[v2,net-next,6/6] arp: Convert ioctl(SIOCGARP) to RCU.

Message ID	20240425170002.68160-7-kuniyu@amazon.com (mailing list archive)
State	Superseded
Delegated to:	Netdev Maintainers
Headers	show Received: from smtp-fw-80009.amazon.com (smtp-fw-80009.amazon.com [99.78.197.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 021B41CF8A for <netdev@vger.kernel.org>; Thu, 25 Apr 2024 17:02:48 +0000 (UTC) From: Kuniyuki Iwashima <kuniyu@amazon.com> To: "David S. Miller" <davem@davemloft.net>, David Ahern <dsahern@kernel.org>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, "Paolo Abeni" <pabeni@redhat.com> CC: Kuniyuki Iwashima <kuniyu@amazon.com>, Kuniyuki Iwashima <kuni1840@gmail.com>, <netdev@vger.kernel.org> Subject: [PATCH v2 net-next 6/6] arp: Convert ioctl(SIOCGARP) to RCU. Date: Thu, 25 Apr 2024 10:00:02 -0700 Message-ID: <20240425170002.68160-7-kuniyu@amazon.com> In-Reply-To: <20240425170002.68160-1-kuniyu@amazon.com> References: <20240425170002.68160-1-kuniyu@amazon.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	arp: Random clean up and RCU conversion for ioctl(SIOCGARP). \| expand [v2,net-next,0/6] arp: Random clean up and RCU conversion for ioctl(SIOCGARP). [v2,net-next,1/6] arp: Move ATF_COM setting in arp_req_set(). [v2,net-next,2/6] arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). [v2,net-next,3/6] arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). [v2,net-next,4/6] arp: Remove a nest in arp_req_get(). [v2,net-next,5/6] arp: Get dev after calling arp_req_(delete\|set\|get)(). [v2,net-next,6/6] arp: Convert ioctl(SIOCGARP) to RCU.

Context	Check	Description
netdev/series_format	success	Posting correctly formatted
netdev/tree_selection	success	Clearly marked for net-next
netdev/ynl	success	Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 928 this patch: 928
netdev/build_tools	success	No tools touched, skip
netdev/cc_maintainers	success	CCed 5 of 5 maintainers
netdev/build_clang	success	Errors and warnings before: 938 this patch: 938
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/deprecated_api	success	None detected
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 939 this patch: 939
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 65 lines checked
netdev/build_clang_rust	success	No Rust files in patch. Skipping build
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0

Kuniyuki Iwashima April 25, 2024, 5 p.m. UTC

ioctl(SIOCGARP) holds rtnl_lock() for __dev_get_by_name() and
later calls neigh_lookup(), which calls rcu_read_lock().

Let's replace __dev_get_by_name() with dev_get_by_name_rcu() to
avoid locking rtnl_lock().

Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
---
 net/ipv4/arp.c | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

Eric Dumazet April 25, 2024, 5:12 p.m. UTC | #1

On Thu, Apr 25, 2024 at 7:02 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
>
> ioctl(SIOCGARP) holds rtnl_lock() for __dev_get_by_name() and
> later calls neigh_lookup(), which calls rcu_read_lock().
>
> Let's replace __dev_get_by_name() with dev_get_by_name_rcu() to
> avoid locking rtnl_lock().
>
> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> ---
>  net/ipv4/arp.c | 26 +++++++++++++++++---------
>  1 file changed, 17 insertions(+), 9 deletions(-)
>
> diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
> index 5034920be85a..9430b64558cd 100644
> --- a/net/ipv4/arp.c
> +++ b/net/ipv4/arp.c
> @@ -1003,11 +1003,15 @@ static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
>   *     User level interface (ioctl)
>   */
>
> -static struct net_device *arp_req_dev_by_name(struct net *net, struct arpreq *r)
> +static struct net_device *arp_req_dev_by_name(struct net *net, struct arpreq *r,
> +                                             bool getarp)
>  {
>         struct net_device *dev;
>
> -       dev = __dev_get_by_name(net, r->arp_dev);
> +       if (getarp)
> +               dev = dev_get_by_name_rcu(net, r->arp_dev);
> +       else
> +               dev = __dev_get_by_name(net, r->arp_dev);
>         if (!dev)
>                 return ERR_PTR(-ENODEV);
>
> @@ -1028,7 +1032,7 @@ static struct net_device *arp_req_dev(struct net *net, struct arpreq *r)
>         __be32 ip;
>
>         if (r->arp_dev[0])
> -               return arp_req_dev_by_name(net, r);
> +               return arp_req_dev_by_name(net, r, false);
>
>         if (r->arp_flags & ATF_PUBL)
>                 return NULL;
> @@ -1166,7 +1170,7 @@ static int arp_req_get(struct net *net, struct arpreq *r)
>         if (!r->arp_dev[0])
>                 return -ENODEV;
>
> -       dev = arp_req_dev_by_name(net, r);
> +       dev = arp_req_dev_by_name(net, r, true);
>         if (IS_ERR(dev))
>                 return PTR_ERR(dev);
>
> @@ -1287,23 +1291,27 @@ int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
>         else if (*netmask && *netmask != htonl(0xFFFFFFFFUL))
>                 return -EINVAL;
>
> -       rtnl_lock();
> -
>         switch (cmd) {
>         case SIOCDARP:
> +               rtnl_lock();
>                 err = arp_req_delete(net, &r);
> +               rtnl_unlock();
>                 break;
>         case SIOCSARP:
> +               rtnl_lock();
>                 err = arp_req_set(net, &r);
> +               rtnl_unlock();
>                 break;
>         case SIOCGARP:
> +               rcu_read_lock();
>                 err = arp_req_get(net, &r);
> +               rcu_read_unlock();


