Wed, Sep 13, 2017 at 06:34:28PM CEST, da...@davemloft.net wrote:
>From: Jiri Pirko <j...@resnulli.us>
>Date: Wed, 13 Sep 2017 17:32:37 +0200
>
>> From: Jiri Pirko <j...@mellanox.com>
>>
>> Recent commit d7fb60b9cafb ("net_sched: get rid of tcfa_rcu") removed
>> freeing in call_rcu, which changed already existing hard-to-hit
>> race condition into 100% hit:
>>
>> [ 598.599825] BUG: unable to handle kernel NULL pointer dereference at
>> 0000000000000030
>> [ 598.607782] IP: tcf_action_destroy+0xc0/0x140
>>
>> Or:
>>
>> [ 40.858924] BUG: unable to handle kernel NULL pointer dereference at
>> 0000000000000030
>> [ 40.862840] IP: tcf_generic_walker+0x534/0x820
>>
>> Fix this by storing the ops and use them directly for module_put call.
>>
>> Fixes: a85a970af265 ("net_sched: move tc_action into tcf_common")
>> Signed-off-by: Jiri Pirko <j...@mellanox.com>
>
>Applied, thanks Jiri.
Oh, I forgot to mention, this would be nice to push to stable.
