Page MenuHomeFreeBSD
Differential D39722

if_tuntap: avoid a deadlock in SIOCIFDESTROY
Needs RevisionPublic
Actions

Authored by kevans on Apr 20 2023, 5:02 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Apr 30, 3:51 PM
Unknown Object (File)
Tue, Apr 30, 3:50 PM
Unknown Object (File)
Tue, Apr 30, 8:32 AM
Unknown Object (File)
Dec 23 2023, 1:30 AM
Unknown Object (File)
Jul 1 2023, 3:53 PM
Unknown Object (File)
Jun 24 2023, 5:40 AM
Unknown Object (File)
Jun 24 2023, 4:46 AM
Unknown Object (File)
May 18 2023, 3:41 AM
View All 9 Files
Subscribers
ae
glebius
imp
markj
melifaro

Details

Reviewers
cperciva
markj
melifaro
Group Reviewers
network
Summary

tp->tun_pid is only updated on a best-effort basis, but it's still an OK
heuristic for this. If the thread that called SIOCIFDESTROY had the
tunnel open at the time, we'd immediately block on the tun condvar for
a release that will never come. We'll only return a spurious EBUSY if
the owner hasn't been updated, which would have otherwise blocked
because the tunnel *is* open; this seems like an acceptable failure
mode.

PR: 242841

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 51068
Build 47959: arc lint + arc unit

Event Timeline

kevans created this revision.Apr 20 2023, 5:02 PM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptApr 20 2023, 5:02 PM
kevans requested review of this revision.Apr 20 2023, 5:02 PM
Harbormaster completed remote builds in B51068: Diff 120737.Apr 20 2023, 5:02 PM
markj accepted this revision as: markj.Apr 20 2023, 7:11 PM
markj added a subscriber: markj.

Would it be possible to make the sleep in tun_destroy() interruptible?

sys/net/if_tuntap.c
663

A comment seems warranted here.

This revision is now accepted and ready to land.Apr 20 2023, 7:11 PM
kevans added a comment.Apr 20 2023, 7:32 PM
In D39722#904222, @markj wrote:

Would it be possible to make the sleep in tun_destroy() interruptible?

Hmm... yeah, we could probably do that. We'd need to push removal from the tun_list into tun_clone_destroy and it may be a little wonky due to locking differences between the two callers, but not that bad.

melifaro requested changes to this revision.Apr 20 2023, 8:02 PM

Thank you for rootcausing the problem!
This approach worries me a bit - what if we have a third-party buggy library and the core app that tries to fix it by manually deleting the interfaces?
I’d really prefer SIOCIFDESTROY to always do what it’s asked for regardless of the fd open/close status

This revision now requires changes to proceed.Apr 20 2023, 8:02 PM
kevans added a comment.Apr 20 2023, 8:09 PM
In D39722#904270, @melifaro wrote:

Thank you for rootcausing the problem!
This approach worries me a bit - what if we have a third-party buggy library and the core app that tries to fix it by manually deleting the interfaces?
I’d really prefer SIOCIFDESTROY to always do what it’s asked for regardless of the fd open/close status

right, if we "just" make the sleep interruptible then this doesn't need to exist anymore; right now, the situation as described in the PR effectively hangs the entire process with not much recourse available to save the process from just being stuck there evermore.

kevans added a comment.Apr 20 2023, 8:15 PM

Ah, I guess you're saying you want it to just delete the interface immediately... feel free, but I don't really have the time or inclination to dig through and sus out every part where this may go wrong for whatever has the fd open.

melifaro added a comment.Apr 20 2023, 9:02 PM
In D39722#904279, @kevans wrote:

Ah, I guess you're saying you want it to just delete the interface immediately... feel free, but I don't really have the

Not immediately, but “eventually”.
I mean, it is a bit weird one can destroy the openef interface from any other process excluding its own.

time or inclination to dig through and sus out every part where this may go wrong for whatever has the fd open.

kevans added a comment.Apr 20 2023, 9:07 PM
In D39722#904299, @melifaro wrote:
In D39722#904279, @kevans wrote:

Ah, I guess you're saying you want it to just delete the interface immediately... feel free, but I don't really have the

Not immediately, but “eventually”.
I mean, it is a bit weird one can destroy the openef interface from any other process excluding its own.

To be fair, they actually can't -- those ones will just hang until the last close.

melifaro accepted this revision as: melifaro.Apr 20 2023, 9:14 PM
In D39722#904300, @kevans wrote:
In D39722#904299, @melifaro wrote:
In D39722#904279, @kevans wrote:

Ah, I guess you're saying you want it to just delete the interface immediately... feel free, but I don't really have the

Not immediately, but “eventually”.
I mean, it is a bit weird one can destroy the openef interface from any other process excluding its own.

To be fair, they actually can't -- those ones will just hang until the last close.

Whoops. Indeed, you're right. I may have a false memory that it was possible some time ago. Apparently it's not.

Sorry for confusion, no objection from myself then.

kevans added a comment.Apr 20 2023, 10:41 PM

I think I'll drop this in favor of D39740 -- I'm not sure we need to do this to workaround an application bug if the bug is made generally harmless.

Revision Contents
Changeset List

PathSize
sys/
net/
10 lines

Diff 120737

View Options

sys/net/if_tuntap.c

Loading...