From owner-freebsd-drivers@freebsd.org Wed Sep 2 13:59:28 2015 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 59F189C893E for ; Wed, 2 Sep 2015 13:59:28 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DBBC66D0; Wed, 2 Sep 2015 13:59:27 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id t82DxMjt020795 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 2 Sep 2015 16:59:22 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua t82DxMjt020795 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id t82DxMXt020794; Wed, 2 Sep 2015 16:59:22 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Wed, 2 Sep 2015 16:59:22 +0300 From: Konstantin Belousov To: John Baldwin Cc: freebsd-drivers@freebsd.org, Leonardo Fogel Subject: Re: Race conditions Message-ID: <20150902135922.GZ2072@kib.kiev.ua> References: <1439923294.98963.YahooMailBasic@web120801.mail.ne1.yahoo.com> <2785418.Nryjt2Jbzi@ralph.baldwin.cx> <20150829103049.GA2072@kib.kiev.ua> <17365161.8JflB5H0LB@ralph.baldwin.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <17365161.8JflB5H0LB@ralph.baldwin.cx> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 13:59:28 -0000 On Sun, Aug 30, 2015 at 05:04:31PM -0700, John Baldwin wrote: > On Saturday, August 29, 2015 01:30:49 PM Konstantin Belousov wrote: > > On Fri, Aug 28, 2015 at 01:34:58PM -0700, John Baldwin wrote: > > > Perhaps we could force cloning to serialize with opens? That is, use > > > some sort of global lock in devfs such that any non-cloning opens use > > > a shared lock but an exclusive lock is taken before running clone > > > event handlers (and held until after d_open returns)? To really > > > close this sort of race, the exclusive lock acquired when a clone > > > is created in lookup() would have to be held until devfs_open() is > > > called. That's rather gross. I suppose you could always aquire the > > > lock in devfs_lookup() when ISOPEN is set (exclusive if you have to > > > clone, otherwise shared) and then drop it in devfs_open() after d_open > > > returns. > > Hm, I do not think taking a lock in lookup(ISOPEN) is feasible. VFS migh > > not call VOP_OPEN() after the lookup, for misc. reasons (e.g. due to the > > permissions, or forced umount reclaiming vnode as two obvious cases). > > > > Also, I am not sure about the definition about non-cloning open. Other > > thread might race with the cloner and open the newly cloned node > > before the cloner has a chance to proceed. Do you want to prevent this > > situation ? If yes, then why ? si_drv1 issue should be handled by other > > means. > > This isn't about si_drv1, this is about my other change of trying to let > an open of /dev/tap reliably open a "free" tap device. The race my current > change there doesn't handle is that if an open of /dev/tap that returns > a "free" tap device from the clone handler might race with another process > that opens a tap device by name (e.g. /dev/tap0). This is a race which must be handled by userspace, I am afraid. > > An entirely different possibility is to change /dev/tap to not use cloning > at all and instead use cdevpriv. It could then safely choose a "free" > tap device during its open routine. This might be a bit of an API change > though as devname/fdevname could no longer be used to determine the name > of the interface opened by an open of /dev/tap. What if we change tap to use cdevpriv, and have some unit number sequencer for the cdevprivs (as I understand, this would correspond to the unit of the cloned tap interface ?). Also, we add a cdevsw method to get the devname. By default, the method will provide dev->si_name. For tap, the method would create the the /dev/tapX, where X is the tap interface number, and returns corresponding name. The /dev/tapX opens would need to find cdevprivs from the /dev/tap. This would cause KBI change for the cdevs, but no API change for tap consumers and no KPI changes for cdevs. > > > > Well, we've had this race in most cdev drivers in the tree for a long > > > time. It's a narrow one that doesn't get hit often (if at all) in > > > practice, but if I were to do a sweep to patch all the open routines > > > to handle it, I'd rather we do it this way instead. OTOH, I don't have > > > a burning desire to patch all the open routines. > > > > For the race to be real, the device must be created after the userspace > > is running. I think that the main case there are pty. > > Or kldload of a device driver. But this is much more rare, this is what I mean. > > > I do not see a possibility of removing existing make_dev*() after the > > make_dev_uber() is introduced, so there is no need for the whole tree > > sweep. > > I mean more that if one wanted to fix the si_drv1 race one would have to > do some sort of sweep of affected drivers. Yes.