Hi,
the problem is {,un}register_netdevice_notifier() do not take
pernet_ops_rwsem, and they don't see network namespaces, being
initialized in setup_net() and cleanup_net(), since at this
time net is not hashed to net_namespace_list.
This may lead to imbalance, when a notifier is called at time of
setup_net()/net is alive, but it's not called at time of cleanup_net(),
for the devices, hashed to the net, and vise versa. See (3/3) for
the scheme of imbalance.
This patchset fixes the problem by acquiring pernet_ops_rwsem
at the time of {,un}register_netdevice_notifier() (3/3).
(1-2/3) are preparations in xfrm and netfilter subsystems.
The problem was introduced a long ago, but backporting won't be easy,
since every previous kernel version may have changes in netdevice
notifiers, and they all need review and testing. Otherwise, there
may be more pernet_operations, which register or unregister
netdevice notifiers, and that leads to deadlock (which is was fixed
in 1-2/3). This patchset is for net-next.
Thanks,
Kirill
---
Kirill Tkhai (3):
xfrm: Register xfrm_dev_notifier in appropriate place
netfilter: Rework xt_TEE netdevice notifier
net: Close race between {un,}register_netdevice_notifier() and setup_net()/cleanup_net()
include/net/xfrm.h | 2 +
net/core/dev.c | 6 ++++
net/netfilter/xt_TEE.c | 73 ++++++++++++++++++++++++++++++------------------
net/xfrm/xfrm_device.c | 2 +
net/xfrm/xfrm_policy.c | 3 +-
5 files changed, 55 insertions(+), 31 deletions(-)
--
Signed-off-by: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
