From: "Timo Teräs" <timo.teras@iki.fi>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: broonie@opensource.wolfsonmicro.com, netdev@vger.kernel.org
Subject: Re: Crashes in xfrm_lookup
Date: Fri, 09 Apr 2010 11:47:12 +0300 [thread overview]
Message-ID: <4BBEE990.6080807@iki.fi> (raw)
In-Reply-To: <20100409083934.GA2353@gondor.apana.org.au>
Herbert Xu wrote:
> On Fri, Apr 09, 2010 at 11:30:49AM +0300, Timo Teräs wrote:
>> It has been array all along. The only difference was that only
>> the first element was used if SUB_POLICY was not defined.
>
> It was an array but prior to your patch it only had a single
> element when SUB_POLICY is not defined. Your patch made it
> contain XFRM_POLICY_TYPE_MAX elements unconditionally.
No. Prior it had one element unconditionally. My patch made
it have zero or one element. The non-SUB_POLICY case crashed
because xfrm_pols_put(xxx, 0) unconditionally calls
xfrm_policy_put on unused pointer.
>> I still think xfrm_pols_put should do always what the function
>> name says it's doing.
>>
>> If we want to further optimize non-SUB_POLICY stuff, we should
>> probably make XFRM_POLICY_TYPE_MAX = 1 and arrange rest of code
>> so that the compiler can optimize things properly.
>
> Anyway, the fact is prior to your patch SUB_POLICY had a minimal
> impact on people who don't like it (like me), and now its effect
> is being forced on everyone.
No. The effect is because the policies are now cached in bundles,
and lookup function should not anymore drop references to policies
which are kept in cache.
>> But the fact is, that in the new code we need to do conditional
>> xfrm_policy_put depending on if we had per-socket or global policy
>> which we matched. Thus we either end up with "if (x)" or the
>> inline functions for loop's implicit test. Or do you have better
>> ideas how to avoid that?
>
> Which particular piece of code are you referring to?
__xfrm_lookup(). In the end it uses: "xfrm_pols_put(pols, drop_pols)"
to free up policies that are looked up with xfrm_sk_policy_lookup().
The only major code path there is, if per-socket policy has no
transformations (which is common case, ike daemons do this so they
can talk IKE without transformations).
If we have cached bundle, the policies are referenced to from the
bundle and we do not need to reference, or release them in the
lookup function.
It is a bit icky. But it's the only way to do it, since no one
wanted to cache per-socket bundles in the flow cache.
next prev parent reply other threads:[~2010-04-09 8:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-08 11:14 Crashes in xfrm_lookup Mark Brown
2010-04-08 11:24 ` Timo Teräs
2010-04-08 11:31 ` Mark Brown
2010-04-08 18:28 ` David Miller
2010-04-09 8:09 ` Herbert Xu
2010-04-09 8:11 ` Timo Teräs
2010-04-09 8:22 ` Herbert Xu
2010-04-09 8:30 ` Timo Teräs
2010-04-09 8:39 ` Herbert Xu
2010-04-09 8:47 ` Timo Teräs [this message]
2010-04-09 9:25 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BBEE990.6080807@iki.fi \
--to=timo.teras@iki.fi \
--cc=broonie@opensource.wolfsonmicro.com \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.