Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp1579805pxb; Thu, 14 Apr 2022 09:05:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyBgw5KWQ2qfQEEgFJPnFSpmKd1pvZh+1oDaGtdTYNdweE4uvkpNKTdo4yR+LjCRWIkOTJQ X-Received: by 2002:a05:6402:5146:b0:415:fd95:6afa with SMTP id n6-20020a056402514600b00415fd956afamr3781129edd.200.1649952322088; Thu, 14 Apr 2022 09:05:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649952322; cv=none; d=google.com; s=arc-20160816; b=qT5kt7Ic8IqhkRrtJ1AqqmN6OO0Xa9+yoSRQVO96JWTmTq/CJuGQJpI/8z4fSleiUZ +FkGdOmoffm8iACBpx8jQn3T0+QRtv862P2HT1xzQtDigXSTK1C8NX6w6nO/YgVlJklj nTG/1D1OF+aHzaMLGCL2AJu+MQNezqueMo+RLvQ5OQx469EIacznnvRk5FwmBI1E4s0m HUJtI48Y+gIys9aTGcQoZAnnLSReOg5lSSpksAK+YfAGyueFUcw14/Y5BUlvY6WEXDpx vvOl24FIiz2yVHTE375Ggij7HAMszJ+LofSlo86kTba7jpWCZsrJZR7cq7UWs2yAZIIm w/TA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=vwO3OGbzddlvjItZqAV0mqXb3O/PEMsPvLwPJ9/sqKU=; b=i6NZX6KLRbMpAJswF8eG6sW9BDceq9NCe4QtmkNrSXdpaIrIpYY0GBqaDib5xafEkJ S1st7/FmaXFxyFQeGHrunhELYAO1aRBpkOOHWNX0hsoShuEaY4ChJLwISKaP/+vgR33x x130W19Pfy5ev2OCvgbZka+6wg9pX0M6X+ZOmGkqvmv+Wa/WdHY7dO1eiLVRVkY+bVLP Y5Iq6MVQQZXgvmyBvbff7aWjQmFPsSjgWXwxb86TubHuJscmffTYqIQsDqdKv47XoHEq pmRHzdTh3ukzx5cOS6OrVNtCWqCSH478DUwi1avDOm9btIq1ptO0OljLQDbT0CYrYbCL zKsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=juce799H; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r8-20020a170906364800b006e86f095813si2353221ejb.206.2022.04.14.09.04.51; Thu, 14 Apr 2022 09:05:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=juce799H; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235412AbiDMRQ7 (ORCPT + 99 others); Wed, 13 Apr 2022 13:16:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54838 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231983AbiDMRQ5 (ORCPT ); Wed, 13 Apr 2022 13:16:57 -0400 Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D4C824BBB7 for ; Wed, 13 Apr 2022 10:14:34 -0700 (PDT) Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-2ebf3746f87so29930367b3.6 for ; Wed, 13 Apr 2022 10:14:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vwO3OGbzddlvjItZqAV0mqXb3O/PEMsPvLwPJ9/sqKU=; b=juce799HZCRZ/VOt5XfwSWlE6hcRFFFJshBvveO8PUrjBHpVx5KSOXZFdfw+LxSxNk Levx9OahKD5UvcPdnSOAXEfARo99Yp5hYAuEP1SEyj3aji7iAqQhFFe3mKQj04maUAmO ecyAviwSm+ovtCHW15RkIVeS2efs5wcCl98ag91uNQK4uutWVNw1ppzzS/c7/RzJ662N Ssx+zQnU6oEV2EDubKprrTnG6Rrg9XsD3hiIKUdhZLZ01HnZDan8pG+xE/SzA59bF7fN vCNSyE/xBY1gKTgZpjtbzxWsqj5VqDaY7ZsOKMx6nnDgGqH5HBbNsqFM33EmDFnzTwiS +lJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vwO3OGbzddlvjItZqAV0mqXb3O/PEMsPvLwPJ9/sqKU=; b=nL1pozADETJCYWGcFUbdVpLmnxLI5ss/RB/r/Ef+AIHqeX3slZwgG0iPZQ87X6Mxip +nkN8UP9n4tQ9apO3VupzEEZcWKhDDhAIs1aVq6w4qAZ8kFLM1pkNRhCcvY21h4r9KXN hosSebKRR0O+ArEEETx49YWPJYNM401GqJFXBPpDm/Cr1Du6CJoL6/1IWpkSyxXlAWZF