On Tue, Jan 23, 2018 at 10:50:14AM +0200, Leon Romanovsky wrote: > > For instance if the ifindex is changed due to dev_change_net_namespace() > > then you have this: > > > > dev_net_set(dev, net); > > if (__dev_get_by_index(net, dev->ifindex)) > > dev->ifindex = dev_new_index(net); > > > > Racing with this: > > > > rt = rt6_lookup(dev_net(net_dev), &dst_addr->sin6_addr, > > &src_addr->sin6_addr, net_dev->ifindex, > > strict); > > > > And we will get a racy incoherent result for dev_net(net_dev) and > > net_dev->ifindex. > > I think that rcu_derefence over net_dev will solve the race. Nope, net_dev is a stack pointer, it is not RCU protected. > > It kind of looks to me like the locking scheme in the netdev side > > shuts down the netdev while moving it. So the RCU protected test > > should be if the netdev is DOWN ? > > It is not the case for ipv6 tunnel interface, they use RCU protection > for live netdevs too. Pointer? Doesn't mean it is right :( Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
