lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 22 Mar 2018 12:49:57 +0300
From:   Kirill Tkhai <ktkhai@...tuozzo.com>
To:     davem@...emloft.net, yoshfuji@...ux-ipv6.org, edumazet@...gle.com,
        yanhaishuang@...s.chinamobile.com, nikolay@...ulusnetworks.com,
        yotamg@...lanox.com, soheil@...gle.com, avagin@...tuozzo.com,
        nicolas.dichtel@...nd.com, ebiederm@...ssion.com, fw@...len.de,
        roman.kapl@...go.com, netdev@...r.kernel.org,
        xiyou.wangcong@...il.com, dvyukov@...gle.com,
        andreyknvl@...gle.com, lkp@...el.com
Subject: Re: [PATCH net-next v3 0/5] Rework ip_ra_chain protection

On 22.03.2018 12:44, Kirill Tkhai wrote:
> Commit 1215e51edad1 "ipv4: fix a deadlock in ip_ra_control"
> made rtnl_lock() be used in raw_close(). This function is called
> on every RAW socket destruction, so that rtnl_mutex is taken
> every time. This scales very sadly. I observe cleanup_net()
> spending a lot of time in rtnl_lock() and raw_close() is one
> of the biggest rtnl user (since we have percpu net->ipv4.icmp_sk).
> 
> This patchset reworks the locking: reverts the problem commit
> and its descendant, and introduces rtnl-independent locking.
> This may have a continuation, and someone may work on killing
> rtnl_lock() in mrtsock_destruct() in the future.
> 
> Thanks,
> Kirill
> 
> ---
> v3: Change patches order: [2/5] and [3/5].
> v2: Fix sparse warning [4/5], as reported by kbuild test robot.
> 
> ---
> 
> Kirill Tkhai (5):
>       net: Revert "ipv4: get rid of ip_ra_lock"
>       net: Move IP_ROUTER_ALERT out of lock_sock(sk)
>       net: Revert "ipv4: fix a deadlock in ip_ra_control"
>       net: Make ip_ra_chain per struct net
>       net: Replace ip_ra_lock with per-net mutex
> 
> 
>  include/net/ip.h         |   13 +++++++++++--
>  include/net/netns/ipv4.h |    2 ++
>  net/core/net_namespace.c |    1 +
>  net/ipv4/ip_input.c      |    5 ++---
>  net/ipv4/ip_sockglue.c   |   34 +++++++++++++---------------------
>  net/ipv4/ipmr.c          |   11 +++++++++--
>  net/ipv4/raw.c           |    2 --
>  7 files changed, 38 insertions(+), 30 deletions(-)
> 
> --
> Signed-off-by: Kirill Tkhai <ktkhai@...tuozzo.com>

JFI: I used the below program to test:

#define _GNU_SOURCE
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <linux/mroute.h>
#include <sched.h>

int main()
{
        int sk, v, i = 0;

        if (unshare(CLONE_NEWNET)) {
                perror("unshare");
                return 1;
        }
        sk = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP);
        if (sk < 0) {
                perror("socket");
                return 1;
        }
        for (i = 0; i < 3; i++)
                fork();

        while (1) {
                setsockopt(sk, IPPROTO_IP, MRT_INIT, (void *)&v, sizeof(v));
                setsockopt(sk, IPPROTO_IP, MRT_DONE, (void *)&v, sizeof(v));
                v = (i++)%2;
                setsockopt(sk, IPPROTO_IP, IP_ROUTER_ALERT, (void *)&v, sizeof(v));
        }

        return 0;
}

Powered by blists - more mailing lists