From: Patrick McHardy <kaber@trash.net>
To: Pablo Neira <pablo@eurodev.net>
Cc: netfilter-devel@lists.netfilter.org,
Harald Welte <laforge@netfilter.org>
Subject: Re: [PATCH] peer_pid checking in ip_queue
Date: Tue, 23 Mar 2004 23:44:15 +0100 [thread overview]
Message-ID: <4060BDBF.8050407@trash.net> (raw)
In-Reply-To: <40607DAC.2090404@eurodev.net>
Pablo Neira wrote:
> Hi Patrick,
>
> Patrick McHardy wrote:
>
>> peer_pid is protected by queue_lock, you move it out of the locked
>> section. This leads to a small race which can cause message loss. Not
>> sure if it's bad though as netlink is unreliable itself.
>
>
> yes it's true, well if i'm not wrong, this small race could happen for
> first packets which are going to be
> enqueued, is it?.
It can happen if peer_pid is checked outside the locked section on one
CPU and changed on another at the same time. I don't consider it
important, as the exact point in time at which the first packet will be
received is non-deterministic for userspace anyway. But we can probably
also do it without a race-conditions, ipq_build_packet_message
read_locks queue_lock, directly after that it is write_locked by
ipq_enqueue_packet. As multiple threads will queue at the write_lock
anyway it seems we can just replace it by a spin_lock and lock the
entire section. But let me think some more about it ..
Regards
Patrick
>
> For example, two packets arrive almost at the same time, ip_queue
> allocates space for both new entries to be enqueued, first packet is not
> enqueued because peer_pid is 0 but, in that moment, the user space
> program binds to ip_queue's netlink sockets, but entry for second packet
> is already created and peer_pid is not 0 anymore, so this packet is
> enqueue. With my patch, both packets will be lost, with current
> implementation one is lost and the other one is enqueued.
>
> By other hand, I think that if user programs hungs or dies, we stress
> the kernel allocating
> and releasing memory all the time. So, my question is, is really a
> problem losing these packets?
>
> thanks for the feedback,
> Pablo
>
next prev parent reply other threads:[~2004-03-23 22:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-23 11:09 [PATCH] peer_pid checking in ip_queue Pablo Neira
2004-03-23 17:25 ` Patrick McHardy
2004-03-23 18:10 ` Pablo Neira
2004-03-23 22:44 ` Patrick McHardy [this message]
2004-03-24 0:07 ` Henrik Nordstrom
2004-03-24 0:42 ` Pablo Neira
2004-03-24 2:11 ` Patrick McHardy
2004-03-24 0:47 ` Patrick McHardy
2004-03-27 21:20 ` Harald Welte
2004-03-27 23:50 ` Patrick McHardy
2004-03-27 21:17 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4060BDBF.8050407@trash.net \
--to=kaber@trash.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=pablo@eurodev.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.