From: Krzysztof Mazur <krzysiek@podlesie.net>
To: David Woodhouse <dwmw2@infradead.org>
Cc: "Chas Williams (CONTRACTOR)" <chas@cmf.nrl.navy.mil>,
David Laight <David.Laight@ACULAB.COM>,
davem@davemloft.net, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, nathan@traverse.com.au
Subject: Re: [PATCH v2 3/3] pppoatm: protect against freeing of vcc
Date: Fri, 30 Nov 2012 10:53:54 +0100 [thread overview]
Message-ID: <20121130095354.GA15126@shrek.podlesie.net> (raw)
In-Reply-To: <1354263922.21562.270.camel@shinybook.infradead.org>
On Fri, Nov 30, 2012 at 08:25:22AM +0000, David Woodhouse wrote:
> On Fri, 2012-11-30 at 01:57 +0000, David Woodhouse wrote:
> > I think it's actually fixed for pppoatm by the bh_lock_sock() and the
> > sock_owned_by_user() check. As soon as vcc_release() calls lock_sock(),
> > pppoatm stops accepting packets.
> >
> > It should be simple enough to do the same in br2684.
>
> Um... but now I come to look at it... Krzysztof, doesn't your 'pppoatm:
> take ATM socket lock in pppoatm_send()' patch actually *break* the case
> of sending via vcc_sendmsg()?
no, in case of
pppoatm_send()
vcc_sendmsg()
the vcc_sendmsg() will just wait for releasing sk->sk_lock.slock.
When the vcc_sendmsg() gets lock first
vcc_sendmsg()
pppoatm_send()
The pppoatm_send() might spin for a while for sk->sk_lock.slock, but
after lock_sock() the vcc_sendmsg() releases that lock and
pppoatm_send() will acquire it and notice that locked is locked
(sock_owned_by_user() returns true) and will just block pppoatm,
and will be woken up in release_sock() (fix was fixed by your 10/17
patch).
>
> Why did you include the sock_owned_by_user() check in there and not just
> use bh_lock_sock()?
because bh_lock_sock() will succeeds even with concurrent vcc_sendmsg()
and will have some races in that case.
>
> With the sock_owned_by_user() check, it'll *always* drop packets
> submitted through vcc_sendmsg(), won't it?
No, sock_owned_by_user() is just in pppoatm_send() and instead of
dropping packets we block pppd.
>
> Admittedly, for PPPoATM and BR2684 we never do want to have packets
> submitted directly from userspace that way; they should all come via the
> PPP channel or the netdev respectively. So we might want to keep the
> sock_owned_by_user() check because it fixes the close race, and
> explicitly document it.
It fixes also races with vcc_sendmsg(). If we really don't wont
vcc_sendmsg() with pppoatm and br2684 we must do some protection
than vcc_sendmsg() will fail instead of racing with pppoatm_send()
and crashing with some drivers that does not support concurent
->send().
>
> But it doesn't necessarily work for other protocols, so we may need a
> better solution for the general case. Perhaps drop the
> sock_owned_by_user() check, and put bh_lock_sock() around the beginning
> of vcc_destroy_socket() where it clears ATM_VF_READY? That'll ensure
> that no ->push() is *currently* operating on a skb having seen that the
> VCC is still open.
>
> Or maybe we just make the *devices* check the ATM_VF_CLOSE flag and
> refuse to send the skb? Put the entire thing into their domain. Although
> that may involve extra locking in the driver to synchronise send() and
> close() sufficiently.
We need some additional synchronizization with pppoatm_send(), now
we use:
tasklet_kill(&pvcc->wakeup_tasklet);
ppp_unregister_channel(&pvcc->chan);
In ppp_unregister_channel() we will synchronize with the function
calling pppoatm_send() using "downl" lock.
And this must be done in pppoatm.
>
> I'm still reluctant to swap the order of the device/protocol close in
> vcc_destroy_socket(). I think that'll just swap one set of problems
> which is now fairly well-understood and mostly solved, for another set.
> In particular, I think the device needs to see the close first, because
> *it* can actually abort or flush any pending TX and RX (including
> synchronising with its tasklet as solos-pci does, etc.). Only then does
> the protocol tear its data structures down. But I suppose the new set of
> problems could be found and overcome, if Chas wants to propose an
> alternative patch set...
>
I think that the current order is good, now we have:
1. stop_sending_fames to protocol
now TX is shut down
(currently done by
set_bit(ATM_VF_CLOSE, &vcc->flags);
clear_bit(ATM_VF_READY, &vcc->flags);
)
2. close_device to device
now RX is shut down
3. device_was_closed to protocol
ugly push(NULL), but we can add some other callback.
