Re: [PATCH 5/5] Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state

From: Vitaly Kuznetsov
Date: Mon Apr 20 2015 - 05:40:09 EST


"K. Y. Srinivasan" <kys@xxxxxxxxxxxxx> writes:

> Implement the protocol for tearing down the monitor state established with
> the host.
>
> Signed-off-by: K. Y. Srinivasan <kys@xxxxxxxxxxxxx>

Unfortunatelly this patch leads to the following crash:

pre-udev:/# modprobe hv_vmbus
modprobe hv_vmbus
[ 14.832334] hv_vmbus: Hyper-V Host Build:9600-6.3-17-0.17039; Vmbus version:3.0
[ 14.834179] hv_vmbus: CPU offlining is not supported by hypervisor
pre-udev:/# modprobe -r hv_vmbus
modprobe -r hv_vmbus
[ 20.640893] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 20.641104] IP: [< (null)>] (null)
[ 20.641104] PGD 3037b067 PUD 2f41c067 PMD 0
[ 20.641104] Oops: 0010 [#1] SMP DEBUG_PAGEALLOC KASAN
[ 20.641104] Modules linked in: hv_vmbus(-)
[ 20.641104] CPU: 4 PID: 296 Comm: modprobe Not tainted 4.0.0-rc5_vmbus_acpi_remove2+ #583
[ 20.641104] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v1.0 11/26/2012
[ 20.641104] task: ffff88002f47e360 ti: ffff88002f618000 task.ti: ffff88002f618000
[ 20.641104] RIP: 0010:[<0000000000000000>] [< (null)>] (null)
[ 20.641104] RSP: 0018:ffff88002f61fe60 EFLAGS: 00010246
[ 20.641104] RAX: 0000000030374000 RBX: ffff880030374000 RCX: 000000000000005c
[ 20.641104] RDX: 0000000030374000 RSI: ffff88002f61fee0 RDI: ffff880030374000
[ 20.641104] RBP: ffff88002f61fe88 R08: 0000000000000000 R09: ffff88002f61fed8
[ 20.641104] R10: ffff880034008240 R11: 0000000000000010 R12: 0000000000000014
[ 20.641104] R13: 0000000000000008 R14: ffff88002f61fed8 R15: 0000000000000000
[ 20.641104] FS: 00007fc1ffdaa700(0000) GS:ffff880034500000(0000) knlGS:0000000000000000
[ 20.641104] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 20.641104] CR2: 0000000000000000 CR3: 000000002f4ec000 CR4: 00000000001407e0
[ 20.641104] Stack:
[ 20.641104] ffffffffa00016c7 0000000000000000 00000000b7f74867 ffffffffa0005ec9
[ 20.641104] 0000000000000001 ffff88002f61fec8 ffffffffa000209c ffff88002f61fec8
[ 20.641104] 0000000000000200 ffffffff8210ccc0 0000000000000001 0000000001c7d460
[ 20.641104] Call Trace:
[ 20.641104] [<ffffffffa00016c7>] ? hv_post_message+0x87/0xb0 [hv_vmbus]
[ 20.641104] [<ffffffffa000209c>] vmbus_post_msg+0x3c/0xc0 [hv_vmbus]
[ 20.641104] [<ffffffffa00045b5>] vmbus_initiate_unload+0x65/0x90 [hv_vmbus]
[ 20.641104] [<ffffffffa0001d7e>] vmbus_disconnect+0xe/0x80 [hv_vmbus]
[ 20.641104] [<ffffffffa0004dd1>] vmbus_exit+0xe9/0x318 [hv_vmbus]
[ 20.641104] [<ffffffff8110704c>] SyS_delete_module+0x1ac/0x230
[ 20.641104] [<ffffffff81aa83f6>] ? int_with_check+0x27/0x69
[ 20.641104] [<ffffffff81aa8209>] system_call_fastpath+0x12/0x17
[ 20.641104] Code: Bad RIP value.
[ 20.641104] RIP [< (null)>] (null)
[ 20.641104] RSP <ffff88002f61fe60>
[ 20.641104] CR2: 0000000000000000
[ 20.708666] ---[ end trace 76d9daf92f0e3af8 ]---
[ 20.709944] Kernel panic - not syncing: Fatal exception
[ 20.710933] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
[ 20.710933] ---[ end Kernel panic - not syncing: Fatal exception

I'll try to investigate.

