From: Fan Du <fan.du@windriver.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: <steffen.klassert@secunet.com>, <davem@davemloft.net>,
<netdev@vger.kernel.org>
Subject: Re: [PATCHv2 ipsec-next] xfrm: Namespacify xfrm_policy_sk_bundles
Date: Wed, 18 Dec 2013 13:33:58 +0800 [thread overview]
Message-ID: <52B133C6.8070409@windriver.com> (raw)
In-Reply-To: <1387342211.19078.295.camel@edumazet-glaptop2.roam.corp.google.com>
On 2013年12月18日 12:50, Eric Dumazet wrote:
> On Wed, 2013-12-18 at 11:34 +0800, Fan Du wrote:
>> xfrm_policy_sk_bundles, protected by net->xfrm.xfrm_policy_sk_bundle_lock
>> should be put into netns xfrm structure, otherwise xfrm_policy_sk_bundles
>> can be corrupted from different net namespace.
>>
>> Moreover current xfrm_policy_sk_bundle_lock used in below two scenarios:
>>
>> 1. xfrm_lookup(Process context) vs __xfrm_garbage_collect(softirq context)
>> 2. xfrm_lookup(Process context) vs __xfrm_garbage_collect(Process context
>> when SPD change or dev down)
>>
>> we can use xchg to avoid the spinlock, at the same time cover above scenarios,
>> inspired by discussion in: http://marc.info/?l=linux-netdev&m=138713363113003&w=2
>>
>> Signed-off-by: Fan Du<fan.du@windriver.com>
>> ---
>> v2:
>> Fix incorrect commit log.
>>
>> ---
>> include/net/netns/xfrm.h | 2 +-
>> net/xfrm/xfrm_policy.c | 17 +++--------------
>> 2 files changed, 4 insertions(+), 15 deletions(-)
>>
>> diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
>> index 1006a26..4a30b1b 100644
>> --- a/include/net/netns/xfrm.h
>> +++ b/include/net/netns/xfrm.h
>> @@ -58,9 +58,9 @@ struct netns_xfrm {
>> struct dst_ops xfrm6_dst_ops;
>> #endif
>> spinlock_t xfrm_state_lock;
>> - spinlock_t xfrm_policy_sk_bundle_lock;
>> rwlock_t xfrm_policy_lock;
>> struct mutex xfrm_cfg_mutex;
>> + struct dst_entry *xfrm_policy_sk_bundles;
>> };
>>
>> #endif
>> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
>> index a7487f3..26d79c0 100644
>> --- a/net/xfrm/xfrm_policy.c
>> +++ b/net/xfrm/xfrm_policy.c
>> @@ -39,8 +39,6 @@
>> #define XFRM_QUEUE_TMO_MAX ((unsigned)(60*HZ))
>> #define XFRM_MAX_QUEUE_LEN 100
>>
>> -static struct dst_entry *xfrm_policy_sk_bundles;
>> -
>> static DEFINE_SPINLOCK(xfrm_policy_afinfo_lock);
>> static struct xfrm_policy_afinfo __rcu *xfrm_policy_afinfo[NPROTO]
>> __read_mostly;
>> @@ -2108,12 +2106,8 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
>> }
>>
>> dst_hold(&xdst->u.dst);
>> -
>> - spin_lock_bh(&net->xfrm.xfrm_policy_sk_bundle_lock);
>> - xdst->u.dst.next = xfrm_policy_sk_bundles;
>> - xfrm_policy_sk_bundles =&xdst->u.dst;
>> - spin_unlock_bh(&net->xfrm.xfrm_policy_sk_bundle_lock);
>> -
>> + xdst->u.dst.next = xchg(&net->xfrm.xfrm_policy_sk_bundles,
>> + &xdst->u.dst);
>
> This is not safe.
>
> Take a look at include/linux/llist.h if you really want to avoid the
> spinlock.
Hi Eric
Thanks for your attention,
I'm not follow why xchg here is unsafe, could you please elaborate a bit more?
--
浮沉随浪只记今朝笑
--fan
next prev parent reply other threads:[~2013-12-18 5:33 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-18 3:34 [PATCHv2 ipsec-next] xfrm: Namespacify xfrm_policy_sk_bundles Fan Du
2013-12-18 4:50 ` Eric Dumazet
2013-12-18 5:33 ` Cong Wang
2013-12-18 5:33 ` Fan Du [this message]
2013-12-18 5:44 ` Eric Dumazet
2013-12-19 1:35 ` Fan Du
2013-12-19 2:15 ` Eric Dumazet
2013-12-19 3:17 ` [PATCHv3 net-next] " Fan Du
2013-12-19 3:44 ` Eric Dumazet
2013-12-19 7:47 ` Fan Du
2013-12-20 3:34 ` [PATCHv4 " Fan Du
2013-12-24 1:12 ` Fan Du
2013-12-24 5:31 ` David Miller
2013-12-24 5:39 ` Fan Du
2013-12-24 9:50 ` Steffen Klassert
2013-12-24 9:56 ` Fan Du
2013-12-24 17:54 ` David Miller
2013-12-24 10:35 ` Steffen Klassert
2013-12-25 6:40 ` Fan Du
2013-12-25 8:11 ` Timo Teras
2013-12-25 8:44 ` Fan Du
2014-01-06 10:35 ` Steffen Klassert
2014-01-07 2:43 ` Fan Du
2014-01-09 12:38 ` Steffen Klassert
2014-01-10 9:23 ` Fan Du
2013-12-19 3:48 ` [PATCHv3 " Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52B133C6.8070409@windriver.com \
--to=fan.du@windriver.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.