lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YYlfI4UgpEsMt5QI@unreal>
Date:   Mon, 8 Nov 2021 19:32:19 +0200
From:   Leon Romanovsky <leon@...nel.org>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Ido Schimmel <idosch@...sch.org>, Jiri Pirko <jiri@...nulli.us>,
        "David S . Miller" <davem@...emloft.net>,
        Jiri Pirko <jiri@...dia.com>, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, edwin.peer@...adcom.com
Subject: Re: [PATCH net-next] devlink: Require devlink lock during device
 reload

On Mon, Nov 08, 2021 at 08:09:18AM -0800, Jakub Kicinski wrote:
> On Sun, 7 Nov 2021 19:54:20 +0200 Leon Romanovsky wrote:
> > > >  (3) should we let drivers take refs on the devlink instance?  
> > > 
> > > I think it's fine mainly because I don't expect it to be used by too
> > > many drivers other than netdevsim which is somewhat special. Looking at
> > > the call sites of devlink_get() in netdevsim, it is only called from
> > > places (debugfs and trap workqueue) that shouldn't be present in real
> > > drivers.  
> > 
> > Sorry, I'm obligated to ask. In which universe is it ok to create new
> > set of API that no real driver should use?
> 
> I think it's common sense. We're just exporting something to make our
> lives easier somewhere else in the three. Do you see a way in which
> taking refs on devlink can help out-of-tree code?

I didn't go such far in my thoughts. My main concern is that you ore
exposing broken devlink internals in the hope that drivers will do better
locking. I wanted to show that internal locking should be fixed first.

https://lore.kernel.org/netdev/cover.1636390483.git.leonro@nvidia.com/T/#m093f067d0cafcbe6c05ed469bcfd708dd1eb7f36

While this series fixes locking and after all my changes devlink started
to be more secure, that works correctly for simple drivers. However for
net namespace aware drivers it still stays DOA.

As you can see, devlink reload holds pernet_ops_rwsem, which drivers should
take too in order to unregister_netdevice_notifier.

So for me, the difference between netdevsim and real device (mlx5) is
too huge to really invest time into netdevsim-centric API, because it
won't solve any of real world problems.

sudo ip netns add n1
sudo devlink dev reload pci/0000:00:09.0 netns n1
sudo ip netns del n1

