From: Roman Gushchin <guro@fb.com>
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: "Cameron Berkenpas" <cam@neo-zeon.de>,
"Zefan Li" <lizefan@huawei.com>,
"Linux Kernel Network Developers" <netdev@vger.kernel.org>,
"Peter Geis" <pgwipeout@gmail.com>,
"Lu Fengqi" <lufq.fnst@cn.fujitsu.com>,
"Daniël Sonck" <dsonck92@gmail.com>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Tejun Heo" <tj@kernel.org>
Subject: Re: [Patch net] cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
Date: Tue, 30 Jun 2020 15:48:29 -0700 [thread overview]
Message-ID: <20200630224829.GC37586@carbon.dhcp.thefacebook.com> (raw)
In-Reply-To: <CAM_iQpWk4x7U_ci1WTf6BG=E3yYETBUk0yxMNSz6GuWFXfhhJw@mail.gmail.com>
On Tue, Jun 30, 2020 at 03:22:34PM -0700, Cong Wang wrote:
> On Sat, Jun 27, 2020 at 4:41 PM Roman Gushchin <guro@fb.com> wrote:
> >
> > On Fri, Jun 26, 2020 at 10:58:14AM -0700, Cong Wang wrote:
> > > On Thu, Jun 25, 2020 at 10:23 PM Cameron Berkenpas <cam@neo-zeon.de> wrote:
> > > >
> > > > Hello,
> > > >
> > > > Somewhere along the way I got the impression that it generally takes
> > > > those affected hours before their systems lock up. I'm (generally) able
> > > > to reproduce this issue much faster than that. Regardless, I can help test.
> > > >
> > > > Are there any patches that need testing or is this all still pending
> > > > discussion around the best way to resolve the issue?
> > >
> > > Yes. I come up with a (hopefully) much better patch in the attachment.
> > > Can you help to test it? You need to unapply the previous patch before
> > > applying this one.
> > >
> > > (Just in case of any confusion: I still believe we should check NULL on
> > > top of this refcnt fix. But it should be a separate patch.)
> > >
> > > Thank you!
> >
> > Not opposing the patch, but the Fixes tag is still confusing me.
> > Do we have an explanation for what's wrong with 4bfc0bb2c60e?
> >
> > It looks like we have cgroup_bpf_get()/put() exactly where we have
> > cgroup_get()/put(), so it would be nice to understand what's different
> > if the problem is bpf-related.
>
> Hmm, I think it is Zefan who believes cgroup refcnt is fine, the bug
> is just in cgroup bpf refcnt, in our previous discussion.
>
> Although I agree cgroup refcnt is buggy too, it may not necessarily
> cause any real problem, otherwise we would receive bug report
> much earlier than just recently, right?
>
> If the Fixes tag is confusing, I can certainly remove it, but this also
> means the patch will not be backported to stable. I am fine either
> way, this crash is only reported after Zefan's recent change anyway.
Well, I'm not trying to protect my commit, I just don't understand
the whole picture and what I see doesn't make complete sense to me.
I understand a problem which can be described as copying the cgroup pointer
on cgroup cloning without bumping the reference counter.
It seems that this problem is not caused by bpf changes, so if we're adding
a Fixes tag, it must point at an earlier commit. Most likely, it was there from
scratch, i.e. from bd1060ad671 ("sock, cgroup: add sock->sk_cgroup").
Do we know why Zefan's change made it reproducible?
Btw if we want to backport the problem but can't blame a specific commit,
we can always use something like "Cc: <stable@vger.kernel.org> [3.1+]".
Thanks!
next prev parent reply other threads:[~2020-06-30 22:49 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-16 18:03 [Patch net] cgroup: fix cgroup_sk_alloc() for sk_clone_lock() Cong Wang
2020-06-18 1:44 ` Zefan Li
2020-06-18 19:19 ` Cong Wang
2020-06-18 19:36 ` Roman Gushchin
2020-06-18 21:09 ` Cong Wang
2020-06-18 21:26 ` Roman Gushchin
2020-06-18 22:45 ` Peter Geis
2020-06-19 6:40 ` Zefan Li
2020-06-19 19:51 ` Cong Wang
2020-06-20 0:45 ` Zefan Li
2020-06-20 0:51 ` Zefan Li
2020-06-20 3:31 ` Cong Wang
2020-06-20 7:52 ` Zefan Li
2020-06-20 16:04 ` Roman Gushchin
2020-06-23 22:21 ` Roman Gushchin
2020-06-26 5:23 ` Cameron Berkenpas
2020-06-26 17:58 ` Cong Wang
2020-06-26 22:03 ` Cameron Berkenpas
2020-06-27 22:59 ` Cameron Berkenpas
2020-06-30 22:16 ` Cong Wang
2020-06-27 23:41 ` Roman Gushchin
2020-06-30 22:22 ` Cong Wang
2020-06-30 22:48 ` Roman Gushchin [this message]
2020-07-01 1:18 ` Zefan Li
2020-07-02 4:48 ` Cong Wang
2020-07-02 8:12 ` Thomas Lamprecht
2020-07-02 16:02 ` Roman Gushchin
2020-07-02 16:24 ` Peter Geis
2020-07-03 1:17 ` Zefan Li
2020-06-20 0:51 ` Roman Gushchin
2020-06-20 1:00 ` Zefan Li
2020-06-20 1:14 ` Roman Gushchin
2020-06-20 2:48 ` Zefan Li
2020-06-20 3:00 ` Cong Wang
2020-06-20 15:57 ` Roman Gushchin
2020-06-22 18:14 ` Cong Wang
2020-06-22 20:39 ` Roman Gushchin
2020-06-23 8:45 ` Zhang,Qiang
2020-06-23 17:56 ` Cong Wang
2020-06-23 8:54 ` Zhang,Qiang
2020-06-23 9:01 ` Zhang,Qiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200630224829.GC37586@carbon.dhcp.thefacebook.com \
--to=guro@fb.com \
--cc=cam@neo-zeon.de \
--cc=daniel@iogearbox.net \
--cc=dsonck92@gmail.com \
--cc=lizefan@huawei.com \
--cc=lufq.fnst@cn.fujitsu.com \
--cc=netdev@vger.kernel.org \
--cc=pgwipeout@gmail.com \
--cc=tj@kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).