bonding: Deadlock between bonding_store_bonds and bond_destroy_sysfs.
Pavel Emelyanov [Sat, 3 May 2008 00:49:39 +0000 (17:49 -0700)]
The sysfs layer has an internal protection, that ensures, that
all the process sitting inside ->sore/->show callback exits
before the appropriate entry is unregistered (the calltraces
are rather big, but I can provide them if required).

On the other hand, bonding takes rtnl_lock in
a) the bonding_store_bonds, i.e. in ->store callback,
b) module exit before calling the sysfs unregister routines.

Thus, the classical AB-BA deadlock may occur. To reproduce run
# while :; do modprobe bonding; rmmod bonding; done
and
# while :; do echo '+bond%d' > /sys/class/net/bonding_masters ; done
in parallel.

The fix is to move the bond_destroy_sysfs out of the rtnl_lock,
but _before_ bond_free_all to make sure no bonding devices exist
after module unload.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>

drivers/net/bonding/bond_main.c

index 5509732..e41b3e5 100644 (file)
@@ -4992,9 +4992,10 @@ err:
                destroy_workqueue(bond->wq);
        }
 
+       bond_destroy_sysfs();
+
        rtnl_lock();
        bond_free_all();
-       bond_destroy_sysfs();
        rtnl_unlock();
 out:
        return res;
@@ -5006,9 +5007,10 @@ static void __exit bonding_exit(void)
        unregister_netdevice_notifier(&bond_netdev_notifier);
        unregister_inetaddr_notifier(&bond_inetaddr_notifier);
 
+       bond_destroy_sysfs();
+
        rtnl_lock();
        bond_free_all();
-       bond_destroy_sysfs();
        rtnl_unlock();
 }