> ---
> drivers/hv/channel_mgmt.c | 25 +++++++++++++++++++++++++
> drivers/hv/connection.c | 5 +++++
> drivers/hv/hyperv_vmbus.h | 2 ++
> include/linux/hyperv.h | 1 +
> 4 files changed, 33 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
> index 865a3af..4b9d89a 100644
> --- a/drivers/hv/channel_mgmt.c
> +++ b/drivers/hv/channel_mgmt.c
> @@ -422,6 +422,30 @@ static void init_vp_index(struct vmbus_channel *channel, const uuid_le *type_gui
> }
>
> /*
> + * vmbus_unload_response - Handler for the unload response.
> + */
> +static void vmbus_unload_response(struct vmbus_channel_message_header *hdr)
> +{
> + /*
> + * This is a global event; just wakeup the waiting thread.
> + * Once we successfully unload, we can cleanup the monitor state.
> + */
> + complete(&vmbus_connection.unload_event);
> +}
> +
> +void vmbus_initiate_unload(void)
> +{
> + struct vmbus_channel_message_header hdr;
> +
> + init_completion(&vmbus_connection.unload_event);
> + memset(&hdr, 0, sizeof(struct vmbus_channel_message_header));
> + hdr.msgtype = CHANNELMSG_UNLOAD;
> + vmbus_post_msg(&hdr, sizeof(struct vmbus_channel_message_header));
> +
> + wait_for_completion(&vmbus_connection.unload_event);
> +}
> +
> +/*
> * vmbus_onoffer - Handler for channel offers from vmbus in parent partition.
> *
> */
> @@ -717,6 +741,7 @@ struct vmbus_channel_message_table_entry
> {CHANNELMSG_INITIATE_CONTACT, 0, NULL},
> {CHANNELMSG_VERSION_RESPONSE, 1, vmbus_onversion_response},
> {CHANNELMSG_UNLOAD, 0, NULL},
> + {CHANNELMSG_UNLOAD_RESPONSE, 1, vmbus_unload_response},
> };
>
> /*
> diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
> index b27220a..acd50e9 100644
> --- a/drivers/hv/connection.c
> +++ b/drivers/hv/connection.c
> @@ -227,6 +227,11 @@ cleanup:
>
> void vmbus_disconnect(void)
> {
> + /*
> + * First send the unload request to the host.
> + */
> + vmbus_initiate_unload();
> +
> if (vmbus_connection.work_queue) {
> drain_workqueue(vmbus_connection.work_queue);
> destroy_workqueue(vmbus_connection.work_queue);
> diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
> index 138d663..cddc0c9 100644
> --- a/drivers/hv/hyperv_vmbus.h
> +++ b/drivers/hv/hyperv_vmbus.h
> @@ -647,6 +647,7 @@ struct vmbus_connection {
>
> atomic_t next_gpadl_handle;
>
> + struct completion unload_event;
> /*
> * Represents channel interrupts. Each bit position represents a
> * channel. When a channel sends an interrupt via VMBUS, it finds its
> @@ -741,6 +742,7 @@ void hv_vss_onchannelcallback(void *);
> int hv_fcopy_init(struct hv_util_service *);
> void hv_fcopy_deinit(void);
> void hv_fcopy_onchannelcallback(void *);
> +void vmbus_initiate_unload(void);
>
> static inline void hv_poll_channel(struct vmbus_channel *channel,
> void (*cb)(void *))
> diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h
> index e29ccdd..ea93486 100644
> --- a/include/linux/hyperv.h
> +++ b/include/linux/hyperv.h
> @@ -389,6 +389,7 @@ enum vmbus_channel_message_type {
> CHANNELMSG_INITIATE_CONTACT = 14,
> CHANNELMSG_VERSION_RESPONSE = 15,
> CHANNELMSG_UNLOAD = 16,
> + CHANNELMSG_UNLOAD_RESPONSE = 17,
> CHANNELMSG_COUNT
> };

--
Vitaly
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/