From: Guillaume Nault <gnault@redhat.com>
To: Tom Parkin <tparkin@katalix.com>
Cc: netdev@vger.kernel.org, jchapman@katalix.com
Subject: Re: [PATCH] ppp: fix refcount underflow on channel unbridge
Date: Wed, 6 Jan 2021 17:48:25 +0100 [thread overview]
Message-ID: <20210106164825.GA7058@linux.home> (raw)
In-Reply-To: <20210105211743.8404-1-tparkin@katalix.com>
On Tue, Jan 05, 2021 at 09:17:43PM +0000, Tom Parkin wrote:
> err_unset:
> write_lock_bh(&pch->upl);
> - RCU_INIT_POINTER(pch->bridge, NULL);
> + /* Re-check pch->bridge with upl held since a racing unbridge might already
> + * have cleared it and dropped the reference on pch->bridge.
> + */
> + if (rcu_dereference_protected(pch->bridge, lockdep_is_held(&pch->upl))) {
> + RCU_INIT_POINTER(pch->bridge, NULL);
> + drop_ref = true;
> + }
> write_unlock_bh(&pch->upl);
> synchronize_rcu();
> +
> + if (drop_ref)
> + if (refcount_dec_and_test(&pchb->file.refcnt))
> + ppp_destroy_channel(pchb);
> +
I think this works because ppp_mutex prevents pch->bridge from being
reassigned to another channel. However, this isn't obvious when reading
the code, and well, I prefer to not introduce new dependencies on
ppp_mutex (otherwise we'd better go with your original patch).
I think we could just save pch->bridge while we're under ->upl
protection, and then drop the reference of that channel (if non-NULL):
err_unset:
write_lock_bh(&pch->upl);
+ /* Re-read pch->bridge in case it was modified concurrently */
+ pchb = rcu_dereference_protected(pch->bridge,
+ lockdep_is_held(&pch->upl));
+ RCU_INIT_POINTER(pch->bridge, NULL);
write_unlock_bh(&pch->upl);
synchronize_rcu();
+
+ if (pchb)
+ if (refcount_dec_and_test(&pchb->file.refcnt))
+ ppp_destroy_channel(pchb);
+
return -EALREADY;
}
This way we know that pchb is the channel we were pointing to when we
cleared pch->bridge. And this is also a bit simpler than using an extra
boolean.
next prev parent reply other threads:[~2021-01-06 16:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-05 21:17 [PATCH] ppp: fix refcount underflow on channel unbridge Tom Parkin
2021-01-06 16:48 ` Guillaume Nault [this message]
2021-01-06 20:33 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210106164825.GA7058@linux.home \
--to=gnault@redhat.com \
--cc=jchapman@katalix.com \
--cc=netdev@vger.kernel.org \
--cc=tparkin@katalix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.