[PATCH net 3/3] net: core: avoid warning in dev_change_net_namespace()

From: Taehee Yoo
Date: Tue Mar 24 2020 - 08:31:27 EST

Next message: Peter Zijlstra: "Re: [PATCH V4 03/13] kprobes: Add symbols for kprobe insn pages"
Previous message: Taehee Yoo: "[PATCH net 2/3] net: core: add netdev_class_has_file_ns() helper function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When interface's namespace is being changed, dev_change_net_namespace()
is called. This removes and re-allocates many resources that include
sysfs files. The "/net/class/net/<interface name>" is one of them.
If the sysfs creation routine(device_rename()) found duplicate sysfs
file name, it warns about it and fails. But unfortunately, at that point,
dev_change_net_namespace() doesn't return fail because rollback cost
is too high.
So, the interface can't have a sysfs file.

The approach of this patch is to find the duplicate sysfs file as
fast as possible. If it found that, dev_change_net_namespace() returns
fail immediately with zero rollback cost.

This patch includes two other things.
a) Acquire rtnl_lock() in both bond_create_sysfs() and bond_destroy_sysfs()
to avoid race condition.
b) Do not remove "/sys/class/net/bonding_masters" sysfs file by
bond_destroy_sysfs() if the file wasn't created by bond_create_sysfs().

Test commands:
ip netns add nst
ip link add bonding_masters type dummy
modprobe bonding
ip link set bonding_masters netns nst

Splat looks like:
[ 32.793965][ T986] WARNING: CPU: 3 PID: 986 at net/core/dev.c:10098 dev_change_net_namespace+0x9be/0xc10
[ 32.795213][ T986] Modules linked in: bonding dummy openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 x
[ 32.797369][ T986] CPU: 3 PID: 986 Comm: ip Not tainted 5.6.0-rc5+ #474
[ 32.798137][ T986] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 32.799111][ T986] RIP: 0010:dev_change_net_namespace+0x9be/0xc10
[ 32.799838][ T986] Code: 45 34 b2 c6 05 85 a4 87 01 01 e8 0d aa c7 fe 0f 0b e9 dd f6 ff ff b8 ea ff ff ff e9 82 fb ff
[ 32.805599][ T986] RSP: 0018:ffff88804aeeee60 EFLAGS: 00010282
[ 32.806247][ T986] RAX: 00000000ffffffef RBX: ffff888057151000 RCX: 0000000000000006
[ 32.807110][ T986] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88804ac2c014
[ 32.807997][ T986] RBP: ffff8880571510b8 R08: fffffbfff67b65cc R09: fffffbfff67b65cc
[ 32.808873][ T986] R10: 0000000000000001 R11: fffffbfff67b65cb R12: ffff8880571510a0
[ 32.809720][ T986] R13: ffff88804b9f0040 R14: ffff888057151090 R15: ffff888057151c08
[ 32.810575][ T986] FS: 00007f0c9d5960c0(0000) GS:ffff88806cc00000(0000) knlGS:0000000000000000
[ 32.811540][ T986] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.812314][ T986] CR2: 00007fcaf6747590 CR3: 0000000049c58005 CR4: 00000000000606e0
[ 32.813191][ T986] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 32.814052][ T986] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 32.822906][ T986] Call Trace:
[ 32.823294][ T986] ? do_dup2+0x450/0x450
[ 32.823828][ T986] ? dev_get_valid_name+0xc0/0xc0
[ 32.824421][ T986] ? ns_capable_common+0x5c/0xd0
[ 32.825007][ T986] ? __netlink_ns_capable+0xc3/0xf0
[ 32.825650][ T986] do_setlink+0x163/0x2ef0
[ 32.826088][ T986] ? is_bpf_image_address+0xff/0x1d0
[ 32.826663][ T986] ? rtnl_getlink+0x8a0/0x8a0
[ 32.827275][ T986] ? __kernel_text_address+0xe/0x30
[ 32.827999][ T986] ? unwind_get_return_address+0x5f/0xa0
[ 32.828793][ T986] ? create_prof_cpu_mask+0x20/0x20
[ 32.829391][ T986] ? arch_stack_walk+0x83/0xb0
[ 32.829949][ T986] ? memset+0x1f/0x40
[ 32.830410][ T986] ? __nla_validate_parse+0x98/0x1ab0
[ 32.831046][ T986] ? nla_memcpy+0x90/0x90
[ 32.831544][ T986] ? __lock_acquire+0xdfe/0x3de0
[ 32.832136][ T986] __rtnl_newlink+0x9c5/0x1270
[ ... ]

