Commit 47c846eb authored Nov 15, 2021 by Jakub Kicinski Committed by Zheng Zengkai Nov 15, 2021

net: make free_netdev() more lenient with unregistering devices

mainline inclusion
from mainline-v5.11-rc4
commit c269a24c
category: bugfix
bugzilla: 181892 https://gitee.com/openeuler/kernel/issues/I4DDEL

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c269a24ce057abfc31130960e96ab197ef6ab196



-------------------------------------------------

There are two flavors of handling netdev registration:
 - ones called without holding rtnl_lock: register_netdev() and
   unregister_netdev(); and
 - those called with rtnl_lock held: register_netdevice() and
   unregister_netdevice().

While the semantics of the former are pretty clear, the same can't
be said about the latter. The netdev_todo mechanism is utilized to
perform some of the device unregistering tasks and it hooks into
rtnl_unlock() so the locked variants can't actually finish the work.
In general free_netdev() does not mix well with locked calls. Most
drivers operating under rtnl_lock set dev->needs_free_netdev to true
and expect core to make the free_netdev() call some time later.

The part where this becomes most problematic is error paths. There is
no way to unwind the state cleanly after a call to register_netdevice(),
since unreg can't be performed fully without dropping locks.

Make free_netdev() more lenient, and defer the freeing if device
is being unregistered. This allows error paths to simply call
free_netdev() both after register_netdevice() failed, and after
a call to unregister_netdevice() but before dropping rtnl_lock.

Simplify the error paths which are currently doing gymnastics
around free_netdev() handling.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Xu Jia <xujia39@huawei.com>
Reviewed-by: Yue Haibing <yuehaibing@huawei.com>

Signed-off-by: Chen Jun <chenjun102@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>

parent c0e2ba50

net/8021q/vlan.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -284,8 +284,6 @@ static int register_vlan_device(struct net_device *real_dev, u16 vlan_id)
		return 0;

		out_free_newdev:
		if (new_dev->reg_state == NETREG_UNINITIALIZED \|\|
		new_dev->reg_state == NETREG_UNREGISTERED)
		free_netdev(new_dev);
		return err;
		}

net/core/dev.c

+11 −0

Original line number	Diff line number	Diff line
		@@ -10655,6 +10655,17 @@ void free_netdev(struct net_device *dev)
		struct napi_struct p, n;

		might_sleep();

		/* When called immediately after register_netdevice() failed the unwind
		* handling may still be dismantling the device. Handle that case by
		* deferring the free.
		*/
		if (dev->reg_state == NETREG_UNREGISTERING) {
		ASSERT_RTNL();
		dev->needs_free_netdev = true;
		return;
		}

		netif_free_tx_queues(dev);
		netif_free_rx_queues(dev);

net/core/rtnetlink.c

+6 −17

Original line number	Diff line number	Diff line
		@@ -3438,26 +3438,15 @@ static int __rtnl_newlink(struct sk_buff skb, struct nlmsghdr nlh,

		dev->ifindex = ifm->ifi_index;

		if (ops->newlink) {
		if (ops->newlink)
		err = ops->newlink(link_net ? : net, dev, tb, data, extack);
		/* Drivers should call free_netdev() in ->destructor
		* and unregister it on failure after registration
		* so that device could be finally freed in rtnl_unlock.
		*/
		if (err < 0) {
		/* If device is not registered at all, free it now */
		if (dev->reg_state == NETREG_UNINITIALIZED \|\|
		dev->reg_state == NETREG_UNREGISTERED)
		free_netdev(dev);
		goto out;
		}
		} else {
		else
		err = register_netdevice(dev);
		if (err < 0) {
		free_netdev(dev);
		goto out;
		}
		}

		err = rtnl_configure_link(dev, ifm);
		if (err < 0)
		goto out_unregister;