From: stranche@codeaurora.org
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: David Miller <davem@davemloft.net>,
Linux Kernel Network Developers <netdev@vger.kernel.org>,
Pravin B Shelar <pshelar@ovn.org>,
Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>,
Johannes Berg <johannes.berg@intel.com>
Subject: Re: [PATCH net] genetlink: take netlink table lock when (un)registering
Date: Mon, 29 Jun 2020 14:18:06 -0600 [thread overview]
Message-ID: <8eba464937d34d8330a82332ebd672eb@codeaurora.org> (raw)
In-Reply-To: <CAM_iQpXXdpdKvVY4G=y8=R4TsYE0ovac=OCNfiaMmD=Rgn2utQ@mail.gmail.com>
On 2020-06-27 12:55, Cong Wang wrote:
> On Fri, Jun 26, 2020 at 5:32 PM Sean Tranchetti
> <stranche@codeaurora.org> wrote:
>>
>> A potential deadlock can occur during registering or unregistering a
>> new
>> generic netlink family between the main nl_table_lock and the cb_lock
>> where
>> each thread wants the lock held by the other, as demonstrated below.
>>
>> 1) Thread 1 is performing a netlink_bind() operation on a socket. As
>> part
>> of this call, it will call netlink_lock_table(), incrementing the
>> nl_table_users count to 1.
>> 2) Thread 2 is registering (or unregistering) a genl_family via the
>> genl_(un)register_family() API. The cb_lock semaphore will be taken
>> for
>> writing.
>> 3) Thread 1 will call genl_bind() as part of the bind operation to
>> handle
>> subscribing to GENL multicast groups at the request of the user. It
>> will
>> attempt to take the cb_lock semaphore for reading, but it will fail
>> and
>> be scheduled away, waiting for Thread 2 to finish the write.
>> 4) Thread 2 will call netlink_table_grab() during the (un)registration
>> call. However, as Thread 1 has incremented nl_table_users, it will
>> not
>> be able to proceed, and both threads will be stuck waiting for the
>> other.
>>
>> To avoid this scenario, the locks should be acquired in the same order
>> by
>> both threads. Since both the register and unregister functions need to
>> take
>> the nl_table_lock in their processing, it makes sense to explicitly
>> acquire
>> them before they lock the genl_mutex and the cb_lock. In
>> unregistering, no
>> other change is needed aside from this locking change.
>
> Like the kernel test robot reported, you can not call genl_lock_all
> while
> holding netlink_table_grab() which is effectively a write lock.
>
> To me, it seems genl_bind() can be just removed as there is no one
> in-tree uses family->mcast_bind(). Can you test the attached patch?
> It seems sufficient to fix this deadlock.
>
> Thanks.
Thanks Cong. Yes, removing the genl_bind()/genl_unbind() functions
eliminates the
potential for this deadlock. Adding Johannes here to comment on removing
these,
as the family->mcast_bind() capability added by commit c380d9a7afff
("genetlink: pass multicast bind/unbind to families") would be lost.
next prev parent reply other threads:[~2020-06-29 20:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-27 0:31 [PATCH net] genetlink: take netlink table lock when (un)registering Sean Tranchetti
2020-06-27 7:58 ` [genetlink] 9eb5d9390b: BUG:sleeping_function_called_from_invalid_context_at_kernel/locking/rwsem.c kernel test robot
2020-06-27 7:58 ` kernel test robot
2020-06-27 18:55 ` [PATCH net] genetlink: take netlink table lock when (un)registering Cong Wang
2020-06-29 20:18 ` stranche [this message]
2020-06-30 7:00 ` Johannes Berg
2020-06-28 0:26 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8eba464937d34d8330a82332ebd672eb@codeaurora.org \
--to=stranche@codeaurora.org \
--cc=davem@davemloft.net \
--cc=johannes.berg@intel.com \
--cc=netdev@vger.kernel.org \
--cc=pshelar@ovn.org \
--cc=subashab@codeaurora.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.