* [PATCH] PKT_SCHED: Fix double locking in tcindex destroy path
@ 2004-12-10 1:49 Thomas Graf
2004-12-10 2:35 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Thomas Graf @ 2004-12-10 1:49 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev
tcindex's destroy uses its own delete functions to destroy its
configuration. The delete function (correctly) takes the qdisc_tree_lock
to prevent list walkings from happening while removing from the list.
The qdisc_tree_lock is already held if we're comming via the destroy
path and thus a double locking takes place.
Patch not needed for 2.4 since both destroy paths are unlocked but will
be needed if we add them.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
--- linux-2.6.10-rc2-bk13.orig/net/sched/cls_tcindex.c 2004-11-30 14:01:12.000000000 +0100
+++ linux-2.6.10-rc2-bk13/net/sched/cls_tcindex.c 2004-12-10 02:20:51.000000000 +0100
@@ -160,7 +160,8 @@
}
-static int tcindex_delete(struct tcf_proto *tp, unsigned long arg)
+static int
+__tcindex_delete(struct tcf_proto *tp, unsigned long arg, int already_locked)
{
struct tcindex_data *p = PRIV(tp);
struct tcindex_filter_result *r = (struct tcindex_filter_result *) arg;
@@ -182,9 +183,11 @@
found:
f = *walk;
- tcf_tree_lock(tp);
+ if (!already_locked)
+ tcf_tree_lock(tp);
*walk = f->next;
- tcf_tree_unlock(tp);
+ if (!already_locked)
+ tcf_tree_unlock(tp);
}
tcf_unbind_filter(tp, &r->res);
#ifdef CONFIG_NET_CLS_POLICE
@@ -195,6 +198,10 @@
return 0;
}
+static int tcindex_delete(struct tcf_proto *tp, unsigned long arg)
+{
+ return __tcindex_delete(tp, arg, 0);
+}
/*
* There are no parameters for tcindex_init, so we overload tcindex_change
@@ -384,7 +391,7 @@
static int tcindex_destroy_element(struct tcf_proto *tp,
unsigned long arg, struct tcf_walker *walker)
{
- return tcindex_delete(tp,arg);
+ return __tcindex_delete(tp,arg, 1);
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] PKT_SCHED: Fix double locking in tcindex destroy path
2004-12-10 1:49 [PATCH] PKT_SCHED: Fix double locking in tcindex destroy path Thomas Graf
@ 2004-12-10 2:35 ` Patrick McHardy
2004-12-10 12:44 ` Thomas Graf
0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2004-12-10 2:35 UTC (permalink / raw)
To: Thomas Graf; +Cc: David S. Miller, netdev
Thomas Graf wrote:
>tcindex's destroy uses its own delete functions to destroy its
>configuration. The delete function (correctly) takes the qdisc_tree_lock
>to prevent list walkings from happening while removing from the list.
>The qdisc_tree_lock is already held if we're comming via the destroy
>path and thus a double locking takes place.
>
>Patch not needed for 2.4 since both destroy paths are unlocked but will
>be needed if we add them.
>
>
Looks correct, but 2.4 does need this. qdisc_destroy in 2.4 always
happens under dev->queue_lock. For example dev_shutdown from 2.4:
write_lock(&qdisc_tree_lock);
spin_lock_bh(&dev->queue_lock);
...
qdisc_destroy(qdisc);
But please rename "already_locked" to "lock" to make it look less like
a hack to avoid deadlock.
>+ return __tcindex_delete(tp,arg, 1);
>
>
And a space is missing :)
Regards
Patrick
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] PKT_SCHED: Fix double locking in tcindex destroy path
2004-12-10 2:35 ` Patrick McHardy
@ 2004-12-10 12:44 ` Thomas Graf
2004-12-20 23:36 ` David S. Miller
0 siblings, 1 reply; 4+ messages in thread
From: Thomas Graf @ 2004-12-10 12:44 UTC (permalink / raw)
To: Patrick McHardy; +Cc: David S. Miller, netdev
* Patrick McHardy <41B90B81.1020102@trash.net> 2004-12-10 03:35
> Thomas Graf wrote:
>
> >tcindex's destroy uses its own delete functions to destroy its
> >configuration. The delete function (correctly) takes the qdisc_tree_lock
> >to prevent list walkings from happening while removing from the list.
