public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] xfrm: init skb_head lock for transport-mode packets
@ 2018-01-04 10:36 Artem Savkov
  2018-01-04 11:01 ` Herbert Xu
  0 siblings, 1 reply; 5+ messages in thread
From: Artem Savkov @ 2018-01-04 10:36 UTC (permalink / raw)
  To: Herbert Xu; +Cc: Steffen Klassert, netdev, linux-kernel, Artem Savkov

Commit acf568ee859f "xfrm: Reinject transport-mode packets through tasklet"
adds an sk_buff_head queue, but never initializes trans->queue.lock, which
results in a "spinlock bad magic" BUG on skb_queue_tail() call in
xfrm_trans_queue.
Use skb_queue_head_init() instead of __skb_queue_head_init() to properly
initialize said lock.

Signed-off-by: Artem Savkov <asavkov@redhat.com>
---
 net/xfrm/xfrm_input.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 26b10eb7a206..d5389b9dbbb9 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -542,7 +542,7 @@ void __init xfrm_input_init(void)
 		struct xfrm_trans_tasklet *trans;
 
 		trans = &per_cpu(xfrm_trans_tasklet, i);
-		__skb_queue_head_init(&trans->queue);
+		skb_queue_head_init(&trans->queue);
 		tasklet_init(&trans->tasklet, xfrm_trans_reinject,
 			     (unsigned long)trans);
 	}
-- 
2.13.6

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] xfrm: init skb_head lock for transport-mode packets
  2018-01-04 10:36 [PATCH] xfrm: init skb_head lock for transport-mode packets Artem Savkov
@ 2018-01-04 11:01 ` Herbert Xu
  2018-01-04 11:20   ` Artem Savkov
  0 siblings, 1 reply; 5+ messages in thread
From: Herbert Xu @ 2018-01-04 11:01 UTC (permalink / raw)
  To: Artem Savkov; +Cc: Steffen Klassert, netdev, linux-kernel

On Thu, Jan 04, 2018 at 11:36:28AM +0100, Artem Savkov wrote:
> Commit acf568ee859f "xfrm: Reinject transport-mode packets through tasklet"
> adds an sk_buff_head queue, but never initializes trans->queue.lock, which
> results in a "spinlock bad magic" BUG on skb_queue_tail() call in
> xfrm_trans_queue.
> Use skb_queue_head_init() instead of __skb_queue_head_init() to properly
> initialize said lock.
> 
> Signed-off-by: Artem Savkov <asavkov@redhat.com>

Thanks for catching this.  But we don't need the lock as this
is meant to be per-CPU only.  So we should remove the locking
instead:

---8<---
xfrm: Use __skb_queue_tail in xfrm_trans_queue

We do not need locking in xfrm_trans_queue because it is designed
to use per-CPU buffers.  However, the original code incorrectly
used skb_queue_tail which takes the lock.  This patch switches
it to __skb_queue_tail instead.

Reported-by: Artem Savkov <asavkov@redhat.com>
Fixes: acf568ee859f ("xfrm: Reinject transport-mode packets...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 098f47a..1eb0bba 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -511,7 +511,7 @@ int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb,
 
 	XFRM_TRANS_SKB_CB(skb)->finish = finish;
 	XFRM_TRANS_SKB_CB(skb)->net = net;
-	skb_queue_tail(&trans->queue, skb);
+	__skb_queue_tail(&trans->queue, skb);
 	tasklet_schedule(&trans->tasklet);
 	return 0;
 }
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] xfrm: init skb_head lock for transport-mode packets
  2018-01-04 11:01 ` Herbert Xu
@ 2018-01-04 11:20   ` Artem Savkov
  2018-01-04 11:25     ` [PATCH v2] xfrm: Use __skb_queue_tail in xfrm_trans_queue Herbert Xu
  0 siblings, 1 reply; 5+ messages in thread
From: Artem Savkov @ 2018-01-04 11:20 UTC (permalink / raw)
  To: Herbert Xu; +Cc: Steffen Klassert, netdev, linux-kernel

On Thu, Jan 04, 2018 at 10:01:32PM +1100, Herbert Xu wrote:
> On Thu, Jan 04, 2018 at 11:36:28AM +0100, Artem Savkov wrote:
> > Commit acf568ee859f "xfrm: Reinject transport-mode packets through tasklet"
> > adds an sk_buff_head queue, but never initializes trans->queue.lock, which
> > results in a "spinlock bad magic" BUG on skb_queue_tail() call in
> > xfrm_trans_queue.
> > Use skb_queue_head_init() instead of __skb_queue_head_init() to properly
> > initialize said lock.
> > 
> > Signed-off-by: Artem Savkov <asavkov@redhat.com>
> 
> Thanks for catching this.  But we don't need the lock as this
> is meant to be per-CPU only.  So we should remove the locking
> instead:

Right, thats a better solution.

