Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3515691pxb;
        Mon, 4 Apr 2022 19:31:58 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyz8xem2UhM4omt4eMVu6uL7NjP+bWARVBi83Q/ITQFTKoXjU1EEIYBe9otnye8AbkmkoBK
X-Received: by 2002:a65:5a43:0:b0:399:53e1:f299 with SMTP id z3-20020a655a43000000b0039953e1f299mr1018392pgs.146.1649125918297;
        Mon, 04 Apr 2022 19:31:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649125918; cv=none;
        d=google.com; s=arc-20160816;
        b=oSDzatl4ikZG4T2X90NuUMfKL6B3sl/3Dcld8JLqdrGAQ3O3mM/IQxk4AiL4CwFgUw
         l6ju56qxD3egOZpTqGBfsKUwj2VIRPaENx8Dicrnh3w0eHf2WroZRMZO86nzMCdlMm3o
         83N56E723tWE/jN9Ap+oK4GVMcWc5HKk3t2NLXBLLpIgQ53mDq1I2PJZObxC/Mz4GWnL
         6yzDDeKwpypBdwXCkbZFH6u9Q8ZIkV7Fvj7+2kgY8rICkoOV29jRGIzE4/TQRGKhhfjD
         BigsdXnGhsHiH1+okoZIi6X0t9b99OvPh1WSTRVvLnIH5ksltCTj/fxKxIKlUgC+1vxI
         P6NA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=DZAZVBwAShxU5u7fT6BbCZ+cQt51H9PsjF/8xPB3ZlU=;
        b=0sz10FY+zhcR4UTilmb0Qj5H6jPjSRS6S1a6vMeUjVHNNhXopzpYaOdgH5q9PBtARq
         v9XIdyEZRgmXUj2ShB3QratDw3ca+TZ4eq38epHXDKrhzA6+CiutovBiiZVsoBZcYY3y
         zH+lofX0cgYzA26Nn6q5KZCMZl6nM0e7pubukNw/JHEFq+GS0YMsUTzHOS8+GU1rSI/s
         Fj09nPfABEUoqVlDo3C0oR/rMJ+LyeYOEOUdI+zmlLFIraW89MI7r6dZKfOF7/WxhA8k
         ++3ZAjDToh0TO7nvjWuGxpyXq6B4fKcTAEcMoG3CQY0GDOqQLrFh5VBJT9Z8qWRz9kXH
         f1Jg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=i8qh5fhg;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id m10-20020a638c0a000000b00382b21d7a89si13140013pgd.99.2022.04.04.19.31.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Apr 2022 19:31:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=i8qh5fhg;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 51B99324697;
	Mon,  4 Apr 2022 17:55:22 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1376614AbiDDN7S (ORCPT <rfc822;0x.yzhang@gmail.com> + 99 others);
        Mon, 4 Apr 2022 09:59:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40916 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1376436AbiDDN7O (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Apr 2022 09:59:14 -0400
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 141FD3EAAF;
        Mon,  4 Apr 2022 06:57:18 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id c42so3757093edf.3;
        Mon, 04 Apr 2022 06:57:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=message-id:date:mime-version:user-agent:subject:content-language:to
         :cc:references:from:in-reply-to:content-transfer-encoding;
        bh=DZAZVBwAShxU5u7fT6BbCZ+cQt51H9PsjF/8xPB3ZlU=;
        b=i8qh5fhg0UqgwGRnh95t8swhhyAwQY2n/t9uOBy+TL89eBpm/rFs0b39QbPRrf8MGn
         WyOxmYfG8fd5ON21qte4eGvOQmOnE+tCvuGeriTqHv300iGTrxnqlgDH3pW7+I8toGLQ
         ZAvBD4gnhRsSUDCW3o4yQzbJpNrXaSIAgL+xQCv0kjnWXXp0JL+7bx1ZsliHqX3kwV/J
         YqezPusqC4W5SV/QchoesphLGHmNn3DA9tWBJiVcqNBEQaTrCdjZW/1V/F963/zevopW
         QneM6SOZ+mrRzdSn3WGfRxf6zPkO/5wjF2QqKdXGBsGFvqDr8cEY8Fwgpy5/sJSsO9LH
         s0Pw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:cc:references:from:in-reply-to
         :content-transfer-encoding;
        bh=DZAZVBwAShxU5u7fT6BbCZ+cQt51H9PsjF/8xPB3ZlU=;
        b=6zL5C9WY1/aKTqi4u5ruyHOT8OuIPTO7KCDdIDK8Vo7ywsn+rvOzKJ+yUwKlbCLMrv
         fvJt1o09fp5rC3oQZew/eqyTlmMs6fIjvTbzL383FhyVs/1AX8177ovqWCPL2P1kS4gm
         d1M0DxRK9ucqzwIAaZajlriHRMf+X8vLZs3lYsB/wAUqi6mKK/6lpB7KI4r4BI4omZcF
         dZlji2TJWbb09sanUTI6XUQcnf4AK3h7LPldIQHvtDCt2aYTci5us07YJlOiv8fWqeMK
         fY7qWWebhldNxwZNqj1yM4PzuJYFPTRcCQa96TZctGle3vByQwI5NSlftupv33lAwYR7
         qBoQ==
