| Message ID | c1707eafcfaaf310d4385a0dcf7f64b8bdc37acc.1511091064.git.lucien.xin@gmail.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] tun: fix rcu_read_lock imbalance in tun_build_skb | expand |
From: Xin Long <lucien.xin@gmail.com> Date: Sun, 19 Nov 2017 19:31:04 +0800 > rcu_read_lock in tun_build_skb is used to rcu_dereference tun->xdp_prog > safely, rcu_read_unlock should be done in every return path. > > Now I could see one place missing it, where it returns NULL in switch-case > XDP_REDIRECT, another palce using rcu_read_lock wrongly, where it returns > NULL in if (xdp_xmit) chunk. > > So fix both in this patch. > > Fixes: 761876c857cb ("tap: XDP support") > Signed-off-by: Xin Long <lucien.xin@gmail.com> Good catch, applied, thanks!
diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 6bb1e60..5a2ea78 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -1485,6 +1485,7 @@ static struct sk_buff *tun_build_skb(struct tun_struct *tun, err = xdp_do_redirect(tun->dev, &xdp, xdp_prog); if (err) goto err_redirect; + rcu_read_unlock(); return NULL; case XDP_TX: xdp_xmit = true; @@ -1517,7 +1518,7 @@ static struct sk_buff *tun_build_skb(struct tun_struct *tun, if (xdp_xmit) { skb->dev = tun->dev; generic_xdp_tx(skb, xdp_prog); - rcu_read_lock(); + rcu_read_unlock(); return NULL; }
rcu_read_lock in tun_build_skb is used to rcu_dereference tun->xdp_prog safely, rcu_read_unlock should be done in every return path. Now I could see one place missing it, where it returns NULL in switch-case XDP_REDIRECT, another palce using rcu_read_lock wrongly, where it returns NULL in if (xdp_xmit) chunk. So fix both in this patch. Fixes: 761876c857cb ("tap: XDP support") Signed-off-by: Xin Long <lucien.xin@gmail.com> --- drivers/net/tun.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)