From: Elad Nachman Date: Mon, 29 Mar 2021 14:36:55 +0000 (+0100) Subject: kni: fix kernel deadlock with bifurcated device X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=631217c761353aa5e4e548a20e570245ecbc8eda;p=dpdk.git kni: fix kernel deadlock with bifurcated device KNI runs userspace callback with rtnl lock held, this is not working fine with some devices that needs to interact with kernel interface in the callback, like Mellanox devices. The solution is releasing the rtnl lock before calling the userspace callback. But it requires two consideration: 1. The rtnl lock needs to released before 'kni->sync_lock', otherwise it causes deadlock with multiple KNI devices, please check below the A. for the details of the deadlock condition. 2. When rtnl lock is released for interface down event, it cause a regression and deadlock, so can't release the rtnl lock for interface down event, please check below B. for the details. As a solution, interface down event is handled asynchronously and for all other events rtnl lock is released before processing the callback. A. KNI sync lock is being locked while rtnl is held. If two threads are calling kni_net_process_request() , then the first one will take the sync lock, release rtnl lock then sleep. The second thread will try to lock sync lock while holding rtnl. The first thread will wake, and try to lock rtnl, resulting in a deadlock. The remedy is to release rtnl before locking the KNI sync lock. Since in between nothing is accessing Linux network-wise, no rtnl locking is needed. B. There is a race condition in __dev_close_many() processing the close_list while the application terminates. It looks like if two KNI interfaces are terminating, and one releases the rtnl lock, the other takes it, updating the close_list in an unstable state, causing the close_list to become a circular linked list, hence list_for_each_entry() will endlessly loop inside __dev_close_many() . To summarize: request != interface down : unlock rtnl, send request to user-space, wait for response, send the response error code to caller in user-space. request == interface down: send request to user-space, return immediately with error code of 0 (success) to user-space. Fixes: 3fc5ca2f6352 ("kni: initial import") Cc: stable@dpdk.org Signed-off-by: Elad Nachman --- diff --git a/kernel/linux/kni/kni_net.c b/kernel/linux/kni/kni_net.c index 6cf99da0dc..f259327954 100644 --- a/kernel/linux/kni/kni_net.c +++ b/kernel/linux/kni/kni_net.c @@ -113,6 +113,14 @@ kni_net_process_request(struct net_device *dev, struct rte_kni_request *req) ASSERT_RTNL(); + /* If we need to wait and RTNL mutex is held + * drop the mutex and hold reference to keep device + */ + if (req->async == 0) { + dev_hold(dev); + rtnl_unlock(); + } + mutex_lock(&kni->sync_lock); /* Construct data */ @@ -152,6 +160,10 @@ async: fail: mutex_unlock(&kni->sync_lock); + if (req->async == 0) { + rtnl_lock(); + dev_put(dev); + } return ret; } @@ -194,6 +206,10 @@ kni_net_release(struct net_device *dev) /* Setting if_up to 0 means down */ req.if_up = 0; + + /* request async because of the deadlock problem */ + req.async = 1; + ret = kni_net_process_request(dev, &req); return (ret == 0) ? req.result : ret;