From: David Ahern <d...@cumulusnetworks.com>
Date: Mon, 16 Jan 2017 18:27:36 -0700
> On 1/16/17 5:51 PM, David Miller wrote:
>> From: David Ahern <d...@cumulusnetworks.com>
>> Date: Sun, 15 Jan 2017 12:07:04 -0800
>>
>>> @@ -2143,6 +2143,26 @@ int ip6_del_rt(struct rt6_info *rt)
>>> return __ip6_del_rt(rt, &info);
>>> }
>>>
>>> +/* called with table lock held */
>> ...
>>> @@ -2176,10 +2196,9 @@ static int ip6_route_del(struct fib6_config *cfg)
>>> continue;
>>> if (cfg->fc_protocol && cfg->fc_protocol !=
>>> rt->rt6i_protocol)
>>> continue;
>>> - dst_hold(&rt->dst);
>>> - read_unlock_bh(&table->tb6_lock);
>>>
>>> - return __ip6_del_rt(rt, &cfg->fc_nlinfo);
>>> + err = __ip6_route_del(rt, cfg);
>>> + break;
>>> }
>>
>> fib6_del() (invoked by __ip6_route_del()) has to be invoked with the
>> table lock held a sa writer, but here you are only holding it as a
>> reader.
>
> That table lock is still held. If you look up 2 lines I remove the line that
> releases the lock.
It's held in this function as a reader, it needs to be held as a writer.
That's why the lock is dropped in the current code and the existing
wrapper around fib6_del() takes it as a writer.
Is it clear now?
read_lock_bh(&table->lock);
fib6_del();
is invalid.
write_lock_bh(&table->lock);
fib6_del();
is required.
