| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Nov 2021 19:32:19 +0200
From: Leon Romanovsky <leon@...nel.org>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Ido Schimmel <idosch@...sch.org>, Jiri Pirko <jiri@...nulli.us>,
"David S . Miller" <davem@...emloft.net>,
Jiri Pirko <jiri@...dia.com>, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, edwin.peer@...adcom.com
Subject: Re: [PATCH net-next] devlink: Require devlink lock during device
reload
On Mon, Nov 08, 2021 at 08:09:18AM -0800, Jakub Kicinski wrote:
> On Sun, 7 Nov 2021 19:54:20 +0200 Leon Romanovsky wrote:
> > > > (3) should we let drivers take refs on the devlink instance?
> > >
> > > I think it's fine mainly because I don't expect it to be used by too
> > > many drivers other than netdevsim which is somewhat special. Looking at
> > > the call sites of devlink_get() in netdevsim, it is only called from
> > > places (debugfs and trap workqueue) that shouldn't be present in real
> > > drivers.
> >
> > Sorry, I'm obligated to ask. In which universe is it ok to create new
> > set of API that no real driver should use?
>
> I think it's common sense. We're just exporting something to make our
> lives easier somewhere else in the three. Do you see a way in which
> taking refs on devlink can help out-of-tree code?
I didn't go such far in my thoughts. My main concern is that you ore
exposing broken devlink internals in the hope that drivers will do better
locking. I wanted to show that internal locking should be fixed first.
https://lore.kernel.org/netdev/cover.1636390483.git.leonro@nvidia.com/T/#m093f067d0cafcbe6c05ed469bcfd708dd1eb7f36
While this series fixes locking and after all my changes devlink started
to be more secure, that works correctly for simple drivers. However for
net namespace aware drivers it still stays DOA.
As you can see, devlink reload holds pernet_ops_rwsem, which drivers should
take too in order to unregister_netdevice_notifier.
So for me, the difference between netdevsim and real device (mlx5) is
too huge to really invest time into netdevsim-centric API, because it
won't solve any of real world problems.
sudo ip netns add n1
sudo devlink dev reload pci/0000:00:09.0 netns n1
sudo ip netns del n1
[ 463.357081] ======================================================
[ 463.357309] WARNING: possible circular locking dependency detected
[ 463.357452] 5.15.0-rc7+ #286 Not tainted
[ 463.357532] ------------------------------------------------------
[ 463.357668] kworker/u16:1/9 is trying to acquire lock:
[ 463.357777] ffff888011694648 (&devlink->lock){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x1b4/0x2a0
[ 463.358006]
[ 463.358006] but task is already holding lock:
[ 463.358150] ffffffff83602a50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9c/0x8e0
[ 463.358334]
[ 463.358334] which lock already depends on the new lock.
[ 463.358334]
[ 463.358923]
[ 463.358923] the existing dependency chain (in reverse order) is:
[ 463.359093]
[ 463.359093] -> #3 (pernet_ops_rwsem){++++}-{3:3}:
[ 463.359291] down_write+0x92/0x150
[ 463.359386] unregister_netdevice_notifier+0x1e/0x150
[ 463.359519] mlx5_ib_roce_cleanup+0x23a/0x480 [mlx5_ib]
[ 463.359709] mlx5r_remove+0xb4/0x130 [mlx5_ib]
