lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 22 Aug 2022 17:42:44 +0000
From:   "Laba, SlawomirX" <slawomirx.laba@...el.com>
To:     ivecera <ivecera@...hat.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     "Keller, Jacob E" <jacob.e.keller@...el.com>,
        "Piotrowski, Patryk" <patryk.piotrowski@...el.com>,
        Vitaly Grinberg <vgrinber@...hat.com>,
        "Brandeburg, Jesse" <jesse.brandeburg@...el.com>,
        "Nguyen, Anthony L" <anthony.l.nguyen@...el.com>,
        "David S. Miller" <davem@...emloft.net>,
        "Eric Dumazet" <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
        "moderated list:INTEL ETHERNET DRIVERS" 
        <intel-wired-lan@...ts.osuosl.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH net] iavf: Detach device during reset task

> -----Original Message-----
> From: ivecera <ivecera@...hat.com>
> Sent: Thursday, August 18, 2022 6:56 PM
> To: netdev@...r.kernel.org
> Cc: Keller, Jacob E <jacob.e.keller@...el.com>; Piotrowski, Patryk
> <patryk.piotrowski@...el.com>; Vitaly Grinberg <vgrinber@...hat.com>;
> Brandeburg, Jesse <jesse.brandeburg@...el.com>; Nguyen, Anthony L
> <anthony.l.nguyen@...el.com>; David S. Miller <davem@...emloft.net>; Eric
> Dumazet <edumazet@...gle.com>; Jakub Kicinski <kuba@...nel.org>; Paolo
> Abeni <pabeni@...hat.com>; Jeff Kirsher <jeffrey.t.kirsher@...el.com>;
> moderated list:INTEL ETHERNET DRIVERS <intel-wired-lan@...ts.osuosl.org>;
> open list <linux-kernel@...r.kernel.org>
> Subject: [PATCH net] iavf: Detach device during reset task
> 
> iavf_reset_task() takes crit_lock at the beginning and holds it during whole call.
> The function subsequently calls
> iavf_init_interrupt_scheme() that grabs RTNL. Problem occurs when userspace
> initiates during the reset task any ndo callback that runs under RTNL like
> iavf_open() because some of that functions tries to take crit_lock. This leads to
> classic A-B B-A deadlock scenario.
> 
> To resolve this situation the device should be detached in
> iavf_reset_task() prior taking crit_lock to avoid subsequent ndos running under
> RTNL and reattach the device at the end.
> 
> Fixes: 62fe2a865e6d ("i40evf: add missing rtnl_lock() around
> i40evf_set_interrupt_capability")
> Cc: Jacob Keller <jacob.e.keller@...el.com>
> Cc: Patryk Piotrowski <patryk.piotrowski@...el.com>
> Tested-by: Vitaly Grinberg <vgrinber@...hat.com>
> Signed-off-by: Ivan Vecera <ivecera@...hat.com>
> ---
>  drivers/net/ethernet/intel/iavf/iavf_main.c | 22 +++++++++++++++------
>  1 file changed, 16 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c
> b/drivers/net/ethernet/intel/iavf/iavf_main.c
> index f39440ad5c50..ee8f911b57ea 100644
> --- a/drivers/net/ethernet/intel/iavf/iavf_main.c
> +++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
> @@ -2877,6 +2877,13 @@ static void iavf_reset_task(struct work_struct
> *work)
>  	int i = 0, err;
>  	bool running;
> 
> +	/*
> +	 * Detach interface to avoid subsequent NDO callbacks
> +	 */

nit:
The comment should start this way: /* Detach ...

> +	rtnl_lock();
> +	netif_device_detach(netdev);
> +	rtnl_unlock();
> +
>  	/* When device is being removed it doesn't make sense to run the reset
>  	 * task, just return in such a case.
>  	 */
> @@ -2884,7 +2891,7 @@ static void iavf_reset_task(struct work_struct *work)
>  		if (adapter->state != __IAVF_REMOVE)
>  			queue_work(iavf_wq, &adapter->reset_task);
> 
> -		return;
> +		goto reset_finish;

Correct me if I'm wrong.
In case when you fail to grab a crit_lock you'd jump to the reset_finish label and unlock the locks you didn't lock.

>  	}
> 
>  	while (!mutex_trylock(&adapter->client_lock))
> @@ -2954,7 +2961,6 @@ static void iavf_reset_task(struct work_struct *work)
> 
>  	if (running) {
>  		netif_carrier_off(netdev);
> -		netif_tx_stop_all_queues(netdev);
>  		adapter->link_up = false;
>  		iavf_napi_disable_all(adapter);
>  	}
> @@ -3081,10 +3087,8 @@ static void iavf_reset_task(struct work_struct
> *work)
> 
>  	adapter->flags &= ~IAVF_FLAG_REINIT_ITR_NEEDED;
> 
> -	mutex_unlock(&adapter->client_lock);
> -	mutex_unlock(&adapter->crit_lock);
> +	goto reset_finish;
> 
> -	return;
>  reset_err:
>  	if (running) {
>  		set_bit(__IAVF_VSI_DOWN, adapter->vsi.state); @@ -3092,9
> +3096,15 @@ static void iavf_reset_task(struct work_struct *work)
>  	}
>  	iavf_disable_vf(adapter);
> 
> +	dev_err(&adapter->pdev->dev, "failed to allocate resources during
> +reinit\n");
> +
> +reset_finish:
>  	mutex_unlock(&adapter->client_lock);
>  	mutex_unlock(&adapter->crit_lock);
> -	dev_err(&adapter->pdev->dev, "failed to allocate resources during
> reinit\n");
> +
> +	rtnl_lock();
> +	netif_device_attach(netdev);
> +	rtnl_unlock();
>  }
> 
>  /**
> --
> 2.35.1

Powered by blists - more mailing lists