Re: [PATCH net] net/sched: act_api: use mutex in tcf_idr_check_alloc

Next message: Can Guo: "[PATCH v5 2/2] scsi: ufs: core: Add support for static TX Equalization settings"
Previous message: Fenglin Wu: "[PATCH v2 3/4] pinctrl: qcom: spmi-gpio: Rearchitect for flexible group support"
In reply to: Victor Nogueira: "Re: [PATCH net] net/sched: act_api: use mutex in tcf_idr_check_alloc"
Next in thread: Jamal Hadi Salim: "Re: [PATCH net] net/sched: act_api: use mutex in tcf_idr_check_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Thu May 28 2026 - 21:14:27 EST

On Tue, 26 May 2026 15:08:47 -0700 Kyle Zeng wrote:
> Currently, the NEWTFILTER path uses RCU to guard action idr accesses while
> the DELTFILTER path uses mutex to guard action accesses. This
> inconsistency leads to a race condition scenario, which can lead to
> erroneous operations on refcount, eventually leading to use-after-free
> situation.
> In this patch, we revert the introduction of RCU back to mutex in the
> NEWFILTER path, which is consistent with the DELFILTER path, avoiding
> the race condition.

The commit message is quite inadequate here. Looks like a
run-of-the-mill UAF so you should explain the flow / race that leads
to it properly.

Doing some extra digging with Jamal off-list we can't find the reason
why normal RCU protection wouldn't work here so maybe hold off reposting
until you hear from Jamal.