Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/809302/?format=api
{ "id": 809302, "url": "http://patchwork.ozlabs.org/api/patches/809302/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20170903143104.25994-1-ap420073@gmail.com/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20170903143104.25994-1-ap420073@gmail.com>", "list_archive_url": null, "date": "2017-09-03T14:31:04", "name": "netfilter: ipt_CLUSTERIP: Fix potential deadlock when CLUSTERIP target is inserted", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "ec840a55df8296c2f082b8806124f8ec9d6d8682", "submitter": { "id": 68997, "url": "http://patchwork.ozlabs.org/api/people/68997/?format=api", "name": "Taehee Yoo", "email": "ap420073@gmail.com" }, "delegate": { "id": 6139, "url": "http://patchwork.ozlabs.org/api/users/6139/?format=api", "username": "pablo", "first_name": "Pablo", "last_name": "Neira", "email": "pablo@netfilter.org" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20170903143104.25994-1-ap420073@gmail.com/mbox/", "series": [ { "id": 1241, "url": "http://patchwork.ozlabs.org/api/series/1241/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=1241", "date": "2017-09-03T14:31:04", "name": "netfilter: ipt_CLUSTERIP: Fix potential deadlock when CLUSTERIP target is inserted", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/1241/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/809302/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/809302/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netfilter-devel-owner@vger.kernel.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"sag7o1s0\"; dkim-atps=neutral" ], "Received": [ "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xlb4x2dMPz9s7v\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon, 4 Sep 2017 00:31:13 +1000 (AEST)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752922AbdICObM (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tSun, 3 Sep 2017 10:31:12 -0400", "from mail-pg0-f65.google.com ([74.125.83.65]:38263 \"EHLO\n\tmail-pg0-f65.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1752913AbdICObL (ORCPT\n\t<rfc822;netfilter-devel@vger.kernel.org>);\n\tSun, 3 Sep 2017 10:31:11 -0400", "by mail-pg0-f65.google.com with SMTP id t3so2964287pgt.5\n\tfor <netfilter-devel@vger.kernel.org>;\n\tSun, 03 Sep 2017 07:31:11 -0700 (PDT)", "from ap-To-be-filled-by-O-E-M.8.8.8.8 ([222.98.178.163])\n\tby smtp.gmail.com with ESMTPSA id\n\tl22sm7240047pfg.175.2017.09.03.07.31.09\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tSun, 03 Sep 2017 07:31:10 