mirror of
https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
synced 2025-11-02 17:42:54 +10:00
5d944c640b
One of my test machine got a deadlock during "tc" sessions, adding/deleting classes & filters, using traffic estimators. After some analysis, I believe we have a potential use after free case in est_timer() : spin_lock(e->stats_lock); << HERE >> read_lock(&est_lock); if (e->bstats == NULL) << TEST >> goto skip; Test is done a bit late, because after estimator is killed, and before rcu grace period elapsed, we might already have freed/reuse memory where e->stats_locks points to (some qdisc->q.lock) A possible fix is to respect a rcu grace period at Qdisc dismantle time. On 64bit, sizeof(struct Qdisc) is exactly 192 bytes. Adding 16 bytes to it (for struct rcu_head) is a problem because it might change performance, given QDISC_ALIGNTO is 32 bytes. This is why I also change QDISC_ALIGNTO to 64 bytes, to satisfy most current alignment requirements. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| act_api.c | ||
| act_gact.c | ||
| act_ipt.c | ||
| act_mirred.c | ||
| act_nat.c | ||
| act_pedit.c | ||
| act_police.c | ||
| act_simple.c | ||
| act_skbedit.c | ||
| cls_api.c | ||
| cls_basic.c | ||
| cls_cgroup.c | ||
| cls_flow.c | ||
| cls_fw.c | ||
| cls_route.c | ||
| cls_rsvp6.c | ||
| cls_rsvp.c | ||
| cls_rsvp.h | ||
| cls_tcindex.c | ||
| cls_u32.c | ||
| em_cmp.c | ||
| em_meta.c | ||
| em_nbyte.c | ||
| em_text.c | ||
| em_u32.c | ||
| ematch.c | ||
| Kconfig | ||
| Makefile | ||
| sch_api.c | ||
| sch_atm.c | ||
| sch_blackhole.c | ||
| sch_cbq.c | ||
| sch_drr.c | ||
| sch_dsmark.c | ||
| sch_fifo.c | ||
| sch_generic.c | ||
| sch_gred.c | ||
| sch_hfsc.c | ||
| sch_htb.c | ||
| sch_ingress.c | ||
| sch_mq.c | ||
| sch_multiq.c | ||
| sch_netem.c | ||
| sch_prio.c | ||
| sch_red.c | ||
| sch_sfq.c | ||
| sch_tbf.c | ||
| sch_teql.c | ||