From: Sabrina Dubroca <sd@queasysnail.net>
To: Antonio Quartulli <antonio@openvpn.net>
Cc: Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, Ralf Lici <ralf@mandelbit.com>,
Paolo Abeni <pabeni@redhat.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Hyunwoo Kim <imv4bel@gmail.com>
Subject: Re: [PATCH net 1/1] ovpn: fix race between deleting interface and adding new peer
Date: Thu, 23 Apr 2026 18:37:49 +0200 [thread overview]
Message-ID: <aepK3XXc8IFemb1Z@krikkit> (raw)
In-Reply-To: <9221605c-ad31-44f9-b3b7-db2237f75eb7@openvpn.net>
2026-04-23, 15:43:31 +0200, Antonio Quartulli wrote:
>
>
> On 23/04/2026 14:16, Antonio Quartulli wrote:
> > On 23/04/2026 04:20, Jakub Kicinski wrote:
> > > On Wed, 22 Apr 2026 14:32:42 +0200 Antonio Quartulli wrote:
> > > > + /* Prevent adding new peers while destroying the ovpn interface.
> > > > + * Failing to do so would end up holding the device reference
> > > > + * endlessly hostage of the new peer object with no chance of
> > > > + * release..
> > > > + */
> > > > + if (ovpn->dev->reg_state >= NETREG_UNREGISTERING)
> > > > + return -ENODEV;
> > >
> > > AI review suggests wrapping reg_state read in READ_ONCE(), I think
> > > that's legit. Also nit: I think > or != REGISTERED would be more
> > > idiomatic than comparing >= UNREGSITERING ?
> >
> > Agreed on READ_ONCE. Will fix it.
> >
> > As for your second point, I am fine with "!= REGISTERED" as that's the
> > only state we should be accepting new peers in any case.
> >
> > >
> > > If you agree make sure Sashiko doesn't complain about anything else
> > > once it's public:
> > > https://sashiko.dev/#/patchset/20260422123242.530882-2-
> > > antonio@openvpn.net
> >
> > Is there any way to get earlier access to these reviews? (at least for
> > patches somehow related to me/ovpn)
> >
>
> Dang! sashiko reminded me that I should swap cancel_delayed_work_sync with
> disable_delayed_work_sync. Will fix that.
>
>
> As for the second remarks..It has convincing arguments, but I need some more
> time to think about it.
>
> Sabrina, do you have an opinion?
Sadly, it seems possible.
I wanted to add rcu_read_lock around everything ovpn_peer_add() does,
so that unregister_netdevice_many_notify() gets stuck on the
synchronize_net() call after setting UNREGISTERING, but
ovpn_peer_add_p2p needs to be able to sleep [1]. If we move the
ovpn->lock from ovpn_peer_add_* to ovpn_peer_add, so that we check
reg_state and insert the new peer without being preempted, we should
be ok. But maybe submit that to netdev as RFC (not directly a pull
request) so that sashiko tells me how wrong I am?
We could also wrap all of ovpn_peer_add (including the new reg_state
check) in netdev_lock, since we can't move to NETREG_UNREGISTERING
until netdev_lock is released (then I think we wouldn't need the
READ_ONCE(reg_state)). But I don't know if that's an acceptable use of
netdev_lock.
[1] maybe we should add a might_sleep() annotation directly in
unlock_ovpn (instead of/in addition to the one already in
ovpn_socket_release), I'm already getting a bit rusty on the locking :/
--
Sabrina
next prev parent reply other threads:[~2026-04-23 16:37 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-22 12:32 [PATCH net 0/1] pull request: fixes for ovpn 2026-04-22 Antonio Quartulli
2026-04-22 12:32 ` [PATCH net 1/1] ovpn: fix race between deleting interface and adding new peer Antonio Quartulli
2026-04-23 2:20 ` Jakub Kicinski
2026-04-23 12:16 ` Antonio Quartulli
2026-04-23 13:43 ` Antonio Quartulli
2026-04-23 16:37 ` Sabrina Dubroca [this message]
2026-04-23 17:36 ` Jakub Kicinski
2026-04-23 22:27 ` Sabrina Dubroca
2026-04-27 20:22 ` Jakub Kicinski
2026-04-23 17:38 ` Jakub Kicinski
-- strict thread matches above, loose matches on Subject: below --
2026-03-20 10:03 [PATCH net 0/1] pull request: fixes for ovpn 2026-03-20 Antonio Quartulli
2026-03-20 10:03 ` [PATCH net 1/1] ovpn: fix race between deleting interface and adding new peer Antonio Quartulli
2026-03-24 1:43 ` Jakub Kicinski
2026-03-24 1:45 ` Jakub Kicinski
2026-03-24 10:09 ` Sabrina Dubroca
2026-03-24 21:30 ` Jakub Kicinski
2026-03-24 22:40 ` Sabrina Dubroca
2026-03-25 13:37 ` Antonio Quartulli
2026-03-26 9:13 ` Sabrina Dubroca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aepK3XXc8IFemb1Z@krikkit \
--to=sd@queasysnail.net \
--cc=andrew+netdev@lunn.ch \
--cc=antonio@openvpn.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=imv4bel@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=ralf@mandelbit.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.