From: Alexandre Ferrieux <alexandre.ferrieux@gmail.com>
To: Cong Wang <xiyou.wangcong@gmail.com>,
Alexandre Ferrieux <alexandre.ferrieux@gmail.com>
Cc: Jakub Kicinski <kuba@kernel.org>,
edumazet@google.com, jhs@mojatatu.com, jiri@resnulli.us,
horms@kernel.org, netdev@vger.kernel.org
Subject: Re: RFC: chasing all idr_remove() misses
Date: Tue, 19 Nov 2024 07:46:32 +0100 [thread overview]
Message-ID: <96ec3de5-76a8-4d72-b8d7-feedff4a3af8@orange.com> (raw)
In-Reply-To: <ZzwLU6JHOTmZQ4oS@pop-os.localdomain>
On 19/11/2024 04:51, Cong Wang wrote:
> On Thu, Nov 14, 2024 at 07:24:27PM +0100, Alexandre Ferrieux wrote:
>> Hi,
>>
>> In the recent fix of u32's IDR leaks, one side remark is that the problem went
>> unnoticed for 7 years due to the NULL result from idr_remove() being ignored at
>> this call site.
>> [...]
>> So, unless we have reasons to think cls_u32 was the only place where two ID
>> encodings might lend themselves to confusion, I'm wondering if it wouldn't make
>> sense to chase the issue more systematically:
>>
>> - either with WARN_ON[_ONCE](idr_remove()==NULL) on each call site individually
>> (a year-long endeavor implying tens of maintainers)
>>
>> - or with WARN_ON[_ONCE] just before returning NULL within idr_remove() itself,
>> or even radix_tree_delete_item().
>>
>> Opinions ?
>
> Yeah, or simply WARN_ON uncleaned IDR in idr_destroy(), which is a more
> common pattern.
No, in the general case, idr_destroy() only happens at the end of life of an IDR
set. Some structures in the kernel have a long lifetime, which means possibly
splipping out of fuzzers' scrutiny.
As an illustration, in cls_u32 itself, in the 2048-delete-add loop I use in the
tdc test committed with the fix, idr_destroy(&tp_c->handle_idr) is called only
at the "cleanup" step, when deleting the interface.
You can only imagine, in the hundreds of other uses of IDR, the "miss rate" that
would follow from targeting idr_destroy() instead of idr_remove().
next prev parent reply other threads:[~2024-11-19 6:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-10 17:28 [PATCH net v7] net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes Alexandre Ferrieux
2024-11-10 18:14 ` Victor Nogueira
2024-11-13 5:00 ` patchwork-bot+netdevbpf
2024-11-14 18:24 ` RFC: chasing all idr_remove() misses Alexandre Ferrieux
2024-11-19 3:51 ` Cong Wang
2024-11-19 3:57 ` Cong Wang
2024-11-19 6:46 ` Alexandre Ferrieux [this message]
2024-11-22 21:32 ` Cong Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=96ec3de5-76a8-4d72-b8d7-feedff4a3af8@orange.com \
--to=alexandre.ferrieux@gmail.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).