lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240122112603.3270097-1-edumazet@google.com>
Date: Mon, 22 Jan 2024 11:25:54 +0000
From: Eric Dumazet <edumazet@...gle.com>
To: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, 
	Paolo Abeni <pabeni@...hat.com>
Cc: David Ahern <dsahern@...nel.org>, Kuniyuki Iwashima <kuniyu@...zon.com>, 
	Martin KaFai Lau <kafai@...com>, Guillaume Nault <gnault@...hat.com>, netdev@...r.kernel.org, 
	eric.dumazet@...il.com, Eric Dumazet <edumazet@...gle.com>
Subject: [PATCH net-next 0/9]  inet_diag: remove three mutexes in diag dumps

Surprisingly, inet_diag operations are serialized over a stack
of three mutexes, giving legacy /proc based files an unfair
advantage on modern hosts.

This series removes all of them, making inet_diag operations
(eg iproute2/ss) fully parallel.

1-2) Two first patches are adding data-race annotations
     and can be backported to stable kernels.

3-4) inet_diag_table_mutex can be replaced with RCU protection,
     if we add corresponding protection against module unload.

5-7) sock_diag_table_mutex can be replaced with RCU protection,
     if we add corresponding protection against module unload.

 8)  sock_diag_mutex is removed, as the old bug it was
     working around has been fixed more elegantly.

 9)  inet_diag_dump_icsk() can skip over empty buckets to reduce
     spinlock contention.

Eric Dumazet (9):
  sock_diag: annotate data-races around sock_diag_handlers[family]
  inet_diag: annotate data-races around inet_diag_table[]
  inet_diag: add module pointer to "struct inet_diag_handler"
  inet_diag: allow concurrent operations
  sock_diag: add module pointer to "struct sock_diag_handler"
  sock_diag: allow concurrent operations
  sock_diag: allow concurrent operation in sock_diag_rcv_msg()
  sock_diag: remove sock_diag_mutex
  inet_diag: skip over empty buckets

 include/linux/inet_diag.h |   1 +
 include/linux/sock_diag.h |  10 +++-
 net/core/sock_diag.c      | 120 +++++++++++++++++++++-----------------
 net/dccp/diag.c           |   1 +
 net/ipv4/inet_diag.c      | 101 ++++++++++++++++++--------------
 net/ipv4/raw_diag.c       |   1 +
 net/ipv4/tcp_diag.c       |   1 +
 net/ipv4/udp_diag.c       |   2 +
 net/mptcp/mptcp_diag.c    |   1 +
 net/netlink/diag.c        |   1 +
 net/packet/diag.c         |   1 +
 net/sctp/diag.c           |   1 +
 net/smc/smc_diag.c        |   1 +
 net/tipc/diag.c           |   1 +
 net/unix/diag.c           |   1 +
 net/vmw_vsock/diag.c      |   1 +
 net/xdp/xsk_diag.c        |   1 +
 17 files changed, 149 insertions(+), 97 deletions(-)

-- 
2.43.0.429.g432eaa2c6b-goog


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