Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp6038175imb; Fri, 8 Mar 2019 08:00:39 -0800 (PST) X-Google-Smtp-Source: APXvYqyWES+JnfJRtZek5XI2J/enC9dJtNu4Oo1IKCs6CgbcpqgWG/uIx+aacYHUT1f7zIcz62dO X-Received: by 2002:a17:902:2dc3:: with SMTP id p61mr7974245plb.137.1552060839075; Fri, 08 Mar 2019 08:00:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1552060839; cv=none; d=google.com; s=arc-20160816; b=ca4CpKat4IPabs67T6ljqXkQloqF7KxG+TNP/9eU+3OEWEJKxNwEofc2pw+92BxwMF YGZ4nnjVbgHakgDPO3bsbvKnP//Lh9Fs97/vnQeYMv85GzkyD8RGeJF8pZmgQMZimG1M a9P/vRUfpTCA+1vYKqNYsQFA2o4g+RvGphFsDTdHpsWM+59UAW0FGcurhj0DUrCIr+b3 ssT/T9s1oTBqgeAeDg9XWA56vSO7HkU486x9x8JVD0xBsiQ+GOL9iWtEEhcI5hEsji6B tLq8j062QNmH4n27dHiu4EYbLCWW0KM+cdGnooi4lqhdtDw3qwm1/0Mjm8ViliTJbzDu JwJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=DUUTUXgJab1yGoqHxHFb8913QKgsxE30Fb7YKrVE7C8=; b=kBM1WSYotXdR6GrkF++Gr8NFkeWaqv7bOoDPlrKHXl0bXJDvrXYkOUis4Z3Lzz8NtR aTH/HCgHyD9WD+xAfepBtq7XZFCG2NUKGadTRNP52JBAmmnr1ngM+kHMdtS3Uw4dWSHF hRQEH553ao6kksB33ERwF+lLtLhxiY4K2WWr+B0wz7AkssjJCouqjcEDRxkgMYD86z/p JUQoPnMKM4fs4Uk2eNOWGTdtnoyF2b01fH0EV+0xd+vG96K30LhFfHJ0bYg44iKeXXxR WK5s6WApku+TwJGA5bSjSGfEH3f5RlDggIpYi/5YBgJh7rBsfGcgsY7Z/GSa3SSKg81P auEA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d16si6663326pgb.443.2019.03.08.08.00.22; Fri, 08 Mar 2019 08:00:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726452AbfCHP7j (ORCPT + 99 others); Fri, 8 Mar 2019 10:59:39 -0500 Received: from mail.us.es ([193.147.175.20]:53884 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726275AbfCHP7j (ORCPT ); Fri, 8 Mar 2019 10:59:39 -0500 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 7B6415E539B for ; Fri, 8 Mar 2019 16:59:37 +0100 (CET) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 654B9DA86A for ; Fri, 8 Mar 2019 16:59:37 +0100 (CET) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 5A9D1DA7FC; Fri, 8 Mar 2019 16:59:37 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 0DCC0DA864; Fri, 8 Mar 2019 16:59:35 +0100 (CET) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Fri, 08 Mar 2019 16:59:35 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from us.es (sys.soleta.eu [212.170.55.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: 1984lsi) by entrada.int (Postfix) with ESMTPSA id D9AFD4265A2F; Fri, 8 Mar 2019 16:59:34 +0100 (CET) Date: Fri, 8 Mar 2019 16:59:34 +0100 X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: Su Yanjun Cc: kadlec@blackhole.kfki.hu, fw@strlen.de, davem@davemloft.net, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, suyj.fnst@cn.fujitsu.com Subject: Re: [PATCH] netfilter: nf_ct_helper: Fix possible panic when nf_conntrack_helper_unregister is used in an unloadable module Message-ID: <20190308155934.vfx2ah4k4guqvhyu@salvia> References: <1551419766-1039-1-git-send-email-suyanjun218@163.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1551419766-1039-1-git-send-email-suyanjun218@163.com> User-Agent: NeoMutt/20170113 (1.7.2) X-Virus-Scanned: ClamAV using ClamSMTP Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 01, 2019 at 01:56:06PM +0800, Su Yanjun wrote: > From: Su Yanjun > > Because nf_conntrack_helper_unregister maybe used in an unloadable module, > it uses 'synchronize_rcu' which may cause kernel panic. > > According to the artical: > RCU and Unloadable Modules > https://lwn.net/Articles/217484/ > > When we have a heavy rcu callback load, then some of the callbacks might be > deferred in order to allow other processing to proceed. sychnorize_rcu does > not wait rcu callback complete and module may be unloaded before callback > done. > > This patch uses rcu_barrier instead of synchronize_rcu will prevent this > situation. > > Signed-off-by: Su Yanjun > --- > net/netfilter/nf_conntrack_helper.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c > index 274baf1..0ee9378 100644 > --- a/net/netfilter/nf_conntrack_helper.c > +++ b/net/netfilter/nf_conntrack_helper.c > @@ -397,8 +397,15 @@ void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me) > > /* Make sure every nothing is still using the helper unless its a > * connection in the hash. > + * > + * 'synchronize_rcu' may have problem when rcu callback function > + * is used in unloadable modules. Use rcu_barrier instead, so that > + * it will wait until rcu callback completes before modules are > + * unloaded. > + * More detail about rcu_barrier please see: > + * https://lwn.net/Articles/217484/ > */ > - synchronize_rcu(); > + rcu_barrier(); Are you sure this is correct? IIRC rcu_barrier() makes sure no pending callback is still waiting in the queue to run. We have don't use call_rcu() in this code, which is what rcu_barrier() is meant for. Please correct me if I'm mistaken. Thanks! > > nf_ct_expect_iterate_destroy(expect_iter_me, NULL); > nf_ct_iterate_destroy(unhelp, me); > @@ -406,7 +413,7 @@ void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me) > /* Maybe someone has gotten the helper already when unhelp above. > * So need to wait it. > */ > - synchronize_rcu(); > + rcu_barrier(); > } > EXPORT_SYMBOL_GPL(nf_conntrack_helper_unregister); > > -- > 2.7.4 > >