1. Patchew
  2. linux
  3. [PATCH RFC 0/9] nfs/sunrpc: stop holding netns references in client-side NFS and RPC objects
  4. View patch

[PATCH RFC 9/9] sunrpc: don't upgrade passive net reference in xs_create_sock

Jeff Layton posted 9 patches 9 months ago
[PATCH RFC 9/9] sunrpc: don't upgrade passive net reference in xs_create_sock
Posted by Jeff Layton 9 months ago 
With the move to having sunrpc client xprts not hold active references
to the net namespace, there is no need to upgrade the socket's reference
in xs_create_sock. Just keep the passive reference instead.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 net/sunrpc/xprtsock.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3aed8f0c513b62cdf589 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -1941,9 +1941,6 @@ static struct socket *xs_create_sock(struct rpc_xprt *xprt,
 		goto out;
 	}
 
-	if (protocol == IPPROTO_TCP)
-		sk_net_refcnt_upgrade(sock->sk);
-
 	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
 	if (IS_ERR(filp))
 		return ERR_CAST(filp);

-- 
2.48.1
Re: [PATCH RFC 9/9] sunrpc: don't upgrade passive net reference in xs_create_sock
Posted by Trond Myklebust 9 months ago 
On Mon, 2025-03-17 at 17:00 -0400, Jeff Layton wrote:
> With the move to having sunrpc client xprts not hold active
> references
> to the net namespace, there is no need to upgrade the socket's
> reference
> in xs_create_sock. Just keep the passive reference instead.
> 
> Signed-off-by: Jeff Layton <jlayton@kernel.org>
> ---
>  net/sunrpc/xprtsock.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> index
> 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3aed8f0
> c513b62cdf589 100644
> --- a/net/sunrpc/xprtsock.c
> +++ b/net/sunrpc/xprtsock.c
> @@ -1941,9 +1941,6 @@ static struct socket *xs_create_sock(struct
> rpc_xprt *xprt,
>  		goto out;
>  	}
>  
> -	if (protocol == IPPROTO_TCP)
> -		sk_net_refcnt_upgrade(sock->sk);
> -
>  	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
>  	if (IS_ERR(filp))
>  		return ERR_CAST(filp);
> 

Is this not going to reintroduce the bug described by
https://lore.kernel.org/netdev/67b72aeb.050a0220.14d86d.0283.GAE@google.com/T/#u
?

As I understand it, the problem has nothing to do with whether or not
NFS or the RPC layer holds a reference to the net namespace, but rather
whether there are still packets in the socket queues at the time when
that net namespace is being freed.

-- 
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com
Re: [PATCH RFC 9/9] sunrpc: don't upgrade passive net reference in xs_create_sock
Posted by Jeff Layton 9 months ago 
On Mon, 2025-03-17 at 21:28 +0000, Trond Myklebust wrote:
> On Mon, 2025-03-17 at 17:00 -0400, Jeff Layton wrote:
> > With the move to having sunrpc client xprts not hold active
> > references
> > to the net namespace, there is no need to upgrade the socket's
> > reference
> > in xs_create_sock. Just keep the passive reference instead.
> > 
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> >  net/sunrpc/xprtsock.c | 3 ---
> >  1 file changed, 3 deletions(-)
> > 
> > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> > index
> > 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3aed8f0
> > c513b62cdf589 100644
> > --- a/net/sunrpc/xprtsock.c
> > +++ b/net/sunrpc/xprtsock.c
> > @@ -1941,9 +1941,6 @@ static struct socket *xs_create_sock(struct
> > rpc_xprt *xprt,
> >  		goto out;
> >  	}
> >  
> > -	if (protocol == IPPROTO_TCP)
> > -		sk_net_refcnt_upgrade(sock->sk);
> > -
> >  	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
> >  	if (IS_ERR(filp))
> >  		return ERR_CAST(filp);
> > 
> 
> Is this not going to reintroduce the bug described by
> https://lore.kernel.org/netdev/67b72aeb.050a0220.14d86d.0283.GAE@google.com/T/#u
> ?
> 
> As I understand it, the problem has nothing to do with whether or not
> NFS or the RPC layer holds a reference to the net namespace, but rather
> whether there are still packets in the socket queues at the time when
> that net namespace is being freed.
> 
> 

I don't think so. That syzkaller report was closed by this patch:

    5c70eb5c593d net: better track kernel sockets lifetime

That says:

    "To fix this, make sure that kernel sockets own a reference on net
passive."

With this, we still do keep a passive reference on the net in the
socket, which I think is enough.

