• Jarek Poplawski's avatar
    ipv4: Fix fib_trie rebalancing · e0f7cb8c
    Jarek Poplawski authored
    While doing trie_rebalance(): resize(), inflate(), halve() RCU free
    tnodes before updating their parents. It depends on RCU delaying the
    real destruction, but if RCU readers start after call_rcu() and before
    parent update they could access freed memory.
    
    It is currently prevented with preempt_disable() on the update side,
    but it's not safe, except maybe classic RCU, plus it conflicts with
    memory allocations with GFP_KERNEL flag used from these functions.
    
    This patch explicitly delays freeing of tnodes by adding them to the
    list, which is flushed after the update is finished.
    Reported-by: default avatarYan Zheng <zheng.yan@oracle.com>
    Signed-off-by: default avatarJarek Poplawski <jarkao2@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    e0f7cb8c
fib_trie.c 61.8 KB