From: Eric Dumazet <eduma...@google.com>
Date: Thu, 14 Mar 2019 20:19:47 -0700
> Same reasons than the ones explained in commit 4179cb5a4c92
> ("vxlan: test dev->flags & IFF_UP before calling netif_rx()")
>
> netif_rx_ni() or napi_gro_frags() must be called under a strict contract.
>
> At device dismantle phase, core networking clears IFF_UP
> and flush_all_backlogs() is called after rcu grace period
> to make sure no incoming packet might be in a cpu backlog
> and still referencing the device.
>
> A similar protocol is used for gro layer.
>
> Most drivers call netif_rx() from their interrupt handler,
> and since the interrupts are disabled at device dismantle,
> netif_rx() does not have to check dev->flags & IFF_UP
>
> Virtual drivers do not have this guarantee, and must
> therefore make the check themselves.
>
> Fixes: 1bd4978a88ac ("tun: honor IFF_UP in tun_get_user()")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: syzbot <syzkal...@googlegroups.com>
Applied and queued up for -stable, thanks Eric.
