linux/net/core
Pablo Neira 34c5bd66e5 net: filter: don't release unattached filter through call_rcu()
sk_unattached_filter_destroy() does not always need to release the
filter object via rcu. Since this filter is never attached to the
socket, the caller should be responsible for releasing the filter
in a safe way, which may not necessarily imply rcu.

This is a short summary of clients of this function:

1) xt_bpf.c and cls_bpf.c use the bpf matchers from rules, these rules
   are removed from the packet path before the filter is released. Thus,
   the framework makes sure the filter is safely removed.

2) In the ppp driver, the ppp_lock ensures serialization between the
   xmit and filter attachment/detachment path. This doesn't use rcu
   so deferred release via rcu makes no sense.

3) In the isdn/ppp driver, it is called from isdn_ppp_release()
   the isdn_ppp_ioctl(). This driver uses mutex and spinlocks, no rcu.
   Thus, deferred rcu makes no sense to me either, the deferred releases
   may be just masking the effects of wrong locking strategy, which
   should be fixed in the driver itself.

4) In the team driver, this is the only place where the rcu
   synchronization with unattached filter is used. Therefore, this
   patch introduces synchronize_rcu() which is called from the
   genetlink path to make sure the filter doesn't go away while packets
   are still walking over it. I think we can revisit this once struct
   bpf_prog (that only wraps specific bpf code bits) is in place, then
   add some specific struct rcu_head in the scope of the team driver if
   Jiri thinks this is needed.

Deferred rcu release for unattached filters was originally introduced
in 302d663 ("filter: Allow to create sk-unattached filters").

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-07-30 19:56:27 -07:00
..
datagram.c net: Fix save software checksum complete 2014-06-15 01:00:49 -07:00
dev_addr_lists.c net: Add support for device specific address syncing 2014-06-02 10:40:54 -07:00
dev_ioctl.c net_tstamp: Add SIOCGHWTSTAMP ioctl to match SIOCSHWTSTAMP 2013-11-19 19:07:21 +00:00
dev.c net: Remove unlikely() for WARN_ON() conditions 2014-07-30 17:41:47 -07:00
drop_monitor.c drop_monitor: remove unnecessary break after return 2014-07-15 16:27:00 -07:00
dst.c ipv4: fix dst race in sk_dst_get() 2014-06-25 17:41:44 -07:00
ethtool.c ethtool: Check that reserved fields of struct ethtool_rxfh are 0 2014-06-03 02:43:16 +01:00
fib_rules.c net: fix 'ip rule' iif/oif device rename 2014-02-09 19:02:52 -08:00
filter.c net: filter: don't release unattached filter through call_rcu() 2014-07-30 19:56:27 -07:00
flow_dissector.c net: Only do flow_dissector hash computation once per packet 2014-07-07 21:14:21 -07:00
flow.c CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
gen_estimator.c net_sched: add 64bit rate estimators 2013-06-11 02:51:03 -07:00
gen_stats.c net_sched: add 64bit rate estimators 2013-06-11 02:51:03 -07:00
iovec.c net: sendmsg: fix NULL pointer dereference 2014-07-29 12:20:22 -07:00
link_watch.c arch: Mass conversion of smp_mb__*() 2014-04-18 14:20:48 +02:00
Makefile net: Add a software TSO helper API 2014-05-22 14:57:15 -04:00
neighbour.c neighbour : fix ndm_type type error issue 2014-07-28 17:52:17 -07:00
net_namespace.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-24 00:32:30 -04:00
net-procfs.c rps: selective flow shedding during softnet overflow 2013-05-20 13:48:04 -07:00
net-sysfs.c net: do not name the pointer to struct net_device net 2014-07-24 23:33:55 -07:00
net-sysfs.h net: netdev_kobject_init: annotate with __init 2014-01-05 20:27:54 -05:00
net-traces.c
netclassid_cgroup.c cgroup: remove css_parent() 2014-05-16 13:22:48 -04:00
netevent.c
netpoll.c netpoll: fix use after free 2014-07-08 20:50:53 -07:00
netprio_cgroup.c cgroup: remove css_parent() 2014-05-16 13:22:48 -04:00
pktgen.c pktgen: remove unnecessary break after goto 2014-07-15 16:27:00 -07:00
ptp_classifier.c ptp: Classify ptp over ip over vlan packets 2014-07-07 16:57:18 -07:00
request_sock.c inet: reduce TLB pressure for listeners 2014-06-25 16:37:24 -07:00
rtnetlink.c rtnetlink: Drop unnecessary return value from ndo_dflt_fdb_del 2014-07-16 23:13:26 -07:00
scm.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-09-07 14:35:32 -07:00
secure_seq.c inetpeer: get rid of ip_id_count 2014-06-02 11:00:41 -07:00
skbuff.c net: fix setting csum_start in skb_segment() 2014-06-25 20:45:54 -07:00
sock_diag.c net: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump 2014-04-24 13:44:53 -04:00
sock.c net: remove deprecated syststamp timestamp 2014-07-29 11:39:50 -07:00
stream.c net: replace macros net_random and net_srandom with direct calls to prandom 2014-01-14 15:15:25 -08:00
sysctl_net_core.c rps: NUMA flow limit allocations 2013-12-19 19:00:07 -05:00
timestamping.c net: Simplify ptp class checks 2014-07-07 16:57:09 -07:00
tso.c net: tso: Export symbols for modular build 2014-05-30 15:52:03 -07:00
user_dma.c
utils.c net: avoid dependency of net_get_random_once on nop patching 2014-05-14 00:37:34 -04:00