From: Daniel Borkmann
Date: Wed, 29 Jul 2015 23:35:25 +0200
> Since commit 55334a5db5cd ("net_sched: act: refuse to remove bound action
> outside"), we end up with a wrong reference count for a tc action.
...
> What happens is that in tcf_hash_check(), we check tcf_common for a given
> index and
On 07/30/2015 08:48 PM, Cong Wang wrote:
...
Right, I think your patch should be fine for net. The code is kinda messy,
but we can always clean up the logic for net-next.
I agree with you. I.e. there could just be a single refcount taking care
of the cleanup/destruction, etc.
Reviewed-by: Con
On Wed, Jul 29, 2015 at 5:55 PM, Daniel Borkmann wrote:
> Hm, so this seems not correct: if we only ever increase tcfc_refcnt
> when there's bind=1, and only ever decrease when bind=1, then we
> will never free the action as we do start out from ref=1 in case
> it has been added without initial bi
On 07/30/2015 02:33 AM, Cong Wang wrote:
...
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index af427a3..bd63a39 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -53,8 +53,11 @@ int tcf_hash_release(struct tc_action *a, int bind)
if (p) {
if (bind)
On Wed, Jul 29, 2015 at 2:35 PM, Daniel Borkmann wrote:
> What happens is that in tcf_hash_check(), we check tcf_common for a given
> index and increase tcfc_refcnt and conditionally tcfc_bindcnt when we've
> found an existing action. Now there are the following cases:
>
> 1) We do a late bindin
Since commit 55334a5db5cd ("net_sched: act: refuse to remove bound action
outside"), we end up with a wrong reference count for a tc action.
Test case 1:
FOO="1,6 0 0 4294967295,"
BAR="1,6 0 0 4294967294,"
tc filter add dev foo parent 1: bpf bytecode "$FOO" flowid 1:1 \
action bpf byte
