Re: [PATCH net] net, sched: fix soft lockup in tc_classify

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Daniel Borkmann <daniel@iogearbox•net>
To: Cong Wang <xiyou.wangcong@gmail•com>
Cc: David Miller <davem@davemloft•net>,
	Shahar Klein <shahark@mellanox•com>,
	Or Gerlitz <gerlitz.or@gmail•com>, Roi Dayan <roid@mellanox•com>,
	Jiri Pirko <jiri@mellanox•com>,
	John Fastabend <john.fastabend@gmail•com>,
	Linux Kernel Network Developers <netdev@vger•kernel.org>
Subject: Re: [PATCH net] net, sched: fix soft lockup in tc_classify
Date: Wed, 21 Dec 2016 22:07:48 +0100	[thread overview]
Message-ID: <585AEF24.4070800@iogearbox.net> (raw)
In-Reply-To: <CAM_iQpUEUmJpjQYV7HV+4NVtGe6D-yZs6=YizcDtf7dogkNR0Q@mail.gmail.com>

On 12/21/2016 09:47 PM, Cong Wang wrote:
> On Wed, Dec 21, 2016 at 12:02 PM, Daniel Borkmann <daniel@iogearbox•net> wrote:
>> On 12/21/2016 08:10 PM, Cong Wang wrote:
>>> On Wed, Dec 21, 2016 at 10:51 AM, Cong Wang <xiyou.wangcong@gmail•com>
>>> wrote:
>>>> On Wed, Dec 21, 2016 at 9:04 AM, Daniel Borkmann <daniel@iogearbox•net>
>>>> wrote:
>>>>>
>>>>> What happens is that in tc_ctl_tfilter(), thread A allocates a new
>>>>> tp, initializes it, sets tp_created to 1, and calls into
>>>>> tp->ops->change()
>>>>> with it. In that classifier callback we had to unlock/lock the rtnl
>>>>> mutex and returned with -EAGAIN. One reason why we need to drop there
>>>>> is, for example, that we need to request an action module to be loaded.
>>>>
>>>> Excellent catch!
>>>>
>>>> But why do we have to replay the request here? Shouldn't we just return
>>>> EAGAIN to user-space and let user-space decide to retry or not?
>>>> Replaying is the root of the evil here.
>>>
>>> Answer myself: probably due to historical reasons, but still replaying
>>> inside such a big function is just error-prone, we should promote it
>>> out:
>>
>> Have no strong opinion, I guess it could be done as a simplification
>> for net-next, why not, along with moving out the netlink_ns_capable()
>> check or possibly other things after careful analysis that don't need
>> to be redone in that circumstance.
>
> It is only slightly bigger than your current one so could fit for -stable too.
> Also, it could fix all potential problems like this one. Let compiler do the
> work, not human. ;)

Ok, you mean for net. In that case I prefer the smaller sized fix to be
honest. It also covers everything from the point where we fetch the chain
via cops->tcf_chain() to the end of the function, which is where most of
the complexity resides, and only the two mentioned commits do the relock,
so as a fix I think it's fine as-is. As mentioned, if there's need to
refactor tc_ctl_tfilter() net-next would be better, imho.

Thanks,
Daniel

next prev parent reply	other threads:[~2016-12-21 21:07 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-21 17:04 [PATCH net] net, sched: fix soft lockup in tc_classify Daniel Borkmann
2016-12-21 17:37 ` Eric Dumazet
2016-12-21 18:51 ` Cong Wang
2016-12-21 19:10   ` Cong Wang
2016-12-21 20:02     ` Daniel Borkmann
2016-12-21 20:47       ` Cong Wang
2016-12-21 21:07         ` Daniel Borkmann [this message]
2016-12-22 16:53           ` David Miller
2016-12-22 17:50             ` John Fastabend
2016-12-22 23:21               ` Daniel Borkmann
2016-12-22 19:05           ` Cong Wang
2016-12-23  0:26             ` Daniel Borkmann
2016-12-24  7:34               ` Cong Wang
2016-12-24 21:03                 ` Daniel Borkmann
2016-12-21 19:16   ` Daniel Borkmann
2016-12-22 13:16 ` Shahar Klein
2016-12-22 23:20   ` Daniel Borkmann
2016-12-26 16:24 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=585AEF24.4070800@iogearbox.net \
    --to=daniel@iogearbox$(echo .)net \
    --cc=davem@davemloft$(echo .)net \
    --cc=gerlitz.or@gmail$(echo .)com \
    --cc=jiri@mellanox$(echo .)com \
    --cc=john.fastabend@gmail$(echo .)com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=roid@mellanox$(echo .)com \
    --cc=shahark@mellanox$(echo .)com \
    --cc=xiyou.wangcong@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox