From: Shay Agroskin <shayagr@amazon.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: <davem@davemloft.net>, <netdev@vger.kernel.org>,
<dwmw@amazon.com>, <zorik@amazon.com>, <matua@amazon.com>,
<saeedb@amazon.com>, <msw@amazon.com>, <aliguori@amazon.com>,
<nafea@amazon.com>, <gtzalik@amazon.com>, <netanel@amazon.com>,
<alisaidi@amazon.com>, <benh@amazon.com>, <akiyano@amazon.com>,
<sameehj@amazon.com>, <ndagan@amazon.com>
Subject: Re: [PATCH V1 net 1/3] net: ena: Prevent reset after device destruction
Date: Sun, 16 Aug 2020 13:25:45 +0300 [thread overview]
Message-ID: <pj41zlft8mc2fq.fsf@u68c7b5b1d2d758.ant.amazon.com> (raw)
In-Reply-To: <20200813134111.3d22b6ac@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Jakub Kicinski <kuba@kernel.org> writes:
> On Thu, 13 Aug 2020 15:51:46 +0300 Shay Agroskin wrote:
>> Long answer:
>> The ena_destroy_device() function is called with rtnl_lock()
>> held,
>> so it cannot run in parallel with the reset function. Also the
>> destroy function clears the bit ENA_FLAG_TRIGGER_RESET without
>> which the reset function just exits without doing anything.
>>
>> A problem can then only happen when some routine sets the
>> ENA_FLAG_TRIGGER_RESET bit before the reset function is
>> executed,
>> the following describes all functions from which this bit can
>> be
>> set:
>
> ena_fw_reset_device() runs from a workqueue, it can be preempted
> right
> before it tries to take the rtnl_lock. Then after arbitrarily
> long
> delay it will start again, take the lock, and dereference
> adapter->flags. But adapter could have been long freed at this
> point.
Missed that the check for the 'flags' field also requires that
netdev_priv field (adapter variable) would be allocated. Thank you
for pointing that out, this indeed needs to be fixed. I'll add
reset work destruction in next patchset.
Thank you for reviewing it
>
> Unless you flush a workqueue or cancel_work_sync() you can never
> be
> sure it's not scheduled. And I can only see a flush when module
> is
> unloaded now.
next prev parent reply other threads:[~2020-08-16 10:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-12 10:10 [PATCH V1 net 0/3] Bug fixes for ENA ethernet driver Shay Agroskin
2020-08-12 10:10 ` [PATCH V1 net 1/3] net: ena: Prevent reset after device destruction Shay Agroskin
2020-08-12 17:52 ` Jakub Kicinski
2020-08-13 12:51 ` Shay Agroskin
2020-08-13 20:41 ` Jakub Kicinski
2020-08-16 10:25 ` Shay Agroskin [this message]
2020-08-12 10:10 ` [PATCH V1 net 2/3] net: ena: Change WARN_ON expression in ena_del_napi_in_range() Shay Agroskin
2020-08-12 10:10 ` [PATCH V1 net 3/3] net: ena: Make missed_tx stat incremental Shay Agroskin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pj41zlft8mc2fq.fsf@u68c7b5b1d2d758.ant.amazon.com \
--to=shayagr@amazon.com \
--cc=akiyano@amazon.com \
--cc=aliguori@amazon.com \
--cc=alisaidi@amazon.com \
--cc=benh@amazon.com \
--cc=davem@davemloft.net \
--cc=dwmw@amazon.com \
--cc=gtzalik@amazon.com \
--cc=kuba@kernel.org \
--cc=matua@amazon.com \
--cc=msw@amazon.com \
--cc=nafea@amazon.com \
--cc=ndagan@amazon.com \
--cc=netanel@amazon.com \
--cc=netdev@vger.kernel.org \
--cc=saeedb@amazon.com \
--cc=sameehj@amazon.com \
--cc=zorik@amazon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).