On Fri, Nov 24, 2017 at 3:27 AM, Roman Kapl wrote:
>
> Fixes: 822e86d997 ("net_sched: remove tcf_block_put_deferred()")
You blame a wrong commit here.
Commit 822e86d997 was correct at that time, it is the patchset
which includes commit e4b95c41df36befcfd11721 makes it buggy
again.
Fri, Nov 24, 2017 at 12:27:58PM CET, c...@rkapl.cz wrote:
>tcf_block_put_ext has assumed that all filters (and thus their goto
>actions) are destroyed in RCU callback and thus can not race with our
>list iteration. However, that is not true during netns cleanup (see
>tcf_exts_get_net comment).
>
>P
tcf_block_put_ext has assumed that all filters (and thus their goto
actions) are destroyed in RCU callback and thus can not race with our
list iteration. However, that is not true during netns cleanup (see
tcf_exts_get_net comment).
Prevent the user after free by holding all chains (except 0, that