X-Gm-Message-State: AOAM530G6amyhW4/f6O3x4kbQBZ/cjZXtyhXKaTJh85MvGf+KR45rKlX
        h9BoZwHmCvQzCMKbFwp5qBg=
X-Received: by 2002:a05:6402:1d4e:b0:419:5a50:75f6 with SMTP id dz14-20020a0564021d4e00b004195a5075f6mr110694edb.403.1649080636593;
        Mon, 04 Apr 2022 06:57:16 -0700 (PDT)
Received: from ?IPV6:2a02:1811:cc83:eef0:7bf1:a0f8:a9aa:ac98? (ptr-dtfv0pmq82wc9dcpm6w.18120a2.ip6.access.telenet.be. [2a02:1811:cc83:eef0:7bf1:a0f8:a9aa:ac98])
        by smtp.gmail.com with ESMTPSA id dm11-20020a170907948b00b006cf488e72e3sm4457482ejc.25.2022.04.04.06.57.15
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 04 Apr 2022 06:57:16 -0700 (PDT)
Message-ID: <743c57bd-514e-d17f-ba43-607e3cb83a95@gmail.com>
Date:   Mon, 4 Apr 2022 15:57:14 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.7.0
Subject: Re: [PATCH net-next v2] ipv6: fix locking issues with loops over
 idev->addr_list
Content-Language: en-US
To:     Andrew Lunn <andrew@lunn.ch>
Cc:     netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        "David S. Miller" <davem@davemloft.net>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        David Ahern <dsahern@kernel.org>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>
References: <20220403231523.45843-1-dossche.niels@gmail.com>
 <Ykro/s5+kd+po26e@lunn.ch>
From:   Niels Dossche <dossche.niels@gmail.com>
In-Reply-To: <Ykro/s5+kd+po26e@lunn.ch>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,
	RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 04/04/2022 14:47, Andrew Lunn wrote:
> On Mon, Apr 04, 2022 at 01:15:24AM +0200, Niels Dossche wrote:
>> idev->addr_list needs to be protected by idev->lock. However, it is not
>> always possible to do so while iterating and performing actions on
>> inet6_ifaddr instances. For example, multiple functions (like
>> addrconf_{join,leave}_anycast) eventually call down to other functions
>> that acquire the idev->lock. The current code temporarily unlocked the
>> idev->lock during the loops, which can cause race conditions. Moving the
>> locks up is also not an appropriate solution as the ordering of lock
>> acquisition will be inconsistent with for example mc_lock.
> 
> Hi Niels
> 
> What sort of issues could the race result in?

Hi Andrew

The issue is that the protection of the address list is lifted inside of the loop for a brief moment.
Therefore, the looping over the list loses its atomicity.
I believe the list's entries might become corrupted in case of a race occurring.

> 
> I've been chasing a netdev reference leak, when using the GNS3
> simulator. Shutting down the system can result in one interface having
> a netdev reference count of 5, and it never gets destroyed. Using the
> tracker code Eric recently added, i found one of the leaks is idev,
> its reference count does not go to 0, and hence the reference it holds
> on the netdev is never released.> 
> I will test this patch out, see if it helps, but i'm just wondering if
> you think the issue i'm seeing is theoretically possible because of
> this race? If it is, we might want this applied to stable, not just
> net-next.

I am not sure, but I believe that it may be related, although I believe it would be unlikely to happen.
In your case, it could be because of this non-atomic handling of the list entries:
this could perhaps, for example, result in skipping an instance of ifaddr in the loop if
there is another change happening to the list in the meantime. Then the instance would've never been put,
hence not changing its refcount. But again, I'm not sure about this for your case.

> 
> Thanks
> 	Andrew

Kind regards
Niels