On Sun, 2016-03-27 at 22:32 -0400, David Miller wrote: > From: Eric Dumazet <eric.duma...@gmail.com> > Date: Fri, 25 Mar 2016 15:15:15 -0700 > > > From: Eric Dumazet <eduma...@google.com> > > > > Blocking BH in __inet{6}_lookup() is not correct, as the lookups > > are done using RCU protection. > > > > It matters only starting from Lorenzo Colitti patches to destroy > > a TCP socket, since rcu_read_lock() is already held by other users > > of these functions. > > > > This can be backported to all known stable versions, since TCP got RCU > > lookups back in 2.6.29 : Even if iproute2 contained no code to trigger > > the bug, some user programs could have used the API. > > > > Signed-off-by: Eric Dumazet <eduma...@google.com> > > Cc: Lorenzo Colitti <lore...@google.com> > > This is quite the maze of RCU locking here. With this change, > inet_lookup is now: > > rcu_read_lock(); > sk = x(); { > rcu_read_lock(); > ... > rcu_read_unlock(); > } > if (!sk) { > sk = y(); { > rcu_read_lock(); > ... > rcu_read_unlock(); > } > } > rcu_read_unlock(); > > It would seem to me that we should bubble up the rcu locking calls. > > If, as you say, the other users do RCU locking already, then it should > be safe to do what your patch is doing and also remove the RCU locking > done by __inet_lookup_established() and __inet_lookup_listener(). >
Sure, but the caller changed quite a lot in all stable versions. I took the easiest path for stable maintainers, and was planing to implement a better way in net-next. I certainly can take the final form and let you do the backports ? Thanks.