Re: [PATCH 1/1] net: race condition when removing virtual net_device
From: Francesco Ruggeri <hidden>
Date: 2013-09-16 02:54:44
Possibly related (same subject, not in this thread)
- 2013-09-10 · Re: [PATCH 1/1] net: race condition when removing virtual net_device · Francesco Ruggeri <hidden>
- 2013-09-10 · Re: [PATCH 1/1] net: race condition when removing virtual net_device · Stephen Hemminger <stephen@networkplumber.org>
- 2013-09-09 · [PATCH 1/1] net: race condition when removing virtual net_device · Francesco Ruggeri <hidden>
On Fri, Sep 13, 2013 at 6:46 PM, Eric W. Biederman [off-list ref] wrote:
Francesco Ruggeri [off-list ref] writes:quoted
On Thu, Sep 12, 2013 at 10:50 PM, Eric W. Biederman [off-list ref] wrote: I do have some concerns about both correctness and feasibility of this approach. About 2), namespace dependent operations triggered by unregistering the virtual devices (eg rt_flush_dev, dst_dev_event/dst_ifdown and probably more) would not be done in the namespaces where they should.Yes they will. That is what dev_change_net_namespace does.
You are right, I don't know what I was thinking.
It was worth a second look. I can not find anything wrong with your patch but I can not convince myself that it is correct either. The moving around the loopback device in the net dev todo list to prevent deadlock I can't imagine why you are doing that.
That is in order not to introduce a potential deadlock when multiple namespaces are destroyed in default_device_exit_batch. Take the same veth scenario as before: v0 in namespace ns0 (loopback_dev lo0) and similarly for v1, ns1 and lo1. Assume two processes destroy ns0 and ns1. cleanup_net is executed in a workqueue and the two namespaces can end up being processed in the same instance of cleanup_net/ops_exit_list/default_device_exit_batch. default_device_exit_batch traverses each namespace's dev_base list and unregister_netdevice_queue is executed in this order: v0 v1 lo0 v1 v0 lo1. unregister_netdevice_queue is executed twice on v0 and v1 but that is ok because it uses list_move_tail and only the last one sticks. The resulting list for unregister_netdevice_many is: lo0 v1 v0 lo1. If v0 holds a reference to lo0 there will be a deadlock in netdev_run_todo if v0 does not come before lo0 in net_todo_list. By pushing all loopback_devs to the end of net_todo_list this situation is avoided. This is the sequence with today's (actually 3.4) code: unregister_netdevice_queue: v0 (ns ffff880037aecd00) unregister_netdevice_queue: v1 (ns ffff880037aed800) unregister_netdevice_queue: lo (ns ffff880037aecd00) unregister_netdevice_queue: v1 (ns ffff880037aed800) unregister_netdevice_queue: v0 (ns ffff880037aecd00) unregister_netdevice_queue: lo (ns ffff880037aed800) unregister_netdevice_many: lo (ns ffff880037aecd00) v1 (ns ffff880037aed800) v0 (ns ffff880037aecd00) lo (ns ffff880037aed800) netdev_run_todo: lo (ns ffff880037aecd00) v1 (ns ffff880037aed800) v0 (ns ffff880037aecd00) lo (ns ffff880037aed800) and this is the sequence after pushing the loopback_devs to the tail of net_todo_list: unregister_netdevice_queue: v0 (ns ffff8800379f8000) unregister_netdevice_queue: v1 (ns ffff8800378c0b00) unregister_netdevice_queue: lo (ns ffff8800379f8000) unregister_netdevice_queue: v1 (ns ffff8800378c0b00) unregister_netdevice_queue: v0 (ns ffff8800379f8000) unregister_netdevice_queue: lo (ns ffff8800378c0b00) unregister_netdevice_many: lo (ns ffff8800379f8000) v1 (ns ffff8800378c0b00) v0 (ns ffff8800379f8000) lo (ns ffff8800378c0b00) netdev_run_todo: v1 (ns ffff8800378c0b00) v0 (ns ffff8800379f8000) lo (ns ffff8800379f8000) lo (ns ffff8800378c0b00) Should we take this discussion offline? I do appreciate your spending time on this. Thanks, Francesco
Eric