cls_cgroup: use tcf_exts_get_net() before call_rcu()

Hold netns refcnt before call_rcu() and release it after
the tcf_exts_destroy() is done.

Note, on ->destroy() path we have to respect the return value
of tcf_exts_get_net(), on other paths it should always return
true, so we don't need to care.

Cc: Lucas Bates <lucasb@mojatatu.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Cong Wang 2017-11-06 13:47:22 -08:00 committed by David S. Miller
parent aae2c35ec8
commit ed14816814
1 changed files with 18 additions and 6 deletions

View File

@ -60,15 +60,21 @@ static const struct nla_policy cgroup_policy[TCA_CGROUP_MAX + 1] = {
[TCA_CGROUP_EMATCHES] = { .type = NLA_NESTED },
};
static void __cls_cgroup_destroy(struct cls_cgroup_head *head)
{
tcf_exts_destroy(&head->exts);
tcf_em_tree_destroy(&head->ematches);
tcf_exts_put_net(&head->exts);
kfree(head);
}
static void cls_cgroup_destroy_work(struct work_struct *work)
{
struct cls_cgroup_head *head = container_of(work,
struct cls_cgroup_head,
work);
rtnl_lock();
tcf_exts_destroy(&head->exts);
tcf_em_tree_destroy(&head->ematches);
kfree(head);
__cls_cgroup_destroy(head);
rtnl_unlock();
}
@ -124,8 +130,10 @@ static int cls_cgroup_change(struct net *net, struct sk_buff *in_skb,
goto errout;
rcu_assign_pointer(tp->root, new);
if (head)
if (head) {
tcf_exts_get_net(&head->exts);
call_rcu(&head->rcu, cls_cgroup_destroy_rcu);
}
return 0;
errout:
tcf_exts_destroy(&new->exts);
@ -138,8 +146,12 @@ static void cls_cgroup_destroy(struct tcf_proto *tp)
struct cls_cgroup_head *head = rtnl_dereference(tp->root);
/* Head can still be NULL due to cls_cgroup_init(). */
if (head)
call_rcu(&head->rcu, cls_cgroup_destroy_rcu);
if (head) {
if (tcf_exts_get_net(&head->exts))
call_rcu(&head->rcu, cls_cgroup_destroy_rcu);
else
__cls_cgroup_destroy(head);
}
}
static int cls_cgroup_delete(struct tcf_proto *tp, void *arg, bool *last)