lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <15b353e9-49a2-f08b-dc45-2e9bad3abfe2@i-love.sakura.ne.jp> Date: Sun, 28 Apr 2019 07:33:00 +0900 From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> To: David Ahern <dsahern@...il.com>, "David S. Miller" <davem@...emloft.net> Cc: Julian Anastasov <ja@....bg>, Cong Wang <xiyou.wangcong@...il.com>, syzbot <syzbot+30209ea299c09d8785c9@...kaller.appspotmail.com>, ddstreet@...e.org, dvyukov@...gle.com, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com Subject: Re: unregister_netdevice: waiting for DEV to become free (2) On 2019/04/28 2:16, David Ahern wrote: > On 4/26/19 7:43 AM, Tetsuo Handa wrote: >> This bug is the top crasher for syzbot and thus we want to fix. I need your >> response regarding commit caacf05e5ad1abf0 ("ipv4: Properly purge netdev >> references on uncached routes.") why you chose "a loopback device in that >> namespace". >> >> On 2019/04/16 23:00, Tetsuo Handa wrote: >>> Hello, David S. Miller. >>> >>> I have a question regarding rt_flush_dev() introduced by commit caacf05e5ad1abf0 >>> ("ipv4: Properly purge netdev references on uncached routes.") which went to >>> Linux 3.6-rc1. That commit started replacing "a device to unregister" with >>> "a loopback device in that namespace", but there is no description why that >>> commit chose "a loopback device in that namespace". If a device to unregister >>> is "a loopback device in that namespace" itself, rt_flush_dev() becomes a no-op >>> because dev == net->loopback_dev from the beginning. Apart from a problem that >>> usage count keeps increasing because dev_put(rt->dst.dev) is not called after >>> rt->dst.dev was replaced with a loopback device, replacing "a device to unregister" >>> with "a loopback device in init namespace" (like shown below) avoids this problem. >>> > > Moving resource use to the init namespace is not really solving the core > problem. It would be better to understand what changes are needed to the > shutdown sequence of a namespace to ensure proper cleanup. I know. > > In this case why are dst entries not getting cleaned up? This one is > referring to entries on the uncached list. What is using the dst entry > and why isn't it getting released? > I'm waiting for davem why it is safe to move the dst entry from "a device to unregister" to "a loopback device in that namespace". I'm waiting for an explanation how the dst entry which was moved to "a loopback device in that namespace" is released (i.e. what the expected shutdown sequence is).
Powered by blists - more mailing lists