diff options
| author | Nicolas Schichan <nschichan@freebox.fr> | 2013-06-26 11:23:42 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-06-26 16:42:54 -0400 |
| commit | 5dbe7c178d3f0a4634f088d9e729f1909b9ddcd1 (patch) | |
| tree | 8945b6c5125b57cee5f36e903fc995e58664a639 /net/core/sock.c | |
| parent | 6d446ec32f169c6a5d9bc90684a8082a6cbe90f6 (diff) | |
net: fix kernel deadlock with interface rename and netdev name retrieval.
When the kernel (compiled with CONFIG_PREEMPT=n) is performing the
rename of a network interface, it can end up waiting for a workqueue
to complete. If userland is able to invoke a SIOCGIFNAME ioctl or a
SO_BINDTODEVICE getsockopt in between, the kernel will deadlock due to
the fact that read_secklock_begin() will spin forever waiting for the
writer process (the one doing the interface rename) to update the
devnet_rename_seq sequence.
This patch fixes the problem by adding a helper (netdev_get_name())
and using it in the code handling the SIOCGIFNAME ioctl and
SO_BINDTODEVICE setsockopt.
The netdev_get_name() helper uses raw_seqcount_begin() to avoid
spinning forever, waiting for devnet_rename_seq->sequence to become
even. cond_resched() is used in the contended case, before retrying
the access to give the writer process a chance to finish.
The use of raw_seqcount_begin() will incur some unneeded work in the
reader process in the contended case, but this is better than
deadlocking the system.
Signed-off-by: Nicolas Schichan <nschichan@freebox.fr>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core/sock.c')
| -rw-r--r-- | net/core/sock.c | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/net/core/sock.c b/net/core/sock.c index 88868a9d21da..d6d024cfaaaf 100644 --- a/net/core/sock.c +++ b/net/core/sock.c | |||
| @@ -571,9 +571,7 @@ static int sock_getbindtodevice(struct sock *sk, char __user *optval, | |||
| 571 | int ret = -ENOPROTOOPT; | 571 | int ret = -ENOPROTOOPT; |
| 572 | #ifdef CONFIG_NETDEVICES | 572 | #ifdef CONFIG_NETDEVICES |
| 573 | struct net *net = sock_net(sk); | 573 | struct net *net = sock_net(sk); |
| 574 | struct net_device *dev; | ||
| 575 | char devname[IFNAMSIZ]; | 574 | char devname[IFNAMSIZ]; |
| 576 | unsigned seq; | ||
| 577 | 575 | ||
| 578 | if (sk->sk_bound_dev_if == 0) { | 576 | if (sk->sk_bound_dev_if == 0) { |
| 579 | len = 0; | 577 | len = 0; |
| @@ -584,20 +582,9 @@ static int sock_getbindtodevice(struct sock *sk, char __user *optval, | |||
| 584 | if (len < IFNAMSIZ) | 582 | if (len < IFNAMSIZ) |
| 585 | goto out; | 583 | goto out; |
| 586 | 584 | ||
| 587 | retry: | 585 | ret = netdev_get_name(net, devname, sk->sk_bound_dev_if); |
| 588 | seq = read_seqcount_begin(&devnet_rename_seq); | 586 | if (ret) |
| 589 | rcu_read_lock(); | ||
| 590 | dev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if); | ||
| 591 | ret = -ENODEV; | ||
| 592 | if (!dev) { | ||
| 593 | rcu_read_unlock(); | ||
| 594 | goto out; | 587 | goto out; |
| 595 | } | ||
| 596 | |||
| 597 | strcpy(devname, dev->name); | ||
| 598 | rcu_read_unlock(); | ||
| 599 | if (read_seqcount_retry(&devnet_rename_seq, seq)) | ||
| 600 | goto retry; | ||
| 601 | 588 | ||
| 602 | len = strlen(devname) + 1; | 589 | len = strlen(devname) + 1; |
| 603 | 590 | ||