On Tue, May 9, 2017 at 4:50 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Tue, 2017-05-09 at 16:35 -0700, Cong Wang wrote: > >> All of them take RCU read lock, so, as I explained in the code comment, >> they all should be fine because of synchronize_net() on unregister path. >> Do you see anything otherwise? > > They might take rcu lock, but compiler is still allowed to read > fi->fib_dev multiple times, and crashes might happen. > > You will need to audit all code and fix it, using proper > rcu_dereference() or similar code ensuring compiler wont do stupid > things. >
Point taken. But without my patch, nh_dev is supposed to be protected by RCU too, it is freed in a rcu callback and dereferenced like: struct in_device *in_dev = __in_dev_get_rcu(nh->nh_dev);
