From: Steffen Klassert <steffen.klassert@secunet.com>
To: Hangbin Liu <liuhangbin@gmail.com>
Cc: <netdev@vger.kernel.org>, David Miller <davem@davemloft.net>,
Xin Long <lucien.xin@gmail.com>
Subject: Re: [PATCHv3 net] xfrm: move xfrm_garbage_collect out of xfrm_policy_flush
Date: Mon, 12 Jun 2017 14:13:42 +0200 [thread overview]
Message-ID: <20170612121342.GY2631@secunet.com> (raw)
In-Reply-To: <1497145460-24614-1-git-send-email-liuhangbin@gmail.com>
On Sun, Jun 11, 2017 at 09:44:20AM +0800, Hangbin Liu wrote:
> Now we will force to do garbage collection if any policy removed in
> xfrm_policy_flush(). But during xfrm_net_exit(). We call flow_cache_fini()
> first and set set fc->percpu to NULL. Then after we call xfrm_policy_fini()
> -> frxm_policy_flush() -> flow_cache_flush(), we will get NULL pointer
> dereference when check percpu_empty. The code path looks like:
>
> flow_cache_fini()
> - fc->percpu = NULL
> xfrm_policy_fini()
> - xfrm_policy_flush()
> - xfrm_garbage_collect()
> - flow_cache_flush()
> - flow_cache_percpu_empty()
> - fcp = per_cpu_ptr(fc->percpu, cpu)
>
> To reproduce, just add ipsec in netns and then remove the netns.
>
> v2:
> As Xin Long suggested, since only two other places need to call it. move
> xfrm_garbage_collect() outside xfrm_policy_flush().
>
> v3:
> Fix subject mismatch after v2 fix.
>
> Fixes: 35db06912189 ("xfrm: do the garbage collection after flushing policy")
> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Patch applied, thanks eveyone!
prev parent reply other threads:[~2017-06-12 12:13 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-09 8:13 [PATCH net] net/flow: fix fc->percpu NULL pointer dereference Hangbin Liu
2017-06-09 8:23 ` Hangbin Liu
2017-06-09 8:32 ` Steffen Klassert
2017-06-09 8:43 ` Xin Long
2017-06-09 9:06 ` Hangbin Liu
2017-06-09 9:49 ` Xin Long
2017-06-09 12:29 ` Hangbin Liu
2017-06-09 12:43 ` Hangbin Liu
2017-06-09 13:09 ` [PATCHv2 " Hangbin Liu
2017-06-10 8:29 ` Xin Long
2017-06-11 1:39 ` Hangbin Liu
2017-06-11 1:44 ` [PATCHv3 net] xfrm: move xfrm_garbage_collect out of xfrm_policy_flush Hangbin Liu
2017-06-11 10:51 ` Xin Long
2017-06-12 12:13 ` Steffen Klassert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170612121342.GY2631@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=liuhangbin@gmail.com \
--cc=lucien.xin@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.