From: Florian Westphal <fw@strlen.de>
To: steffen.klassert@secunet.com
Cc: xiyou.wangcong@gmail.com, <netdev@vger.kernel.org>,
Florian Westphal <fw@strlen.de>
Subject: [PATCH ipsec 4/7] xfrm: policy: delete inexact policies from inexact list on hash rebuild
Date: Fri, 4 Jan 2019 14:17:02 +0100 [thread overview]
Message-ID: <20190104131705.9550-5-fw@strlen.de> (raw)
In-Reply-To: <20190104131705.9550-1-fw@strlen.de>
An xfrm hash rebuild has to reset the inexact policy list before the
policies get re-inserted: A change of hash thresholds will result in
policies to get moved from inexact tree to the policy hash table.
If the thresholds are increased again later, they get moved from hash
table to inexact tree.
We must unlink all policies from the inexact tree before re-insertion.
Otherwise 'migrate' may find policies that are in main hash table a
second time, when it searches the inexact lists.
Furthermore, re-insertion without deletion can cause elements ->next to
point back to itself, causing soft lockups or double-frees.
Reported-by: syzbot+9d971dd21eb26567036b@syzkaller.appspotmail.com
Fixes: 9cf545ebd591da ("xfrm: policy: store inexact policies in a tree ordered by destination address")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
net/xfrm/xfrm_policy.c | 23 ++++++++++-------------
1 file changed, 10 insertions(+), 13 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index d8fba27a4bfb..24dfd1e47cf0 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -680,16 +680,6 @@ static void xfrm_hash_resize(struct work_struct *work)
mutex_unlock(&hash_resize_mutex);
}
-static void xfrm_hash_reset_inexact_table(struct net *net)
-{
- struct xfrm_pol_inexact_bin *b;
-
- lockdep_assert_held(&net->xfrm.xfrm_policy_lock);
-
- list_for_each_entry(b, &net->xfrm.inexact_bins, inexact_bins)
- INIT_HLIST_HEAD(&b->hhead);
-}
-
/* Make sure *pol can be inserted into fastbin.
* Useful to check that later insert requests will be sucessful
* (provided xfrm_policy_lock is held throughout).
@@ -1279,10 +1269,14 @@ static void xfrm_hash_rebuild(struct work_struct *work)
}
/* reset the bydst and inexact table in all directions */
- xfrm_hash_reset_inexact_table(net);
-
for (dir = 0; dir < XFRM_POLICY_MAX; dir++) {
- INIT_HLIST_HEAD(&net->xfrm.policy_inexact[dir]);
+ struct hlist_node *n;
+
+ hlist_for_each_entry_safe(policy, n,
+ &net->xfrm.policy_inexact[dir],
+ bydst_inexact_list)
+ hlist_del_init(&policy->bydst_inexact_list);
+
hmask = net->xfrm.policy_bydst[dir].hmask;
odst = net->xfrm.policy_bydst[dir].table;
for (i = hmask; i >= 0; i--)
@@ -1314,6 +1308,9 @@ static void xfrm_hash_rebuild(struct work_struct *work)
newpos = NULL;
chain = policy_hash_bysel(net, &policy->selector,
policy->family, dir);
+
+ hlist_del_rcu(&policy->bydst);
+
if (!chain) {
void *p = xfrm_policy_inexact_insert(policy, dir, 0);
--
2.19.2
next prev parent reply other threads:[~2019-01-04 13:19 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-04 13:16 [PATCH ipsec 0/7] xfrm: policy: fix various bugs Florian Westphal
2019-01-04 13:16 ` [PATCH ipsec 1/7] selftests: xfrm: add block rules with adjacent/overlapping subnets Florian Westphal
2019-01-04 13:17 ` [PATCH ipsec 2/7] xfrm: policy: use hlist rcu variants on inexact insert, part 2 Florian Westphal
2019-01-04 13:17 ` [PATCH ipsec 3/7] xfrm: policy: increment xfrm_hash_generation on hash rebuild Florian Westphal
2019-01-04 13:17 ` Florian Westphal [this message]
2019-01-05 4:46 ` [PATCH ipsec 4/7] xfrm: policy: delete inexact policies from inexact list " Cong Wang
2019-01-05 9:53 ` Florian Westphal
2019-01-04 13:17 ` [PATCH ipsec 5/7] xfrm: policy: fix reinsertion on node merge Florian Westphal
2019-01-05 4:48 ` Cong Wang
2019-01-05 9:57 ` Florian Westphal
2019-01-04 13:17 ` [PATCH ipsec 6/7] selftests: xfrm: alter htresh to trigger move of policies to hash table Florian Westphal
2019-01-04 13:17 ` [PATCH ipsec 7/7] xfrm: policy: fix infinite loop when merging src-nodes Florian Westphal
2019-01-05 4:49 ` Cong Wang
2019-01-05 9:59 ` Florian Westphal
2019-01-09 13:03 ` Steffen Klassert
2019-01-10 8:09 ` [PATCH ipsec 0/7] xfrm: policy: fix various bugs Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190104131705.9550-5-fw@strlen.de \
--to=fw@strlen.de \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).