Message ID | 20201026123327.1141066-1-leon@kernel.org |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [net,v1] net: protect tcf_block_unbind with block lock | expand |
Context | Check | Description |
---|---|---|
jkicinski/cover_letter | success | Link |
jkicinski/fixes_present | success | Link |
jkicinski/patch_count | success | Link |
jkicinski/tree_selection | success | Clearly marked for net |
jkicinski/subject_prefix | success | Link |
jkicinski/source_inline | success | Was 0 now: 0 |
jkicinski/verify_signedoff | success | Link |
jkicinski/module_param | success | Was 0 now: 0 |
jkicinski/build_32bit | fail | Errors and warnings before: 12 this patch: 12 |
jkicinski/kdoc | success | Errors and warnings before: 0 this patch: 0 |
jkicinski/verify_fixes | success | Link |
jkicinski/checkpatch | fail | Link |
jkicinski/build_allmodconfig_warn | success | Errors and warnings before: 8 this patch: 8 |
jkicinski/header_inline | success | Link |
jkicinski/stable | success | Stable not CCed |
On Mon, 26 Oct 2020 14:33:27 +0200 Leon Romanovsky wrote: > From: Leon Romanovsky <leonro@nvidia.com> > > The tcf_block_unbind() expects that the caller will take block->cb_lock > before calling it, however the code took RTNL lock and dropped cb_lock > instead. This causes to the following kernel panic. > Fixes: 0fdcf78d5973 ("net: use flow_indr_dev_setup_offload()") > Signed-off-by: Leon Romanovsky <leonro@nvidia.com> > --- > v1: > * Returned rtnl_lock() > v0: > https://lore.kernel.org/netdev/20201026060407.583080-1-leon@kernel.org Applied, thanks. I'm surprised you put the lore link in the notes. Maybe the usefulness of the change log could be argued, but the number of times I tried to find a specific revision and couldn't...
On Tue, Oct 27, 2020 at 06:03:31PM -0700, Jakub Kicinski wrote: > On Mon, 26 Oct 2020 14:33:27 +0200 Leon Romanovsky wrote: > > From: Leon Romanovsky <leonro@nvidia.com> > > > > The tcf_block_unbind() expects that the caller will take block->cb_lock > > before calling it, however the code took RTNL lock and dropped cb_lock > > instead. This causes to the following kernel panic. > > > Fixes: 0fdcf78d5973 ("net: use flow_indr_dev_setup_offload()") > > Signed-off-by: Leon Romanovsky <leonro@nvidia.com> > > --- > > v1: > > * Returned rtnl_lock() > > v0: > > https://lore.kernel.org/netdev/20201026060407.583080-1-leon@kernel.org > > Applied, thanks. > > I'm surprised you put the lore link in the notes. Maybe the usefulness > of the change log could be argued, but the number of times I tried to > find a specific revision and couldn't... This is my preferred way of submitting patches, it allows to enjoy from all worlds: clean commit message and ability to see previous versions at the same time. Lorifier [1] gives such links to me in automatic way, all that I need is to copy them from previous versions. [1] https://github.com/danrue/lorifier Thanks
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index faeabff283a2..838b3fd94d77 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -652,12 +652,12 @@ static void tc_block_indr_cleanup(struct flow_block_cb *block_cb) block_cb->indr.binder_type, &block->flow_block, tcf_block_shared(block), &extack); + rtnl_lock(); down_write(&block->cb_lock); list_del(&block_cb->driver_list); list_move(&block_cb->list, &bo.cb_list); - up_write(&block->cb_lock); - rtnl_lock(); tcf_block_unbind(block, &bo); + up_write(&block->cb_lock); rtnl_unlock(); }