lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Tue, 13 Oct 2015 16:39:47 +0200
From:	Jiri Pirko <jiri@...nulli.us>
To:	Scott Feldman <sfeldma@...il.com>
Cc:	John Fastabend <john.fastabend@...il.com>,
	Netdev <netdev@...r.kernel.org>,
	"David S. Miller" <davem@...emloft.net>,
	Ido Schimmel <idosch@...lanox.com>,
	Elad Raz <eladr@...lanox.com>,
	Florian Fainelli <f.fainelli@...il.com>,
	Guenter Roeck <linux@...ck-us.net>,
	Vivien Didelot <vivien.didelot@...oirfairelinux.com>,
	"andrew@...n.ch" <andrew@...n.ch>,
	David Laight <David.Laight@...lab.com>,
	"stephen@...workplumber.org" <stephen@...workplumber.org>
Subject: Re: [patch net-next v4 2/7] switchdev: allow caller to explicitly
 request attr_set as deferred

Tue, Oct 13, 2015 at 04:07:31PM CEST, sfeldma@...il.com wrote:
>On Tue, Oct 13, 2015 at 12:30 AM, Jiri Pirko <jiri@...nulli.us> wrote:
>> Tue, Oct 13, 2015 at 08:53:45AM CEST, sfeldma@...il.com wrote:
>>>On Mon, Oct 12, 2015 at 11:21 PM, Jiri Pirko <jiri@...nulli.us> wrote:
>>>> Tue, Oct 13, 2015 at 08:03:46AM CEST, john.fastabend@...il.com wrote:
>>>>>On 15-10-12 10:44 PM, Jiri Pirko wrote:
>>>>>> Tue, Oct 13, 2015 at 04:52:42AM CEST, sfeldma@...il.com wrote:
>>>>>>> On Mon, Oct 12, 2015 at 11:03 AM, Jiri Pirko <jiri@...nulli.us> wrote:
>>>>>>>> From: Jiri Pirko <jiri@...lanox.com>
>>>>>>>>
>>>>>>>> Caller should know if he can call attr_set directly (when holding RTNL)
>>>>>>>> or if he has to defer the att_set processing for later.
>>>>>>>>
>>>>>>>> This also allows drivers to sleep inside attr_set and report operation
>>>>>>>> status back to switchdev core. Switchdev core then warns if status is
>>>>>>>> not ok, instead of silent errors happening in drivers.
>>>>>>>>
>>>>>>>> Signed-off-by: Jiri Pirko <jiri@...lanox.com>
>>>>>>>> ---
>>>>>>>>  include/net/switchdev.h   |   1 +
>>>>>>>>  net/bridge/br_stp.c       |   3 +-
>>>>>>>>  net/switchdev/switchdev.c | 107 ++++++++++++++++++++++++----------------------
>>>>>>>>  3 files changed, 59 insertions(+), 52 deletions(-)
>>>>>>>>
>>>>>>>> diff --git a/include/net/switchdev.h b/include/net/switchdev.h
>>>>>>>> index d2879f2..6b109e4 100644
>>>>>>>> --- a/include/net/switchdev.h
>>>>>>>> +++ b/include/net/switchdev.h
>>>>>>>> @@ -17,6 +17,7 @@
>>>>>>>>
>>>>>>>>  #define SWITCHDEV_F_NO_RECURSE         BIT(0)
>>>>>>>>  #define SWITCHDEV_F_SKIP_EOPNOTSUPP    BIT(1)
>>>>>>>> +#define SWITCHDEV_F_DEFER              BIT(2)
>>>>>>>>
>>>>>>>>  struct switchdev_trans_item {
>>>>>>>>         struct list_head list;
>>>>>>>> diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c
>>>>>>>> index db6d243de..80c34d7 100644
>>>>>>>> --- a/net/bridge/br_stp.c
>>>>>>>> +++ b/net/bridge/br_stp.c
>>>>>>>> @@ -41,13 +41,14 @@ void br_set_state(struct net_bridge_port *p, unsigned int state)
>>>>>>>>  {
>>>>>>>>         struct switchdev_attr attr = {
>>>>>>>>                 .id = SWITCHDEV_ATTR_ID_PORT_STP_STATE,
>>>>>>>> +               .flags = SWITCHDEV_F_DEFER,
>>>>>>>>                 .u.stp_state = state,
>>>>>>>>         };
>>>>>>>>         int err;
>>>>>>>>
>>>>>>>>         p->state = state;
>>>>>>>>         err = switchdev_port_attr_set(p->dev, &attr);
>>>>>>>> -       if (err && err != -EOPNOTSUPP)
>>>>>>>> +       if (err)
>>>>>>>
>>>>>>> This looks like a problem as now all other non-switchdev ports will
>>>>>>> get an WARN in the log when STP state changes.  We should only WARN if
>>>>>>> there was an err and the err is not -EOPNOTSUPP.
