git.baikalelectronics.ru Git - kernel.git/commit

author	Julian Anastasov <ja@ssi.bg>
	Thu, 9 Jul 2015 06:59:10 +0000 (09:59 +0300)
committer	David S. Miller <davem@davemloft.net>
	Sat, 11 Jul 2015 01:16:36 +0000 (18:16 -0700)
commit	614423063f3ed70668d56e25574b5b2bec22fd6a
tree	8868fe137839c66fcef2a435d8d1b38fd0cd7533	tree \| snapshot
parent	4555655ae7e97db7cf6dc96076afb342b2b60628	commit \| diff

net: call rcu_read_lock early in process_backlog

Incoming packet should be either in backlog queue or
in RCU read-side section. Otherwise, the final sequence of
flush_backlog() and synchronize_net() may miss packets
that can run without device reference:

CPU 1                  CPU 2
                       skb->dev: no reference
                       process_backlog:__skb_dequeue
                       process_backlog:local_irq_enable

on_each_cpu for
flush_backlog =>       IPI(hardirq): flush_backlog
                       - packet not found in backlog

                       CPU delayed ...
synchronize_net
- no ongoing RCU
read-side sections

netdev_run_todo,
rcu_barrier: no
ongoing callbacks
                       __netif_receive_skb_core:rcu_read_lock
                       - too late
free dev
                       process packet for freed dev

Fixes: 126758eba783 ("net: eliminate refcounting in backlog queue")
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>