From: Vlad Buslov <[email protected]>
Date: Wed, 6 Mar 2019 17:50:43 +0200
> When used with unlocked classifier that have filters attached to actions
> with goto chain, __tcf_chain_put() for last non action reference can race
> with calls to same function from action cleanup code that releases last
> action reference. In this case action cleanup handler could free the chain
> if it executes after all references to chain were released, but before all
> concurrent users finished using it. Modify __tcf_chain_put() to only access
> tcf_chain fields when holding block->lock. Remove local variables that were
> used to cache some tcf_chain fields and are no longer needed because their
> values can now be obtained directly from chain under block->lock
> protection.
>
> Fixes: 726d061286ce ("net: sched: prevent insertion of new classifiers during
> chain flush")
> Signed-off-by: Vlad Buslov <[email protected]>
Applied, thanks Vlad.