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=from:to:cc:subject:date:message-id;\n\tbh=/g3APXRmC7QMqrRlJhn0q+2YkI+UxRzXwxmFJDa+gSA=;\n\tb=sag7o1s0l+/xmheQGUCwBR+a+ru+9FNDgsShEOOY6lYNb0+D1sMJ3exx2jlLpPSV8F\n\tL1HK/BddcZGXU8HVaqugAo0sur6lzIdBo+YW1F7xfcZrIs2Y78UflyUiBveJjW94Irws\n\tqA5Bk4MmRucdiPnhKSpOCSFHDCJY4JVqGGofjC61cHXb4OY42R3xAIva+qZOusi8x9/u\n\tDbNw2072NjqT5KpB8yOTmMMLk8cENd+EFtYvJ+tvaNlql+rY9ziCryTMt1BiY/yMFeVk\n\t/VaLbKvsows4zN0E2iO6zHdtnmA7XH8uO6u27wiCxixVRJDXF5AYKM309JKqCXrRS5BH\n\tE50A==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id;\n\tbh=/g3APXRmC7QMqrRlJhn0q+2YkI+UxRzXwxmFJDa+gSA=;\n\tb=XNiCFAujfPITd1BW0jUSnsBWJ1kmUZRiiQqTXC92MSvJrbhjHQ4ZgUp0UyzZAQOk0r\n\t5ffQflBkBLwtDm5GY42xZLnH+4ZgnoUffrfQGIfb8s8U6XvFPIiNAivmZcHemY9Wsios\n\tK4wzuHr+S9GYcqkbZ2gSaqtMgITOP4XmYo6U4DDww0iAQs2eLosaRJdUqgwsKEjpPN4D\n\tmDG/GRy1NkzJbZu+evpM8aiLyr4lDrPYZiGHc5P/sXIVHLI/naJ08OEjaFJauqFAzZ+K\n\t/aGlqZ0cAR5qi1XHxwWaeIc9TqAu/vFv4S2p+GLDHqJKFKwN5RrZQnFU7LLme1tt08T1\n\tSVDg==", "X-Gm-Message-State": "AHPjjUgAd6EuggPbqLEaKqzIT0xHvC9VTs8YR/kikU/YxyNmXz0pFT7A\n\tAOUdw91wGFLeSg==", "X-Google-Smtp-Source": "ADKCNb7KbQm2r0CBtc0OEEAgGCgX7OkVh8BEkmERovvvqJoiL+0YVIvibhqghJV3ttkF93bPIySQ+w==", "X-Received": "by 10.99.122.69 with SMTP id j5mr9346850pgn.12.1504449071138;\n\tSun, 03 Sep 2017 07:31:11 -0700 (PDT)", "From": "Taehee Yoo <ap420073@gmail.com>", "To": "pablo@netfilter.org, netfilter-devel@vger.kernel.org", "Cc": "ap420073@gmail.com", "Subject": "[PATCH] netfilter: ipt_CLUSTERIP: Fix potential deadlock when\n\tCLUSTERIP target is inserted", "Date": "Sun, 3 Sep 2017 23:31:04 +0900", "Message-Id": "<20170903143104.25994-1-ap420073@gmail.com>", "X-Mailer": "git-send-email 2.9.3", "Sender": "netfilter-devel-owner@vger.kernel.org", "Precedence": "bulk", "List-ID": "<netfilter-devel.vger.kernel.org>", "X-Mailing-List": "netfilter-devel@vger.kernel.org" }, "content": "When ipt_CLUSTERIP target is inserted, lockdep warns about\npossible DEADLOCK situation. to avoid deadlock situation\nregister_netdevice_notifier() should be called by only init routine.\n\nreproduce command is :\n # iptables -A INPUT -p tcp -i enp3s0 -d 192.168.0.5 --dport 80 \\\n-j CLUSTERIP --new --hashmode sourceip \\\n--clustermac 01:00:5e:00:00:20 --total-nodes 2 --local-node 1\n\nwarning message is :\n\n[ 148.751110] WARNING: possible circular locking dependency detected\n[ 148.758037] 4.13.0-rc1+ #71 Not tainted\n[ 148.762334] ------------------------------------------------------\n\n[ ... ]\n\n\tthe existing dependency chain (in reverse order) is:\n[ 148.816203]\n\t-> #1 (sk_lock-AF_INET){+.+.+.}:\n[ 148.822686] lock_acquire+0x190/0x370\n[ 148.827401] lock_sock_nested+0xb8/0x100\n[ 148.832405] do_ip_setsockopt.isra.16+0x140/0x24f0\n[ 148.838380] ip_setsockopt+0x34/0xb0\n[ 148.842988] udp_setsockopt+0x1b/0x30\n[ 148.847692] sock_common_setsockopt+0x78/0xf0\n[ 148.853182] SyS_setsockopt+0x11c/0x220\n[ 148.858089] do_syscall_64+0x187/0x410\n[ 148.862901] return_from_SYSCALL_64+0x0/0x7a\n[ 148.868289]\n\t-> #0 (rtnl_mutex){+.+.+.}:\n[ 148.874303] __lock_acquire+0x4114/0x47c0\n[ 148.879405] lock_acquire+0x190/0x370\n[ 148.884109] __mutex_lock+0xef/0x1460\n[ 148.888820] mutex_lock_nested+0x1b/0x20\n[ 148.893824] rtnl_lock+0x17/0x20\n[ 148.898052] register_netdevice_notifier+0x6f/0x4f0\n[ 148.904127] clusterip_tg_check+0xbf0/0x13e0\n[ 148.909519] xt_check_target+0x1f5/0x6c0\n[ 148.914525] find_check_entry.isra.7+0x62f/0x960\n[ 148.920308] translate_table+0xcf2/0x1830\n[ 148.925410] do_ipt_set_ctl+0x1ff/0x3a0\n[ 148.930320] nf_setsockopt+0x61/0xc0\n[ 148.934933] ip_setsockopt+0x82/0xb0\n[ 148.939548] raw_setsockopt+0x73/0xa0\n[ 148.944260] sock_common_setsockopt+0x78/0xf0\n[ 148.949749] SyS_setsockopt+0x11c/0x220\n[ 148.954658] entry_SYSCALL_64_fastpath+0x1c/0xb1\n[ 148.960435]\n\tother info that might help us debug this:\n\n[ 148.969459] Possible unsafe locking scenario:\n\n[ 148.976124] CPU0 CPU1\n[ 148.981218] ---- ----\n[ 148.986312] lock(sk_lock-AF_INET);\n[ 148.990343] lock(rtnl_mutex);\n[ 148.996708] lock(sk_lock-AF_INET);\n[ 149.003559] lock(rtnl_mutex);\n[ 149.007103]\n*** DEADLOCK ***\n\n[ ... ]\n\nSigned-off-by: Taehee Yoo <ap420073@gmail.com>\n---\n net/ipv4/netfilter/ipt_CLUSTERIP.c | 70 +++++++++++++++++++++-----------------\n 1 file changed, 39 insertions(+), 31 deletions(-)", "diff": "diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c\nindex 6637e8b..c31f188 100644\n--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c\n+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c\n@@ -59,7 +59,6 @@ struct clusterip_config {\n \tstruct rcu_head rcu;\n \n \tchar ifname[IFNAMSIZ];\t\t\t/* device ifname */\n-\tstruct notifier_block notifier;\t\t/* refresh c->ifindex in it */\n };\n \n #ifdef CONFIG_PROC_FS\n@@ -73,6 +72,7 @@ struct clusterip_net {\n \t/* lock protects the configs list */\n \tspinlock_t lock;\n \n+\tstruct notifier_block notifier;\n #ifdef CONFIG_PROC_FS\n \tstruct proc_dir_entry *procdir;\n #endif\n@@ -111,8 +111,6 @@ clusterip_config_entry_put(struct net *net, struct clusterip_config *c)\n \t\tspin_unlock(&cn->lock);\n \t\tlocal_bh_enable();\n \n-\t\tunregister_netdevice_notifier(&c->notifier);\n-\n \t\t/* In case anyone still accesses the file, the open/close\n \t\t * functions are also incrementing the refcount on their own,\n \t\t * so it's safe to remove the entry even if it's in use. */\n@@ -176,32 +174,37 @@ clusterip_netdev_event(struct notifier_block *this, unsigned long event,\n \t\t void *ptr)\n {\n \tstruct net_device *dev = netdev_notifier_info_to_dev(ptr);\n+\tstruct net *net = dev_net(dev);\n+\tstruct clusterip_net *cn = net_generic(net, clusterip_net_id);\n \tstruct clusterip_config *c;\n \n-\tc = container_of(this, struct clusterip_config, notifier);\n-\tswitch (event) {\n-\tcase NETDEV_REGISTER:\n-\t\tif (!strcmp(dev->name, c->ifname)) {\n-\t\t\tc->ifindex = dev->ifindex;\n-\t\t\tdev_mc_add(dev, c->clustermac);\n-\t\t}\n-\t\tbreak;\n-\tcase NETDEV_UNREGISTER:\n-\t\tif (dev->ifindex == c->ifindex) {\n-\t\t\tdev_mc_del(dev, c->clustermac);\n-\t\t\tc->ifindex = -1;\n-\t\t}\n-\t\tbreak;\n-\tcase NETDEV_CHANGENAME:\n-\t\tif (!strcmp(dev->name, c->ifname)) {\n-\t\t\tc->ifindex = dev->ifindex;\n-\t\t\tdev_mc_add(dev, c->clustermac);\n-\t\t} else if (dev->ifindex == c->ifindex) {\n-\t\t\tdev_mc_del(dev, c->clustermac);\n-\t\t\tc->ifindex = -1;\n+\trcu_read_lock();\n+\tlist_for_each_entry_rcu(c, &cn->configs, list) {\n+\t\tswitch (event) {\n+\t\tcase NETDEV_REGISTER:\n+\t\t\tif (!strcmp(dev->name, c->ifname)) {\n+\t\t\t\tc->ifindex = dev->ifindex;\n+\t\t\t\tdev_mc_add(dev, c->clustermac);\n+\t\t\t}\n+\t\t\tbreak;\n+\t\tcase NETDEV_UNREGISTER:\n+\t\t\tif (dev->ifindex == c->ifindex) {\n+\t\t\t\tdev_mc_del(dev, c->clustermac);\n+\t\t\t\tc->ifindex = -1;\n+\t\t\t}\n+\t\t\tbreak;\n+\t\tcase NETDEV_CHANGENAME:\n+\t\t\tif (!strcmp(dev->name, c->ifname)) {\n+\t\t\t\tc->ifindex = dev->ifindex;\n+\t\t\t\tdev_mc_add(dev, c->clustermac);\n+\t\t\t} else if (dev->ifindex == c->ifindex) {\n+\t\t\t\tdev_mc_del(dev, c->clustermac);\n+\t\t\t\tc->ifindex = -1;\n+\t\t\t}\n+\t\t\tbreak;\n \t\t}\n-\t\tbreak;\n \t}\n+\trcu_read_unlock();\n \n \treturn NOTIFY_DONE;\n }\n@@ -256,11 +259,7 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,\n \t}\n #endif\n \n-\tc->notifier.notifier_call = clusterip_netdev_event;\n-\terr = register_netdevice_notifier(&c->notifier);\n-\tif (!err)\n-\t\treturn c;\n-\n+\treturn c;\n #ifdef CONFIG_PROC_FS\n \tproc_remove(c->pde);\n err:\n@@ -798,9 +797,17 @@ static int clusterip_net_init(struct net *net)\n \tif (ret < 0)\n \t\treturn ret;\n \n+\tcn->notifier.notifier_call = clusterip_netdev_event;\n+\tret = register_netdevice_notifier(&cn->notifier);\n+\tif (ret) {\n+\t\tnf_unregister_net_hook(net, &cip_arp_ops);\n+\t\treturn ret;\n+\t}\n+\n #ifdef CONFIG_PROC_FS\n \tcn->procdir = proc_mkdir(\"ipt_CLUSTERIP\", net->proc_net);\n \tif (!cn->procdir) {\n+\t\tunregister_netdevice_notifier(&cn->notifier);\n \t\tnf_unregister_net_hook(net, &cip_arp_ops);\n \t\tpr_err(\"Unable to proc dir entry\\n\");\n \t\treturn -ENOMEM;\n@@ -812,10 +819,11 @@ static int clusterip_net_init(struct net *net)\n \n static void clusterip_net_exit(struct net *net)\n {\n-#ifdef CONFIG_PROC_FS\n \tstruct clusterip_net *cn = net_generic(net, clusterip_net_id);\n+#ifdef CONFIG_PROC_FS\n \tproc_remove(cn->procdir);\n #endif\n+\tunregister_netdevice_notifier(&cn->notifier);\n \tnf_unregister_net_hook(net, &cip_arp_ops);\n }\n \n", "prefixes": [] }