Hello all, This series fixes race conditions in the xps code, where out of bound accesses can occur when dev->num_tc is updated, triggering oops. The root cause is linked to lock issues. An explanation is given in each of the commit logs.
Reviews in v1 suggested to use the xps_map_mutex to protect the maps and their related parameters instead of the rtnl lock. We followed this path in v2 as it seems a better compromise than taking the rtnl lock. As a result, patch 1 turned out to be less straight forward as some of the locking logic in net/core/dev.c related to xps_map_mutex had to be changed. Patches 2 and 3 are also larger in v2 as code had to be moved from net/core/net-sysfs.c to net/core/dev.c to take the xps_map_mutex (however maintainability is improved). Also, while working on the v2 I stumbled upon another race condition. I debugged it and the fix is the same as patch 1. I updated its commit log to describe both races. Thanks! Antoine Antoine Tenart (3): net: fix race conditions in xps by locking the maps and dev->tc_num net: move the xps cpus retrieval out of net-sysfs net: move the xps rxqs retrieval out of net-sysfs include/linux/netdevice.h | 9 ++ net/core/dev.c | 186 +++++++++++++++++++++++++++++--------- net/core/net-sysfs.c | 89 ++++-------------- 3 files changed, 171 insertions(+), 113 deletions(-) -- 2.29.2
