linux/include
Neil Horman 16fcec35e7 [NETFILTER]: Fix/improve deadlock condition on module removal netfilter
So I've had a deadlock reported to me.  I've found that the sequence of
events goes like this:

1) process A (modprobe) runs to remove ip_tables.ko

2) process B (iptables-restore) runs and calls setsockopt on a netfilter socket,
increasing the ip_tables socket_ops use count

3) process A acquires a file lock on the file ip_tables.ko, calls remove_module
in the kernel, which in turn executes the ip_tables module cleanup routine,
which calls nf_unregister_sockopt

4) nf_unregister_sockopt, seeing that the use count is non-zero, puts the
calling process into uninterruptible sleep, expecting the process using the
socket option code to wake it up when it exits the kernel

4) the user of the socket option code (process B) in do_ipt_get_ctl, calls
ipt_find_table_lock, which in this case calls request_module to load
ip_tables_nat.ko

5) request_module forks a copy of modprobe (process C) to load the module and
blocks until modprobe exits.

6) Process C. forked by request_module process the dependencies of
ip_tables_nat.ko, of which ip_tables.ko is one.

7) Process C attempts to lock the request module and all its dependencies, it
blocks when it attempts to lock ip_tables.ko (which was previously locked in
step 3)

Theres not really any great permanent solution to this that I can see, but I've
developed a two part solution that corrects the problem

Part 1) Modifies the nf_sockopt registration code so that, instead of using a
use counter internal to the nf_sockopt_ops structure, we instead use a pointer
to the registering modules owner to do module reference counting when nf_sockopt
calls a modules set/get routine.  This prevents the deadlock by preventing set 4
from happening.

Part 2) Enhances the modprobe utilty so that by default it preforms non-blocking
remove operations (the same way rmmod does), and add an option to explicity
request blocking operation.  So if you select blocking operation in modprobe you
can still cause the above deadlock, but only if you explicity try (and since
root can do any old stupid thing it would like....  :)  ).

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 11:28:26 +02:00
..
acpi Pull events into release branch 2007-08-25 01:44:01 -04:00
asm-alpha Fix Alpha O_CLOEXEC definition 2007-08-09 08:39:22 -07:00
asm-arm Merge branch 'omap-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6 2007-08-25 12:38:47 +01:00
asm-avr32 [AVR32] Define mmiowb() 2007-08-15 16:36:56 +02:00
asm-blackfin remove unused TIF_NOTIFY_RESUME flag 2007-07-31 15:39:38 -07:00
asm-cris remove unused TIF_NOTIFY_RESUME flag 2007-07-31 15:39:38 -07:00
asm-frv FRV: connect up fallocate 2007-08-11 15:47:40 -07:00
asm-generic changing include/asm-generic/pgtable.h for non-mmu 2007-08-11 15:47:42 -07:00
asm-h8300 remove unused TIF_NOTIFY_RESUME flag 2007-07-31 15:39:38 -07:00
asm-i386 Pull bugzilla-1641 into release branch 2007-08-24 22:19:05 -04:00
asm-ia64 [IA64] Cleanup HPSIM code (was: Re: Enable early console for Ski simulator) 2007-09-01 02:52:25 -07:00
asm-m32r m32r: Rename STI/CLI macros 2007-09-06 11:10:56 +09:00
asm-m68k m68k: Enable arbitary speed tty support 2007-08-22 19:52:45 -07:00
asm-m68knommu m68knommu: include asm-generic/pgtable.h 2007-08-23 21:32:54 -07:00
asm-mips [MIPS] Ocelot: remove remaining bits 2007-09-10 21:25:28 +01:00
asm-parisc [PARISC] Add dummy isa_(bus|virt)_to_(virt|bus) inlines 2007-08-27 00:29:22 -04:00
asm-powerpc [POWERPC] cell/PS3: Fix a bug that causes the PS3 to hang on the SPU Class 0 interrupt. 2007-09-11 04:30:36 +10:00
asm-ppc [WATCHDOG] mv64x60_wdt: Add arch/powerpc platform support 2007-07-24 21:16:02 +00:00
asm-s390 [S390] Change atomic_read/set to inline functions with barrier semantics. 2007-08-22 13:51:49 +02:00
asm-sh sh: Add missing dma_sync_single_range_for_*(). 2007-08-10 02:37:01 +09:00
asm-sh64 sh64: Add missing dma_sync_single_for_*(). 2007-08-10 02:47:31 +09:00
asm-sparc [SPARC32]: Make flush_tlb_kernel_range() an inline function. 2007-08-26 18:49:12 -07:00
asm-sparc64 [SPARC64]: Fix several bugs in MSI handling. 2007-08-30 23:06:51 -07:00
asm-um UML: Fix ELF_CORE_COPY_REGS build botch 2007-09-10 18:58:05 -07:00
asm-v850 remove unused TIF_NOTIFY_RESUME flag 2007-07-31 15:39:38 -07:00
asm-x86_64 Pull bugzilla-1641 into release branch 2007-08-24 22:19:05 -04:00
asm-xtensa remove unused TIF_NOTIFY_RESUME flag 2007-07-31 15:39:38 -07:00
crypto
keys
linux [NETFILTER]: Fix/improve deadlock condition on module removal netfilter 2007-09-11 11:28:26 +02:00
math-emu Fix <math-emu/soft-fp.h> tpyo 2007-08-18 17:15:17 -07:00
media
mtd
net SCTP: Fix to encode PROTOCOL VIOLATION error cause correctly 2007-08-30 13:50:48 -04:00
pcmcia
rdma IB: Move the macro IB_UMEM_MAX_PAGE_CHUNK() to umem.c 2007-08-03 10:45:18 -07:00
rxrpc
scsi [SCSI] sd: disentangle barriers in SCSI 2007-08-04 08:37:04 -05:00
sound
video remove tx3912fb 2007-07-31 15:39:41 -07:00
xen xen: xen/page.h compile fix 2007-07-26 11:35:16 -07:00
Kbuild