From: Eric Dumazet <eduma...@google.com>
Date: Sun, 10 Mar 2019 10:36:40 -0700
> Same reasons than the ones explained in commit 4179cb5a4c92
> ("vxlan: test dev->flags & IFF_UP before calling netif_rx()")
>
> netif_rx() or gro_cells_receive() must be called under a strict contract.
>
> At device dismantle phase, core networking clears IFF_UP
> and flush_all_backlogs() is called after rcu grace period
> to make sure no incoming packet might be in a cpu backlog
> and still referencing the device.
>
> A similar protocol is used for gro_cells infrastructure, as
> gro_cells_destroy() will be called only after a full rcu
> grace period is observed after IFF_UP has been cleared.
>
> Most drivers call netif_rx() from their interrupt handler,
> and since the interrupts are disabled at device dismantle,
> netif_rx() does not have to check dev->flags & IFF_UP
>
> Virtual drivers do not have this guarantee, and must
> therefore make the check themselves.
>
> Otherwise we risk use-after-free and/or crashes.
>
> Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
Applied and queued up for -stable, thanks Eric.
