lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <15b353e9-49a2-f08b-dc45-2e9bad3abfe2@i-love.sakura.ne.jp>
Date:   Sun, 28 Apr 2019 07:33:00 +0900
From:   Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
To:     David Ahern <dsahern@...il.com>,
        "David S. Miller" <davem@...emloft.net>
Cc:     Julian Anastasov <ja@....bg>, Cong Wang <xiyou.wangcong@...il.com>,
        syzbot <syzbot+30209ea299c09d8785c9@...kaller.appspotmail.com>,
        ddstreet@...e.org, dvyukov@...gle.com,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: unregister_netdevice: waiting for DEV to become free (2)

On 2019/04/28 2:16, David Ahern wrote:
> On 4/26/19 7:43 AM, Tetsuo Handa wrote:
>> This bug is the top crasher for syzbot and thus we want to fix. I need your
>> response regarding commit caacf05e5ad1abf0 ("ipv4: Properly purge netdev
>> references on uncached routes.") why you chose "a loopback device in that
>> namespace".
>>
>> On 2019/04/16 23:00, Tetsuo Handa wrote:
>>> Hello, David S. Miller.
>>>
>>> I have a question regarding rt_flush_dev() introduced by commit caacf05e5ad1abf0
>>> ("ipv4: Properly purge netdev references on uncached routes.") which went to
>>> Linux 3.6-rc1. That commit started replacing "a device to unregister" with
>>> "a loopback device in that namespace", but there is no description why that
>>> commit chose "a loopback device in that namespace". If a device to unregister
>>> is "a loopback device in that namespace" itself, rt_flush_dev() becomes a no-op
>>> because dev == net->loopback_dev from the beginning. Apart from a problem that
>>> usage count keeps increasing because dev_put(rt->dst.dev) is not called after
>>> rt->dst.dev was replaced with a loopback device, replacing "a device to unregister"
>>> with "a loopback device in init namespace" (like shown below) avoids this problem.
>>>
> 
> Moving resource use to the init namespace is not really solving the core
> problem. It would be better to understand what changes are needed to the
> shutdown sequence of a namespace to ensure proper cleanup.

I know.

> 
> In this case why are dst entries not getting cleaned up? This one is
> referring to entries on the uncached list. What is using the dst entry
> and why isn't it getting released?
> 

I'm waiting for davem why it is safe to move the dst entry from
"a device to unregister" to "a loopback device in that namespace".
I'm waiting for an explanation how the dst entry which was moved to
"a loopback device in that namespace" is released (i.e. what the
expected shutdown sequence is).

Powered by blists - more mailing lists