From: Eric Dumazet <eric.dumazet@gmail.com>
To: Michal Ostrowski <mostrows@gmail.com>
Cc: Cyrill Gorcunov <gorcunov@gmail.com>,
Denys Fedoryschenko <denys@visp.net.lb>,
netdev <netdev@vger.kernel.org>,
linux-ppp@vger.kernel.org, paulus@samba.org,
mostrows@earthlink.net
Subject: Re: kernel panic in latest vanilla stable, while using nameif with "alive" pppoe interfaces
Date: Mon, 19 Oct 2009 20:44:52 +0200 [thread overview]
Message-ID: <4ADCB3A4.8060408@gmail.com> (raw)
In-Reply-To: <e6d1cecd0910191107h899a4ffs588f2413093dfb4b@mail.gmail.com>
Michal Ostrowski a écrit :
> On Mon, Oct 19, 2009 at 12:12 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>> Michal Ostrowski a écrit :
>>> Here's a bigger patch that just gets rid of flush_lock altogether.
>>>
>>> We were seeing oopses due to net namespaces going away while we were using
>>> them, which turns out is simply due to the fact that pppoew wasn't claiming ref
>>> counts properly.
>>>
>>> Fixing this requires that adding and removing entries to the per-net hash-table
>>> requires incrementing and decrementing the ref count. This also allows us to
>>> get rid of the flush_lock since we can now depend on the existence of
>>> "pn->hash_lock".
>>>
>>> We also have to be careful when flushing devices that removal of a hash table
>>> entry may bring the net namespace refcount to 0.
>>>
>> Your patch is mangled (tabulation -> white spaces),
>
> Patch mangling was due to mailer interactions, I'll attach a clean
> version here, no more inlining.
>
>> and I dont believe namespace refcount can reach 0 inside pppoe_flush_dev(),
>> it would be a bug from core network code.
>>
>
> From the original oops I was able to deduce that the namespace somehow
> managed to get destroyed during the interval where we dropped locks.
> If that's not due to the release_sock() call in pppoe_flush_dev()
> triggering a cleanup then I'd have to assume that that it's due to a
> secondary actor closing the socket in parallel, but that in turn would
> point to issues with the flush_lock. Having said that the thrust of
> this patch remains valid; it just means I don't need to inc the ref
> count in pppoe_flush_dev().
>
> Do you agree?
>
Not really :)
I dont believe you should care of namespace, and/or mess with its refcount at all.
Please dont use maybe_get_net() : This function should not ever be used in drivers/net
You can add a BUG_ON(dev_net(xxxx)->count <= 0) if you really want, but if this
assertion is false, this is not because of pppoe.
lock_sock(sk);
@@ -653,10 +642,12 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
if (stage_session(po->pppoe_pa.sid)) {
pppox_unbind_sock(sk);
if (po->pppoe_dev) {
- pn = pppoe_pernet(dev_net(po->pppoe_dev));
+ struct net *old = dev_net(po->pppoe_dev);
+ pn = pppoe_pernet(old);
delete_item(pn, po->pppoe_pa.sid,
po->pppoe_pa.remote, po->pppoe_ifindex);
dev_put(po->pppoe_dev);
+ put_net(old);
}
memset(sk_pppox(po) + 1, 0,
sizeof(struct pppox_sock) - sizeof(struct sock));
There is still a race here, since you do a dev_put(po->ppoe_dev); without any lock held
So pppoe_flush_dev() can run concurently and dev_put(po->ppoe_dev) at same time.
In fact pppoe_flush_dev() can change po->ppoe_dev anytime, so you should check
all occurences of po->ppoe_dev use in the code and check if appropriate locking is done.
pppoe_rcv_core() is not safe
pppoe_ioctl() is not safe
pppoe_sendmsg() is not safe
__pppoe_xmit() is not safe
next prev parent reply other threads:[~2009-10-19 18:44 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-18 21:02 kernel panic in latest vanilla stable, while using nameif with "alive" pppoe interfaces Denys Fedoryschenko
2009-10-19 3:34 ` Michal Ostrowski
2009-10-19 11:36 ` Denys Fedoryschenko
2009-10-19 12:01 ` Denys Fedoryschenko
2009-10-19 12:36 ` Eric Dumazet
2009-10-19 13:19 ` Michal Ostrowski
2009-10-19 15:50 ` Cyrill Gorcunov
2009-10-19 16:05 ` Michal Ostrowski
2009-10-19 17:12 ` Eric Dumazet
2009-10-19 18:07 ` Michal Ostrowski
2009-10-19 18:44 ` Eric Dumazet [this message]
2009-10-19 19:29 ` Cyrill Gorcunov
2009-10-19 20:54 ` Michal Ostrowski
2009-10-20 3:42 ` Eric Dumazet
2009-10-20 5:02 ` Cyrill Gorcunov
2009-10-20 5:05 ` Eric Dumazet
2009-10-20 5:17 ` Cyrill Gorcunov
2009-10-20 6:04 ` Cyrill Gorcunov
2009-10-19 20:57 ` Cyrill Gorcunov
2009-10-19 21:22 ` Michal Ostrowski
2009-10-20 0:08 ` Denys Fedoryschenko
2009-10-20 3:04 ` Cyrill Gorcunov
2009-10-20 11:36 ` Denys Fedoryschenko
2009-10-20 11:50 ` Cyrill Gorcunov
2009-10-20 11:52 ` Denys Fedoryschenko
2009-10-20 13:42 ` Cyrill Gorcunov
2009-10-20 13:50 ` Denys Fedoryschenko
2009-10-20 13:59 ` Cyrill Gorcunov
2009-10-20 14:20 ` Denys Fedoryschenko
2009-10-20 14:23 ` Cyrill Gorcunov
2009-10-20 19:08 ` Cyrill Gorcunov
2009-10-23 15:18 ` Cyrill Gorcunov
2009-10-25 18:10 ` Denys Fedoryschenko
2009-10-20 2:28 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ADCB3A4.8060408@gmail.com \
--to=eric.dumazet@gmail.com \
--cc=denys@visp.net.lb \
--cc=gorcunov@gmail.com \
--cc=linux-ppp@vger.kernel.org \
--cc=mostrows@earthlink.net \
--cc=mostrows@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).