diff mbox series

[RFC,9/9] sunrpc: don't upgrade passive net reference in xs_create_sock

Message ID 20250317-rpc-shutdown-v1-9-85ba8e20b75d@kernel.org (mailing list archive)
State New
Headers show
Series nfs/sunrpc: stop holding netns references in client-side NFS and RPC objects | expand

Commit Message

Jeff Layton March 17, 2025, 9 p.m. UTC 
With the move to having sunrpc client xprts not hold active references
to the net namespace, there is no need to upgrade the socket's reference
in xs_create_sock. Just keep the passive reference instead.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 net/sunrpc/xprtsock.c | 3 ---
 1 file changed, 3 deletions(-)

Comments

Trond Myklebust March 17, 2025, 9:28 p.m. UTC | #1 
On Mon, 2025-03-17 at 17:00 -0400, Jeff Layton wrote:
> With the move to having sunrpc client xprts not hold active
> references
> to the net namespace, there is no need to upgrade the socket's
> reference
> in xs_create_sock. Just keep the passive reference instead.
> 
> Signed-off-by: Jeff Layton <jlayton@kernel.org>
> ---
>  net/sunrpc/xprtsock.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> index
> 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3aed8f0
> c513b62cdf589 100644
> --- a/net/sunrpc/xprtsock.c
> +++ b/net/sunrpc/xprtsock.c
> @@ -1941,9 +1941,6 @@ static struct socket *xs_create_sock(struct
> rpc_xprt *xprt,
>  		goto out;
>  	}
>  
> -	if (protocol == IPPROTO_TCP)
> -		sk_net_refcnt_upgrade(sock->sk);
> -
>  	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
>  	if (IS_ERR(filp))
>  		return ERR_CAST(filp);
> 

Is this not going to reintroduce the bug described by
https://lore.kernel.org/netdev/67b72aeb.050a0220.14d86d.0283.GAE@google.com/T/#u
?

As I understand it, the problem has nothing to do with whether or not
NFS or the RPC layer holds a reference to the net namespace, but rather
whether there are still packets in the socket queues at the time when
that net namespace is being freed.
Jeff Layton March 17, 2025, 9:36 p.m. UTC | #2 
On Mon, 2025-03-17 at 21:28 +0000, Trond Myklebust wrote:
> On Mon, 2025-03-17 at 17:00 -0400, Jeff Layton wrote:
> > With the move to having sunrpc client xprts not hold active
> > references
> > to the net namespace, there is no need to upgrade the socket's
> > reference
> > in xs_create_sock. Just keep the passive reference instead.
> > 
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> >  net/sunrpc/xprtsock.c | 3 ---
> >  1 file changed, 3 deletions(-)
> > 
> > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> > index
> > 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3aed8f0
> > c513b62cdf589 100644
> > --- a/net/sunrpc/xprtsock.c
> > +++ b/net/sunrpc/xprtsock.c
> > @@ -1941,9 +1941,6 @@ static struct socket *xs_create_sock(struct
> > rpc_xprt *xprt,
> >  		goto out;
> >  	}
> >  
> > -	if (protocol == IPPROTO_TCP)
> > -		sk_net_refcnt_upgrade(sock->sk);
> > -
> >  	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
> >  	if (IS_ERR(filp))
> >  		return ERR_CAST(filp);
> > 
> 
> Is this not going to reintroduce the bug described by
> https://lore.kernel.org/netdev/67b72aeb.050a0220.14d86d.0283.GAE@google.com/T/#u
> ?
> 
> As I understand it, the problem has nothing to do with whether or not
> NFS or the RPC layer holds a reference to the net namespace, but rather
> whether there are still packets in the socket queues at the time when
> that net namespace is being freed.
> 
> 

I don't think so. That syzkaller report was closed by this patch:

    5c70eb5c593d net: better track kernel sockets lifetime

That says:

    "To fix this, make sure that kernel sockets own a reference on net
passive."

With this, we still do keep a passive reference on the net in the
socket, which I think is enough.