[ 463.359873] auxiliary_bus_remove+0x52/0x70
[ 463.359997] __device_release_driver+0x334/0x660
[ 463.360110] device_release_driver+0x26/0x40
[ 463.360225] bus_remove_device+0x2a5/0x560
[ 463.360331] device_del+0x489/0xb80
[ 463.360423] mlx5_detach_device+0x14b/0x2c0 [mlx5_core]
[ 463.360677] mlx5_unload_one+0x2d/0xa0 [mlx5_core]
[ 463.360849] mlx5_devlink_reload_down+0x1be/0x360 [mlx5_core]
[ 463.361019] devlink_reload+0x48b/0x610
[ 463.361108] devlink_nl_cmd_reload+0x5c3/0xf90
[ 463.361192] genl_family_rcv_msg_doit+0x1e9/0x2f0
[ 463.361288] genl_rcv_msg+0x27f/0x4a0
[ 463.361378] netlink_rcv_skb+0x11e/0x340
[ 463.361470] genl_rcv+0x24/0x40
[ 463.361538] netlink_unicast+0x433/0x700
[ 463.361627] netlink_sendmsg+0x705/0xbe0
[ 463.361720] sock_sendmsg+0xb0/0xe0
[ 463.361792] __sys_sendto+0x192/0x240
[ 463.361855] __x64_sys_sendto+0xdc/0x1b0
[ 463.361953] do_syscall_64+0x3d/0x90
[ 463.362016] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 463.362108]
[ 463.362108] -> #2 (mlx5_intf_mutex){+.+.}-{3:3}:
[ 463.362249] __mutex_lock+0x150/0x15c0
[ 463.362340] mlx5_lag_add_mdev+0x36/0x5e0 [mlx5_core]
[ 463.362490] mlx5_load+0x155/0x1c0 [mlx5_core]
[ 463.362615] mlx5_init_one+0x2d5/0x400 [mlx5_core]
[ 463.362751] probe_one+0x430/0x680 [mlx5_core]
[ 463.362874] pci_device_probe+0x2a0/0x4a0
[ 463.362996] really_probe+0x1cc/0xba0
[ 463.363066] __driver_probe_device+0x18f/0x470
[ 463.363147] driver_probe_device+0x49/0x120
[ 463.363258] __driver_attach+0x1ce/0x400
[ 463.363358] bus_for_each_dev+0x11e/0x1a0
[ 463.363462] bus_add_driver+0x309/0x570
[ 463.363558] driver_register+0x20f/0x390
[ 463.363661] value_read+0x62/0x160 [ib_core]
[ 463.363821] do_one_initcall+0xd5/0x400
[ 463.363929] do_init_module+0x1c8/0x760
[ 463.364035] load_module+0x7d9d/0xa4b0
[ 463.364133] __do_sys_finit_module+0x118/0x1a0
[ 463.364232] do_syscall_64+0x3d/0x90
[ 463.364321] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 463.364422]
[ 463.364422] -> #1 (&dev->intf_state_mutex){+.+.}-{3:3}:
[ 463.364554] __mutex_lock+0x150/0x15c0
[ 463.364658] mlx5_unload_one+0x1e/0xa0 [mlx5_core]
[ 463.364787] mlx5_devlink_reload_down+0x1be/0x360 [mlx5_core]
[ 463.364946] devlink_reload+0x48b/0x610
[ 463.365040] devlink_nl_cmd_reload+0x5c3/0xf90
[ 463.365137] genl_family_rcv_msg_doit+0x1e9/0x2f0
[ 463.365245] genl_rcv_msg+0x27f/0x4a0
[ 463.365310] netlink_rcv_skb+0x11e/0x340
[ 463.365404] genl_rcv+0x24/0x40
[ 463.365477] netlink_unicast+0x433/0x700
[ 463.365576] netlink_sendmsg+0x705/0xbe0
[ 463.365666] sock_sendmsg+0xb0/0xe0
[ 463.365746] __sys_sendto+0x192/0x240
[ 463.365817] __x64_sys_sendto+0xdc/0x1b0
[ 463.365907] do_syscall_64+0x3d/0x90
[ 463.365980] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 463.366074]
[ 463.366074] -> #0 (&devlink->lock){+.+.}-{3:3}:
[ 463.366209] __lock_acquire+0x2999/0x5a40
[ 463.366322] lock_acquire+0x1a9/0x4a0
[ 463.366401] __mutex_lock+0x150/0x15c0
[ 463.366499] devlink_pernet_pre_exit+0x1b4/0x2a0
[ 463.366598] cleanup_net+0x372/0x8e0
[ 463.366674] process_one_work+0x8f5/0x1580
[ 463.366779] worker_thread+0x58d/0x1330
[ 463.366881] kthread+0x379/0x450
[ 463.366952] ret_from_fork+0x1f/0x30
[ 463.367020]
[ 463.367020] other info that might help us debug this:
[ 463.367020]
