On Sun, 2016-03-27 at 22:32 -0400, David Miller wrote:
> From: Eric Dumazet <eric.duma...@gmail.com>
> Date: Fri, 25 Mar 2016 15:15:15 -0700
> 
> > From: Eric Dumazet <eduma...@google.com>
> > 
> > Blocking BH in __inet{6}_lookup() is not correct, as the lookups
> > are done using RCU protection.
> > 
> > It matters only starting from Lorenzo Colitti patches to destroy
> > a TCP socket, since rcu_read_lock() is already held by other users
> > of these functions.
> > 
> > This can be backported to all known stable versions, since TCP got RCU
> > lookups back in 2.6.29 : Even if iproute2 contained no code to trigger
> > the bug, some user programs could have used the API.
> > 
> > Signed-off-by: Eric Dumazet <eduma...@google.com>
> > Cc: Lorenzo Colitti <lore...@google.com>
> 
> This is quite the maze of RCU locking here.  With this change,
> inet_lookup is now:
> 
>       rcu_read_lock();
>       sk = x(); {
>               rcu_read_lock();
>               ...
>               rcu_read_unlock();
>       }
>       if (!sk) {
>               sk = y(); {
>                       rcu_read_lock();
>                       ...
>                       rcu_read_unlock();
>               }
>       }
>       rcu_read_unlock();
> 
> It would seem to me that we should bubble up the rcu locking calls.
> 
> If, as you say, the other users do RCU locking already, then it should
> be safe to do what your patch is doing and also remove the RCU locking
> done by __inet_lookup_established() and __inet_lookup_listener().
> 

Sure, but the caller changed quite a lot in all stable versions.

I took the easiest path for stable maintainers, and was planing to
implement a better way in net-next.

I certainly can take the final form and let you do the backports ?

Thanks.



Reply via email to