net/sched: flower: Add lock protection when remove filter handle

As IDR can't protect itself from the concurrent modification, place
idr_remove() under the protection of tp->lock.

Fixes: 08a0063df3ae ("net/sched: flower: Move filter handle initialization earlier")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Cosmin Ratiu <cratiu@nvidia.com>
Reviewed-by: Gal Pressman <gal@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/20240220085928.9161-1-jianbol@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index efb9d28..6ee7064 100644 (file)
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -2460,8 +2460,11 @@ unbind_filter:
        }
 
 errout_idr:
-       if (!fold)
+       if (!fold) {
+               spin_lock(&tp->lock);
                idr_remove(&head->handle_idr, fnew->handle);
+               spin_unlock(&tp->lock);
+       }
        __fl_put(fnew);
 errout_tb:
        kfree(tb);