[PATCH net 0/2] net/sched: Fix race conditions in mini_qdisc_pair_swap()

[Peilin Ye]

Hi all,

These 2 patches fix race conditions for ingress and clsact Qdiscs as
reported [1] by syzbot, split out from another [2] series (last 2 patches
of it).  Per-patch changelog omitted.

Patch 1 hasn't been touched since last version; I just included
everybody's tag.

Patch 2 bases on patch 6 v1 of [2], with comments and commit log slightly
changed.  We also need rtnl_dereference() to load ->qdisc_sleeping since
commit d636fc5dd692 ("net: sched: add rcu annotations around
qdisc->qdisc_sleeping"), so I changed that; please take yet another look,
thanks!

Patch 2 has been tested with the new reproducer Pedro posted [3].

[1] https://syzkaller.appspot.com/bug?extid=b53a9c0d1ea4ad62da8b
[2] https://lore.kernel.org/r/cover.1684887977.git.peilin.ye@xxxxxxxxxxxxx/
[3] https://lore.kernel.org/r/7879f218-c712-e9cc-57ba-665990f5f4c9@xxxxxxxxxxxx/

Thanks,
Peilin Ye (2):
  net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs
  net/sched: qdisc_destroy() old ingress and clsact Qdiscs before
    grafting

 include/net/sch_generic.h |  8 +++++++
 net/sched/sch_api.c       | 44 +++++++++++++++++++++++++++------------
 net/sched/sch_generic.c   | 14 ++++++++++---
 3 files changed, 50 insertions(+), 16 deletions(-)

-- 
2.20.1