On 16-10-01 11:13 PM, Krister Johansen wrote:
A tc_action_ops structure is visibile as soon as it is placed in the act_base list. When tcf_regsiter_action adds an item to this list and drops act_mod_lock, registration is not complete until register_pernet_subsys() finishes.If two threads attempt to modify a tc action in a way that triggers a module load, the thread that wins the race ends up defeferencing a NULL pointer after tcf_action_init_1() invokes a_o->init(). In the particular case that this submitter encountered, the panic occurred in tcf_gact_init() when net_generic() returned a NULL tc_action_net pointer. The gact_net_id needed to fetch the correct pointer was not yet set, because the register_pernet_subsys() call was pending in another thread. Fixes: ddf97ccdd7cb ("net_sched: add network namespace support for tc actions") Signed-off-by: Krister Johansen <k...@templeofstupid.com>
Looks reasonable to me but will let Cong a closer look since he added that code. cheers, jamal
