Message ID | 1508770960.30291.83.camel@edumazet-glaptop3.roam.corp.google.com |
---|---|
State | Superseded, archived |
Delegated to: | David Miller |
Headers | show |
Series | [net] tcp/dccp: fix again lockdep splat in inet_csk_route_req() | expand |
On Mon, 2017-10-23 at 08:02 -0700, Eric Dumazet wrote: > From: Eric Dumazet <edumazet@google.com> > > In my first attempt to fix the lockdep splat, I forgot we could > enter inet_csk_route_req() with a freshly allocated request socket, > for which refcount has not yet been elevated, due to complex > SLAB_TYPESAFE_BY_RCU rules. > > We either are in rcu_read_lock() section _or_ we own a refcount on the > request. > > Correct RCU verb to use here is rcu_dereference_check(), although it is > not possible to prove we actually own a reference on a shared > refcount :/ David, please hold on this patch, I will squash another fixes, since we need the same in two other places (tcp_v4_send_synack() & dccp_v4_send_response())
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 18cd2eae758ff1a9d8a736e143417c7007b99067..08381782830b50cac621c531a4e7e1cf8dc6577f 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c @@ -543,8 +543,8 @@ struct dst_entry *inet_csk_route_req(const struct sock *sk, struct ip_options_rcu *opt; struct rtable *rt; - opt = rcu_dereference_protected(ireq->ireq_opt, - refcount_read(&req->rsk_refcnt) > 0); + opt = rcu_dereference_check(ireq->ireq_opt, + refcount_read(&req->rsk_refcnt) > 0); flowi4_init_output(fl4, ireq->ir_iif, ireq->ir_mark, RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, sk->sk_protocol, inet_sk_flowi_flags(sk),