[  463.357081] ======================================================
[  463.357309] WARNING: possible circular locking dependency detected
[  463.357452] 5.15.0-rc7+ #286 Not tainted
[  463.357532] ------------------------------------------------------
[  463.357668] kworker/u16:1/9 is trying to acquire lock:
[  463.357777] ffff888011694648 (&devlink->lock){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x1b4/0x2a0
[  463.358006] 
[  463.358006] but task is already holding lock:
[  463.358150] ffffffff83602a50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9c/0x8e0
[  463.358334] 
[  463.358334] which lock already depends on the new lock.
[  463.358334] 
[  463.358923] 
[  463.358923] the existing dependency chain (in reverse order) is:
[  463.359093] 
[  463.359093] -> #3 (pernet_ops_rwsem){++++}-{3:3}:
[  463.359291]        down_write+0x92/0x150
[  463.359386]        unregister_netdevice_notifier+0x1e/0x150
[  463.359519]        mlx5_ib_roce_cleanup+0x23a/0x480 [mlx5_ib]
[  463.359709]        mlx5r_remove+0xb4/0x130 [mlx5_ib]
[  463.359873]        auxiliary_bus_remove+0x52/0x70
[  463.359997]        __device_release_driver+0x334/0x660
[  463.360110]        device_release_driver+0x26/0x40
[  463.360225]        bus_remove_device+0x2a5/0x560
[  463.360331]        device_del+0x489/0xb80
[  463.360423]        mlx5_detach_device+0x14b/0x2c0 [mlx5_core]
[  463.360677]        mlx5_unload_one+0x2d/0xa0 [mlx5_core]
[  463.360849]        mlx5_devlink_reload_down+0x1be/0x360 [mlx5_core]
[  463.361019]        devlink_reload+0x48b/0x610
[  463.361108]        devlink_nl_cmd_reload+0x5c3/0xf90
[  463.361192]        genl_family_rcv_msg_doit+0x1e9/0x2f0
[  463.361288]        genl_rcv_msg+0x27f/0x4a0
[  463.361378]        netlink_rcv_skb+0x11e/0x340
[  463.361470]        genl_rcv+0x24/0x40
[  463.361538]        netlink_unicast+0x433/0x700
[  463.361627]        netlink_sendmsg+0x705/0xbe0
[  463.361720]        sock_sendmsg+0xb0/0xe0
[  463.361792]        __sys_sendto+0x192/0x240
[  463.361855]        __x64_sys_sendto+0xdc/0x1b0
[  463.361953]        do_syscall_64+0x3d/0x90
[  463.362016]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[  463.362108] 
[  463.362108] -> #2 (mlx5_intf_mutex){+.+.}-{3:3}:
[  463.362249]        __mutex_lock+0x150/0x15c0
[  463.362340]        mlx5_lag_add_mdev+0x36/0x5e0 [mlx5_core]
[  463.362490]        mlx5_load+0x155/0x1c0 [mlx5_core]
[  463.362615]        mlx5_init_one+0x2d5/0x400 [mlx5_core]
[  463.362751]        probe_one+0x430/0x680 [mlx5_core]
[  463.362874]        pci_device_probe+0x2a0/0x4a0
[  463.362996]        really_probe+0x1cc/0xba0
[  463.363066]        __driver_probe_device+0x18f/0x470
[  463.363147]        driver_probe_device+0x49/0x120
[  463.363258]        __driver_attach+0x1ce/0x400
[  463.363358]        bus_for_each_dev+0x11e/0x1a0
[  463.363462]        bus_add_driver+0x309/0x570
[  463.363558]        driver_register+0x20f/0x390
[  463.363661]        value_read+0x62/0x160 [ib_core]
[  463.363821]        do_one_initcall+0xd5/0x400
[  463.363929]        do_init_module+0x1c8/0x760
[  463.364035]        load_module+0x7d9d/0xa4b0
[  463.364133]        __do_sys_finit_module+0x118/0x1a0
[  463.364232]        do_syscall_64+0x3d/0x90
[  463.364321]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[  463.364422] 
[  463.364422] -> #1 (&dev->intf_state_mutex){+.+.}-{3:3}:
[  463.364554]        __mutex_lock+0x150/0x15c0
[  463.364658]        mlx5_unload_one+0x1e/0xa0 [mlx5_core]
[  463.364787]        mlx5_devlink_reload_down+0x1be/0x360 [mlx5_core]
[  463.364946]        devlink_reload+0x48b/0x610
[  463.365040]        devlink_nl_cmd_reload+0x5c3/0xf90
[  463.365137]        genl_family_rcv_msg_doit+0x1e9/0x2f0
[  463.365245]        genl_rcv_msg+0x27f/0x4a0
[  463.365310]        netlink_rcv_skb+0x11e/0x340
[  463.365404]        genl_rcv+0x24/0x40
[  463.365477]        netlink_unicast+0x433/0x700
[  463.365576]        netlink_sendmsg+0x705/0xbe0
[  463.365666]        sock_sendmsg+0xb0/0xe0
[  463.365746]        __sys_sendto+0x192/0x240
[  463.365817]        __x64_sys_sendto+0xdc/0x1b0
[  463.365907]        do_syscall_64+0x3d/0x90
[  463.365980]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[  463.366074] 
[  463.366074] -> #0 (&devlink->lock){+.+.}-{3:3}:
[  463.366209]        __lock_acquire+0x2999/0x5a40
[  463.366322]        lock_acquire+0x1a9/0x4a0
[  463.366401]        __mutex_lock+0x150/0x15c0
[  463.366499]        devlink_pernet_pre_exit+0x1b4/0x2a0
[  463.366598]        cleanup_net+0x372/0x8e0
[  463.366674]        process_one_work+0x8f5/0x1580
[  463.366779]        worker_thread+0x58d/0x1330
[  463.366881]        kthread+0x379/0x450
[  463.366952]        ret_from_fork+0x1f/0x30
[  463.367020] 
[  463.367020] other info that might help us debug this:
[  463.367020] 
[  463.367173] Chain exists of:
[  463.367173]   &devlink->lock --> mlx5_intf_mutex --> pernet_ops_rwsem
[  463.367173] 
[  463.367360]  Possible unsafe locking scenario:
[  463.367360] 
[  463.367478]        CPU0                    CPU1
[  463.367574]        ----                    ----
[  463.367663]   lock(pernet_ops_rwsem);
[  463.367748]                                lock(mlx5_intf_mutex);
[  463.367874]                                lock(pernet_ops_rwsem);
[  463.368027]   lock(&devlink->lock);
[  463.368098] 
[  463.368098]  *** DEADLOCK ***
[  463.368098] 
[  463.368233] 3 locks held by kworker/u16:1/9:
[  463.368347]  #0: ffff888005df8938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x80a/0x1580
[  463.371930]  #1: ffff8880059c7db0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x837/0x1580
[  463.372376]  #2: ffffffff83602a50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9c/0x8e0
[  463.372638] 
[  463.372638] stack backtrace:
[  463.372804] CPU: 3 PID: 9 Comm: kworker/u16:1 Not tainted 5.15.0-rc7+ #286
[  463.372965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
[  463.373258] Workqueue: netns cleanup_net
[  463.373366] Call Trace:
[  463.373444]  dump_stack_lvl+0x45/0x59
[  463.373545]  check_noncircular+0x268/0x310
[  463.373639]  ? print_circular_bug+0x460/0x460
[  463.373767]  ? mark_lock+0x104/0x2e30
[  463.373899]  ? find_busiest_group+0x1bc0/0x27a0
[  463.374083]  ? alloc_chain_hlocks+0x1e6/0x5a0
[  463.374254]  __lock_acquire+0x2999/0x5a40
[  463.374344]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[  463.374480]  ? __lock_acquire+0xbec/0x5a40
[  463.374585]  lock_acquire+0x1a9/0x4a0
[  463.374693]  ? devlink_pernet_pre_exit+0x1b4/0x2a0
[  463.374817]  ? lock_release+0x6c0/0x6c0
[  463.374905]  ? lock_is_held_type+0x98/0x110
[  463.374996]  ? lock_is_held_type+0x98/0x110
[  463.375089]  __mutex_lock+0x150/0x15c0
[  463.375178]  ? devlink_pernet_pre_exit+0x1b4/0x2a0
[  463.375291]  ? lock_downgrade+0x6d0/0x6d0
[  463.375381]  ? devlink_pernet_pre_exit+0x1b4/0x2a0
[  463.375507]  ? lock_is_held_type+0x98/0x110
[  463.375602]  ? find_held_lock+0x2d/0x110
[  463.375698]  ? mutex_lock_io_nested+0x1400/0x1400
[  463.375848]  ? lock_release+0x1f9/0x6c0
[  463.375978]  ? devlink_pernet_pre_exit+0x17e/0x2a0
[  463.376105]  ? lock_downgrade+0x6d0/0x6d0
[  463.376195]  ? lock_is_held_type+0x98/0x110
[  463.376283]  ? find_held_lock+0x2d/0x110
[  463.376379]  ? devlink_pernet_pre_exit+0x1b4/0x2a0
[  463.376529]  devlink_pernet_pre_exit+0x1b4/0x2a0
[  463.376675]  ? devlink_nl_cmd_reload+0xf90/0xf90
[  463.376790]  ? mark_held_locks+0x9f/0xe0
[  463.376887]  ? lockdep_hardirqs_on_prepare+0x273/0x3e0
[  463.377001]  ? __local_bh_enable_ip+0xa2/0x100
[  463.377148]  cleanup_net+0x372/0x8e0
[  463.377238]  ? unregister_pernet_device+0x70/0x70
[  463.377353]  ? lock_is_held_type+0x98/0x110
[  463.377467]  process_one_work+0x8f5/0x1580
[  463.377560]  ? lock_release+0x6c0/0x6c0
[  463.377647]  ? pwq_dec_nr_in_flight+0x230/0x230
[  463.377771]  ? rwlock_bug.part.0+0x90/0x90
[  463.377891]  worker_thread+0x58d/0x1330
[  463.377987]  ? process_one_work+0x1580/0x1580
[  463.378102]  kthread+0x379/0x450
[  463.378193]  ? _raw_spin_unlock_irq+0x24/0x30
[  463.378326]  ? set_kthread_struct+0x100/0x100
[  463.378457]  ret_from_fork+0x1f/0x30

> 
> BTW we can put the symbols in a namespace or under a kconfig, to aid
> reviews of drivers using them if you want.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