From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9F0CC43381 for ; Fri, 8 Mar 2019 17:47:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8F66020449 for ; Fri, 8 Mar 2019 17:47:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726920AbfCHRrn (ORCPT ); Fri, 8 Mar 2019 12:47:43 -0500 Received: from mx1.redhat.com ([209.132.183.28]:48580 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726171AbfCHRrm (ORCPT ); Fri, 8 Mar 2019 12:47:42 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5C7C1307D778; Fri, 8 Mar 2019 17:47:42 +0000 (UTC) Received: from ovpn-204-185.brq.redhat.com (ovpn-204-185.brq.redhat.com [10.40.204.185]) by smtp.corp.redhat.com (Postfix) with ESMTP id F12974141; Fri, 8 Mar 2019 17:47:39 +0000 (UTC) Message-ID: <7494c1b7c4412e8c56f33d216f79e2a84ada34f9.camel@redhat.com> Subject: Re: [PATCH net 03/16] net/sched: act_csum: validate the control action inside init() From: Davide Caratti To: Vlad Buslov Cc: Cong Wang , "David S. Miller" , Jamal Hadi Salim , Jiri Pirko , Paolo Abeni , Linux Kernel Network Developers In-Reply-To: <3a66ab92ac8fd9125f830fb50f104aab4196cf7f.camel@redhat.com> References: <81d683a7b6ea12e69cb9954b9bad84a9d2a2520f.camel@redhat.com> <3a66ab92ac8fd9125f830fb50f104aab4196cf7f.camel@redhat.com> Organization: red hat Content-Type: text/plain; charset="UTF-8" Date: Fri, 08 Mar 2019 18:47:38 +0100 Mime-Version: 1.0 User-Agent: Evolution 3.30.3 (3.30.3-1.fc29) Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Fri, 08 Mar 2019 17:47:42 +0000 (UTC) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Thu, 2019-03-07 at 17:56 +0100, Davide Caratti wrote: > On Thu, 2019-03-07 at 14:51 +0000, Vlad Buslov wrote: > > [...] hi Vlad, > > On Thu 07 Mar 2019 at 15:56, Davide Caratti wrote: > > > so, I think that the answer to your question: > > > > > > On Wed, 2019-02-27 at 17:50 -0800, Cong Wang wrote: > > > > > > > + if (oldchain) > > > > > > > + tcf_chain_put_by_act(oldchain); > > > > > > > > > > > > Do we need to respect RCU grace period here? > > > > > > is a "yes, we do". > > > Now I'm trying something similar to what's done in tcf_bpf_init(), to > > > release the bpf program on 'replace' operations: > > > > > > 365 if (res == ACT_P_CREATED) { > > > 366 tcf_idr_insert(tn, *act); > > > 367 } else { > > > 368 /* make sure the program being replaced is no longer executing */ > > > 369 synchronize_rcu(); > > > 370 tcf_bpf_cfg_cleanup(&old); > > > 371 } > > > > > > do you think it's worth going in this direction? > > > thank you in advance! > > > > Hi Davide, > > > > Using synchronize_rcu() will impact rule update rate performance and I > > don't think we really need it. ... and moreover it doesn't seem to fix anything with my KASAN kernel when the action is replaced with netperf running. I still see the same splat in tcf_action_goto_chain_exec(). Probably the reason is that the "bad pointer" is chain, not chain->filter. I will experiment rcu-ifiying 'goto_chain', like you proposed below. > > I don't see any reason why we can't just > > update chain to be rcu-friendly. Data path is already rcu_read > > protected, in fact it only needs chain to read rcu-pointer to tp list > > when jumping to chain. So it should be enough to do the following: > > > > 1) Update tcf_chain_destroy() to free chain after rcu grace period. > > > > 2) Convert tc_action->goto_chain to be a proper rcu pointer. (mark it > > with "__rcu", assign with rcu_assign_pointer(), read it with > > rcu_dereference{_bh}(), etc.) > > it seems feasible, with some attention points: > > 1) replacing the 'goto chain' in the init() function will then become > > rcu_swap_protected(p->tcf_goto_chain, newchain, > lockdep_is_held(&p->tcf_lock)); > > with p->tcf_lock held, and we will have to do this unconditionally also on > non-update paths (it should have the same cost in CPU cycles as the rcu > init / assign code). > Unlike the synchronize_rcu(), that would only happen only in the update > path of goto_chain actions, this is a fee that we pay in every path > > 2) in tcf_action_goto_chain_exec(), we would have two "cascaded" > rcu_dereference(), action->chain and chain->filter. Is this design > acceptable? thanks! -- davide