diff mbox series

[net-next] net: don't relock netdev when on qdisc_create replay

Message ID 20250313100407.2285897-1-sdf@fomichev.me (mailing list archive)
State New
Delegated to: Netdev Maintainers
Headers show
Series [net-next] net: don't relock netdev when on qdisc_create replay | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 9 of 9 maintainers
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 27 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest fail net-next-2025-03-13--12-00 (tests: 895)

Commit Message

Stanislav Fomichev March 13, 2025, 10:04 a.m. UTC 
Eric reports that by the time we call netdev_lock_ops after
rtnl_unlock/rtnl_lock, the dev might point to an invalid device.
Don't relock the device after request_module and don't try
to unlock it in the caller (tc_modify_qdisc) in case of replay.

Fixes: a0527ee2df3f ("net: hold netdev instance lock during qdisc ndo_setup_tc")
Reported-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/netdev/20250305163732.2766420-1-sdf@fomichev.me/T/#me8dfd778ea4c4463acab55644e3f9836bc608771
Signed-off-by: Stanislav Fomichev <sdf@fomichev.me>
---
 net/sched/sch_api.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index abace7665cfe..f1ec6ec0cf05 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1278,13 +1278,14 @@  static struct Qdisc *qdisc_create(struct net_device *dev,
 			 * tell the caller to replay the request.  We
 			 * indicate this using -EAGAIN.
 			 * We replay the request because the device may
-			 * go away in the mean time.
+			 * go away in the mean time. Note that we also
+			 * don't relock the device because it might
+			 * be gone at this point.
 			 */
 			netdev_unlock_ops(dev);
 			rtnl_unlock();
 			request_module(NET_SCH_ALIAS_PREFIX "%s", name);
 			rtnl_lock();
-			netdev_lock_ops(dev);
 			ops = qdisc_lookup_ops(kind);
 			if (ops != NULL) {
 				/* We will try again qdisc_lookup_ops,
@@ -1837,9 +1838,10 @@  static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n,
 	replay = false;
 	netdev_lock_ops(dev);
 	err = __tc_modify_qdisc(skb, n, extack, dev, tca, tcm, &replay);
-	netdev_unlock_ops(dev);
+	/* __tc_modify_qdisc returns with unlocked dev in case of replay */
 	if (replay)
 		goto replay;
+	netdev_unlock_ops(dev);
 
 	return err;
 }