On Wed, Jan 10, 2018 at 12:42:47PM +0200, Darius Ski wrote:
> Hi,
>
> On Fri, Jan 5, 2018 at 11:38 AM, Steffen Klassert
> <steffen.klass...@secunet.com> wrote:
> > On Tue, Dec 19, 2017 at 10:50:42AM +0200, Darius Ski wrote:
> >> Hi,
> >>
> >> thanks a lot for the patch. I have applied it to 4.14.7 and crossed
> >> fingers, hopefully no more problems.
> >>
> >> I will let community know if there are any more crashes.
> >
> > Any news on this, did the patch help?
>
> sorry for the late response, i was on vacation. There were no crashes
> since the patch was applied 22 days ago, so i guess the patch is
> golden.
Thanks for testing, the patch below will go to the ipsec tree.
Subject: [PATCH ipsec] xfrm: Fix a race in the xdst pcpu cache.
We need to run xfrm_resolve_and_create_bundle() with
bottom halves off. Otherwise we may reuse an already
released dst_enty when the xfrm lookup functions are
called from process context.
Fixes: c30d78c14a813db39a647b6a348b428 ("xfrm: add xdst pcpu cache")
Reported-by: Darius Ski <darius....@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
---
net/xfrm/xfrm_policy.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index bc5eae12fb09..bd6b0e7a0ee4 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2063,8 +2063,11 @@ xfrm_bundle_lookup(struct net *net, const struct flowi
*fl, u16 family, u8 dir,
if (num_xfrms <= 0)
goto make_dummy_bundle;
+ local_bh_disable();
xdst = xfrm_resolve_and_create_bundle(pols, num_pols, fl, family,
- xflo->dst_orig);
+ xflo->dst_orig);
+ local_bh_enable();
+
if (IS_ERR(xdst)) {
err = PTR_ERR(xdst);
if (err != -EAGAIN)
@@ -2151,9 +2154,12 @@ struct dst_entry *xfrm_lookup(struct net *net, struct
dst_entry *dst_orig,
goto no_transform;
}
+ local_bh_disable();
xdst = xfrm_resolve_and_create_bundle(
pols, num_pols, fl,
family, dst_orig);
+ local_bh_enable();
+
if (IS_ERR(xdst)) {
xfrm_pols_put(pols, num_pols);
err = PTR_ERR(xdst);
--
2.14.1
