From: Jakub Kicinski <kuba@kernel.org>
To: Tariq Toukan <tariqt@nvidia.com>
Cc: Boris Pismenny <borisp@nvidia.com>,
John Fastabend <john.fastabend@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, <netdev@vger.kernel.org>,
Saeed Mahameed <saeedm@nvidia.com>, Gal Pressman <gal@nvidia.com>,
Maxim Mikityanskiy <maximmi@nvidia.com>
Subject: Re: [PATCH net] net/tls: Fix race in TLS device down flow
Date: Fri, 15 Jul 2022 16:38:02 -0700 [thread overview]
Message-ID: <20220715163802.6f49d03d@kernel.org> (raw)
In-Reply-To: <20220715084216.4778-1-tariqt@nvidia.com>
On Fri, 15 Jul 2022 11:42:16 +0300 Tariq Toukan wrote:
> Socket destruction flow and tls_device_down function sync against each
> other using tls_device_lock and the context refcount, to guarantee the
> device resources are freed via tls_dev_del() by the end of
> tls_device_down.
>
> In the following unfortunate flow, this won't happen:
> - refcount is decreased to zero in tls_device_sk_destruct.
> - tls_device_down starts, skips the context as refcount is zero, going
> all the way until it flushes the gc work, and returns without freeing
> the device resources.
> - only then, tls_device_queue_ctx_destruction is called, queues the gc
> work and frees the context's device resources.
>
> Solve it by decreasing the refcount in the socket's destruction flow
> under the tls_device_lock, for perfect synchronization. This does not
> slow down the common likely destructor flow, in which both the refcount
> is decreased and the spinlock is acquired, anyway.
>
> Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure")
> Reviewed-by: Maxim Mikityanskiy <maximmi@nvidia.com>
> Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Oh, so it was already racy? Sad this has missed the PR, another delay
for your -next patches :S
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
next prev parent reply other threads:[~2022-07-15 23:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-15 8:42 [PATCH net] net/tls: Fix race in TLS device down flow Tariq Toukan
2022-07-15 23:38 ` Jakub Kicinski [this message]
2022-07-18 10:50 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220715163802.6f49d03d@kernel.org \
--to=kuba@kernel.org \
--cc=borisp@nvidia.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gal@nvidia.com \
--cc=john.fastabend@gmail.com \
--cc=maximmi@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=saeedm@nvidia.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.