From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yx1-f43.google.com (mail-yx1-f43.google.com [74.125.224.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 523763570C1 for ; Sat, 31 Jan 2026 17:41:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.43 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769881308; cv=none; b=GZlzSF6K/oJzqJjKzN8VJ5kOlJ8GeosGJlvzZOGCzH11RjdNrbSlXVEJgVzwNNEPTlGtl4qGoJcdFj4k/3bpveTmU794O4sj3fL/oWfmhZbtqRrRgdDnEVoKhQPE6yiEaQiCxWI8pzVByqcJChqT2zTPXaQddma/hTgX/5s1xqk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769881308; c=relaxed/simple; bh=U7DriEUcK86dPkxQhAKAzOz2fvIGiGMZpIz2TatGivM=; h=Date:From:To:Cc:Message-ID:In-Reply-To:References:Subject: Mime-Version:Content-Type; b=DZCDooM+EyQHS74GoxAXx8vmupdPKW6MO93edFNsw74e2Jl68AKMbapF4/VAsBAWOZjlYOQAtOUiUPOdAHuo6dN4AYo0ZI76Mi5HNUssVdDmA+6HpmO24NsTXftIPrwvkvotxOX3TNZeFSdsD2aBh75eAWlt6xEsM/T5o9bq8Sk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=moPDA118; arc=none smtp.client-ip=74.125.224.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="moPDA118" Received: by mail-yx1-f43.google.com with SMTP id 956f58d0204a3-64937edbc9eso2790263d50.2 for ; Sat, 31 Jan 2026 09:41:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769881304; x=1770486104; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=K8wf43Hct6xWw5pdPTFk6uNM8HLpNcMz3YOsh2PRxWU=; b=moPDA118TxQwjrn0Aev18p+r85+lymEQQTSbbZ+HfOgZe3cy51sjeQ2ejt1HUG9wHU zew1+nDq/sJHXhItqnNsDKmWd0C65hkaT8Jo/FaDUi71LK50TfhpokC+YZRUypQLOWnj YC7Vh1dTHuUW8B26binG4AMJHXqI82Sk99EGeybjAyT0LGMG5zsGBYtnQh5wqiUxGhQg E1D9KTvn6zYTqNCTQZRR19DzOW5Q56B1ape2aXl0WKwndHaCoFPvPmiJFRzq1IwPlK1J sDzY8QFtjyHrIxfXrGloAVTM0Ocq7nQlPqdeNe+c1XGHb6dlve0v1YOF0PeW/REVRZOZ IiJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769881304; x=1770486104; h=content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=K8wf43Hct6xWw5pdPTFk6uNM8HLpNcMz3YOsh2PRxWU=; b=cpKlaDT1Gw3JHjI7g/Q6Um59Io1TPujBvzPt6SNJAdtSqsg/+J6NHcT3neFZ3lAWR4 IliTnT8NT78wrAnDgEwFBmaglIKofyKuZszv2sQNYtpge6gopYs7rFJlFWNirqeftwTU y3SGV1Q4evYr7+9MOBjA03UbvDX+qC4qTCmvmgDL+de+HMtFWSSUsiEtmT85nK2dBKZl pmsoZIWihfQwpd2Lf3YKRJpiJ1+5IGThIpMitAB4dQJZFhgXYgI+b7H2FTdUPhfRUaio QQwNBqsvXqGrWD9Q/XZSh5Sol7hdL9xSRE6egvctTLNdf8587ZMkM2POGTmzQXy4cBSb B1qw== X-Forwarded-Encrypted: i=1; AJvYcCVsM7ZtQy3e73P34FXkUpRVOKTGB8SAjlfV+TIGVvdJVgTOd01TUeq4bjYZ430wq5zIW8/R2FaAC0ffNaU=@vger.kernel.org X-Gm-Message-State: AOJu0YzqKBRbWiE76IcpvL+iyaly+x+ufV9PpXFgEn9OYYaRt3SKTr26 oQR3ulbuIniPimfUTMO7xTgWpiC+oUvCX+k4J0h7I1YyNBIQmeDLQhNj X-Gm-Gg: AZuq6aJjQaUqT4olRduy01E3JQMYQstoZ/gGG4T1P90UdKyMO7lnMZm1rKOUtYSPruI r5PVOBADorjyzlxi7jgWm65TOazi9W97UpZJFjv2bns907sesPorGvcJiTLfb08fRpDf3HGDkvv fnEoy8rkBAd+UF8OG+Vi1MAe9yuPV3yU8RdBQUDtQpDEX7gVtB9aKg4qkI3J6igggzfTGz24Vt9 YMlF5EWjFv0drtCIa+x7QzMYQMMqJ0RaPM1zOiEcuU3WvNNGwwuPJe912coWGVlqu3MA6zgX35X n84vfS4bXjZLmDfyL+OsD1ziV8OmLckQ5JtMqnhv0fNMjo44ZekH1qkX5FRwDZ/kS0npWxDGkFl 5o0FNVLJ8j0Vx2wnnDTSZRfhdvR8Jn0OUNMKbfm7VlkMiLgE0X8tQyPL9Rj2RFQHGqCzC9I5zCN QO88InLaoO/sLmjstmfINeWqWC+LRtGYW7BQ6ll6813E90AOdljvs14bOTETU= X-Received: by 2002:a05:690e:b89:b0:641:f5bc:6950 with SMTP id 956f58d0204a3-649a8521a3cmr5252742d50.84.1769881303890; Sat, 31 Jan 2026 09:41:43 -0800 (PST) Received: from gmail.com (21.33.48.34.bc.googleusercontent.com. [34.48.33.21]) by smtp.gmail.com with UTF8SMTPSA id 00721157ae682-79482761800sm48563027b3.4.2026.01.31.09.41.