lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 03 Jun 2020 15:51:40 -0700
From:   John Fastabend <john.fastabend@...il.com>
To:     Jakub Sitnicki <jakub@...udflare.com>,
        John Fastabend <john.fastabend@...il.com>
Cc:     Eric Dumazet <eric.dumazet@...il.com>, netdev@...r.kernel.org,
        bpf@...r.kernel.org
Subject: Re: [bpf PATCH] bpf: sockmap, remove bucket->lock from
 sock_{hash|map}_free

Jakub Sitnicki wrote:
> On Wed, Jun 03, 2020 at 08:35 PM CEST, John Fastabend wrote:
> > Jakub Sitnicki wrote:
> 
> [...]
> 
> >> I'm not sure that the check for map->refcnt when sock is unlinking
> >> itself from the map will do it. I worry we will then have issues when
> >> sockhash is unlinking itself from socks (so the other way around) in
> >> sock_hash_free(). We could no longer assume that the sock & psock
> >> exists.
> >>
> >> What comes to mind is to reintroduce the spin-lock protected critical
> >> section in sock_hash_free(), but delay the processing of sockets to be
> >> unlinked from sockhash. We could grab a ref to sk_psock while holding a
> >> spin-lock and unlink it while no longer in atomic critical section.
> >
> > It seems so. In sock_hash_free we logically need,
> >
> >  for (i = 0; i < htab->buckets_num; i++) {
> >   hlist_for_each_entryy_safe(...) {
> >   	hlist_del_rcu() <- detached from bucket and no longer reachable
> 
> Just to confirm - synchronize_rcu() doesn't prevent
> sock_hash_delete_from_link() from getting as far as hlist_del_rcu(),
> that is here [0], while on another cpu sock_hash_free() is also
> performing hlist_del_rcu().

Right.

> 
> That is, reintroducing the spin-lock is needed, right? Otherwise we have
> two concurrent updaters that are not synchronized.
> 

Agree I don't have any better idea.

> >         synchronize_rcu()
> >         // now element can not be reached from unhash()
> > 	... sock_map_unref(elem->sk, elem) ...
> >   }
> >  }
> >
> > We don't actually want to stick a synchronize_rcu() in that loop
> > so I agree we need to collect the elements do a sync then remove them.
> 
> [...]
> 
> >>
> >> John, WDYT?
> >
> > Want to give it a try? Or I can draft something.
> 
> I can give it a try, as I clearly need to wrap my head better around
> this code path. But I can only see how to do it with a spin-lock back in
> place in sock_hash_free(). If you have an idea in mind how to do it
> locklessly, please go ahead.

No I can't think of anything better.

> 
> [...]
> 
> [0] https://elixir.bootlin.com/linux/latest/source/net/core/sock_map.c#L738

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