Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1282832yba; Thu, 9 May 2019 13:53:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqx06JVNgQXqyiF1Xq/w/CoHfSgzPd6bBceI4haYkUou04jvt7pBictout3CFED1qvssgfUc X-Received: by 2002:a65:56c5:: with SMTP id w5mr8652882pgs.434.1557435233580; Thu, 09 May 2019 13:53:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557435233; cv=none; d=google.com; s=arc-20160816; b=K/JgqJa1uN4Sd7M9tg7jdEgHqTYxBLcrx1dJrjFlcA1iIzKsYvhDKLStS6/JA0vHH9 Sl2mTD2HRbLg18u0HKCC9eLYIpbkpJfN/Trqd+P7+sjX18DwgDnuSBex+WcIe5cOAMVT OMtUHvyg/LqsiUgKwU9zEw/tGblOvyvG0vcovqSezpAR0CUYRiBkL0JzpuDAWet2Rfvp 6gyg46hkP/ZXDXxz4bgOkjz8uw72UDrO4CvBgzaJIE2ovFKYbvQF6ScQXWL/KY6pNl/W cq7X125p/0aCwS+EtrEoDU5LIHZDyrx70kwqoCiikvj0e+wDM38VFqo4m8dvM1xHI0a2 gMcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=wQXjOp5MxUlD0y3tITmsNjQr70GZuGoFdJat2jCyp5M=; b=FnqSM7Wt1Shb2loDe0Cw4fuDBw/hCT8pAehjrK4xV8hu/QhGeQe7SXz1/Q/1EWkMob AZ+s/vhZVnzjZj9ulbBsaqGYEk7JPaEUu4RfF99fHLOJzBKQqxRkQidKaTmAwbz/MYWi vgscmxPbIeiQLB7Uh2mcq5INzXWS+3p8ea+p2ZNlkkI4vsKfhLs7cCr+b8k4EVUmCUQ0 Gq4z0KLuEqs5jpAjUjStZT+AyP3k1xh5AV4AQwJ6Ii3Txt+IwQqO/+LGPhhDHTyas3Eo TF+QWZw8Fbwl7013j1JxIoqnxqz/ZWp31rcDU9usyeN7CrGkIkDm9SUdoeYyV/cbvisA lEUg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s5si4625276pfm.234.2019.05.09.13.53.26; Thu, 09 May 2019 13:53:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726777AbfEIUwT (ORCPT + 99 others); Thu, 9 May 2019 16:52:19 -0400 Received: from fieldses.org ([173.255.197.46]:33884 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726682AbfEIUwT (ORCPT ); Thu, 9 May 2019 16:52:19 -0400 Received: by fieldses.org (Postfix, from userid 2815) id 96DCC1E19; Thu, 9 May 2019 16:52:18 -0400 (EDT) Date: Thu, 9 May 2019 16:52:18 -0400 From: "J. Bruce Fields" To: Wenbin Zeng Cc: viro@zeniv.linux.org.uk, davem@davemloft.net, jlayton@kernel.org, trond.myklebust@hammerspace.com, anna.schumaker@netapp.com, wenbinzeng@tencent.com, dsahern@gmail.com, nicolas.dichtel@6wind.com, willy@infradead.org, edumazet@google.com, jakub.kicinski@netronome.com, tyhicks@canonical.com, chuck.lever@oracle.com, neilb@suse.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-nfs@vger.kernel.org Subject: Re: [PATCH 0/3] auth_gss: netns refcount leaks when use-gss-proxy==1 Message-ID: <20190509205218.GA23548@fieldses.org> References: <1556692945-3996-1-git-send-email-wenbinzeng@tencent.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1556692945-3996-1-git-send-email-wenbinzeng@tencent.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Thanks for figuring this out! I guess I'll take these patches (with the one fix in your response to Al) through the nfsd tree, unless someone tells me otherwise. (The original bug was introduced through nfsd.) How serious are the consequences of the leak? I'm wondering if it's worth a stable cc or not. --b. On Wed, May 01, 2019 at 02:42:22PM +0800, Wenbin Zeng wrote: > This patch series fixes an auth_gss bug that results in netns refcount leaks when use-gss-proxy is set to 1. > > The problem was found in privileged docker containers with gssproxy service enabled and /proc/net/rpc/use-gss-proxy set to 1, the corresponding struct net->count ends up at 2 after container gets killed, the consequence is that the struct net cannot be freed. > > It turns out that write_gssp() called gssp_rpc_create() to create a rpc client, this increases net->count by 2; rpcsec_gss_exit_net() is supposed to decrease net->count but it never gets called because its call-path is: > net->count==0 -> cleanup_net -> ops_exit_list -> rpcsec_gss_exit_net > Before rpcsec_gss_exit_net() gets called, net->count cannot reach 0, this is a deadlock situation. > > To fix the problem, we must break the deadlock, rpcsec_gss_exit_net() should move out of the put() path and find another chance to get called, I think nsfs_evict() is a good place to go, when netns inode gets evicted we call rpcsec_gss_exit_net() to free the rpc client, this requires a new callback i.e. evict to be added in struct proc_ns_operations, and add netns_evict() as one of netns_operations as well. > > Wenbin Zeng (3): > nsfs: add evict callback into struct proc_ns_operations > netns: add netns_evict into netns_operations > auth_gss: fix deadlock that blocks rpcsec_gss_exit_net when > use-gss-proxy==1 > > fs/nsfs.c | 2 ++ > include/linux/proc_ns.h | 1 + > include/net/net_namespace.h | 1 + > net/core/net_namespace.c | 12 ++++++++++++ > net/sunrpc/auth_gss/auth_gss.c | 9 ++++++--- > 5 files changed, 22 insertions(+), 3 deletions(-) > > -- > 1.8.3.1