On Sun, 2016-03-27 at 22:32 -0400, David Miller wrote:
> From: Eric Dumazet <eric.duma...@gmail.com>
> Date: Fri, 25 Mar 2016 15:15:15 -0700
>
> > From: Eric Dumazet <eduma...@google.com>
> >
> > Blocking BH in __inet{6}_lookup() is not correct, as the lookups
> > are done using RCU protection.
> >
> > It matters only starting from Lorenzo Colitti patches to destroy
> > a TCP socket, since rcu_read_lock() is already held by other users
> > of these functions.
> >
> > This can be backported to all known stable versions, since TCP got RCU
> > lookups back in 2.6.29 : Even if iproute2 contained no code to trigger
> > the bug, some user programs could have used the API.
> >
> > Signed-off-by: Eric Dumazet <eduma...@google.com>
> > Cc: Lorenzo Colitti <lore...@google.com>
>
> This is quite the maze of RCU locking here. With this change,
> inet_lookup is now:
>
> rcu_read_lock();
> sk = x(); {
> rcu_read_lock();
> ...
> rcu_read_unlock();
> }
> if (!sk) {
> sk = y(); {
> rcu_read_lock();
> ...
> rcu_read_unlock();
> }
> }
> rcu_read_unlock();
>
> It would seem to me that we should bubble up the rcu locking calls.
>
> If, as you say, the other users do RCU locking already, then it should
> be safe to do what your patch is doing and also remove the RCU locking
> done by __inet_lookup_established() and __inet_lookup_listener().
>
Sure, but the caller changed quite a lot in all stable versions.
I took the easiest path for stable maintainers, and was planing to
implement a better way in net-next.
I certainly can take the final form and let you do the backports ?
Thanks.