Note that arp_req_get() uses :

strscpy(r->arp_dev, dev->name, sizeof(r->arp_dev));

This currently depends on RTNL or devnet_rename_sem

Perhaps we should add a helper and use a seqlock to safely copy
dev->name into a temporary variable.

netdev_get_name() can not be called from rcu_read_lock() at this
moment unfortunately.

Kuniyuki Iwashima April 25, 2024, 5:51 p.m. UTC | #2

From: Eric Dumazet <edumazet@google.com>
Date: Thu, 25 Apr 2024 19:12:56 +0200
> On Thu, Apr 25, 2024 at 7:02 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
> >
> > ioctl(SIOCGARP) holds rtnl_lock() for __dev_get_by_name() and
> > later calls neigh_lookup(), which calls rcu_read_lock().
> >
> > Let's replace __dev_get_by_name() with dev_get_by_name_rcu() to
> > avoid locking rtnl_lock().
> >
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> > ---
> >  net/ipv4/arp.c | 26 +++++++++++++++++---------
> >  1 file changed, 17 insertions(+), 9 deletions(-)
> >
> > diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
> > index 5034920be85a..9430b64558cd 100644
> > --- a/net/ipv4/arp.c
> > +++ b/net/ipv4/arp.c
> > @@ -1003,11 +1003,15 @@ static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
> >   *     User level interface (ioctl)
> >   */
> >
> > -static struct net_device *arp_req_dev_by_name(struct net *net, struct arpreq *r)
> > +static struct net_device *arp_req_dev_by_name(struct net *net, struct arpreq *r,
> > +                                             bool getarp)
> >  {
> >         struct net_device *dev;
> >
> > -       dev = __dev_get_by_name(net, r->arp_dev);
> > +       if (getarp)
> > +               dev = dev_get_by_name_rcu(net, r->arp_dev);
> > +       else
> > +               dev = __dev_get_by_name(net, r->arp_dev);
> >         if (!dev)
> >                 return ERR_PTR(-ENODEV);
> >
> > @@ -1028,7 +1032,7 @@ static struct net_device *arp_req_dev(struct net *net, struct arpreq *r)
> >         __be32 ip;
> >
> >         if (r->arp_dev[0])
> > -               return arp_req_dev_by_name(net, r);
> > +               return arp_req_dev_by_name(net, r, false);
> >
> >         if (r->arp_flags & ATF_PUBL)
> >                 return NULL;
> > @@ -1166,7 +1170,7 @@ static int arp_req_get(struct net *net, struct arpreq *r)
> >         if (!r->arp_dev[0])
> >                 return -ENODEV;
> >
> > -       dev = arp_req_dev_by_name(net, r);
> > +       dev = arp_req_dev_by_name(net, r, true);
> >         if (IS_ERR(dev))
> >                 return PTR_ERR(dev);
> >
> > @@ -1287,23 +1291,27 @@ int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
> >         else if (*netmask && *netmask != htonl(0xFFFFFFFFUL))
> >                 return -EINVAL;
> >
> > -       rtnl_lock();
> > -
> >         switch (cmd) {
> >         case SIOCDARP:
> > +               rtnl_lock();
> >                 err = arp_req_delete(net, &r);
> > +               rtnl_unlock();
> >                 break;
> >         case SIOCSARP:
> > +               rtnl_lock();
> >                 err = arp_req_set(net, &r);
> > +               rtnl_unlock();
> >                 break;
> >         case SIOCGARP:
> > +               rcu_read_lock();
> >                 err = arp_req_get(net, &r);
> > +               rcu_read_unlock();
> 
> 
> Note that arp_req_get() uses :
> 
> strscpy(r->arp_dev, dev->name, sizeof(r->arp_dev));
> 
> This currently depends on RTNL or devnet_rename_sem

Ah, I missed this point, thanks for catching!


