On Fri, Mar 1, 2019 at 10:02 AM Davide Caratti <dcara...@redhat.com> wrote: > > On Wed, 2019-02-27 at 17:50 -0800, Cong Wang wrote: > > > + if (oldchain) > > > + tcf_chain_put_by_act(oldchain); > > > > Do we need to respect RCU grace period here? > > if I well understand the question, you are worried about > tcf_action_goto_chain_exec(), that can dereference 'oldchain' while we are > overwriting the action. A call to tcf_chain_put_by_act(oldchain) would > decrease refcounts and eventually call kfree(oldchain). > > But this would result in a use-after-free only in case the chain has only > refcount held by 1 action (the one we are overwriting), and 0 filters: is > this a condition where packets can go through this action's data plane?
Hmm? Isn't goto chain can be arbitrary? Packets can be routed from this action to any filter chain, so even if the target chain has 0 filter this action still has traffic as long as itself is not on the same chain?