[ 463.367173] Chain exists of:
[ 463.367173] &devlink->lock --> mlx5_intf_mutex --> pernet_ops_rwsem
[ 463.367173]
[ 463.367360] Possible unsafe locking scenario:
[ 463.367360]
[ 463.367478] CPU0 CPU1
[ 463.367574] ---- ----
[ 463.367663] lock(pernet_ops_rwsem);
[ 463.367748] lock(mlx5_intf_mutex);
[ 463.367874] lock(pernet_ops_rwsem);
[ 463.368027] lock(&devlink->lock);
[ 463.368098]
[ 463.368098] *** DEADLOCK ***
[ 463.368098]
[ 463.368233] 3 locks held by kworker/u16:1/9:
[ 463.368347] #0: ffff888005df8938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x80a/0x1580
[ 463.371930] #1: ffff8880059c7db0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x837/0x1580
[ 463.372376] #2: ffffffff83602a50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9c/0x8e0
[ 463.372638]
[ 463.372638] stack backtrace:
[ 463.372804] CPU: 3 PID: 9 Comm: kworker/u16:1 Not tainted 5.15.0-rc7+ #286
[ 463.372965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
[ 463.373258] Workqueue: netns cleanup_net
[ 463.373366] Call Trace:
[ 463.373444] dump_stack_lvl+0x45/0x59
[ 463.373545] check_noncircular+0x268/0x310
[ 463.373639] ? print_circular_bug+0x460/0x460
[ 463.373767] ? mark_lock+0x104/0x2e30
[ 463.373899] ? find_busiest_group+0x1bc0/0x27a0
[ 463.374083] ? alloc_chain_hlocks+0x1e6/0x5a0
[ 463.374254] __lock_acquire+0x2999/0x5a40
[ 463.374344] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 463.374480] ? __lock_acquire+0xbec/0x5a40
[ 463.374585] lock_acquire+0x1a9/0x4a0
[ 463.374693] ? devlink_pernet_pre_exit+0x1b4/0x2a0
[ 463.374817] ? lock_release+0x6c0/0x6c0
[ 463.374905] ? lock_is_held_type+0x98/0x110
[ 463.374996] ? lock_is_held_type+0x98/0x110
[ 463.375089] __mutex_lock+0x150/0x15c0
[ 463.375178] ? devlink_pernet_pre_exit+0x1b4/0x2a0
[ 463.375291] ? lock_downgrade+0x6d0/0x6d0
[ 463.375381] ? devlink_pernet_pre_exit+0x1b4/0x2a0
[ 463.375507] ? lock_is_held_type+0x98/0x110
[ 463.375602] ? find_held_lock+0x2d/0x110
[ 463.375698] ? mutex_lock_io_nested+0x1400/0x1400
[ 463.375848] ? lock_release+0x1f9/0x6c0
[ 463.375978] ? devlink_pernet_pre_exit+0x17e/0x2a0
[ 463.376105] ? lock_downgrade+0x6d0/0x6d0
[ 463.376195] ? lock_is_held_type+0x98/0x110
[ 463.376283] ? find_held_lock+0x2d/0x110
[ 463.376379] ? devlink_pernet_pre_exit+0x1b4/0x2a0
[ 463.376529] devlink_pernet_pre_exit+0x1b4/0x2a0
[ 463.376675] ? devlink_nl_cmd_reload+0xf90/0xf90
[ 463.376790] ? mark_held_locks+0x9f/0xe0
[ 463.376887] ? lockdep_hardirqs_on_prepare+0x273/0x3e0
[ 463.377001] ? __local_bh_enable_ip+0xa2/0x100
[ 463.377148] cleanup_net+0x372/0x8e0
[ 463.377238] ? unregister_pernet_device+0x70/0x70
[ 463.377353] ? lock_is_held_type+0x98/0x110
[ 463.377467] process_one_work+0x8f5/0x1580
[ 463.377560] ? lock_release+0x6c0/0x6c0
[ 463.377647] ? pwq_dec_nr_in_flight+0x230/0x230
[ 463.377771] ? rwlock_bug.part.0+0x90/0x90
[ 463.377891] worker_thread+0x58d/0x1330
[ 463.377987] ? process_one_work+0x1580/0x1580
[ 463.378102] kthread+0x379/0x450
[ 463.378193] ? _raw_spin_unlock_irq+0x24/0x30
[ 463.378326] ? set_kthread_struct+0x100/0x100
[ 463.378457] ret_from_fork+0x1f/0x30
>
> BTW we can put the symbols in a namespace or under a kconfig, to aid
> reviews of drivers using them if you want.
Powered by blists - more mailing lists