From: Eric Dumazet <eric.duma...@gmail.com>
Date: Tue, 24 Oct 2017 08:20:31 -0700
> From: Eric Dumazet <eduma...@google.com>
>
> In my first attempt to fix the lockdep splat, I forgot we could
> enter inet_csk_route_req() with a freshly allocated request socket,
> for which refcount has not yet been elevated, due to complex
> SLAB_TYPESAFE_BY_RCU rules.
>
> We either are in rcu_read_lock() section _or_ we own a refcount on the
> request.
>
> Correct RCU verb to use here is rcu_dereference_check(), although it is
> not possible to prove we actually own a reference on a shared
> refcount :/
>
> In v2, I added ireq_opt_deref() helper and use in three places, to fix other
> possible splats.
...
> Fixes: a6ca7abe53633 ("tcp/dccp: fix lockdep splat in inet_csk_route_req()")
> Fixes: c92e8c02fe66 ("tcp/dccp: fix ireq->opt races")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: kernel test robot <fengguang...@intel.com>
> Reported-by: Maciej Żenczykowski <m...@google.com>
> ---
> v3: fix typo in predicate
Applied and queued up for -stable.
