On Fri, Jun 17, 2016 at 2:03 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > Hi, Eric > > During code review, I notice we might have some problem after we go > lockless for the fast path in act_mirred. > > That is, what prevents us from the following possible race condition? > > change a standalone action with tcf_mirred_init(): > // search for an existing action in hash > // found it and got struct tcf_common > m = to_mirred(a); > m->tcf_action = parm->action; > // Interrupted by BH > > tcf_mirred() jumps in: > rcu_read_lock() > retval = READ_ONCE(m->tcf_action); > if (m->tcfm_eaction != TCA_EGRESS_MIRROR) > .... > rcu_unread_lock() > > now go back to tcf_mirred_init(): > m->tcfm_eaction = parm->eaction; > .... > > IOW, the fast path could read a partially written change which could > be a problem? We need to allocate a new copy and then replace the old > one with it via RCU, don't we? > > I can work on some patches, I want to make sure I don't miss anything here. > > Thanks!
Well, I added a READ_ONCE() to read tcf_action once. Adding rcu here would mean adding a pointer and extra cache line, to deref the values. IMHO the race here has no effect . You either read the old or new value. If the packet is processed before or after the 'change' it would have the same 'race' All these fields are integers, they never are 'partially written'. The only case m->tcfm_eaction could be read twice is in the error path. Who cares ?
