lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Mar 2018 12:49:57 +0300 From: Kirill Tkhai <ktkhai@...tuozzo.com> To: davem@...emloft.net, yoshfuji@...ux-ipv6.org, edumazet@...gle.com, yanhaishuang@...s.chinamobile.com, nikolay@...ulusnetworks.com, yotamg@...lanox.com, soheil@...gle.com, avagin@...tuozzo.com, nicolas.dichtel@...nd.com, ebiederm@...ssion.com, fw@...len.de, roman.kapl@...go.com, netdev@...r.kernel.org, xiyou.wangcong@...il.com, dvyukov@...gle.com, andreyknvl@...gle.com, lkp@...el.com Subject: Re: [PATCH net-next v3 0/5] Rework ip_ra_chain protection On 22.03.2018 12:44, Kirill Tkhai wrote: > Commit 1215e51edad1 "ipv4: fix a deadlock in ip_ra_control" > made rtnl_lock() be used in raw_close(). This function is called > on every RAW socket destruction, so that rtnl_mutex is taken > every time. This scales very sadly. I observe cleanup_net() > spending a lot of time in rtnl_lock() and raw_close() is one > of the biggest rtnl user (since we have percpu net->ipv4.icmp_sk). > > This patchset reworks the locking: reverts the problem commit > and its descendant, and introduces rtnl-independent locking. > This may have a continuation, and someone may work on killing > rtnl_lock() in mrtsock_destruct() in the future. > > Thanks, > Kirill > > --- > v3: Change patches order: [2/5] and [3/5]. > v2: Fix sparse warning [4/5], as reported by kbuild test robot. > > --- > > Kirill Tkhai (5): > net: Revert "ipv4: get rid of ip_ra_lock" > net: Move IP_ROUTER_ALERT out of lock_sock(sk) > net: Revert "ipv4: fix a deadlock in ip_ra_control" > net: Make ip_ra_chain per struct net > net: Replace ip_ra_lock with per-net mutex > > > include/net/ip.h | 13 +++++++++++-- > include/net/netns/ipv4.h | 2 ++ > net/core/net_namespace.c | 1 + > net/ipv4/ip_input.c | 5 ++--- > net/ipv4/ip_sockglue.c | 34 +++++++++++++--------------------- > net/ipv4/ipmr.c | 11 +++++++++-- > net/ipv4/raw.c | 2 -- > 7 files changed, 38 insertions(+), 30 deletions(-) > > -- > Signed-off-by: Kirill Tkhai <ktkhai@...tuozzo.com> JFI: I used the below program to test: #define _GNU_SOURCE #include <sys/socket.h> #include <netinet/in.h> #include <sys/types.h> #include <linux/mroute.h> #include <sched.h> int main() { int sk, v, i = 0; if (unshare(CLONE_NEWNET)) { perror("unshare"); return 1; } sk = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP); if (sk < 0) { perror("socket"); return 1; } for (i = 0; i < 3; i++) fork(); while (1) { setsockopt(sk, IPPROTO_IP, MRT_INIT, (void *)&v, sizeof(v)); setsockopt(sk, IPPROTO_IP, MRT_DONE, (void *)&v, sizeof(v)); v = (i++)%2; setsockopt(sk, IPPROTO_IP, IP_ROUTER_ALERT, (void *)&v, sizeof(v)); } return 0; }
Powered by blists - more mailing lists