we also can do:
1. disable RX to device
now RX is shut down
2. detach to protocol
now TX is shut down
(now protocol can fully detach because RX is disabled)
3. close_device to device
(device is not used anymore)
Krzysiek
next prev parent reply other threads:[~2012-11-30 9:54 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-22 17:14 [PATCH v2 1/3] pppoatm: don't send frames to destroyed vcc Krzysztof Mazur
2012-10-22 17:14 ` [PATCH v2 2/3] pppoatm: fix race condition with destroying of vcc Krzysztof Mazur
2012-10-30 9:37 ` David Woodhouse
2012-10-30 19:07 ` Krzysztof Mazur
2012-10-30 19:52 ` Krzysztof Mazur
2012-10-31 10:16 ` David Woodhouse
2012-10-31 11:30 ` Krzysztof Mazur
2012-10-31 11:52 ` David Woodhouse
2012-10-30 14:26 ` Chas Williams (CONTRACTOR)
2012-10-30 18:20 ` Krzysztof Mazur
2012-10-31 9:41 ` Krzysztof Mazur
2012-10-31 10:22 ` Krzysztof Mazur
2012-10-31 20:03 ` chas williams - CONTRACTOR
2012-10-31 22:04 ` Krzysztof Mazur
2012-11-01 14:26 ` chas williams - CONTRACTOR
2012-11-02 9:40 ` Krzysztof Mazur
2012-11-02 10:54 ` Krzysztof Mazur
2012-10-22 17:14 ` [PATCH v2 3/3] pppoatm: protect against freeing " Krzysztof Mazur
2012-10-30 9:39 ` David Woodhouse
2012-10-30 19:26 ` Krzysztof Mazur
2012-11-27 17:16 ` David Woodhouse
2012-11-27 17:39 ` Krzysztof Mazur
2012-11-27 18:02 ` David Woodhouse
2012-11-27 18:28 ` Krzysztof Mazur
2012-11-28 20:18 ` Krzysztof Mazur
2012-11-28 20:44 ` David Woodhouse
2012-11-28 21:24 ` Krzysztof Mazur
2012-11-28 21:20 ` chas williams - CONTRACTOR
2012-11-28 21:45 ` [PATCH] atm: introduce vcc_pop() Krzysztof Mazur
2012-11-28 21:59 ` chas williams - CONTRACTOR
2012-11-28 22:10 ` Krzysztof Mazur
2012-11-28 22:33 ` [PATCH] atm: introduce vcc_pop_skb() Krzysztof Mazur
2012-12-03 13:22 ` David Woodhouse
2012-12-03 20:11 ` Krzysztof Mazur
2012-11-27 18:39 ` [PATCH v2 3/3] pppoatm: protect against freeing of vcc Krzysztof Mazur
2012-11-27 18:54 ` chas williams - CONTRACTOR
2012-11-27 22:36 ` [PATCH] solos-pci: Wait for pending TX to complete when releasing vcc David Woodhouse
2012-11-27 23:28 ` [PATCH] br2684: don't send frames on not-ready vcc David Woodhouse
2012-11-27 23:51 ` Krzysztof Mazur
2012-11-28 0:54 ` David Woodhouse
2012-11-28 8:08 ` Krzysztof Mazur
2012-11-28 9:58 ` David Woodhouse
2012-11-28 16:41 ` David Miller
2012-11-28 17:01 ` David Woodhouse
2012-11-28 17:04 ` David Miller
2012-11-28 17:09 ` David Woodhouse
2012-11-28 17:11 ` David Miller
2012-11-30 1:18 ` Nathan Williams
2012-11-30 1:34 ` David Woodhouse
2012-11-28 9:21 ` [PATCH v2 3/3] pppoatm: protect against freeing of vcc David Laight
2012-11-28 10:04 ` Krzysztof Mazur
2012-11-28 10:24 ` David Woodhouse
2012-11-28 15:18 ` chas williams - CONTRACTOR
2012-11-28 22:18 ` David Woodhouse
2012-11-29 10:57 ` Krzysztof Mazur
2012-11-29 11:55 ` David Woodhouse
2012-11-29 12:43 ` [PATCH] solos-pci: don't call vcc->pop() after pclose() Krzysztof Mazur
2012-11-29 12:57 ` David Woodhouse
2012-11-29 13:20 ` Krzysztof Mazur
2012-11-29 14:42 ` David Woodhouse
2012-11-29 14:55 ` Krzysztof Mazur
2012-11-29 14:41 ` chas williams - CONTRACTOR
2012-11-29 14:29 ` [PATCH v2 3/3] pppoatm: protect against freeing of vcc chas williams - CONTRACTOR
2012-11-29 15:09 ` Krzysztof Mazur
2012-11-29 15:47 ` David Woodhouse
2012-11-29 15:59 ` chas williams - CONTRACTOR
2012-11-29 16:24 ` David Woodhouse
2012-11-29 17:17 ` chas williams - CONTRACTOR
2012-11-29 18:11 ` David Woodhouse
2012-11-29 18:29 ` chas williams - CONTRACTOR
2012-11-29 22:17 ` David Woodhouse
2012-11-30 1:38 ` Chas Williams (CONTRACTOR)
2012-11-30 1:57 ` David Woodhouse
2012-11-30 8:25 ` David Woodhouse
2012-11-30 9:53 ` Krzysztof Mazur [this message]
2012-11-30 12:10 ` David Woodhouse
2012-11-30 16:23 ` David Woodhouse
2012-11-30 17:00 ` Krzysztof Mazur
2012-11-30 18:33 ` David Woodhouse
2012-11-30 17:12 ` chas williams - CONTRACTOR
2012-11-30 17:39 ` Krzysztof Mazur
2012-11-29 16:28 ` Krzysztof Mazur
2012-11-29 15:37 ` chas williams - CONTRACTOR
2012-11-29 15:59 ` David Woodhouse
2012-11-29 16:11 ` chas williams - CONTRACTOR
2012-10-23 6:52 ` [PATCH v2 1/3] pppoatm: don't send frames to destroyed vcc David Miller
2012-10-23 8:12 ` David Woodhouse
2012-10-30 9:35 ` David Woodhouse
2012-10-30 20:19 ` Krzysztof Mazur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121130095354.GA15126@shrek.podlesie.net \
--to=krzysiek@podlesie.net \
--cc=David.Laight@ACULAB.COM \
--cc=chas@cmf.nrl.navy.mil \
--cc=davem@davemloft.net \
--cc=dwmw2@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nathan@traverse.com.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.