Reported-and-tested-by: Artem Savkov <asavkov@redhat.com>

Thank you.

> ---8<---
> xfrm: Use __skb_queue_tail in xfrm_trans_queue
> 
> We do not need locking in xfrm_trans_queue because it is designed
> to use per-CPU buffers.  However, the original code incorrectly
> used skb_queue_tail which takes the lock.  This patch switches
> it to __skb_queue_tail instead.
> 
> Reported-by: Artem Savkov <asavkov@redhat.com>
> Fixes: acf568ee859f ("xfrm: Reinject transport-mode packets...")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
> index 098f47a..1eb0bba 100644
> --- a/net/xfrm/xfrm_input.c
> +++ b/net/xfrm/xfrm_input.c
> @@ -511,7 +511,7 @@ int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb,
>  
>  	XFRM_TRANS_SKB_CB(skb)->finish = finish;
>  	XFRM_TRANS_SKB_CB(skb)->net = net;
> -	skb_queue_tail(&trans->queue, skb);
> +	__skb_queue_tail(&trans->queue, skb);
>  	tasklet_schedule(&trans->tasklet);
>  	return 0;
>  }

-- 
Regards,
  Artem

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH v2] xfrm: Use __skb_queue_tail in xfrm_trans_queue
  2018-01-04 11:20   ` Artem Savkov
@ 2018-01-04 11:25     ` Herbert Xu
  2018-01-05 10:31       ` Steffen Klassert
  0 siblings, 1 reply; 5+ messages in thread
From: Herbert Xu @ 2018-01-04 11:25 UTC (permalink / raw)
  To: Artem Savkov; +Cc: Steffen Klassert, netdev, linux-kernel

On Thu, Jan 04, 2018 at 12:20:26PM +0100, Artem Savkov wrote:

> Right, thats a better solution.
> 
> Reported-and-tested-by: Artem Savkov <asavkov@redhat.com>

Thanks!

But I just realised that this patch is based on my dirty tree.
So here is a rebased version:

---8<---
We do not need locking in xfrm_trans_queue because it is designed
to use per-CPU buffers.  However, the original code incorrectly
used skb_queue_tail which takes the lock.  This patch switches
it to __skb_queue_tail instead.

Reported-and-tested-by: Artem Savkov <asavkov@redhat.com>
Fixes: acf568ee859f ("xfrm: Reinject transport-mode packets...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 444fa37..9dbf425 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -508,7 +508,7 @@ int xfrm_trans_queue(struct sk_buff *skb,
 		return -ENOBUFS;
 
 	XFRM_TRANS_SKB_CB(skb)->finish = finish;
-	skb_queue_tail(&trans->queue, skb);
+	__skb_queue_tail(&trans->queue, skb);
 	tasklet_schedule(&trans->tasklet);
 	return 0;
 }
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH v2] xfrm: Use __skb_queue_tail in xfrm_trans_queue
  2018-01-04 11:25     ` [PATCH v2] xfrm: Use __skb_queue_tail in xfrm_trans_queue Herbert Xu
@ 2018-01-05 10:31       ` Steffen Klassert
  0 siblings, 0 replies; 5+ messages in thread
From: Steffen Klassert @ 2018-01-05 10:31 UTC (permalink / raw)
  To: Herbert Xu; +Cc: Artem Savkov, netdev, linux-kernel

On Thu, Jan 04, 2018 at 10:25:07PM +1100, Herbert Xu wrote:
> On Thu, Jan 04, 2018 at 12:20:26PM +0100, Artem Savkov wrote:
> 
> > Right, thats a better solution.
> > 
> > Reported-and-tested-by: Artem Savkov <asavkov@redhat.com>
> 
> Thanks!
> 
> But I just realised that this patch is based on my dirty tree.
> So here is a rebased version:
> 
> ---8<---
> We do not need locking in xfrm_trans_queue because it is designed
> to use per-CPU buffers.  However, the original code incorrectly
> used skb_queue_tail which takes the lock.  This patch switches
> it to __skb_queue_tail instead.
> 
> Reported-and-tested-by: Artem Savkov <asavkov@redhat.com>
> Fixes: acf568ee859f ("xfrm: Reinject transport-mode packets...")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied, thanks everyone!

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-01-05 10:31 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-04 10:36 [PATCH] xfrm: init skb_head lock for transport-mode packets Artem Savkov
2018-01-04 11:01 ` Herbert Xu
2018-01-04 11:20   ` Artem Savkov
2018-01-04 11:25     ` [PATCH v2] xfrm: Use __skb_queue_tail in xfrm_trans_queue Herbert Xu
2018-01-05 10:31       ` Steffen Klassert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox