All of lore.kernel.org
 help / color / mirror / Atom feed
From: Hangbin Liu <liuhangbin@gmail.com>
To: netdev@vger.kernel.org
Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>,
	"David Miller" <davem@davemloft.net>,
	"Hangbin Liu" <liuhangbin@gmail.com>,
	"Xiumei Mu" <xmu@redhat.com>,
	"Toke Høiland-Jørgensen" <toke@redhat.com>
Subject: [PATCH net] wireguard: remove peer cache in netns_pre_exit
Date: Wed,  1 Sep 2021 20:29:04 +0800	[thread overview]
Message-ID: <20210901122904.9094-1-liuhangbin@gmail.com> (raw)

wg_peer_remove_all() will put peer's refcount and clear peer's dst cache
if no ref hold. Currently, it was only called in wg_destruct().

When delete a netns with wg interface in side, the wg_netns_pre_exit() is
called first. Later in netdev_run_todo() the function will be hung at
netdev_wait_allrefs(dev) as dev->priv_destructor(dev) runs later, the
peer's dst cache could not be cleared and there is still a reference on
the device. This could cause kernel errors like:

unregister_netdevice: waiting for wg0 to become free. Usage count = 2
(if remove the veth interface in netns first)
or
unregister_netdevice: waiting for veth1 to become free. Usage count = 2
(if not remove veth interface first)

Fix it by removing peer cache in netns_pre_exit.

Also add a test in netns.sh for this issue.

Reported-by: Xiumei Mu <xmu@redhat.com>
Tested-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
 drivers/net/wireguard/device.c             |  1 +
 tools/testing/selftests/wireguard/netns.sh | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/drivers/net/wireguard/device.c b/drivers/net/wireguard/device.c
index 551ddaaaf540..c370854c76eb 100644
--- a/drivers/net/wireguard/device.c
+++ b/drivers/net/wireguard/device.c
@@ -407,6 +407,7 @@ static void wg_netns_pre_exit(struct net *net)
 			mutex_lock(&wg->device_update_lock);
 			rcu_assign_pointer(wg->creating_net, NULL);
 			wg_socket_reinit(wg, NULL, NULL);
+			wg_peer_remove_all(wg);
 			mutex_unlock(&wg->device_update_lock);
 		}
 	}
diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh
index ebc4ee0fe179..d94c2c887bcd 100755
--- a/tools/testing/selftests/wireguard/netns.sh
+++ b/tools/testing/selftests/wireguard/netns.sh
@@ -614,6 +614,24 @@ ip1 link add wg1 type wireguard
 ip2 link add wg2 type wireguard
 ip1 link set wg1 netns $netns2
 ip2 link set wg2 netns $netns1
+
+ip1 link add dev wg0 type wireguard
+ip2 link add dev wg0 type wireguard
+configure_peers
+ip1 link add veth1 type veth peer name veth2
+ip1 link set veth2 netns $netns2
+ip1 addr add fd00:aa::1/64 dev veth1
+ip2 addr add fd00:aa::2/64 dev veth2
+ip1 link set veth1 up
+ip2 link set veth2 up
+waitiface $netns1 veth1
+waitiface $netns2 veth2
+ip1 -6 route add default dev veth1 via fd00:aa::2
+ip2 -6 route add default dev veth2 via fd00:aa::1
+n1 wg set wg0 peer "$pub2" endpoint [fd00:aa::2]:2
+n2 wg set wg0 peer "$pub1" endpoint [fd00:aa::1]:1
+n1 ping6 -c 1 fd00::2
+
 pp ip netns delete $netns1
 pp ip netns delete $netns2
 pp ip netns add $netns1
-- 
2.31.1


             reply	other threads:[~2021-09-01 12:30 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-01 12:29 Hangbin Liu [this message]
2021-09-01 13:55 ` [PATCH net] wireguard: remove peer cache in netns_pre_exit Jason A. Donenfeld
2021-09-02 16:26   ` Toke Høiland-Jørgensen
2021-09-03 12:16     ` Hangbin Liu
2021-09-03 13:10       ` Toke Høiland-Jørgensen
2021-09-04  8:43   ` Hangbin Liu
2021-10-25  4:06   ` Hangbin Liu
2021-10-25  4:28     ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210901122904.9094-1-liuhangbin@gmail.com \
    --to=liuhangbin@gmail.com \
    --cc=Jason@zx2c4.com \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=toke@redhat.com \
    --cc=xmu@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.