[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f36e686e13142d885a6e34f0a4dc2e33567ef287.camel@redhat.com>
Date: Wed, 06 Dec 2023 13:27:06 +0100
From: Paolo Abeni <pabeni@...hat.com>
To: Heng Qi <hengqi@...ux.alibaba.com>, Jason Wang <jasowang@...hat.com>
Cc: netdev@...r.kernel.org, virtualization@...ts.linux-foundation.org,
mst@...hat.com, kuba@...nel.org, yinjun.zhang@...igine.com,
edumazet@...gle.com, davem@...emloft.net, hawk@...nel.org,
john.fastabend@...il.com, ast@...nel.org, horms@...nel.org,
xuanzhuo@...ux.alibaba.com
Subject: Re: [PATCH net-next v6 4/5] virtio-net: add spin lock for ctrl cmd
access
On Tue, 2023-12-05 at 19:05 +0800, Heng Qi wrote:
>
> 在 2023/12/5 下午4:35, Jason Wang 写道:
> > On Tue, Dec 5, 2023 at 4:02 PM Heng Qi <hengqi@...ux.alibaba.com> wrote:
> > > Currently access to ctrl cmd is globally protected via rtnl_lock and works
> > > fine. But if dim work's access to ctrl cmd also holds rtnl_lock, deadlock
> > > may occur due to cancel_work_sync for dim work.
> > Can you explain why?
>
> For example, during the bus unbind operation, the following call stack
> occurs:
> virtnet_remove -> unregister_netdev -> rtnl_lock[1] -> virtnet_close ->
> cancel_work_sync -> virtnet_rx_dim_work -> rtnl_lock[2] (deadlock occurs).
>
> > > Therefore, treating
> > > ctrl cmd as a separate protection object of the lock is the solution and
> > > the basis for the next patch.
> > Let's don't do that. Reasons are:
> >
> > 1) virtnet_send_command() may wait for cvq commands for an indefinite time
>
> Yes, I took that into consideration. But ndo_set_rx_mode's need for an
> atomic
> environment rules out the mutex lock.
>
> > 2) hold locks may complicate the future hardening works around cvq
>
> Agree, but I don't seem to have thought of a better way besides passing
> the lock.
> Do you have any other better ideas or suggestions?
What about:
- using the rtnl lock only
- virtionet_close() invokes cancel_work(), without flushing the work
- virtnet_remove() calls flush_work() after unregister_netdev(),
outside the rtnl lock
Should prevent both the deadlock and the UaF.
Side note: for this specific case any functional test with a
CONFIG_LOCKDEP enabled build should suffice to catch the deadlock
scenario above.
Cheers,
Paolo
Powered by blists - more mailing lists