• Vlad Buslov's avatar
    net: sched: act_sample: fix psample group handling on overwrite · 5ff0ab0c
    Vlad Buslov authored
    [ Upstream commit dbf47a2a ]
    
    Action sample doesn't properly handle psample_group pointer in overwrite
    case. Following issues need to be fixed:
    
    - In tcf_sample_init() function RCU_INIT_POINTER() is used to set
      s->psample_group, even though we neither setting the pointer to NULL, nor
      preventing concurrent readers from accessing the pointer in some way.
      Use rcu_swap_protected() instead to safely reset the pointer.
    
    - Old value of s->psample_group is not released or deallocated in any way,
      which results resource leak. Use psample_group_put() on non-NULL value
      obtained with rcu_swap_protected().
    
    - The function psample_group_put() that released reference to struct
      psample_group pointed by rcu-pointer s->psample_group doesn't respect rcu
      grace period when deallocating it. Extend struct psample_group with rcu
      head and use kfree_rcu when freeing it.
    
    Fixes: 5c5670fa ("net/sched: Introduce sample tc action")
    Signed-off-by: default avatarVlad Buslov <vladbu@mellanox.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    5ff0ab0c
psample.c 7.18 KB