> 
> Perhaps we should add a helper and use a seqlock to safely copy
> dev->name into a temporary variable.

So it's preferable to add seqlock around memcpy() in dev_change_name()
and use a helper in arp_req_get() rather than adding devnet_rename_sem
locking around memcpy() in arp_req_get() ?

Eric Dumazet April 25, 2024, 8:35 p.m. UTC | #3

On Thu, Apr 25, 2024 at 7:52 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
>
> From: Eric Dumazet <edumazet@google.com>
> Date: Thu, 25 Apr 2024 19:12:56 +0200
> > On Thu, Apr 25, 2024 at 7:02 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
> > >
> > > ioctl(SIOCGARP) holds rtnl_lock() for __dev_get_by_name() and
> > > later calls neigh_lookup(), which calls rcu_read_lock().
> > >
> > > Let's replace __dev_get_by_name() with dev_get_by_name_rcu() to
> > > avoid locking rtnl_lock().
> > >
> > > Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> > > ---
> > >  net/ipv4/arp.c | 26 +++++++++++++++++---------
> > >  1 file changed, 17 insertions(+), 9 deletions(-)
> > >
> > > diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
> > > index 5034920be85a..9430b64558cd 100644
> > > --- a/net/ipv4/arp.c
> > > +++ b/net/ipv4/arp.c
> > > @@ -1003,11 +1003,15 @@ static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
> > >   *     User level interface (ioctl)
> > >   */
> > >
> > > -static struct net_device *arp_req_dev_by_name(struct net *net, struct arpreq *r)
> > > +static struct net_device *arp_req_dev_by_name(struct net *net, struct arpreq *r,
> > > +                                             bool getarp)
> > >  {
> > >         struct net_device *dev;
> > >
> > > -       dev = __dev_get_by_name(net, r->arp_dev);
> > > +       if (getarp)
> > > +               dev = dev_get_by_name_rcu(net, r->arp_dev);
> > > +       else
> > > +               dev = __dev_get_by_name(net, r->arp_dev);
> > >         if (!dev)
> > >                 return ERR_PTR(-ENODEV);
> > >
> > > @@ -1028,7 +1032,7 @@ static struct net_device *arp_req_dev(struct net *net, struct arpreq *r)
> > >         __be32 ip;
> > >
> > >         if (r->arp_dev[0])
> > > -               return arp_req_dev_by_name(net, r);
> > > +               return arp_req_dev_by_name(net, r, false);
> > >
> > >         if (r->arp_flags & ATF_PUBL)
> > >                 return NULL;
> > > @@ -1166,7 +1170,7 @@ static int arp_req_get(struct net *net, struct arpreq *r)
> > >         if (!r->arp_dev[0])
> > >                 return -ENODEV;
> > >
> > > -       dev = arp_req_dev_by_name(net, r);
> > > +       dev = arp_req_dev_by_name(net, r, true);
> > >         if (IS_ERR(dev))
> > >                 return PTR_ERR(dev);
> > >
> > > @@ -1287,23 +1291,27 @@ int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
> > >         else if (*netmask && *netmask != htonl(0xFFFFFFFFUL))
> > >                 return -EINVAL;
> > >
> > > -       rtnl_lock();
> > > -
> > >         switch (cmd) {
> > >         case SIOCDARP:
> > > +               rtnl_lock();
> > >                 err = arp_req_delete(net, &r);
> > > +               rtnl_unlock();
> > >                 break;
> > >         case SIOCSARP:
> > > +               rtnl_lock();
> > >                 err = arp_req_set(net, &r);
> > > +               rtnl_unlock();
> > >                 break;
> > >         case SIOCGARP:
> > > +               rcu_read_lock();
> > >                 err = arp_req_get(net, &r);
> > > +               rcu_read_unlock();
> >
> >
> > Note that arp_req_get() uses :
> >
> > strscpy(r->arp_dev, dev->name, sizeof(r->arp_dev));
> >
> > This currently depends on RTNL or devnet_rename_sem
>
> Ah, I missed this point, thanks for catching!
>
>
> >
> > Perhaps we should add a helper and use a seqlock to safely copy
> > dev->name into a temporary variable.
>
> So it's preferable to add seqlock around memcpy() in dev_change_name()
> and use a helper in arp_req_get() rather than adding devnet_rename_sem
> locking around memcpy() in arp_req_get() ?

Under rcu_read_lock(), we can not sleep.

devnet_rename_sem is a semaphore... down_read() might sleep.

So if you plan using current netdev_get_name(), you must call it
outside of rcu_read_lock() section.