That said, I'd appreciate a look at this from the netdev folks.
Trond Myklebust March 17, 2025, 9:37 p.m. UTC | #3 
On Mon, 2025-03-17 at 17:36 -0400, Jeff Layton wrote:
> On Mon, 2025-03-17 at 21:28 +0000, Trond Myklebust wrote:
> > On Mon, 2025-03-17 at 17:00 -0400, Jeff Layton wrote:
> > > With the move to having sunrpc client xprts not hold active
> > > references
> > > to the net namespace, there is no need to upgrade the socket's
> > > reference
> > > in xs_create_sock. Just keep the passive reference instead.
> > > 
> > > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > > ---
> > >  net/sunrpc/xprtsock.c | 3 ---
> > >  1 file changed, 3 deletions(-)
> > > 
> > > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> > > index
> > > 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3ae
> > > d8f0
> > > c513b62cdf589 100644
> > > --- a/net/sunrpc/xprtsock.c
> > > +++ b/net/sunrpc/xprtsock.c
> > > @@ -1941,9 +1941,6 @@ static struct socket *xs_create_sock(struct
> > > rpc_xprt *xprt,
> > >  		goto out;
> > >  	}
> > >  
> > > -	if (protocol == IPPROTO_TCP)
> > > -		sk_net_refcnt_upgrade(sock->sk);
> > > -
> > >  	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
> > >  	if (IS_ERR(filp))
> > >  		return ERR_CAST(filp);
> > > 
> > 
> > Is this not going to reintroduce the bug described by
> > https://lore.kernel.org/netdev/67b72aeb.050a0220.14d86d.0283.GAE@google.com/T/#u
> > ?
> > 
> > As I understand it, the problem has nothing to do with whether or
> > not
> > NFS or the RPC layer holds a reference to the net namespace, but
> > rather
> > whether there are still packets in the socket queues at the time
> > when
> > that net namespace is being freed.
> > 
> > 
> 
> I don't think so. That syzkaller report was closed by this patch:
> 
>     5c70eb5c593d net: better track kernel sockets lifetime
> 
> That says:
> 
>     "To fix this, make sure that kernel sockets own a reference on
> net
> passive."
> 
> With this, we still do keep a passive reference on the net in the
> socket, which I think is enough.

No. You just removed that by reverting the patch that assigns the
passive reference.

> 
> That said, I'd appreciate a look at this from the netdev folks.
Jeff Layton March 17, 2025, 9:41 p.m. UTC | #4 
On Mon, 2025-03-17 at 21:37 +0000, Trond Myklebust wrote:
> On Mon, 2025-03-17 at 17:36 -0400, Jeff Layton wrote:
> > On Mon, 2025-03-17 at 21:28 +0000, Trond Myklebust wrote:
> > > On Mon, 2025-03-17 at 17:00 -0400, Jeff Layton wrote:
> > > > With the move to having sunrpc client xprts not hold active
> > > > references
> > > > to the net namespace, there is no need to upgrade the socket's
> > > > reference
> > > > in xs_create_sock. Just keep the passive reference instead.
> > > > 
> > > > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > > > ---
> > > >  net/sunrpc/xprtsock.c | 3 ---
> > > >  1 file changed, 3 deletions(-)
> > > > 
> > > > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> > > > index
> > > > 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3ae
> > > > d8f0
> > > > c513b62cdf589 100644
> > > > --- a/net/sunrpc/xprtsock.c
> > > > +++ b/net/sunrpc/xprtsock.c
> > > > @@ -1941,9 +1941,6 @@ static struct socket *xs_create_sock(struct
> > > > rpc_xprt *xprt,
> > > >  		goto out;
> > > >  	}
> > > >  
> > > > -	if (protocol == IPPROTO_TCP)
> > > > -		sk_net_refcnt_upgrade(sock->sk);
> > > > -
> > > >  	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
> > > >  	if (IS_ERR(filp))
> > > >  		return ERR_CAST(filp);
> > > > 
> > > 
> > > Is this not going to reintroduce the bug described by
> > > https://lore.kernel.org/netdev/67b72aeb.050a0220.14d86d.0283.GAE@google.com/T/#u
> > > ?
> > > 
> > > As I understand it, the problem has nothing to do with whether or
> > > not
> > > NFS or the RPC layer holds a reference to the net namespace, but
> > > rather
> > > whether there are still packets in the socket queues at the time
> > > when
> > > that net namespace is being freed.
> > > 
> > > 
> > 
> > I don't think so. That syzkaller report was closed by this patch:
> > 
> >     5c70eb5c593d net: better track kernel sockets lifetime
> > 
> > That says:
> > 
> >     "To fix this, make sure that kernel sockets own a reference on
> > net
> > passive."
> > 
> > With this, we still do keep a passive reference on the net in the
> > socket, which I think is enough.
> 
> No. You just removed that by reverting the patch that assigns the
> passive reference.
> 

That's not how I read sk_net_refcnt_upgrade(). The socket already holds
a passive reference on the netns. sk_net_refcnt_upgrade() puts that
reference and then gets an active reference to the netns.

With this patchset, we just need to keep the passive one (I think).
diff mbox series

Patch

diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3aed8f0c513b62cdf589 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -1941,9 +1941,6 @@  static struct socket *xs_create_sock(struct rpc_xprt *xprt,
 		goto out;
 	}
 
-	if (protocol == IPPROTO_TCP)
-		sk_net_refcnt_upgrade(sock->sk);
-
 	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
 	if (IS_ERR(filp))
 		return ERR_CAST(filp);