Re: [PATCH] xfrm: init skb_head lock for transport-mode packets

Herbert Xu Thu, 04 Jan 2018 03:02:43 -0800

On Thu, Jan 04, 2018 at 11:36:28AM +0100, Artem Savkov wrote:
> Commit acf568ee859f "xfrm: Reinject transport-mode packets through tasklet"
> adds an sk_buff_head queue, but never initializes trans->queue.lock, which
> results in a "spinlock bad magic" BUG on skb_queue_tail() call in
> xfrm_trans_queue.
> Use skb_queue_head_init() instead of __skb_queue_head_init() to properly
> initialize said lock.
> 
> Signed-off-by: Artem Savkov <asav...@redhat.com>


Thanks for catching this.  But we don't need the lock as this
is meant to be per-CPU only.  So we should remove the locking
instead:

---8<---
xfrm: Use __skb_queue_tail in xfrm_trans_queue

We do not need locking in xfrm_trans_queue because it is designed
to use per-CPU buffers.  However, the original code incorrectly
used skb_queue_tail which takes the lock.  This patch switches
it to __skb_queue_tail instead.

Reported-by: Artem Savkov <asav...@redhat.com>
Fixes: acf568ee859f ("xfrm: Reinject transport-mode packets...")
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 098f47a..1eb0bba 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -511,7 +511,7 @@ int xfrm_trans_queue_net(struct net *net, struct sk_buff 
*skb,
 
        XFRM_TRANS_SKB_CB(skb)->finish = finish;
        XFRM_TRANS_SKB_CB(skb)->net = net;
-       skb_queue_tail(&trans->queue, skb);
+       __skb_queue_tail(&trans->queue, skb);
        tasklet_schedule(&trans->tasklet);
        return 0;
 }
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] xfrm: init skb_head lock for transport-mode packets

Reply via email to