From: Brenden Blanco <bbla...@plumgrid.com>
Date: Sat, 3 Sep 2016 21:29:58 -0700
> Depending on the preempt mode, the bpf_prog stored in xdp_prog may be
> freed despite the use of call_rcu inside bpf_prog_put. The situation is
> possible when running in PREEMPT_RCU=y mode, for instance, since the rcu
> callback for destroying the bpf prog can run even during the bh handling
> in the mlx4 rx path.
>
> Several options were considered before this patch was settled on:
...
> v2:
> Remove extra rcu_read_lock in mlx4_en_process_rx_cq body
> Annotate xdp_prog with __rcu, and convert all usages to rcu_assign or
> rcu_dereference[_protected] as appropriate.
> Add explicit mutex lock around rcu_assign instead of xchg loop.
>
> Fixes: d576acf0a22 ("net/mlx4_en: add page recycle to prepare rx ring for tx
> support")
> Acked-by: Daniel Borkmann <dan...@iogearbox.net>
> Acked-by: Alexei Starovoitov <alexei.starovoi...@gmail.com>
> Signed-off-by: Brenden Blanco <bbla...@plumgrid.com>
Applied.
