[dpdk-dev] [PATCH 2/2] kni: fix rtnl deadlocks and race conditions v3
Igor Ryzhov
iryzhov at nfware.com
Wed Feb 24 13:49:49 CET 2021
This looks more like a hack than an actual fix to me.
After this commit:
"ip link set up" is sent to the userspace with unlocked rtnl_lock
"ip link set down" is sent to the userspace with locked rtnl_lock
How is this really fixing anything? IMHO it only complicates the code.
If talking with userspace under rtnl_lock is a problem, then we should fix
all such requests, not only part of them.
If it is not a problem, then I don't see any point in merging this.
On Tue, Feb 23, 2021 at 4:45 PM Elad Nachman <eladv6 at gmail.com> wrote:
> This part of the series includes my fixes for the issues reported
> by Ferruh and Igor on top of part 1 of the patch series:
>
> A. KNI sync lock is being locked while rtnl is held.
> If two threads are calling kni_net_process_request() ,
> then the first one will take the sync lock, release rtnl lock then sleep.
> The second thread will try to lock sync lock while holding rtnl.
> The first thread will wake, and try to lock rtnl, resulting in a deadlock.
> The remedy is to release rtnl before locking the KNI sync lock.
> Since in between nothing is accessing Linux network-wise,
> no rtnl locking is needed.
>
> B. There is a race condition in __dev_close_many() processing the
> close_list while the application terminates.
> It looks like if two vEth devices are terminating,
> and one releases the rtnl lock, the other takes it,
> updating the close_list in an unstable state,
> causing the close_list to become a circular linked list,
> hence list_for_each_entry() will endlessly loop inside
> __dev_close_many() .
> Since the description for the original patch indicate the
> original motivation was bringing the device up,
> I have changed kni_net_process_request() to hold the rtnl mutex
> in case of bringing the device down since this is the path called
> from __dev_close_many() , causing the corruption of the close_list.
>
> Signed-off-by: Elad Nachman <eladv6 at gmail.com>
> ---
> v3:
> * Include original patch and new patch as a series of patch, added a
> comment to the new patch
> v2:
> * rebuild the patch as increment from patch 64106
> * fix comment and blank lines
> ---
> kernel/linux/kni/kni_net.c | 29 +++++++++++++++++++++--------
> 1 file changed, 21 insertions(+), 8 deletions(-)
>
> diff --git a/kernel/linux/kni/kni_net.c b/kernel/linux/kni/kni_net.c
> index f0b6e9a8d..017e44812 100644
> --- a/kernel/linux/kni/kni_net.c
> +++ b/kernel/linux/kni/kni_net.c
> @@ -110,9 +110,26 @@ kni_net_process_request(struct net_device *dev,
> struct rte_kni_request *req)
> void *resp_va;
> uint32_t num;
> int ret_val;
> + int req_is_dev_stop = 0;
> +
> + /* For configuring the interface to down,
> + * rtnl must be held all the way to prevent race condition
> + * inside __dev_close_many() between two netdev instances of KNI
> + */
> + if (req->req_id == RTE_KNI_REQ_CFG_NETWORK_IF &&
> + req->if_up == 0)
> + req_is_dev_stop = 1;
>
> ASSERT_RTNL();
>
> + /* Since we need to wait and RTNL mutex is held
> + * drop the mutex and hold reference to keep device
> + */
> + if (!req_is_dev_stop) {
> + dev_hold(dev);
> + rtnl_unlock();
> + }
> +
> mutex_lock(&kni->sync_lock);
>
> /* Construct data */
> @@ -124,16 +141,8 @@ kni_net_process_request(struct net_device *dev,
> struct rte_kni_request *req)
> goto fail;
> }
>
> - /* Since we need to wait and RTNL mutex is held
> - * drop the mutex and hold refernce to keep device
> - */
> - dev_hold(dev);
> - rtnl_unlock();
> -
> ret_val = wait_event_interruptible_timeout(kni->wq,
> kni_fifo_count(kni->resp_q), 3 * HZ);
> - rtnl_lock();
> - dev_put(dev);
>
> if (signal_pending(current) || ret_val <= 0) {
> ret = -ETIME;
> @@ -152,6 +161,10 @@ kni_net_process_request(struct net_device *dev,
> struct rte_kni_request *req)
>
> fail:
> mutex_unlock(&kni->sync_lock);
> + if (!req_is_dev_stop) {
> + rtnl_lock();
> + dev_put(dev);
> + }
> return ret;
> }
>
> --
> 2.17.1
>
>
More information about the dev
mailing list