Re: [PATCH 1/2 v2] af-packet: Use existing netdev reference for bound sockets.

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

From: Eric Dumazet <eric.dumazet@gmail.com>
To: Ben Greear <greearb@candelatech.com>
Cc: David Miller <davem@davemloft.net>, netdev@vger.kernel.org
Subject: Re: [PATCH 1/2 v2] af-packet: Use existing netdev reference for bound sockets.
Date: Sat, 28 May 2011 08:20:30 +0200	[thread overview]
Message-ID: <1306563630.2533.25.camel@edumazet-laptop> (raw)
In-Reply-To: <4DE00711.6070000@candelatech.com>

Le vendredi 27 mai 2011 à 13:18 -0700, Ben Greear a écrit :
> On 05/27/2011 01:15 PM, David Miller wrote:
> > From: Eric Dumazet<eric.dumazet@gmail.com>
> > Date: Fri, 27 May 2011 22:08:41 +0200
> >
> >> Le jeudi 26 mai 2011 à 21:11 -0700, Ben Greear a écrit :
> >>> On 05/26/2011 08:42 PM, Eric Dumazet wrote:
> >>>> Le jeudi 26 mai 2011 à 16:55 -0700, greearb@candelatech.com a écrit :
> >>>
> >>>>>    out_free:
> >>>>>    	kfree_skb(skb);
> >>>>>    out_unlock:
> >>>>> -	if (dev)
> >>>>> +	if (dev&&   need_rls_dev)
> >>>>>    		dev_put(dev);
> >>>>>    out:
> >>>>>    	return err;
> >>>>
> >>>> Hmmm, I wonder why you want this Ben.
> >>>>
> >>>> IMHO this is buggy, because we can sleep in this function.
> >>>>
> >>>> We must take a ref on device (its really cheap these days, now we have a
> >>>> percpu device refcnt)
> >>>
> >>> Why must you take the reference?  And if we must, why isn't the
> >>> current code that assigns the prot_hook.dev without taking a
> >>> reference OK?
> >>>
> >>
> >> If we sleep, device can disappear under us.
> >>
> >> The only way to not take a reference is to hold rcu_read_lock(), but
> >> you're not allowed to sleep under rcu_read_lock().
> >
> > You still have not addresses Ben's point.
> >
> > Why is it ok for the po->prot_hook.dev handling to not take a
> > reference?  It's been doing this forever.  Ben is just borrowing this
> > behavior for his uses.
> >
> > After some more research I think it happens to be OK because
> > ->prot_hook.dev is used _only_ for pointer comparisons, it is never
> > actually dereferenced or used in any other way.  Probably, we should
> > just use ->ifindex for this.
> 
> It's easy enough to add a dev_hold() when I assign the skb instead
> of looking it up in my patch, but perhaps it would be cleaner over all to
> just hold a ref on the prot_hook.dev when it is originally assigned?

Problem is : if packet_notifier(NETDEV_DOWN|UNREGISTER) is run while we
sleep, what happens then ?

Normally, if we sleep a long time in tpacket_snd() after device ref
increment, and before dev_queue_xmit(), the unregister process can enter
the infamous msleep(250) loop in netdev_wait_allrefs(), but at least we
dont crash.

But if you dont take the reference, we can crash in dev_queue_xmit()
when dereferencing the freed netdev structure.

Please check commit 1a35ca80c1db7 (packet: dont call sleeping functions
while holding rcu_read_lock()) for reference on possible problems.

Thanks !

next prev parent reply	other threads:[~2011-05-28  6:20 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-26 23:55 [PATCH 1/2 v2] af-packet: Use existing netdev reference for bound sockets greearb
2011-05-26 23:55 ` [PATCH 2/2 v2] af-packet: Add flag to distinguish VID 0 from no-vlan greearb
2011-05-27  3:46   ` Eric Dumazet
2011-05-27  3:42 ` [PATCH 1/2 v2] af-packet: Use existing netdev reference for bound sockets Eric Dumazet
2011-05-27  4:11   ` Ben Greear
2011-05-27 20:08     ` Eric Dumazet
2011-05-27 20:15       ` David Miller
2011-05-27 20:18         ` Ben Greear
2011-05-28  6:20           ` Eric Dumazet [this message]
2011-05-28 17:01             ` Ben Greear

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1306563630.2533.25.camel@edumazet-laptop \
    --to=eric.dumazet@gmail.com \
    --cc=davem@davemloft.net \
    --cc=greearb@candelatech.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox