From: Patrick McHardy <kaber@trash.net>
To: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Cc: Pavel Emelianov <xemul@sw.ru>, David Miller <davem@davemloft.net>,
Linux Netdev List <netdev@vger.kernel.org>,
Andrew Morton <akpm@osdl.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
devel@openvz.org, Kirill Korotaev <dev@openvz.org>
Subject: Re: [NETLINK] Don't attach callback to a going-away netlink socket
Date: Wed, 18 Apr 2007 10:26:31 +0200 [thread overview]
Message-ID: <4625D637.2040308@trash.net> (raw)
In-Reply-To: <20070418081707.GA29267@2ka.mipt.ru>
Evgeniy Polyakov wrote:
> On Wed, Apr 18, 2007 at 12:16:18PM +0400, Pavel Emelianov (xemul@sw.ru) wrote:
>
>>Sorry, I forgot to put netdev and David in Cc when I first sent it.
>>
>>There is a race between netlink_dump_start() and netlink_release()
>>that can lead to the situation when a netlink socket with non-zero
>>callback is freed.
>
>
> Out of curiosity, why not to fix a netlink_dump_start() to remove
> callback in error path, since in 'no-error' path it removes it in
> netlink_dump().
It already does (netlink_destroy_callback), but that doesn't help
with this race though since without this patch we don't enter the
error path.
> And, btw, can release method be called while socket is being used, I
> thought about proper reference counters should prevent this, but not
> 100% sure with RCU dereferencing of the descriptor.
The problem is asynchronous processing of the dump request in the
context of a different process. Process requests a dump, message
is queued and process returns from sendmsg since some other process
is already processing the queue. Then the process closes the socket,
resulting in netlink_release being called. When the dump request
is finally processed the race Pavel described might happen. This
can only happen for netlink families that use mutex_try_lock for
queue processing of course.
next prev parent reply other threads:[~2007-04-18 8:26 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-18 8:16 [NETLINK] Don't attach callback to a going-away netlink socket Pavel Emelianov
2007-04-18 8:17 ` Evgeniy Polyakov
2007-04-18 8:26 ` Patrick McHardy [this message]
2007-04-18 8:42 ` Evgeniy Polyakov
2007-04-18 8:50 ` Patrick McHardy
2007-04-18 9:07 ` Evgeniy Polyakov
2007-04-18 9:16 ` Patrick McHardy
2007-04-18 9:29 ` Evgeniy Polyakov
2007-04-18 8:32 ` Pavel Emelianov
2007-04-18 8:44 ` Evgeniy Polyakov
2007-04-18 9:03 ` Pavel Emelianov
2007-04-18 9:14 ` Evgeniy Polyakov
2007-04-19 0:06 ` David Miller
2007-04-19 2:13 ` Herbert Xu
2007-04-29 6:18 ` David Miller
2007-05-02 4:12 ` Herbert Xu
2007-05-03 10:17 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4625D637.2040308@trash.net \
--to=kaber@trash.net \
--cc=akpm@osdl.org \
--cc=davem@davemloft.net \
--cc=dev@openvz.org \
--cc=devel@openvz.org \
--cc=johnpol@2ka.mipt.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=xemul@sw.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.