| Message ID | 1512705750-14799-1-git-send-email-jasowang@redhat.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net-next,V2] tuntap: fix possible deadlock when fail to register netdev | expand |
On Fri, Dec 08, 2017 at 12:02:30PM +0800, Jason Wang wrote: > Private destructor could be called when register_netdev() fail with > rtnl lock held. This will lead deadlock in tun_free_netdev() who tries > to hold rtnl_lock. Fixing this by switching to use spinlock to > synchronize. > > Fixes: 96f84061620c ("tun: add eBPF based queue selection method") > Reported-by: Eric Dumazet <eric.dumazet@gmail.com> > Cc: Eric Dumazet <eric.dumazet@gmail.com> > Cc: Willem de Bruijn <willemb@google.com> > Signed-off-by: Jason Wang <jasowang@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> > --- > drivers/net/tun.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/drivers/net/tun.c b/drivers/net/tun.c > index 787cc35..8d85163 100644 > --- a/drivers/net/tun.c > +++ b/drivers/net/tun.c > @@ -2050,8 +2050,11 @@ static int __tun_set_steering_ebpf(struct tun_struct *tun, > new->prog = prog; > } > > - old = rtnl_dereference(tun->steering_prog); > + spin_lock_bh(&tun->lock); > + old = rcu_dereference_protected(tun->steering_prog, > + lockdep_is_held(&tun->lock)); > rcu_assign_pointer(tun->steering_prog, new); > + spin_unlock_bh(&tun->lock); > > if (old) > call_rcu(&old->rcu, tun_steering_prog_free); > @@ -2067,9 +2070,7 @@ static void tun_free_netdev(struct net_device *dev) > free_percpu(tun->pcpu_stats); > tun_flow_uninit(tun); > security_tun_dev_free_security(tun->security); > - rtnl_lock(); > __tun_set_steering_ebpf(tun, NULL); > - rtnl_unlock(); > } > > static void tun_setup(struct net_device *dev) > -- > 2.7.4
On Fri, 2017-12-08 at 12:02 +0800, Jason Wang wrote: > Private destructor could be called when register_netdev() fail with > rtnl lock held. This will lead deadlock in tun_free_netdev() who > tries > to hold rtnl_lock. Fixing this by switching to use spinlock to > synchronize. > > Fixes: 96f84061620c ("tun: add eBPF based queue selection method") > Reported-by: Eric Dumazet <eric.dumazet@gmail.com> > Cc: Eric Dumazet <eric.dumazet@gmail.com> > Cc: Willem de Bruijn <willemb@google.com> > Signed-off-by: Jason Wang <jasowang@redhat.com> > --- Reviewed-by: Eric Dumazet <edumazet@google.com> Thanks.
From: "Michael S. Tsirkin" <mst@redhat.com> Date: Fri, 8 Dec 2017 06:43:44 +0200 > On Fri, Dec 08, 2017 at 12:02:30PM +0800, Jason Wang wrote: >> Private destructor could be called when register_netdev() fail with >> rtnl lock held. This will lead deadlock in tun_free_netdev() who tries >> to hold rtnl_lock. Fixing this by switching to use spinlock to >> synchronize. >> >> Fixes: 96f84061620c ("tun: add eBPF based queue selection method") >> Reported-by: Eric Dumazet <eric.dumazet@gmail.com> >> Cc: Eric Dumazet <eric.dumazet@gmail.com> >> Cc: Willem de Bruijn <willemb@google.com> >> Signed-off-by: Jason Wang <jasowang@redhat.com> > > Acked-by: Michael S. Tsirkin <mst@redhat.com> Applied, thanks.
diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 787cc35..8d85163 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -2050,8 +2050,11 @@ static int __tun_set_steering_ebpf(struct tun_struct *tun, new->prog = prog; } - old = rtnl_dereference(tun->steering_prog); + spin_lock_bh(&tun->lock); + old = rcu_dereference_protected(tun->steering_prog, + lockdep_is_held(&tun->lock)); rcu_assign_pointer(tun->steering_prog, new); + spin_unlock_bh(&tun->lock); if (old) call_rcu(&old->rcu, tun_steering_prog_free); @@ -2067,9 +2070,7 @@ static void tun_free_netdev(struct net_device *dev) free_percpu(tun->pcpu_stats); tun_flow_uninit(tun); security_tun_dev_free_security(tun->security); - rtnl_lock(); __tun_set_steering_ebpf(tun, NULL); - rtnl_unlock(); } static void tun_setup(struct net_device *dev)
Private destructor could be called when register_netdev() fail with rtnl lock held. This will lead deadlock in tun_free_netdev() who tries to hold rtnl_lock. Fixing this by switching to use spinlock to synchronize. Fixes: 96f84061620c ("tun: add eBPF based queue selection method") Reported-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Willem de Bruijn <willemb@google.com> Signed-off-by: Jason Wang <jasowang@redhat.com> --- drivers/net/tun.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)