From: Wang Hai <wanghai38@huawei.com>
To: <bfields@fieldses.org>, <davem@davemloft.net>, <kuba@kernel.org>,
<wenbin.zeng@gmail.com>, <jlayton@kernel.org>,
<dsahern@gmail.com>, <nicolas.dichtel@6wind.com>,
<viro@zeniv.linux.org.uk>, <willy@infradead.org>,
<jakub.kicinski@netronome.com>, <tyhicks@canonical.com>,
<cong.wang@bytedance.com>, <ast@kernel.org>,
<jiang.wang@bytedance.com>, <christian.brauner@ubuntu.com>,
<edumazet@google.com>, <Rao.Shoaib@oracle.com>,
<kuniyu@amazon.co.jp>, <trond.myklebust@hammerspace.com>,
<anna.schumaker@netapp.com>, <chuck.lever@oracle.com>,
<neilb@suse.com>, <kolga@netapp.com>, <timo@rothenpieler.org>,
<tom@talpey.com>
Cc: <linux-nfs@vger.kernel.org>, <netdev@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
Subject: [PATCH net 0/2] auth_gss: Fix netns refcount leaks when use-gss-proxy==1
Date: Tue, 28 Sep 2021 11:14:38 +0800 [thread overview]
Message-ID: <20210928031440.2222303-1-wanghai38@huawei.com> (raw)
When use-gss-proxy is set to 1, write_gssp() creates a rpc client in
gssp_rpc_create(), this increases netns refcount by 2 [1], these
refcounts are supposed to be released in rpcsec_gss_exit_net(), but
it will never happen because rpcsec_gss_exit_net() is triggered only
when netns refcount gets to 0, specifically:
refcount=0 -> cleanup_net() -> ops_exit_list -> rpcsec_gss_exit_net
It is a deadlock situation here, refcount will never get to 0 unless
rpcsec_gss_exit_net() is called.
[1]
SyS_write
vfs_write
proc_reg_write
write_gssp
set_gssp_clnt
gssp_rpc_create
rpc_create
xprt_create_transport
xs_setup_local
xs_setup_xprt
xprt_alloc // get net refcount
xs_local_setup_socket
unix_create
kernel_connect // get net refcount
In this case, the net refcount shouldn't be increased when creating rpc
client, otherwise it will lead to deadlock.
This patchset removes the increased netns reference count.
Wang Hai (2):
net: Modify unix_stream_connect to not reference count the netns of
kernel sockets
auth_gss: Fix deadlock that blocks rpcsec_gss_exit_net when
use-gss-proxy==1
include/linux/sunrpc/clnt.h | 1 +
include/linux/sunrpc/xprt.h | 6 ++++--
net/sunrpc/auth_gss/gss_rpc_upcall.c | 3 ++-
net/sunrpc/clnt.c | 2 ++
net/sunrpc/xprt.c | 13 +++++++++----
net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 +-
net/sunrpc/xprtrdma/transport.c | 2 +-
net/sunrpc/xprtsock.c | 4 +++-
net/unix/af_unix.c | 3 ++-
9 files changed, 25 insertions(+), 11 deletions(-)
--
2.17.1
next reply other threads:[~2021-09-28 3:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-28 3:14 Wang Hai [this message]
2021-09-28 3:14 ` [PATCH net 1/2] net: Modify unix_stream_connect to not reference count the netns of kernel sockets Wang Hai
2021-09-28 12:50 ` Kuniyuki Iwashima
2021-09-28 3:14 ` [PATCH net 2/2] auth_gss: Fix deadlock that blocks rpcsec_gss_exit_net when use-gss-proxy==1 Wang Hai
2021-09-28 13:30 ` Trond Myklebust
2021-09-28 13:49 ` bfields
2021-09-28 14:04 ` Trond Myklebust
2021-09-28 14:17 ` bfields
2021-09-28 14:27 ` Trond Myklebust
2021-09-28 14:57 ` bfields
2021-09-28 15:36 ` Trond Myklebust
2021-09-28 15:43 ` bfields
2021-09-29 21:12 ` bfields
2021-09-30 1:56 ` wanghai (M)
2021-11-09 17:21 ` bfields
2021-11-17 19:19 ` bfields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210928031440.2222303-1-wanghai38@huawei.com \
--to=wanghai38@huawei.com \
--cc=Rao.Shoaib@oracle.com \
--cc=anna.schumaker@netapp.com \
--cc=ast@kernel.org \
--cc=bfields@fieldses.org \
--cc=christian.brauner@ubuntu.com \
--cc=chuck.lever@oracle.com \
--cc=cong.wang@bytedance.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=edumazet@google.com \
--cc=jakub.kicinski@netronome.com \
--cc=jiang.wang@bytedance.com \
--cc=jlayton@kernel.org \
--cc=kolga@netapp.com \
--cc=kuba@kernel.org \
--cc=kuniyu@amazon.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.com \
--cc=netdev@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=timo@rothenpieler.org \
--cc=tom@talpey.com \
--cc=trond.myklebust@hammerspace.com \
--cc=tyhicks@canonical.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wenbin.zeng@gmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).