summaryrefslogtreecommitdiff
path: root/scripts/extract-module-sig.pl
diff options
context:
space:
mode:
authorPaolo Abeni <pabeni@redhat.com>2019-09-12 13:02:42 +0300
committerDavid S. Miller <davem@davemloft.net>2019-09-15 21:35:55 +0300
commitd518d2ed8640c1cbbbb6f63939e3e65471817367 (patch)
tree7b953ec465e856df26ee7cb93983f3bec1495d42 /scripts/extract-module-sig.pl
parent1609d7604b847a9820e63393d1a3b6cac7286d40 (diff)
downloadlinux-d518d2ed8640c1cbbbb6f63939e3e65471817367.tar.xz
net/sched: fix race between deactivation and dequeue for NOLOCK qdisc
The test implemented by some_qdisc_is_busy() is somewhat loosy for NOLOCK qdisc, as we may hit the following scenario: CPU1 CPU2 // in net_tx_action() clear_bit(__QDISC_STATE_SCHED...); // in some_qdisc_is_busy() val = (qdisc_is_running(q) || test_bit(__QDISC_STATE_SCHED, &q->state)); // here val is 0 but... qdisc_run(q) // ... CPU1 is going to run the qdisc next As a conseguence qdisc_run() in net_tx_action() can race with qdisc_reset() in dev_qdisc_reset(). Such race is not possible for !NOLOCK qdisc as both the above bit operations are under the root qdisc lock(). After commit 021a17ed796b ("pfifo_fast: drop unneeded additional lock on dequeue") the race can cause use after free and/or null ptr dereference, but the root cause is likely older. This patch addresses the issue explicitly checking for deactivation under the seqlock for NOLOCK qdisc, so that the qdisc_run() in the critical scenario becomes a no-op. Note that the enqueue() op can still execute concurrently with dev_qdisc_reset(), but that is safe due to the skb_array() locking, and we can't avoid that for NOLOCK qdiscs. Fixes: 021a17ed796b ("pfifo_fast: drop unneeded additional lock on dequeue") Reported-by: Li Shuang <shuali@redhat.com> Reported-and-tested-by: Davide Caratti <dcaratti@redhat.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'scripts/extract-module-sig.pl')
0 files changed, 0 insertions, 0 deletions