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 31 Jan 2026 09:41:43 -0800 (PST) Date: Sat, 31 Jan 2026 12:41:42 -0500 From: Willem de Bruijn To: Jakub Kicinski , fengwei_yin@linux.alibaba.com, Willem de Bruijn Cc: davem@davemloft.net, edumazet@google.com, pabeni@redhat.com, horms@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Message-ID: In-Reply-To: <20260130191845.404c5e64@kernel.org> References: <20260128070359.6762-1-fengwei_yin@linux.alibaba.com> <20260130191845.404c5e64@kernel.org> Subject: Re: [PATCH] net: procfs: Fix RCU stall and soft lockup in ptype_seq_next() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Jakub Kicinski wrote: > On Wed, 28 Jan 2026 15:03:59 +0800 fengwei_yin@linux.alibaba.com wrote: > > The root cause is in ptype_seq_next(): when iterating over packet > > types, it's possible that a packet type entry (pt) has been removed, > > its dev set to NULL, and pt->af_packet_net is not initialized. > > In that case, the function may return the same 'nxt' pointer indefinitely. > > This results in an infinite loop under RCU read-side critical section, > > causing an RCU stall and eventually a soft lockup. > > > > Fix the issue by properly handling the case where 'nxt' points to > > an empty list, ensuring forward progress in the iterator. > > > @@ -247,7 +247,7 @@ static void *ptype_seq_next(struct seq_file *seq, void *v, loff_t *pos) > > > > if (pt->af_packet_net) { > > net_ptype_all: > > - if (nxt != &net->ptype_all && nxt != &net->ptype_specific) > > + if (!list_empty(nxt) && nxt != &net->ptype_all && nxt != &net->ptype_specific) > > goto found; > > > > if (nxt == &net->ptype_all) { > > @@ -267,6 +267,9 @@ static void *ptype_seq_next(struct seq_file *seq, void *v, loff_t *pos) > > return NULL; > > nxt = ptype_base[hash].next; > > } > > + > > + if (list_empty(nxt)) > > + return NULL; > > found: > > return list_entry(nxt, struct packet_type, list); > > } > > I'm not sure this fix works, TBH, we're dealing with an RCU list here. > The elements are not deleted with list_del_init(), so they won't > look "empty". > > If the pt entries are under RCU protection I think the issue is that > af_packet is clearing pt->dev before waiting for the grace period to > expire. > > Willem, is there a reason for that or just convenience? That would be wrong. Do we see it doing that somewhere? These handlers should get removed with dev_remove_pack. Or __dev_remove_pack and observe the RCU grace period some other way. I can review these, but was not aware of any abuses. > -- > pw-bot: cr