Kuniyuki Iwashima April 25, 2024, 8:47 p.m. UTC | #4

From: Eric Dumazet <edumazet@google.com>
Date: Thu, 25 Apr 2024 22:35:38 +0200
> On Thu, Apr 25, 2024 at 7:52 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
> >
> > From: Eric Dumazet <edumazet@google.com>
> > Date: Thu, 25 Apr 2024 19:12:56 +0200
> > > On Thu, Apr 25, 2024 at 7:02 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
> > > >
> > > > ioctl(SIOCGARP) holds rtnl_lock() for __dev_get_by_name() and
> > > > later calls neigh_lookup(), which calls rcu_read_lock().
> > > >
> > > > Let's replace __dev_get_by_name() with dev_get_by_name_rcu() to
> > > > avoid locking rtnl_lock().
> > > >
> > > > Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> > > > ---
> > > >  net/ipv4/arp.c | 26 +++++++++++++++++---------
> > > >  1 file changed, 17 insertions(+), 9 deletions(-)
> > > >
> > > > diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
> > > > index 5034920be85a..9430b64558cd 100644
> > > > --- a/net/ipv4/arp.c
> > > > +++ b/net/ipv4/arp.c
> > > > @@ -1003,11 +1003,15 @@ static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
> > > >   *     User level interface (ioctl)
> > > >   */
> > > >
> > > > -static struct net_device *arp_req_dev_by_name(struct net *net, struct arpreq *r)
> > > > +static struct net_device *arp_req_dev_by_name(struct net *net, struct arpreq *r,
> > > > +                                             bool getarp)
> > > >  {
> > > >         struct net_device *dev;
> > > >
> > > > -       dev = __dev_get_by_name(net, r->arp_dev);
> > > > +       if (getarp)
> > > > +               dev = dev_get_by_name_rcu(net, r->arp_dev);
> > > > +       else
> > > > +               dev = __dev_get_by_name(net, r->arp_dev);
> > > >         if (!dev)
> > > >                 return ERR_PTR(-ENODEV);
> > > >
> > > > @@ -1028,7 +1032,7 @@ static struct net_device *arp_req_dev(struct net *net, struct arpreq *r)
> > > >         __be32 ip;
> > > >
> > > >         if (r->arp_dev[0])
> > > > -               return arp_req_dev_by_name(net, r);
> > > > +               return arp_req_dev_by_name(net, r, false);
> > > >
> > > >         if (r->arp_flags & ATF_PUBL)
> > > >                 return NULL;
> > > > @@ -1166,7 +1170,7 @@ static int arp_req_get(struct net *net, struct arpreq *r)
> > > >         if (!r->arp_dev[0])
> > > >                 return -ENODEV;
> > > >
> > > > -       dev = arp_req_dev_by_name(net, r);
> > > > +       dev = arp_req_dev_by_name(net, r, true);
> > > >         if (IS_ERR(dev))
> > > >                 return PTR_ERR(dev);
> > > >
> > > > @@ -1287,23 +1291,27 @@ int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
> > > >         else if (*netmask && *netmask != htonl(0xFFFFFFFFUL))
> > > >                 return -EINVAL;
> > > >
> > > > -       rtnl_lock();
> > > > -
> > > >         switch (cmd) {
> > > >         case SIOCDARP:
> > > > +               rtnl_lock();
> > > >                 err = arp_req_delete(net, &r);
> > > > +               rtnl_unlock();
> > > >                 break;
> > > >         case SIOCSARP:
> > > > +               rtnl_lock();
> > > >                 err = arp_req_set(net, &r);
> > > > +               rtnl_unlock();
> > > >                 break;
> > > >         case SIOCGARP:
> > > > +               rcu_read_lock();
> > > >                 err = arp_req_get(net, &r);
> > > > +               rcu_read_unlock();
> > >
> > >
> > > Note that arp_req_get() uses :
> > >
> > > strscpy(r->arp_dev, dev->name, sizeof(r->arp_dev));
> > >
> > > This currently depends on RTNL or devnet_rename_sem
> >
> > Ah, I missed this point, thanks for catching!
> >
> >
> > >
> > > Perhaps we should add a helper and use a seqlock to safely copy
> > > dev->name into a temporary variable.
> >
> > So it's preferable to add seqlock around memcpy() in dev_change_name()
> > and use a helper in arp_req_get() rather than adding devnet_rename_sem
> > locking around memcpy() in arp_req_get() ?
> 
> Under rcu_read_lock(), we can not sleep.
> 
> devnet_rename_sem is a semaphore... down_read() might sleep.

yes... -ENOCOFFEE :)


> 
> So if you plan using current netdev_get_name(), you must call it
> outside of rcu_read_lock() section.
>

Will add seqlock helper in v3.

Thanks!

[v2,net-next,6/6] arp: Convert ioctl(SIOCGARP) to RCU.

Checks

Commit Message

Comments

Patch