Re: [PATCH net-next v5 4/9] net: devmem: make dmabuf unbinding scheduled work
From: Paolo Abeni <pabeni@redhat.com>
Date: 2025-02-25 13:08:25
Also in:
kvm, linux-doc, linux-kselftest, lkml, virtualization
On 2/22/25 8:15 PM, Mina Almasry wrote:
The TX path may release the dmabuf in a context where we cannot wait.
This happens when the user unbinds a TX dmabuf while there are still
references to its netmems in the TX path. In that case, the netmems will
be put_netmem'd from a context where we can't unmap the dmabuf,
resulting in a BUG like seen by Stan:
[ 1.548495] BUG: sleeping function called from invalid context at drivers/dma-buf/dma-buf.c:1255
[ 1.548741] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 149, name: ncdevmem
[ 1.548926] preempt_count: 201, expected: 0
[ 1.549026] RCU nest depth: 0, expected: 0
[ 1.549197]
[ 1.549237] =============================
[ 1.549331] [ BUG: Invalid wait context ]
[ 1.549425] 6.13.0-rc3-00770-gbc9ef9606dc9-dirty #15 Tainted: G W
[ 1.549609] -----------------------------
[ 1.549704] ncdevmem/149 is trying to lock:
[ 1.549801] ffff8880066701c0 (reservation_ww_class_mutex){+.+.}-{4:4}, at: dma_buf_unmap_attachment_unlocked+0x4b/0x90
[ 1.550051] other info that might help us debug this:
[ 1.550167] context-{5:5}
[ 1.550229] 3 locks held by ncdevmem/149:
[ 1.550322] #0: ffff888005730208 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x40/0xf0
[ 1.550530] #1: ffff88800b148f98 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x19/0x80
[ 1.550731] #2: ffff88800b148f18 (slock-AF_INET6){+.-.}-{3:3}, at: __tcp_close+0x185/0x4b0
[ 1.550921] stack backtrace:
[ 1.550990] CPU: 0 UID: 0 PID: 149 Comm: ncdevmem Tainted: G W 6.13.0-rc3-00770-gbc9ef9606dc9-dirty #15
[ 1.551233] Tainted: [W]=WARN
[ 1.551304] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014
[ 1.551518] Call Trace:
[ 1.551584] <TASK>
[ 1.551636] dump_stack_lvl+0x86/0xc0
[ 1.551723] __lock_acquire+0xb0f/0xc30
[ 1.551814] ? dma_buf_unmap_attachment_unlocked+0x4b/0x90
[ 1.551941] lock_acquire+0xf1/0x2a0
[ 1.552026] ? dma_buf_unmap_attachment_unlocked+0x4b/0x90
[ 1.552152] ? dma_buf_unmap_attachment_unlocked+0x4b/0x90
[ 1.552281] ? dma_buf_unmap_attachment_unlocked+0x4b/0x90
[ 1.552408] __ww_mutex_lock+0x121/0x1060
[ 1.552503] ? dma_buf_unmap_attachment_unlocked+0x4b/0x90
[ 1.552648] ww_mutex_lock+0x3d/0xa0
[ 1.552733] dma_buf_unmap_attachment_unlocked+0x4b/0x90
[ 1.552857] __net_devmem_dmabuf_binding_free+0x56/0xb0
[ 1.552979] skb_release_data+0x120/0x1f0
[ 1.553074] __kfree_skb+0x29/0xa0
[ 1.553156] tcp_write_queue_purge+0x41/0x310
[ 1.553259] tcp_v4_destroy_sock+0x127/0x320
[ 1.553363] ? __tcp_close+0x169/0x4b0
[ 1.553452] inet_csk_destroy_sock+0x53/0x130
[ 1.553560] __tcp_close+0x421/0x4b0
[ 1.553646] tcp_close+0x24/0x80
[ 1.553724] inet_release+0x5d/0x90
[ 1.553806] sock_close+0x4a/0xf0
[ 1.553886] __fput+0x9c/0x2b0
[ 1.553960] task_work_run+0x89/0xc0
[ 1.554046] do_exit+0x27f/0x980
[ 1.554125] do_group_exit+0xa4/0xb0
[ 1.554211] __x64_sys_exit_group+0x17/0x20
[ 1.554309] x64_sys_call+0x21a0/0x21a0
[ 1.554400] do_syscall_64+0xec/0x1d0
[ 1.554487] ? exc_page_fault+0x8a/0xf0
[ 1.554585] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1.554703] RIP: 0033:0x7f2f8a27abcd
Resolve this by making __net_devmem_dmabuf_binding_free schedule_work'd.
Suggested-by: Stanislav Fomichev <sdf@fomichev.me>
Signed-off-by: Mina Almasry <redacted>
Acked-by: Stanislav Fomichev <sdf@fomichev.me>I'm sorry, I should have noted this in the previous revisions. I think this should be squashed in the previous patch: it will not make it significantly bigger, and could avoid weird problems on bisections. Thanks! Paolo