[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1306563630.2533.25.camel@edumazet-laptop>
Date: Sat, 28 May 2011 08:20:30 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Ben Greear <greearb@...delatech.com>
Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH 1/2 v2] af-packet: Use existing netdev reference for
bound sockets.
Le vendredi 27 mai 2011 à 13:18 -0700, Ben Greear a écrit :
> On 05/27/2011 01:15 PM, David Miller wrote:
> > From: Eric Dumazet<eric.dumazet@...il.com>
> > Date: Fri, 27 May 2011 22:08:41 +0200
> >
> >> Le jeudi 26 mai 2011 à 21:11 -0700, Ben Greear a écrit :
> >>> On 05/26/2011 08:42 PM, Eric Dumazet wrote:
> >>>> Le jeudi 26 mai 2011 à 16:55 -0700, greearb@...delatech.com a écrit :
> >>>
> >>>>> out_free:
> >>>>> kfree_skb(skb);
> >>>>> out_unlock:
> >>>>> - if (dev)
> >>>>> + if (dev&& need_rls_dev)
> >>>>> dev_put(dev);
> >>>>> out:
> >>>>> return err;
> >>>>
> >>>> Hmmm, I wonder why you want this Ben.
> >>>>
> >>>> IMHO this is buggy, because we can sleep in this function.
> >>>>
> >>>> We must take a ref on device (its really cheap these days, now we have a
> >>>> percpu device refcnt)
> >>>
> >>> Why must you take the reference? And if we must, why isn't the
> >>> current code that assigns the prot_hook.dev without taking a
> >>> reference OK?
> >>>
> >>
> >> If we sleep, device can disappear under us.
> >>
> >> The only way to not take a reference is to hold rcu_read_lock(), but
> >> you're not allowed to sleep under rcu_read_lock().
> >
> > You still have not addresses Ben's point.
> >
> > Why is it ok for the po->prot_hook.dev handling to not take a
> > reference? It's been doing this forever. Ben is just borrowing this
> > behavior for his uses.
> >
> > After some more research I think it happens to be OK because
> > ->prot_hook.dev is used _only_ for pointer comparisons, it is never
> > actually dereferenced or used in any other way. Probably, we should
> > just use ->ifindex for this.
>
> It's easy enough to add a dev_hold() when I assign the skb instead
> of looking it up in my patch, but perhaps it would be cleaner over all to
> just hold a ref on the prot_hook.dev when it is originally assigned?
Problem is : if packet_notifier(NETDEV_DOWN|UNREGISTER) is run while we
sleep, what happens then ?
Normally, if we sleep a long time in tpacket_snd() after device ref
increment, and before dev_queue_xmit(), the unregister process can enter
the infamous msleep(250) loop in netdev_wait_allrefs(), but at least we
dont crash.
But if you dont take the reference, we can crash in dev_queue_xmit()
when dereferencing the freed netdev structure.
Please check commit 1a35ca80c1db7 (packet: dont call sleeping functions
while holding rcu_read_lock()) for reference on possible problems.
Thanks !
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists