[patch 1/1][NETNS] resend: fix net released by rcu callback

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [patch 1/1][NETNS] resend:  fix net released by rcu callback
       [not found] <20071030162139.954791193@mai.toulouse-stg.fr.ibm.com>
@ 2007-10-30 16:21 ` Daniel Lezcano
  2007-10-30 20:47   ` Eric W. Biederman
  2007-10-30 22:39   ` David Miller
  0 siblings, 2 replies; 5+ messages in thread
From: Daniel Lezcano @ 2007-10-30 16:21 UTC (permalink / raw)
  To: davem-fT/PcQaiUtIeIZ0/mPfg9Q, ebiederm-aS9lmoZGLiVWk0Htik3J/w
  Cc: containers-qjLDD68F18O7TbgM5vRIOg, netdev-u79uwXL29TY76Z2rM5mHXA

[-- Attachment #1: fix-release-net-by-rcu.patch --]
[-- Type: text/plain, Size: 974 bytes --]

When a network namespace reference is held by a network subsystem,
and when this reference is decremented in a rcu update callback, we
must ensure that there is no more outstanding rcu update before 
trying to free the network namespace.

In the normal case, the rcu_barrier is called when the network namespace
is exiting in the cleanup_net function.

But when a network namespace creation fails, and the subsystems are
undone (like the cleanup), the rcu_barrier is missing.

This patch adds the missing rcu_barrier.

Signed-off-by: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
---
 net/core/net_namespace.c |    2 ++
 1 file changed, 2 insertions(+)

Index: net-2.6/net/core/net_namespace.c
===================================================================
--- net-2.6.orig/net/core/net_namespace.c
+++ net-2.6/net/core/net_namespace.c
@@ -112,6 +112,8 @@ out_undo:
 		if (ops->exit)
 			ops->exit(net);
 	}
+
+	rcu_barrier();
 	goto out;
 }

-- 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [patch 1/1][NETNS] resend:  fix net released by rcu callback
  2007-10-30 16:21 ` [patch 1/1][NETNS] resend: fix net released by rcu callback Daniel Lezcano
@ 2007-10-30 20:47   ` Eric W. Biederman
  2007-10-30 21:43     ` Daniel Lezcano
  2007-10-30 22:39   ` David Miller
  1 sibling, 1 reply; 5+ messages in thread
From: Eric W. Biederman @ 2007-10-30 20:47 UTC (permalink / raw)
  To: Daniel Lezcano; +Cc: davem, containers, netdev

Daniel Lezcano <dlezcano@fr.ibm.com> writes:

> When a network namespace reference is held by a network subsystem,
> and when this reference is decremented in a rcu update callback, we
> must ensure that there is no more outstanding rcu update before 
> trying to free the network namespace.
>
> In the normal case, the rcu_barrier is called when the network namespace
> is exiting in the cleanup_net function.
>
> But when a network namespace creation fails, and the subsystems are
> undone (like the cleanup), the rcu_barrier is missing.
>
> This patch adds the missing rcu_barrier.

Looks sane.  Did you have any specific failures related to this or was
this something that was just caught in review?

Eric

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [patch 1/1][NETNS] resend:  fix net released by rcu callback
  2007-10-30 20:47   ` Eric W. Biederman
@ 2007-10-30 21:43     ` Daniel Lezcano
  2007-10-30 22:34       ` Eric W. Biederman
  0 siblings, 1 reply; 5+ messages in thread
From: Daniel Lezcano @ 2007-10-30 21:43 UTC (permalink / raw)
  To: Eric W. Biederman; +Cc: davem, containers, netdev

Eric W. Biederman wrote:
> Daniel Lezcano <dlezcano@fr.ibm.com> writes:
> 
>> When a network namespace reference is held by a network subsystem,
>> and when this reference is decremented in a rcu update callback, we
>> must ensure that there is no more outstanding rcu update before 
>> trying to free the network namespace.
>>
>> In the normal case, the rcu_barrier is called when the network namespace
>> is exiting in the cleanup_net function.
>>
>> But when a network namespace creation fails, and the subsystems are
>> undone (like the cleanup), the rcu_barrier is missing.
>>
>> This patch adds the missing rcu_barrier.
> 
> Looks sane.  Did you have any specific failures related to this or was
> this something that was just caught in review?

Yes, I had this problem when doing ipv6 isolation for netns49. The ipv6 
subsystem creation failed and the different subsystem where rollbacked 
in the setup_net function.
When the network namespace was about to be freed in free_net function, I 
had the error with an usage refcount different from zero.
It appears that was coming from core/neighbour.c

neigh_parms_release
  -> neigh_rcu_free_parms
    -> neigh_parms_put
      -> neigh_parms_destroy
        -> release_net

The free_net function was called before rcu callback neigh_rcu_free_parms.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [patch 1/1][NETNS] resend:  fix net released by rcu callback
  2007-10-30 21:43     ` Daniel Lezcano
@ 2007-10-30 22:34       ` Eric W. Biederman
  0 siblings, 0 replies; 5+ messages in thread
From: Eric W. Biederman @ 2007-10-30 22:34 UTC (permalink / raw)
  To: Daniel Lezcano; +Cc: davem, containers, netdev

Daniel Lezcano <dlezcano@fr.ibm.com> writes:

> Yes, I had this problem when doing ipv6 isolation for netns49. The ipv6
> subsystem creation failed and the different subsystem where rollbacked in the
> setup_net function.
> When the network namespace was about to be freed in free_net function, I had the
> error with an usage refcount different from zero.
> It appears that was coming from core/neighbour.c
>
> neigh_parms_release
>  -> neigh_rcu_free_parms
>    -> neigh_parms_put
>      -> neigh_parms_destroy
>        -> release_net
>
> The free_net function was called before rcu callback neigh_rcu_free_parms.

Ok. Cool.  It is good to know that this patch was tested.  These kinds
of subtle fixes are always more solid when you can actually test them.

Eric

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [patch 1/1][NETNS] resend: fix net released by rcu callback
  2007-10-30 16:21 ` [patch 1/1][NETNS] resend: fix net released by rcu callback Daniel Lezcano
  2007-10-30 20:47   ` Eric W. Biederman
@ 2007-10-30 22:39   ` David Miller
  1 sibling, 0 replies; 5+ messages in thread
From: David Miller @ 2007-10-30 22:39 UTC (permalink / raw)
  To: dlezcano; +Cc: ebiederm, containers, netdev

From: Daniel Lezcano <dlezcano@fr.ibm.com>
Date: Tue, 30 Oct 2007 17:21:40 +0100

> When a network namespace reference is held by a network subsystem,
> and when this reference is decremented in a rcu update callback, we
> must ensure that there is no more outstanding rcu update before 
> trying to free the network namespace.
> 
> In the normal case, the rcu_barrier is called when the network namespace
> is exiting in the cleanup_net function.
> 
> But when a network namespace creation fails, and the subsystems are
> undone (like the cleanup), the rcu_barrier is missing.
> 
> This patch adds the missing rcu_barrier.
> 
> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Applied, thanks Daniel.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2007-10-30 22:39 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20071030162139.954791193@mai.toulouse-stg.fr.ibm.com>
2007-10-30 16:21 ` [patch 1/1][NETNS] resend: fix net released by rcu callback Daniel Lezcano
2007-10-30 20:47   ` Eric W. Biederman
2007-10-30 21:43     ` Daniel Lezcano
2007-10-30 22:34       ` Eric W. Biederman
2007-10-30 22:39   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).