On Thu, Aug 1, 2019 at 6:03 AM <[email protected]> wrote: > > From: Dmytro Linkin <[email protected]> > > Currently init call of all actions (except ipt) init their 'parm' > structure as a direct pointer to nla data in skb. This leads to race > condition when some of the filter actions were initialized successfully > (and were assigned with idr action index that was written directly > into nla data), but then were deleted and retried (due to following > action module missing or classifier-initiated retry), in which case > action init code tries to insert action to idr with index that was > assigned on previous iteration. During retry the index can be reused > by another action that was inserted concurrently, which causes > unintended action sharing between filters. > To fix described race condition, save action idr index to temporary > stack-allocated variable instead on nla data. > > Fixes: 0190c1d452a9 ("net: sched: atomically check-allocate action") > Signed-off-by: Dmytro Linkin <[email protected]> > Signed-off-by: Vlad Buslov <[email protected]>
Acked-by: Cong Wang <[email protected]> This is a sad side-effect we have to deal with for this retry logic, we have to restore all global status in each retry loop. :-( Thanks.
