From: David Miller <davem@davemloft.net>
To: vkuznets@redhat.com
Cc: sthemmin@microsoft.com, netdev@vger.kernel.org,
haiyangz@microsoft.com, linux-kernel@vger.kernel.org,
devel@linuxdriverproject.org
Subject: Re: [PATCH net-next] hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf()
Date: Fri, 21 Oct 2016 10:52:58 -0400 (EDT) [thread overview]
Message-ID: <20161021.105258.685851223067760389.davem@davemloft.net> (raw)
In-Reply-To: <87d1iuymty.fsf@vitty.brq.redhat.com>
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Fri, 21 Oct 2016 13:15:53 +0200
> David Miller <davem@davemloft.net> writes:
>
>> From: Vitaly Kuznetsov <vkuznets@redhat.com>
>> Date: Thu, 20 Oct 2016 10:51:04 +0200
>>
>>> Stephen Hemminger <sthemmin@microsoft.com> writes:
>>>
>>>> Do we need ACCESS_ONCE() here to avoid check/use issues?
>>>>
>>>
>>> I think we don't: this is the only place in the function where we read
>>> the variable so we'll get normal read. We're not trying to syncronize
>>> with netvsc_init_buf() as that would require locking, if we read stale
>>> NULL value after it was already updated on a different CPU we're fine,
>>> we'll just return -EAGAIN.
>>
>> The concern is if we race with netvsc_destroy_buf() and this pointer
>> becomes NULL after the test you are adding.
>
> Thanks, this is interesting.
>
> We may reach to netvsc_destroy_buf() by 3 pathes:
>
> 1) cleanup path in netvsc_init_buf(). It is never called with
> send_section_map being not NULL so it seems we're safe.
>
> 2) from netvsc_remove() when the device is being removed. As far as I
> understand we can't be on the transmit path after we call
> unregister_netdev() so we're safe.
>
> 3) from netvsc_change_mtu() and netvsc_set_channels(). These pathes are
> specific to netvsc driver as basically we need to remove the device and
> add it back to change mtu/number of channels. The underligning 'struct
> net_device' stays but the rest is being removed and added back. On both
> pathes we first call netvsc_close() which does netif_tx_disable() and as
> far as I understand (I may be wrong) this guarantees that we won't be in
> netvsc_send().
>
> So *I think* that we can't ever free send_section_map while in
> netvsc_send() and we can't even get to netvsc_send() after it is freed
> but I may have missed something.
Ok you may be right.
Can't the device be taken down by asynchronous events as well? For example
if the peer end of the interface in the other guest disappears.
next prev parent reply other threads:[~2016-10-21 14:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-19 13:53 [PATCH net-next] hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf() Vitaly Kuznetsov
2016-10-20 8:36 ` Stephen Hemminger
2016-10-20 8:51 ` Vitaly Kuznetsov
2016-10-20 18:03 ` David Miller
2016-10-21 11:15 ` Vitaly Kuznetsov
2016-10-21 14:52 ` David Miller [this message]
2016-10-21 15:17 ` Vitaly Kuznetsov
2016-10-21 15:27 ` David Miller
2016-10-21 15:28 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161021.105258.685851223067760389.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=devel@linuxdriverproject.org \
--cc=haiyangz@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sthemmin@microsoft.com \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).