declarations */
4545

46-
struct rmnet_walk_data {
47-
struct net_device *real_dev;
48-
struct list_head *head;
49-
struct rmnet_port *port;
50-
};
51-
5246
static int rmnet_is_real_dev_registered(const struct net_device *real_dev)
5347
{
5448
return rcu_access_pointer(real_dev->rx_handler) == rmnet_rx_handler;
@@ -112,17 +106,14 @@ static int rmnet_register_real_device(struct net_device *real_dev)
112106
static void rmnet_unregister_bridge(struct net_device *dev,
113107
struct rmnet_port *port)
114108
{
115-
struct net_device *rmnet_dev, *bridge_dev;
116109
struct rmnet_port *bridge_port;
110+
struct net_device *bridge_dev;
117111

118112
if (port->rmnet_mode != RMNET_EPMODE_BRIDGE)
119113
return;
120114

121115
/* bridge slave handling */
122116
if (!port->nr_rmnet_devs) {
123-
rmnet_dev = netdev_master_upper_dev_get_rcu(dev);
124-
netdev_upper_dev_unlink(dev, rmnet_dev);
125-
126117
bridge_dev = port->bridge_ep;
127118

128119
bridge_port = rmnet_get_port_rtnl(bridge_dev);
@@ -132,9 +123,6 @@ static void rmnet_unregister_bridge(struct net_device *dev,
132123
bridge_dev = port->bridge_ep;
133124

134125
bridge_port = rmnet_get_port_rtnl(bridge_dev);
135-
rmnet_dev = netdev_master_upper_dev_get_rcu(bridge_dev);
136-
netdev_upper_dev_unlink(bridge_dev, rmnet_dev);
137-
138126
rmnet_unregister_real_device(bridge_dev, bridge_port);
139127
}
140128
}
@@ -173,10 +161,6 @@ static int rmnet_newlink(struct net *src_net, struct net_device *dev,
173161
if (err)
174162
goto err1;
175163

176-
err = netdev_master_upper_dev_link(dev, real_dev, NULL, NULL, extack);
177-
if (err)
178-
goto err2;
179-
180164
port->rmnet_mode = mode;
181165

182166
hlist_add_head_rcu(&ep->hlnode, &port->muxed_ep[mux_id]);
@@ -193,8 +177,6 @@ static int rmnet_newlink(struct net *src_net, struct net_device *dev,
193177

194178
return 0;
195179

196-
err2:
197-
rmnet_vnd_dellink(mux_id, port, ep);
198180
err1:
199181
rmnet_unregister_real_device(real_dev, port);
200182
err0:
@@ -204,22 +186,20 @@ static int rmnet_newlink(struct net *src_net, struct net_device *dev,
204186

205187
static void rmnet_dellink(struct net_device *dev, struct list_head *head)
206188
{
189+
struct rmnet_priv *priv = netdev_priv(dev);
207190
struct net_device *real_dev;
208191
struct rmnet_endpoint *ep;
209192
struct rmnet_port *port;
210193
u8 mux_id;
211194

212-
rcu_read_lock();
213-
real_dev = netdev_master_upper_dev_get_rcu(dev);
214-
rcu_read_unlock();
195+
real_dev = priv->real_dev;
215196

216197
if (!real_dev || !rmnet_is_real_dev_registered(real_dev))
217198
return;
218199

219200
port = rmnet_get_port_rtnl(real_dev);
220201

221202
mux_id = rmnet_vnd_get_mux(dev);
222-
netdev_upper_dev_unlink(dev, real_dev);
223203

224204
ep = rmnet_get_endpoint(port, mux_id);
225205
if (ep) {
@@ -233,47 +213,33 @@ static void rmnet_dellink(struct net_device *dev, struct list_head *head)
233213
unregister_netdevice_queue(dev, head);
234214
}
235215

236-
static int rmnet_dev_walk_unreg(struct net_device *rmnet_dev, void *data)
237-
{
238-
struct rmnet_walk_data *d = data;
239-
struct rmnet_endpoint *ep;
240-
u8 mux_id;
241-
242-
mux_id = rmnet_vnd_get_mux(rmnet_dev);
243-
ep = rmnet_get_endpoint(d->port, mux_id);
244-
if (ep) {
245-
hlist_del_init_rcu(&ep->hlnode);
246-
rmnet_vnd_dellink(mux_id, d->port, ep);
247-
kfree(ep);
248-
}
249-
netdev_upper_dev_unlink(rmnet_dev, d->real_dev);
250-
unregister_netdevice_queue(rmnet_dev, d->head);
251-
252-
return 0;
253-
}
254-
255216
static void rmnet_force_unassociate_device(struct net_device *dev)
256217
{
257218
struct net_device *real_dev = dev;
258-
struct rmnet_walk_data d;
219+
struct hlist_node *tmp_ep;
220+
struct rmnet_endpoint *ep;
259221
struct rmnet_port *port;
222+
unsigned long bkt_ep;
260223
LIST_HEAD(list);
261224

262225
if (!rmnet_is_real_dev_registered(real_dev))
263226
return;
264227

265228
ASSERT_RTNL();
266229

267-
d.real_dev = real_dev;
268-
d.head = &list;
269-
270230
port = rmnet_get_port_rtnl(dev);
271-
d.port = port;
272231

273232
rcu_read_lock();
274233
rmnet_unregister_bridge(dev, port);
275234

276-
netdev_walk_all_lower_dev_rcu(real_dev, rmnet_dev_walk_unreg, &d);
235+
hash_for_each_safe(port->muxed_ep, bkt_ep, tmp_ep, ep, hlnode) {
236+
unregister_netdevice_queue(ep->egress_dev, &list);
237+
rmnet_vnd_dellink(ep->mux_id, port, ep);
238+
239+
hlist_del_init_rcu(&ep->hlnode);
240+
kfree(ep);
241+
}
242+
277243
rcu_read_unlock();
278244
unregister_netdevice_many(&list);
279245

@@ -422,11 +388,6 @@ int rmnet_add_bridge(struct net_device *rmnet_dev,
422388
if (err)
423389
return -EBUSY;
424390

425-
err = netdev_master_upper_dev_link(slave_dev, rmnet_dev, NULL, NULL,
426-
extack);
427-
if (err)
428-
return -EINVAL;
429-
430391
slave_port = rmnet_get_port(slave_dev);
431392
slave_port->rmnet_mode = RMNET_EPMODE_BRIDGE;
432393
slave_port->bridge_ep = real_dev;
@@ -449,7 +410,6 @@ int rmnet_del_bridge(struct net_device *rmnet_dev,
449410
port->rmnet_mode = RMNET_EPMODE_VND;
450411
port->bridge_ep = NULL;
451412

452-
netdev_upper_dev_unlink(slave_dev, rmnet_dev);
453413
slave_port = rmnet_get_port(slave_dev);
454414
rmnet_unregister_real_device(slave_dev, slave_port);
455415

0 commit comments

Comments
 (0)