zGZXDb13pw49X6W2L9RmlPJEfASnPWwRd87chhSowee0DYtwiK7qs9ClFK/EFtekx/kM BdoirlqEJss7d77nfTGXa3ZPiQhjhtEMOfySMpE4ORTxUAHJvEPuWqksIgqU8Oc8Uwx6 M49Q== X-Gm-Message-State: AOAM532gbZcAzEji1cJUAVHTjegZ3Gy6gm+0gEAqPsAiapei1haW6SVh DV+8WFwJLiCThUKP6yczzaHDLJyvSZPzxwIU6V1y6A== X-Received: by 2002:a81:753:0:b0:2eb:ebe9:ff4f with SMTP id 80-20020a810753000000b002ebebe9ff4fmr19633113ywh.255.1649870073759; Wed, 13 Apr 2022 10:14:33 -0700 (PDT) MIME-Version: 1.0 References: <164984498582.2000115.4023190177137486137.stgit@warthog.procyon.org.uk> In-Reply-To: <164984498582.2000115.4023190177137486137.stgit@warthog.procyon.org.uk> From: Eric Dumazet Date: Wed, 13 Apr 2022 10:14:22 -0700 Message-ID: Subject: Re: [PATCH net] rxrpc: Restore removed timer deletion To: David Howells Cc: netdev@vger.kernel.org, Marc Dionne , linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 13, 2022 at 3:16 AM David Howells wrote: > > A recent patch[1] from Eric Dumazet flipped the order in which the > keepalive timer and the keepalive worker were cancelled in order to fix a > syzbot reported issue[2]. Unfortunately, this enables the mirror image bug > whereby the timer races with rxrpc_exit_net(), restarting the worker after > it has been cancelled: > > CPU 1 CPU 2 > =============== ===================== > if (rxnet->live) > > rxnet->live = false; > cancel_work_sync(&rxnet->peer_keepalive_work); > rxrpc_queue_work(&rxnet->peer_keepalive_work); > del_timer_sync(&rxnet->peer_keepalive_timer); > > Fix this by restoring the removed del_timer_sync() so that we try to remove > the timer twice. If the timer runs again, it should see ->live == false > and not restart the worker. > > Fixes: 1946014ca3b1 ("rxrpc: fix a race in rxrpc_exit_net()") > Signed-off-by: David Howells > cc: Eric Dumazet > cc: Marc Dionne > cc: linux-afs@lists.infradead.org > Link: https://lore.kernel.org/r/20220404183439.3537837-1-eric.dumazet@gmail.com/ [1] > Link: https://syzkaller.appspot.com/bug?extid=724378c4bb58f703b09a [2] > --- > > net/rxrpc/net_ns.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/rxrpc/net_ns.c b/net/rxrpc/net_ns.c > index f15d6942da45..cc7e30733feb 100644 > --- a/net/rxrpc/net_ns.c > +++ b/net/rxrpc/net_ns.c > @@ -113,7 +113,9 @@ static __net_exit void rxrpc_exit_net(struct net *net) > struct rxrpc_net *rxnet = rxrpc_net(net); > > rxnet->live = false; > + del_timer_sync(&rxnet->peer_keepalive_timer); > cancel_work_sync(&rxnet->peer_keepalive_work); > + /* Remove the timer again as the worker may have restarted it. */ > del_timer_sync(&rxnet->peer_keepalive_timer); > rxrpc_destroy_all_calls(rxnet); > rxrpc_destroy_all_connections(rxnet); > > ok... so we have a timer and a work queue, both activating each other in kind of a ping pong ? Any particular reason not using delayed works ? Thanks.