From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA2843B4EA8 for ; Wed, 8 Apr 2026 09:59:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775642391; cv=none; b=oliMJQm2AZYd1Wy41Hurcu2w7u4d0UneU/EUWKt47EHdD5+DmPLOf1FFzistJzYzfYkPqplINcV6KK9L4VKPt6oBcwUdjZRRZATXMEvZ+0vBhTiovz/fu1REtNOoTzGJ3yem3GzWwmLz6p3Z7OG/be9VvzonkYn3vdeIDWh3pRc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775642391; c=relaxed/simple; bh=Fsw5CjXrJ2bEM768nNozzrWwSoiyPTGGVLZxmHHFSNA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lwsGPUKug2z9jUkBYq0K8LADBU3V41nqF04ezHERlJh1ki9aXlWvZ4UC6cQtyhU1DwLpBaisHN13e7h2+F84esabOXd2rHckTZZUSiri7jbyVEuoVBFv+EswHJZ6xk8trDDHVw14mc039yDvdqLMU0ZodSZIHjEujehsSJETovg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=hs8CL5wP; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="hs8CL5wP" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 48FC02082B; Wed, 8 Apr 2026 11:59:39 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQwg4kYMOUd8; Wed, 8 Apr 2026 11:59:38 +0200 (CEST) Received: from EXCH-01.secunet.de (rl1.secunet.de [10.32.0.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id B1ECB207FB; Wed, 8 Apr 2026 11:59:38 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com B1ECB207FB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775642378; bh=InBvTIaZ3P+uElTO0bHo9EL/21NdgQNfV3li6eFj2G8=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=hs8CL5wPQoOOizU9hB5YuZmarNgqCljfxCxunYD1w95Z6RmhGuBQq/BvurV48V3Ds Fr3xMltTo9m33Xvubd4W/HFBZQC1yLW/Cg9l5SZ9HbxcyRC0fo1WfG5BVEFTHLfygL m/lD4BaaOAPnMkmzlR540w8E4JdG92ATLe0atfH3v4jpPgZqd7mrq59DRfkWRrmjYu mi1OrzIIrHS0dKO/VCnTjvGuHHBwAKwpNpFlEnJ+JaTqNVax5B+gnHLOEDrIR1anFT AlHH7PiTHCv6pqo1lyuxdvF9bWX8ccxFnyKJebtKzmKLO8cS5LNhaOPWeqtSQFoYnB JIcnh1L3LlMxA== Received: from secunet.com (10.182.7.193) by EXCH-01.secunet.de (10.32.0.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Wed, 8 Apr 2026 11:59:37 +0200 Received: (nullmailer pid 256831 invoked by uid 1000); Wed, 08 Apr 2026 09:59:27 -0000 From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 3/8] xfrm: Wait for RCU readers during policy netns exit Date: Wed, 8 Apr 2026 11:58:59 +0200 Message-ID: <20260408095925.253681-4-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260408095925.253681-1-steffen.klassert@secunet.com> References: <20260408095925.253681-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-01.secunet.de (10.32.0.171) xfrm_policy_fini() frees the policy_bydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their read-side critical sections first. The policy_bydst tables are published via rcu_assign_pointer() and are looked up through rcu_dereference_check(), so netns teardown must also wait for an RCU grace period before freeing the table memory. Fix this by adding synchronize_rcu() before freeing the policy hash tables. Fixes: e1e551bc5630 ("xfrm: policy: prepare policy_bydst hash for rcu lookups") Signed-off-by: Steffen Klassert Reviewed-by: Florian Westphal --- net/xfrm/xfrm_policy.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 362939aa56cf..8f0188e763c7 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4290,6 +4290,8 @@ static void xfrm_policy_fini(struct net *net) #endif xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, false); + synchronize_rcu(); + WARN_ON(!list_empty(&net->xfrm.policy_all)); for (dir = 0; dir < XFRM_POLICY_MAX; dir++) { -- 2.43.0