Reported-by: syzbot+830c6dbfc71edc4f0b8f@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: b76cdba9cdb2 ("[PATCH] bonding: add sysfs functionality to bonding (large)")
Signed-off-by: Taehee Yoo <ap420073@xxxxxxxxx>
---
drivers/net/bonding/bond_sysfs.c | 13 ++++++++++++-
include/net/bonding.h | 1 +
net/core/dev.c | 4 ++++
3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/drivers/net/bonding/bond_sysfs.c b/drivers/net/bonding/bond_sysfs.c
index 2d615a93685e..02c0ae58b9db 100644
--- a/drivers/net/bonding/bond_sysfs.c
+++ b/drivers/net/bonding/bond_sysfs.c
@@ -772,9 +772,13 @@ int bond_create_sysfs(struct bond_net *bn)
{
int ret;

+ bn->skip_destroy_class = false;
bn->class_attr_bonding_masters = class_attr_bonding_masters;
sysfs_attr_init(&bn->class_attr_bonding_masters.attr);

+ rtnl_lock();
+ if (netdev_class_has_file_ns("bonding_masters", bn->net))
+ goto err;
ret = netdev_class_create_file_ns(&bn->class_attr_bonding_masters,
bn->net);
/* Permit multiple loads of the module by ignoring failures to
@@ -788,13 +792,16 @@ int bond_create_sysfs(struct bond_net *bn)
* configure multiple bonding devices.
*/
if (ret == -EEXIST) {
+err:
/* Is someone being kinky and naming a device bonding_master? */
if (__dev_get_by_name(bn->net,
class_attr_bonding_masters.attr.name))
pr_err("network device named %s already exists in sysfs\n",
class_attr_bonding_masters.attr.name);
ret = 0;
+ bn->skip_destroy_class = true;
}
+ rtnl_unlock();

return ret;

@@ -803,7 +810,11 @@ int bond_create_sysfs(struct bond_net *bn)
/* Remove /sys/class/net/bonding_masters. */
void bond_destroy_sysfs(struct bond_net *bn)
{
- netdev_class_remove_file_ns(&bn->class_attr_bonding_masters, bn->net);
+ rtnl_lock();
+ if (!bn->skip_destroy_class)
+ netdev_class_remove_file_ns(&bn->class_attr_bonding_masters,
+ bn->net);
+ rtnl_unlock();
}

/* Initialize sysfs for each bond. This sets up and registers
diff --git a/include/net/bonding.h b/include/net/bonding.h
index 3d56b026bb9e..725e26c4962c 100644
--- a/include/net/bonding.h
+++ b/include/net/bonding.h
@@ -607,6 +607,7 @@ struct bond_net {
struct proc_dir_entry *proc_dir;
#endif
struct class_attribute class_attr_bonding_masters;
+ bool skip_destroy_class;
};

int bond_arp_rcv(const struct sk_buff *skb, struct bonding *bond, struct slave *slave);
diff --git a/net/core/dev.c b/net/core/dev.c
index 402a986659cf..8a4d9a23fb63 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -10037,6 +10037,10 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
goto out;
}

+ err = -EEXIST;
+ if (netdev_class_has_file_ns(dev->name, net))
+ goto out;
+
/*
* And now a mini version of register_netdevice unregister_netdevice.
*/
--
2.17.1

Next message: Peter Zijlstra: "Re: [PATCH V4 03/13] kprobes: Add symbols for kprobe insn pages"
Previous message: Taehee Yoo: "[PATCH net 2/3] net: core: add netdev_class_has_file_ns() helper function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]