> >The qdisc_tree_lock is already held if we're comming via the destroy
> >path and thus a double locking takes place.
> >
> >Patch not needed for 2.4 since both destroy paths are unlocked but will
> >be needed if we add them.
> >
> >
> Looks correct, but 2.4 does need this. qdisc_destroy in 2.4 always
> happens under dev->queue_lock. For example dev_shutdown from 2.4:
Not 100% correct since cls_api.c drops the lock before calling
tcf_destroy but the patch is indeed needed and it's not a problem
if dev->queue_lock is not taken since it is already unlinked as you
correctly stated in your previous mail. Thanks Patrick.
Patch also applies to 2.4 with some fuzz.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
--- linux-2.6.10-rc2-bk13.orig/net/sched/cls_tcindex.c 2004-11-30 14:01:12.000000000 +0100
+++ linux-2.6.10-rc2-bk13/net/sched/cls_tcindex.c 2004-12-10 13:35:03.000000000 +0100
@@ -160,7 +160,8 @@
}
-static int tcindex_delete(struct tcf_proto *tp, unsigned long arg)
+static int
+__tcindex_delete(struct tcf_proto *tp, unsigned long arg, int lock)
{
struct tcindex_data *p = PRIV(tp);
struct tcindex_filter_result *r = (struct tcindex_filter_result *) arg;
@@ -182,9 +183,11 @@
found:
f = *walk;
- tcf_tree_lock(tp);
+ if (lock)
+ tcf_tree_lock(tp);
*walk = f->next;
- tcf_tree_unlock(tp);
+ if (lock)
+ tcf_tree_unlock(tp);
}
tcf_unbind_filter(tp, &r->res);
#ifdef CONFIG_NET_CLS_POLICE
@@ -195,6 +198,10 @@
return 0;
}
+static int tcindex_delete(struct tcf_proto *tp, unsigned long arg)
+{
+ return __tcindex_delete(tp, arg, 1);
+}
/*
* There are no parameters for tcindex_init, so we overload tcindex_change
@@ -384,7 +391,7 @@
static int tcindex_destroy_element(struct tcf_proto *tp,
unsigned long arg, struct tcf_walker *walker)
{
- return tcindex_delete(tp,arg);
+ return __tcindex_delete(tp, arg, 0);
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] PKT_SCHED: Fix double locking in tcindex destroy path
2004-12-10 12:44 ` Thomas Graf
@ 2004-12-20 23:36 ` David S. Miller
0 siblings, 0 replies; 4+ messages in thread
From: David S. Miller @ 2004-12-20 23:36 UTC (permalink / raw)
To: Thomas Graf; +Cc: kaber, netdev
On Fri, 10 Dec 2004 13:44:45 +0100
Thomas Graf <tgraf@suug.ch> wrote:
> * Patrick McHardy <41B90B81.1020102@trash.net> 2004-12-10 03:35
> > Thomas Graf wrote:
> >
> > >tcindex's destroy uses its own delete functions to destroy its
> > >configuration. The delete function (correctly) takes the qdisc_tree_lock
> > >to prevent list walkings from happening while removing from the list.
> > >The qdisc_tree_lock is already held if we're comming via the destroy
> > >path and thus a double locking takes place.
> > >
> > >Patch not needed for 2.4 since both destroy paths are unlocked but will
> > >be needed if we add them.
> > >
> > >
> > Looks correct, but 2.4 does need this. qdisc_destroy in 2.4 always
> > happens under dev->queue_lock. For example dev_shutdown from 2.4:
>
> Not 100% correct since cls_api.c drops the lock before calling
> tcf_destroy but the patch is indeed needed and it's not a problem
> if dev->queue_lock is not taken since it is already unlinked as you
> correctly stated in your previous mail. Thanks Patrick.
>
> Patch also applies to 2.4 with some fuzz.
>
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
I think the conditional locking is quite ugly, but I can't
suggest something better at this time.
Patch applied to both 2.4.x and 2.6.x, thanks Patrick
and Thomas.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-12-20 23:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-10 1:49 [PATCH] PKT_SCHED: Fix double locking in tcindex destroy path Thomas Graf
2004-12-10 2:35 ` Patrick McHardy
2004-12-10 12:44 ` Thomas Graf
2004-12-20 23:36 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).