From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Vladimir Oltean <olteanv@gmail.com>
Cc: Jakub Kicinski <kuba@kernel.org>,
Eric Dumazet <edumazet@google.com>,
Stephen Hemminger <stephen@networkplumber.org>,
netdev <netdev@vger.kernel.org>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Jiri Benc <jbenc@redhat.com>, Or Gerlitz <ogerlitz@mellanox.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
Jamal Hadi Salim <jhs@mojatatu.com>, Andrew Lunn <andrew@lunn.ch>,
Florian Fainelli <f.fainelli@gmail.com>,
fw@strlen.de
Subject: Re: Correct usage of dev_base_lock in 2020
Date: Tue, 1 Dec 2020 15:42:38 +0100 [thread overview]
Message-ID: <20201201144238.GA5970@salvia> (raw)
In-Reply-To: <20201130184828.x56bwxxiwydsxt3k@skbuf>
On Mon, Nov 30, 2020 at 08:48:28PM +0200, Vladimir Oltean wrote:
[...]
> There are 2 separate classes of problems:
> - We already have two ways of protecting pure readers: via RCU and via
> the rwlock. It doesn't help if we also add a second way of locking out
> pure writers. We need to first clean up what we have. That's the
> reason why I started the discussion about the rwlock.
> - Some callers appear to not use any sort of protection at all. Does
> this code path look ok to you?
>
> nfnetlink_rcv_batch
> -> NFT_MSG_NEWCHAIN
This path holds the nft commit mutex.
> -> nf_tables_addchain
> -> nft_chain_parse_hook
> -> nft_chain_parse_netdev
> -> nf_tables_parse_netdev_hooks
> -> nft_netdev_hook_alloc
> -> __dev_get_by_name
> -> netdev_name_node_lookup: must be under RTNL mutex or dev_base_lock protection
The nf_tables_netdev_event() notifier holds the nft commit mutex too.
Assuming worst case, race between __dev_get_by_name() and device
removal, the notifier waits for the NFT_MSG_NEWCHAIN path to finish.
If the nf_tables_netdev_event() notifier wins race, then
__dev_get_by_name() hits ENOENT.
The idea is explained here:
commit 90d2723c6d4cb2ace50fc3b932a2bcc77710450b
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue Mar 20 17:00:19 2018 +0100
netfilter: nf_tables: do not hold reference on netdevice from preparation phase
The netfilter netdevice event handler hold the nfnl_lock mutex, this
avoids races with a device going away while such device is being
attached to hooks from the netlink control plane. Therefore, either
control plane bails out with ENOENT or netdevice event path waits until
the hook that is attached to net_device is registered.
I can submit a patch adding a comment so anyone else does not get
confused :-)
next prev parent reply other threads:[~2020-12-01 14:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201129182435.jgqfjbekqmmtaief@skbuf>
2020-11-29 20:58 ` Correct usage of dev_base_lock in 2020 Vladimir Oltean
2020-11-30 5:12 ` Stephen Hemminger
2020-11-30 10:41 ` Eric Dumazet
2020-11-30 18:14 ` Jakub Kicinski
2020-11-30 18:30 ` Eric Dumazet
2020-11-30 18:48 ` Vladimir Oltean
2020-11-30 19:00 ` Eric Dumazet
2020-11-30 19:03 ` Vladimir Oltean
2020-11-30 19:22 ` Eric Dumazet
2020-11-30 19:32 ` Vladimir Oltean
2020-11-30 21:41 ` Florian Fainelli
2020-11-30 19:46 ` Vladimir Oltean
2020-11-30 20:18 ` Eric Dumazet
2020-11-30 20:21 ` Stephen Hemminger
2020-11-30 20:26 ` Vladimir Oltean
2020-11-30 20:29 ` Eric Dumazet
2020-11-30 20:36 ` Vladimir Oltean
2020-11-30 20:43 ` Eric Dumazet
2020-11-30 20:50 ` Vladimir Oltean
2020-11-30 21:00 ` Eric Dumazet
2020-11-30 21:11 ` Vladimir Oltean
2020-11-30 21:46 ` Eric Dumazet
2020-11-30 21:53 ` Vladimir Oltean
2020-11-30 22:20 ` Eric Dumazet
2020-11-30 22:41 ` Vladimir Oltean
2020-12-01 14:42 ` Pablo Neira Ayuso [this message]
2020-12-01 18:58 ` Vladimir Oltean
2020-12-10 4:32 ` [PATCH] net: bonding: retrieve device statistics under RTNL, not RCU kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201201144238.GA5970@salvia \
--to=pablo@netfilter.org \
--cc=andrew@lunn.ch \
--cc=edumazet@google.com \
--cc=f.fainelli@gmail.com \
--cc=fw@strlen.de \
--cc=jbenc@redhat.com \
--cc=jhs@mojatatu.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=olteanv@gmail.com \
--cc=paul.gortmaker@windriver.com \
--cc=stephen@networkplumber.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).