That said, I'd appreciate a look at this from the netdev folks.
-- 
Jeff Layton <jlayton@kernel.org>
Re: [PATCH RFC 9/9] sunrpc: don't upgrade passive net reference in xs_create_sock
Posted by Trond Myklebust 9 months ago 
On Mon, 2025-03-17 at 17:36 -0400, Jeff Layton wrote:
> On Mon, 2025-03-17 at 21:28 +0000, Trond Myklebust wrote:
> > On Mon, 2025-03-17 at 17:00 -0400, Jeff Layton wrote:
> > > With the move to having sunrpc client xprts not hold active
> > > references
> > > to the net namespace, there is no need to upgrade the socket's
> > > reference
> > > in xs_create_sock. Just keep the passive reference instead.
> > > 
> > > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > > ---
> > >  net/sunrpc/xprtsock.c | 3 ---
> > >  1 file changed, 3 deletions(-)
> > > 
> > > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> > > index
> > > 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3ae
> > > d8f0
> > > c513b62cdf589 100644
> > > --- a/net/sunrpc/xprtsock.c
> > > +++ b/net/sunrpc/xprtsock.c
> > > @@ -1941,9 +1941,6 @@ static struct socket *xs_create_sock(struct
> > > rpc_xprt *xprt,
> > >  		goto out;
> > >  	}
> > >  
> > > -	if (protocol == IPPROTO_TCP)
> > > -		sk_net_refcnt_upgrade(sock->sk);
> > > -
> > >  	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
> > >  	if (IS_ERR(filp))
> > >  		return ERR_CAST(filp);
> > > 
> > 
> > Is this not going to reintroduce the bug described by
> > https://lore.kernel.org/netdev/67b72aeb.050a0220.14d86d.0283.GAE@google.com/T/#u
> > ?
> > 
> > As I understand it, the problem has nothing to do with whether or
> > not
> > NFS or the RPC layer holds a reference to the net namespace, but
> > rather
> > whether there are still packets in the socket queues at the time
> > when
> > that net namespace is being freed.
> > 
> > 
> 
> I don't think so. That syzkaller report was closed by this patch:
> 
>     5c70eb5c593d net: better track kernel sockets lifetime
> 
> That says:
> 
>     "To fix this, make sure that kernel sockets own a reference on
> net
> passive."
> 
> With this, we still do keep a passive reference on the net in the
> socket, which I think is enough.

No. You just removed that by reverting the patch that assigns the
passive reference.

> 
> That said, I'd appreciate a look at this from the netdev folks.

-- 
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com
Re: [PATCH RFC 9/9] sunrpc: don't upgrade passive net reference in xs_create_sock
Posted by Jeff Layton 9 months ago 
On Mon, 2025-03-17 at 21:37 +0000, Trond Myklebust wrote:
> On Mon, 2025-03-17 at 17:36 -0400, Jeff Layton wrote:
> > On Mon, 2025-03-17 at 21:28 +0000, Trond Myklebust wrote:
> > > On Mon, 2025-03-17 at 17:00 -0400, Jeff Layton wrote:
> > > > With the move to having sunrpc client xprts not hold active
> > > > references
> > > > to the net namespace, there is no need to upgrade the socket's
> > > > reference
> > > > in xs_create_sock. Just keep the passive reference instead.
> > > > 
> > > > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > > > ---
> > > >  net/sunrpc/xprtsock.c | 3 ---
> > > >  1 file changed, 3 deletions(-)
> > > > 
> > > > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> > > > index
> > > > 83cc095846d356f24aed26e2f98525662a6cff1f..0c3d7552f772d6f8477a3ae
> > > > d8f0
> > > > c513b62cdf589 100644
> > > > --- a/net/sunrpc/xprtsock.c
> > > > +++ b/net/sunrpc/xprtsock.c
> > > > @@ -1941,9 +1941,6 @@ static struct socket *xs_create_sock(struct
> > > > rpc_xprt *xprt,
> > > >  		goto out;
> > > >  	}
> > > >  
> > > > -	if (protocol == IPPROTO_TCP)
> > > > -		sk_net_refcnt_upgrade(sock->sk);
> > > > -
> > > >  	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
> > > >  	if (IS_ERR(filp))
> > > >  		return ERR_CAST(filp);
> > > > 
> > > 
> > > Is this not going to reintroduce the bug described by
> > > https://lore.kernel.org/netdev/67b72aeb.050a0220.14d86d.0283.GAE@google.com/T/#u
> > > ?
> > > 
> > > As I understand it, the problem has nothing to do with whether or
> > > not
> > > NFS or the RPC layer holds a reference to the net namespace, but
> > > rather
> > > whether there are still packets in the socket queues at the time
> > > when
> > > that net namespace is being freed.
> > > 
> > > 
> > 
> > I don't think so. That syzkaller report was closed by this patch:
> > 
> >     5c70eb5c593d net: better track kernel sockets lifetime
> > 
> > That says:
> > 
> >     "To fix this, make sure that kernel sockets own a reference on
> > net
> > passive."
> > 
> > With this, we still do keep a passive reference on the net in the
> > socket, which I think is enough.
> 
> No. You just removed that by reverting the patch that assigns the
> passive reference.
> 

That's not how I read sk_net_refcnt_upgrade(). The socket already holds
a passive reference on the netns. sk_net_refcnt_upgrade() puts that
reference and then gets an active reference to the netns.

With this patchset, we just need to keep the passive one (I think).
-- 
Jeff Layton <jlayton@kernel.org>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.