From: Vlad Buslov <vladbu@mellanox.com>
To: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Vlad Buslov <vladbu@mellanox.com>,
Davide Caratti <dcaratti@redhat.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Cong Wang <xiyou.wangcong@gmail.com>,
Jiri Pirko <jiri@resnulli.us>, Roman Mashak <mrv@mojatatu.com>
Subject: Re: [PATCH net 1/2] net/sched: cls_u32: fix refcount leak in the error path of u32_change()
Date: Thu, 19 Dec 2019 16:51:17 +0000 [thread overview]
Message-ID: <vbfpngk2r9a.fsf@mellanox.com> (raw)
In-Reply-To: <63fe479d-51cd-eff4-eb13-f0211f694366@mojatatu.com>
On Thu 19 Dec 2019 at 18:33, Jamal Hadi Salim <jhs@mojatatu.com> wrote:
> On 2019-12-19 11:15 a.m., Vlad Buslov wrote:
>
>
>> Hi Jamal,
>>
>> Just destroying tp unconditionally will break unlocked case (flower)
>> because of possibility of concurrent insertion of new filters to the
>> same tp instance.
>>
>
> I was worried about that. So rtnlheld doesnt help?
Rtnl_held flag can be set for multiple other reasons besides
locked/unlocked classifier implementation (parent Qdisc doesn't support
unlocked execution, retry in tc_new_tfilter(), etc.).
>
>> The root cause here is precisely described by Davide in cover letter -
>> to accommodate concurrent insertions cls API verifies that tp instance
>> is empty before deleting it and since there is no cls ops to do it
>> directly, it relies on checking that walk() stopped without accessing
>> any filters instead. Unfortunately, somw classifier implementations
>> assumed that there is always at least one filter on classifier (I fixed
>> several of these) and now Davide also uncovered this leak in u32.
>>
>> As a simpler solution to fix such issues once and for all I can propose
>> not to perform the walk() check at all and assume that any classifier
>> implementation that doesn't have TCF_PROTO_OPS_DOIT_UNLOCKED flag set is
>> empty in tcf_chain_tp_delete_empty() (there is no possibility of
>> concurrent insertion when synchronizing with rtnl).
>>
>> WDYT?
>
> IMO that would be a cleaner fix give walk() is used for other
> operations and this is a core cls issue.
> Also: documenting what it takes for a classifier to support
> TCF_PROTO_OPS_DOIT_UNLOCKED is useful (you may have done this
> in some commit already).
Well, idea was not to have classifier implement any specific API. If
classifier has TCF_PROTO_OPS_DOIT_UNLOCKED, then cls API doesn't obtain
rtnl and it is up to classifier to implement whatever locking necessary
internally. However, my approach to checking for empty classifier
instance uncovered multiple bugs and inconsistencies in classifier
implementations of ops->walk().
So I guess the requirement now is for unlocked classifier to have sane
implementation of ops->walk() that doesn't assume >1 filters and
correctly handles the case when insertion of first filter after
classifier instance is created fails.
>
> cheers,
> jamal
next prev parent reply other threads:[~2019-12-19 16:52 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-17 23:00 [PATCH net 0/2] net/sched: cls_u32: fix refcount leak Davide Caratti
2019-12-17 23:00 ` [PATCH net 1/2] net/sched: cls_u32: fix refcount leak in the error path of u32_change() Davide Caratti
2019-12-18 14:23 ` Jamal Hadi Salim
2019-12-19 13:32 ` Jamal Hadi Salim
2019-12-19 16:15 ` Vlad Buslov
2019-12-19 16:33 ` Jamal Hadi Salim
2019-12-19 16:51 ` Vlad Buslov [this message]
2019-12-19 17:01 ` Vlad Buslov
2019-12-20 12:11 ` Jamal Hadi Salim
2019-12-20 12:25 ` Jamal Hadi Salim
2019-12-20 13:29 ` Jamal Hadi Salim
2019-12-20 14:04 ` Vlad Buslov
2019-12-20 14:57 ` Jamal Hadi Salim
2019-12-20 15:20 ` Davide Caratti
2019-12-20 15:23 ` Jamal Hadi Salim
2019-12-20 13:21 ` Davide Caratti
2019-12-20 13:54 ` Jamal Hadi Salim
2019-12-17 23:00 ` [PATCH net 2/2] tc-testing: initial tdc selftests for cls_u32 Davide Caratti
2019-12-20 1:53 ` [PATCH net 0/2] net/sched: cls_u32: fix refcount leak David Miller
2019-12-20 12:14 ` Jamal Hadi Salim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=vbfpngk2r9a.fsf@mellanox.com \
--to=vladbu@mellanox.com \
--cc=davem@davemloft.net \
--cc=dcaratti@redhat.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=mrv@mojatatu.com \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).