diff options
| author | Julian Anastasov <ja@ssi.bg> | 2015-07-09 09:59:10 +0300 |
|---|---|---|
| committer | Sasha Levin <sasha.levin@oracle.com> | 2015-09-28 18:58:22 -0400 |
| commit | 52135f132988284a8091940362c923218c409f57 (patch) | |
| tree | 93f45bccdc2a2dd0d5e1b2751ca55dd628a7676f /fs/select.c | |
| parent | cf76d3de6e54afb361b2cb6d70893518cb7aa57c (diff) | |
net: call rcu_read_lock early in process_backlog
[ Upstream commit 2c17d27c36dcce2b6bf689f41a46b9e909877c21 ]
Incoming packet should be either in backlog queue or
in RCU read-side section. Otherwise, the final sequence of
flush_backlog() and synchronize_net() may miss packets
that can run without device reference:
CPU 1 CPU 2
skb->dev: no reference
process_backlog:__skb_dequeue
process_backlog:local_irq_enable
on_each_cpu for
flush_backlog => IPI(hardirq): flush_backlog
- packet not found in backlog
CPU delayed ...
synchronize_net
- no ongoing RCU
read-side sections
netdev_run_todo,
rcu_barrier: no
ongoing callbacks
__netif_receive_skb_core:rcu_read_lock
- too late
free dev
process packet for freed dev
Fixes: 6e583ce5242f ("net: eliminate refcounting in backlog queue")
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Diffstat (limited to 'fs/select.c')
0 files changed, 0 insertions, 0 deletions