Re: [PATCH v2 net] inet: frags: rework rhashtable dismantle

2018-10-02 Thread Eric Dumazet
On 10/01/2018 10:49 PM, Eric Dumazet wrote: > syszbot found an interesting use-after-free [1] happening > while IPv4 fragment rhashtable was destroyed at netns dismantle. > David, please do not apply this patch. I am working on another version, a bit more polished and allowing for more parall

Re: [PATCH v2 net] inet: frags: rework rhashtable dismantle

2018-10-02 Thread Eric Dumazet
On Tue, Oct 2, 2018 at 7:28 AM Dmitry Vyukov wrote: > > On Tue, Oct 2, 2018 at 4:04 PM, Eric Dumazet wrote: > > On Tue, Oct 2, 2018 at 6:46 AM Dmitry Vyukov wrote: > >> > >> On Tue, Oct 2, 2018 at 3:16 PM, Eric Dumazet wrote: > >> > On Tue, Oct 2, 2018 at 1:19 AM Dmitry Vyukov wrote: > >> >> >

Re: [PATCH v2 net] inet: frags: rework rhashtable dismantle

2018-10-02 Thread Dmitry Vyukov
On Tue, Oct 2, 2018 at 4:04 PM, Eric Dumazet wrote: > On Tue, Oct 2, 2018 at 6:46 AM Dmitry Vyukov wrote: >> >> On Tue, Oct 2, 2018 at 3:16 PM, Eric Dumazet wrote: >> > On Tue, Oct 2, 2018 at 1:19 AM Dmitry Vyukov wrote: >> >> >> >> On Tue, Oct 2, 2018 at 7:49 AM, Eric Dumazet wrote: >> >> >>

Re: [PATCH v2 net] inet: frags: rework rhashtable dismantle

2018-10-02 Thread Eric Dumazet
On Tue, Oct 2, 2018 at 6:46 AM Dmitry Vyukov wrote: > > On Tue, Oct 2, 2018 at 3:16 PM, Eric Dumazet wrote: > > On Tue, Oct 2, 2018 at 1:19 AM Dmitry Vyukov wrote: > >> > >> On Tue, Oct 2, 2018 at 7:49 AM, Eric Dumazet wrote: > >> > >> > >> Does inet_frag_kill() hold fq->lock? I am missing how

Re: [PATCH v2 net] inet: frags: rework rhashtable dismantle

2018-10-02 Thread Dmitry Vyukov
On Tue, Oct 2, 2018 at 3:16 PM, Eric Dumazet wrote: > On Tue, Oct 2, 2018 at 1:19 AM Dmitry Vyukov wrote: >> >> On Tue, Oct 2, 2018 at 7:49 AM, Eric Dumazet wrote: >> >> >> Does inet_frag_kill() hold fq->lock? I am missing how inet_frag_kill() >> and inet_frags_exit_net() are synchronized. >> Si

Re: [PATCH v2 net] inet: frags: rework rhashtable dismantle

2018-10-02 Thread Eric Dumazet
On Tue, Oct 2, 2018 at 1:19 AM Dmitry Vyukov wrote: > > On Tue, Oct 2, 2018 at 7:49 AM, Eric Dumazet wrote: > > > Does inet_frag_kill() hold fq->lock? I am missing how inet_frag_kill() > and inet_frags_exit_net() are synchronized. > Since you use smp_store_release()/READ_ONCE() they seem to run i

Re: [PATCH v2 net] inet: frags: rework rhashtable dismantle

2018-10-02 Thread Dmitry Vyukov
On Tue, Oct 2, 2018 at 7:49 AM, Eric Dumazet wrote: > syszbot found an interesting use-after-free [1] happening > while IPv4 fragment rhashtable was destroyed at netns dismantle. > > While no insertions can possibly happen at the time a dismantling > netns is destroying this rhashtable, timers can

[PATCH v2 net] inet: frags: rework rhashtable dismantle

2018-10-01 Thread Eric Dumazet
syszbot found an interesting use-after-free [1] happening while IPv4 fragment rhashtable was destroyed at netns dismantle. While no insertions can possibly happen at the time a dismantling netns is destroying this rhashtable, timers can still fire and attempt to remove elements from this rhashtabl