From: Cong Wang <xiyou.wangc...@gmail.com>
Date: Mon, 6 Nov 2017 13:47:17 -0800
> This patchset tries to fix the race between call_rcu() and
> cleanup_net() again. Without holding the netns refcnt the
> tc_action_net_exit() in netns workqueue could be called before
> filter destroy works in tc filter workqueue. This patchset
> moves the netns refcnt from tc actions to tcf_exts, without
> breaking per-netns tc actions.
>
> Patch 1 reverts the previous fix, patch 2 introduces two new
> API's to help to address the bug and the rest patches switch
> to the new API's. Please see each patch for details.
>
> I was not able to reproduce this bug, but now after adding
> some delay in filter destroy work I manage to trigger the
> crash. After this patchset, the crash is not reproducible
> any more and the debugging printk's show the order is expected
> too.
>
> Fixes: ddf97ccdd7cb ("net_sched: add network namespace support for tc
> actions")
> Reported-by: Lucas Bates <luc...@mojatatu.com>
> Cc: Lucas Bates <luc...@mojatatu.com>
> Cc: Jamal Hadi Salim <j...@mojatatu.com>
> Cc: Jiri Pirko <j...@resnulli.us>
> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com>
I have to say this was a lot of churn so late in the release
cycle.... but I ended up pulling anyways.
I cannot guarantee that I will be able to push this to Linus
in time for 4.14-final.
Thanks.
