netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Wang Hai <wanghai38@huawei.com>
To: <bfields@fieldses.org>, <davem@davemloft.net>, <kuba@kernel.org>,
	<wenbin.zeng@gmail.com>, <jlayton@kernel.org>,
	<dsahern@gmail.com>, <nicolas.dichtel@6wind.com>,
	<viro@zeniv.linux.org.uk>, <willy@infradead.org>,
	<jakub.kicinski@netronome.com>, <tyhicks@canonical.com>,
	<cong.wang@bytedance.com>, <ast@kernel.org>,
	<jiang.wang@bytedance.com>, <christian.brauner@ubuntu.com>,
	<edumazet@google.com>, <Rao.Shoaib@oracle.com>,
	<kuniyu@amazon.co.jp>, <trond.myklebust@hammerspace.com>,
	<anna.schumaker@netapp.com>, <chuck.lever@oracle.com>,
	<neilb@suse.com>, <kolga@netapp.com>, <timo@rothenpieler.org>,
	<tom@talpey.com>
Cc: <linux-nfs@vger.kernel.org>, <netdev@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>
Subject: [PATCH net 0/2] auth_gss: Fix netns refcount leaks when use-gss-proxy==1
Date: Tue, 28 Sep 2021 11:14:38 +0800	[thread overview]
Message-ID: <20210928031440.2222303-1-wanghai38@huawei.com> (raw)

When use-gss-proxy is set to 1, write_gssp() creates a rpc client in
gssp_rpc_create(), this increases netns refcount by 2 [1], these
refcounts are supposed to be released in rpcsec_gss_exit_net(), but
it will never happen because rpcsec_gss_exit_net() is triggered only
when netns refcount gets to 0, specifically:
     refcount=0 -> cleanup_net() -> ops_exit_list -> rpcsec_gss_exit_net
It is a deadlock situation here, refcount will never get to 0 unless
rpcsec_gss_exit_net() is called. 

[1]
SyS_write
    vfs_write
        proc_reg_write
            write_gssp
                set_gssp_clnt
                    gssp_rpc_create
                        rpc_create
                            xprt_create_transport
                                xs_setup_local
                                    xs_setup_xprt
                                        xprt_alloc   // get net refcount
                                    xs_local_setup_socket
                                        unix_create
                                        kernel_connect // get net refcount

In this case, the net refcount shouldn't be increased when creating rpc
client, otherwise it will lead to deadlock.

This patchset removes the increased netns reference count.

Wang Hai (2):
  net: Modify unix_stream_connect to not reference count the netns of
    kernel sockets
  auth_gss: Fix deadlock that blocks rpcsec_gss_exit_net when
    use-gss-proxy==1

 include/linux/sunrpc/clnt.h                |  1 +
 include/linux/sunrpc/xprt.h                |  6 ++++--
 net/sunrpc/auth_gss/gss_rpc_upcall.c       |  3 ++-
 net/sunrpc/clnt.c                          |  2 ++
 net/sunrpc/xprt.c                          | 13 +++++++++----
 net/sunrpc/xprtrdma/svc_rdma_backchannel.c |  2 +-
 net/sunrpc/xprtrdma/transport.c            |  2 +-
 net/sunrpc/xprtsock.c                      |  4 +++-
 net/unix/af_unix.c                         |  3 ++-
 9 files changed, 25 insertions(+), 11 deletions(-)

-- 
2.17.1


             reply	other threads:[~2021-09-28  3:15 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-28  3:14 Wang Hai [this message]
2021-09-28  3:14 ` [PATCH net 1/2] net: Modify unix_stream_connect to not reference count the netns of kernel sockets Wang Hai
2021-09-28 12:50   ` Kuniyuki Iwashima
2021-09-28  3:14 ` [PATCH net 2/2] auth_gss: Fix deadlock that blocks rpcsec_gss_exit_net when use-gss-proxy==1 Wang Hai
2021-09-28 13:30   ` Trond Myklebust
2021-09-28 13:49     ` bfields
2021-09-28 14:04       ` Trond Myklebust
2021-09-28 14:17         ` bfields
2021-09-28 14:27           ` Trond Myklebust
2021-09-28 14:57             ` bfields
2021-09-28 15:36               ` Trond Myklebust
2021-09-28 15:43                 ` bfields
2021-09-29 21:12                   ` bfields
2021-09-30  1:56                     ` wanghai (M)
2021-11-09 17:21                       ` bfields
2021-11-17 19:19                         ` bfields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210928031440.2222303-1-wanghai38@huawei.com \
    --to=wanghai38@huawei.com \
    --cc=Rao.Shoaib@oracle.com \
    --cc=anna.schumaker@netapp.com \
    --cc=ast@kernel.org \
    --cc=bfields@fieldses.org \
    --cc=christian.brauner@ubuntu.com \
    --cc=chuck.lever@oracle.com \
    --cc=cong.wang@bytedance.com \
    --cc=davem@davemloft.net \
    --cc=dsahern@gmail.com \
    --cc=edumazet@google.com \
    --cc=jakub.kicinski@netronome.com \
    --cc=jiang.wang@bytedance.com \
    --cc=jlayton@kernel.org \
    --cc=kolga@netapp.com \
    --cc=kuba@kernel.org \
    --cc=kuniyu@amazon.co.jp \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=neilb@suse.com \
    --cc=netdev@vger.kernel.org \
    --cc=nicolas.dichtel@6wind.com \
    --cc=timo@rothenpieler.org \
    --cc=tom@talpey.com \
    --cc=trond.myklebust@hammerspace.com \
    --cc=tyhicks@canonical.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=wenbin.zeng@gmail.com \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).