From: John Fastabend <john.fastabend@gmail.com>
Date: Mon, 6 Oct 2014 04:28:52 +0000 (-0700)
Subject: net: sched: do not use tcf_proto 'tp' argument from call_rcu
X-Git-Tag: fixes-against-v3.18-rc2~144^2~24^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18cdb37ebf4c986d9502405cbd16b0ac29770c25;p=pandora-kernel.git

net: sched: do not use tcf_proto 'tp' argument from call_rcu

Using the tcf_proto pointer 'tp' from inside the classifiers callback
is not valid because it may have been cleaned up by another call_rcu
occuring on another CPU.

'tp' is currently being used by tcf_unbind_filter() in this patch we
move instances of tcf_unbind_filter outside of the call_rcu() context.
This is safe to do because any running schedulers will either read the
valid class field or it will be zeroed.

And all schedulers today when the class is 0 do a lookup using the
same call used by the tcf_exts_bind(). So even if we have a running
classifier hit the null class pointer it will do a lookup and get
to the same result. This is particularly fragile at the moment because
the only way to verify this is to audit the schedulers call sites.

Reported-by: Cong Wang <xiyou.wangconf@gmail.com>
Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed