On Wed, 2016-08-17 at 16:00 +0200, Daniel Mack wrote: > + progp = is_ingress ? &cgrp->bpf_ingress : &cgrp->bpf_egress; > + > + rcu_read_lock(); > + old_prog = rcu_dereference(*progp); > + rcu_assign_pointer(*progp, prog); > + > + if (old_prog) > + bpf_prog_put(old_prog); > + > + rcu_read_unlock();
This is a bogus locking strategy. You do not want to use rcu_read_lock()/rcu_read_unlock() here, but appropriate writer exclusion (a mutex probably, or a spinlock) Then use rcu_dereference_protected() instead of rcu_dereference(*progp);