>>>>>>
>>>>>> If SWITCHDEV_F_DEFER flag is set, there's only 0 of -ENOMEM.
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>>                 br_warn(p->br, "error setting offload STP state on port %u(%s)\n",
>>>>>>>>                                 (unsigned int) p->port_no, p->dev->name);
>>>>>>>>  }
>>>>>>>
>>>>>>> <snip>
>>>>>>>
>>>>>>>>  struct switchdev_attr_set_work {
>>>>>>>>         struct work_struct work;
>>>>>>>>         struct net_device *dev;
>>>>>>>> @@ -183,14 +226,17 @@ static void switchdev_port_attr_set_work(struct work_struct *work)
>>>>>>>>  {
>>>>>>>>         struct switchdev_attr_set_work *asw =
>>>>>>>>                 container_of(work, struct switchdev_attr_set_work, work);
>>>>>>>> +       bool rtnl_locked = rtnl_is_locked();
>>>>>>>>         int err;
>>>>>>>>
>>>>>>>> -       rtnl_lock();
>>>>>>>> -       err = switchdev_port_attr_set(asw->dev, &asw->attr);
>>>>>>>> +       if (!rtnl_locked)
>>>>>>>> +               rtnl_lock();
>>>>>>>
>>>>>>> I'm not following this change.  If someone else has rtnl_lock, we'll
>>>>>>> not wait to grab it here ourselves, and proceed as if we have the
>>>>>>> lock.  But what if that someone else releases the lock in the middle
>>>>>>> of us doing switchdev_port_attr_set_now?  Seems we want to
>>>>>>> unconditionally wait and grab the lock.  We need to block anything
>>>>>>>from moving while we do the attr set.
>>>>>>
>>>>>> Why would someone we call (driver) return the lock? In that case, he is
>>>>>> buggy and should be fixed.
>>>>>>
>>>>>> This hunk only ensures we have rtnl_lock. If not, we take it here. We do
>>>>>> not take it unconditionally because we may already have it, for example
>>>>>> if caller of switchdev_flush_deferred holds rtnl_lock.
>>>>>>
>>>>>
>>>>>This is where you lost me. How do you know another core doesn't happen
>>>>>to have the lock when you hit this code path? Maybe someone is running
>>>>>an ethtool command on another core or something.
>>>>
>>>> You are right. The same problem exists currently in switchdev_port_attr_set.
>>>
>>>You are right as in you'll change this back to unconditional grabbing
>>>of rtnl_lock?  I don't follow how this problem currently exists as
>>>current code does an unconditional grab of rtnl_lock.
>>
>>   cpu1                          cpu2
>>                                 rtnl_lock()
>> switchdev_port_attr_set
>>   !rtnl_is_locked() == false
>>   switchdev_trans_init
>>                                 rtnl_unlock()
>>   __switchdev_port_attr_set
>>
>> now __switchdev_port_attr_set is called without rtnl_lock.
>
>Got it.  Another example of trying to guess context and getting it
>wrong.  This is why I like your DEFERRED option so caller can be
>explicit.
>
>> Would make sense to introduce rtnl_is_locked_by_me() or something.
>
>Is it sufficient to simply call rtnl_lock() in your deferred context?
>You can sleep there and that way there is no question who has the
>lock.

The problem is that caller of flust_deferred may hold the lock already
and then we would deadlock. I'm cooking up v5 with different approach.
Stay tuned.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists