[dpdk-dev] [PATCH 2/2] kni: fix rtnl deadlocks and race conditions v4
Elad Nachman
eladv6 at gmail.com
Thu Feb 25 15:32:39 CET 2021
This part of the series includes my fixes for the issues reported
by Ferruh and Igor (and Igor comments for v3 of the patch)
on top of part 1 of the patch series:
A. KNI sync lock is being locked while rtnl is held.
If two threads are calling kni_net_process_request() ,
then the first one will take the sync lock, release rtnl lock then sleep.
The second thread will try to lock sync lock while holding rtnl.
The first thread will wake, and try to lock rtnl, resulting in a deadlock.
The remedy is to release rtnl before locking the KNI sync lock.
Since in between nothing is accessing Linux network-wise,
no rtnl locking is needed.
B. There is a race condition in __dev_close_many() processing the
close_list while the application terminates.
It looks like if two vEth devices are terminating,
and one releases the rtnl lock, the other takes it,
updating the close_list in an unstable state,
causing the close_list to become a circular linked list,
hence list_for_each_entry() will endlessly loop inside
__dev_close_many() .
Since the description for the original patch indicate the
original motivation was bringing the device up,
I have changed kni_net_process_request() to hold the rtnl mutex
in case of bringing the device down since this is the path called
from __dev_close_many() , causing the corruption of the close_list.
In order to prevent deadlock in Mellanox device in this case, the
code has been modified not to wait for user-space while holding
the rtnl lock.
Instead, after the request has been sent, all locks are relinquished
and the function exits immediately with return code of zero (success).
To summarize:
request != interface down : unlock rtnl, send request to user-space,
wait for response, send the response error code to caller in user-space.
request == interface down: send request to user-space, return immediately
with error code of 0 (success) to user-space.
Signed-off-by: Elad Nachman <eladv6 at gmail.com>
---
v4:
* for if down case, send asynchronously with rtnl locked and without
wait, returning immediately to avoid both kernel race conditions
and deadlock in user-space
v3:
* Include original patch and new patch as a series of patch, added a
comment to the new patch
v2:
* rebuild the patch as increment from patch 64106
* fix comment and blank lines
---
kernel/linux/kni/kni_net.c | 41 +++++++++++++++++++++++++++------
lib/librte_kni/rte_kni.c | 7 ++++--
lib/librte_kni/rte_kni_common.h | 1 +
3 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/kernel/linux/kni/kni_net.c b/kernel/linux/kni/kni_net.c
index f0b6e9a8d..ba991802b 100644
--- a/kernel/linux/kni/kni_net.c
+++ b/kernel/linux/kni/kni_net.c
@@ -110,12 +110,34 @@ kni_net_process_request(struct net_device *dev, struct rte_kni_request *req)
void *resp_va;
uint32_t num;
int ret_val;
+ int req_is_dev_stop = 0;
+
+ /* For configuring the interface to down,
+ * rtnl must be held all the way to prevent race condition
+ * inside __dev_close_many() between two netdev instances of KNI
+ */
+ if (req->req_id == RTE_KNI_REQ_CFG_NETWORK_IF &&
+ req->if_up == 0)
+ req_is_dev_stop = 1;
ASSERT_RTNL();
+ /* Since we need to wait and RTNL mutex is held
+ * drop the mutex and hold reference to keep device
+ */
+ if (!req_is_dev_stop) {
+ dev_hold(dev);
+ rtnl_unlock();
+ }
+
mutex_lock(&kni->sync_lock);
- /* Construct data */
+ /* Construct data, for dev stop send asynchronously
+ * so instruct user-space not to sent response as no
+ * one will be waiting for it.
+ */
+ if (req_is_dev_stop)
+ req->skip_post_resp_to_q = 1;
memcpy(kni->sync_kva, req, sizeof(struct rte_kni_request));
num = kni_fifo_put(kni->req_q, &kni->sync_va, 1);
if (num < 1) {
@@ -124,16 +146,16 @@ kni_net_process_request(struct net_device *dev, struct rte_kni_request *req)
goto fail;
}
- /* Since we need to wait and RTNL mutex is held
- * drop the mutex and hold refernce to keep device
+ /* No result available since request is handled
+ * asynchronously. set response to success.
*/
- dev_hold(dev);
- rtnl_unlock();
+ if (req_is_dev_stop) {
+ req->result = 0;
+ goto async;
+ }
ret_val = wait_event_interruptible_timeout(kni->wq,
kni_fifo_count(kni->resp_q), 3 * HZ);
- rtnl_lock();
- dev_put(dev);
if (signal_pending(current) || ret_val <= 0) {
ret = -ETIME;
@@ -148,10 +170,15 @@ kni_net_process_request(struct net_device *dev, struct rte_kni_request *req)
}
memcpy(req, kni->sync_kva, sizeof(struct rte_kni_request));
+async:
ret = 0;
fail:
mutex_unlock(&kni->sync_lock);
+ if (!req_is_dev_stop) {
+ rtnl_lock();
+ dev_put(dev);
+ }
return ret;
}
diff --git a/lib/librte_kni/rte_kni.c b/lib/librte_kni/rte_kni.c
index 837d0217d..6d777266d 100644
--- a/lib/librte_kni/rte_kni.c
+++ b/lib/librte_kni/rte_kni.c
@@ -591,8 +591,11 @@ rte_kni_handle_request(struct rte_kni *kni)
break;
}
- /* Construct response mbuf and put it back to resp_q */
- ret = kni_fifo_put(kni->resp_q, (void **)&req, 1);
+ /* if needed, construct response mbuf and put it back to resp_q */
+ if (!req->skip_post_resp_to_q)
+ ret = kni_fifo_put(kni->resp_q, (void **)&req, 1);
+ else
+ ret = 1;
if (ret != 1) {
RTE_LOG(ERR, KNI, "Fail to put the muf back to resp_q\n");
return -1; /* It is an error of can't putting the mbuf back */
diff --git a/lib/librte_kni/rte_kni_common.h b/lib/librte_kni/rte_kni_common.h
index ffb318273..3b5d06850 100644
--- a/lib/librte_kni/rte_kni_common.h
+++ b/lib/librte_kni/rte_kni_common.h
@@ -48,6 +48,7 @@ struct rte_kni_request {
uint8_t promiscusity;/**< 1: promisc mode enable, 0: disable */
uint8_t allmulti; /**< 1: all-multicast mode enable, 0: disable */
};
+ int32_t skip_post_resp_to_q; /**< 1: skip queue response 0: disable */
int32_t result; /**< Result for processing request */
} __attribute__((__packed__));
--
2.17.1
More information about the dev
mailing list