Hi Eric, On Tue, 27 Sep 2016 14:27:13 -0700 Eric Dumazet <eric.duma...@gmail.com> wrote: > > Since this runs lockless, another cpu might change m->tcfm_eaction in > the middle, and you could call dev_queue_xmit(skb2) while the skb2 was > prepared for the opposite action.
Well, seem members of 'struct tcf_mirred' are out of sync wrt to each other, even in existing code, regadless this patch: - 'tcfm_dev' may be assigned, but 'tcfm_ok_push' not yet updated, may result in skb_push_rcsum being called/not called - 'tcfm_eaction' is changed, in between "mirror is always swallowed" to the final 'out:' label, may result in wrong tc_verd assigned (or lack of assignment) Seems the whole "params" need be rcu_dereferenced, like in tunnel_key_act, or like your suggestion in https://patchwork.ozlabs.org/patch/667680/. I'm gonna fix the new problem you pointed out, by reading-once 'tcfm_eaction' early (right when tcfm_dev is dereferenced) knowing this is just "keeping things as is wrt running lockless", without introducing any new non-coherent code. Thanks, Shmulik
