Re: [PATCH] locking bug in fib_semantics.c

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Miller <davem@davemloft.net>
To: jarkao2@o2.pl
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH] locking bug in fib_semantics.c
Date: Mon, 21 Aug 2006 01:17:03 -0700 (PDT)	[thread overview]
Message-ID: <20060821.011703.78716718.davem@davemloft.net> (raw)
In-Reply-To: <20060821081642.GA2637@ff.dom.local>

From: Jarek Poplawski <jarkao2@o2.pl>
Date: Mon, 21 Aug 2006 10:16:43 +0200

> On 17-08-2006 11:36, Alexey Kuznetsov wrote:
> > Hello!
> >
> > [IPV4]: severe locking bug in fib_semantics.c
> >
> > The patch is for net-2.6.19, but the bug is present in all the kernels
> > since yore.
> >
> > Found in 2.4 by Yixin Pan <yxpan@hotmail.com>. Why do we need lockdep,
> > when sharp-sighted eyes are available? :-)
> >
> >> When I read fib_semantics.c of Linux-2.4.32, write_lock(&fib_info_lock) =
> >> is used in fib_release_info() instead of write_lock_bh(&fib_info_lock).  =
> >> Is the following case possible: a BH interrupts fib_release_info() while =
> >> holding the write lock, and calls ip_check_fib_default() which calls =
> >> read_lock(&fib_info_lock), and spin forever.
> 
> But I hope the real reason for this patch isn't exactly like that.
> Could fib_release_info() be interrupted by BH really?

Absolutely, yes it can.  What makes you think it can't?

All of the call sites I have checked cause it to run with
BH's enabled, and that allows ip_fib_check_default() to
potentially run.  All we need is one such case to cause
the deadlock.

I was skeptical of this case too, until I checked how
fib_release_info() was called.

next prev parent reply	other threads:[~2006-08-21  8:16 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-08-17  9:36 [PATCH] locking bug in fib_semantics.c Alexey Kuznetsov
2006-08-18  1:29 ` David Miller
2006-08-21  8:16 ` Jarek Poplawski
2006-08-21  8:17   ` David Miller [this message]
2006-08-21 11:02     ` Jarek Poplawski
2006-08-22 10:35       ` Jarek Poplawski
2006-08-23  6:34         ` Jarek Poplawski
2006-08-23 18:31         ` Stephen Hemminger
2006-08-24 11:04           ` Jarek Poplawski
2006-08-24 14:18             ` Stephen Hemminger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060821.011703.78716718.davem@davemloft.net \
    --to=davem@davemloft.net \
    --cc=jarkao2@o2.pl \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).