This patch series fixes a race happening on netns dismantle with
frag queues. While rhashtable_free_and_destroy() is running,
concurrent timers might run inet_frag_kill() and attempt
rhashtable_remove_fast() calls. This is not allowed by
rhashtable logic.
Since I do not want to add expensive synchronize_rcu() calls
in the netns dismantle path, I had to no longer inline
netns_frags structures, but dynamically allocate them.
The ten first patches make this preparation, so that
the last patch clearly shows the fix.
As this patch series is not exactly trivial, I chose to
target 5.3. We will backport it once soaked a bit.
Eric Dumazet (11):
inet: rename netns_frags to fqdir
net: rename inet_frags_exit_net() to fqdir_exit()
net: rename struct fqdir fields
ipv4: no longer reference init_net in ip4_frags_ns_ctl_table[]
ipv6: no longer reference init_net in ip6_frags_ns_ctl_table[]
netfilter: ipv6: nf_defrag: no longer reference init_net in
nf_ct_frag6_sysctl_table
ieee820154: 6lowpan: no longer reference init_net in
lowpan_frags_ns_ctl_table
net: rename inet_frags_init_net() to fdir_init()
net: add a net pointer to struct fqdir
net: dynamically allocate fqdir structures
inet: frags: rework rhashtable dismantle
include/net/inet_frag.h | 48 ++++++++----
include/net/netns/ieee802154_6lowpan.h | 2 +-
include/net/netns/ipv4.h | 2 +-
include/net/netns/ipv6.h | 4 +-
net/ieee802154/6lowpan/reassembly.c | 36 ++++-----
net/ipv4/inet_fragment.c | 98 ++++++++++++++++---------
net/ipv4/ip_fragment.c | 67 +++++++----------
net/ipv4/proc.c | 4 +-
net/ipv6/netfilter/nf_conntrack_reasm.c | 43 +++++------
net/ipv6/proc.c | 4 +-
net/ipv6/reassembly.c | 40 ++++------
11 files changed, 181 insertions(+), 167 deletions(-)
--
2.22.0.rc1.257.g3120a18244-goog
