From: alexjlzheng@gmail.com
To: sd@queasysnail.net, andrew+netdev@lunn.ch, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
horms@kernel.org, hannes@stressinduktion.org,
albinwyang@tencent.com, kuniyu@google.com,
shenyangyang4@huawei.com
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Jinliang Zheng <alexjlzheng@tencent.com>
Subject: [PATCH net v2 0/3] macsec: use rcu_work to fix crypto cleanup in softirq context
Date: Thu, 7 May 2026 10:04:23 +0800 [thread overview]
Message-ID: <20260507020426.1126254-1-alexjlzheng@tencent.com> (raw)
From: Jinliang Zheng <alexjlzheng@tencent.com>
crypto_free_aead() can internally call vunmap() (e.g. via dma_free_attrs()
in hardware crypto drivers like hisi_sec2), which must not be invoked from
softirq context. Both free_rxsa() and free_txsa() are RCU callbacks that
run in softirq, causing a kernel crash on affected hardware.
This series fixes the issue by deferring the actual cleanup to a workqueue
using rcu_work, which combines the RCU grace period and workqueue dispatch
into a single primitive.
Two design decisions worth noting:
1. rcu_work instead of schedule_work() + synchronize_rcu()
An alternative would be to call schedule_work() directly from
macsec_rxsa_put()/macsec_txsa_put(), then call synchronize_rcu() at
the start of the work handler to replace the grace period previously
provided by call_rcu(). However, synchronize_rcu() blocks the worker
thread for the duration of a full RCU grace period. Under high SA
churn (e.g. tearing down an interface with many SAs), each SA would
occupy a worker thread while waiting, and multiple concurrent calls
cannot share the same grace period — leading to unnecessary latency
and resource waste.
rcu_work uses call_rcu_hurry() internally, which is fully asynchronous:
the worker thread is only dispatched after the grace period has elapsed,
and multiple concurrent queue_rcu_work() calls naturally batch under the
same grace period via the RCU subsystem's existing coalescing mechanism.
2. Dedicated workqueue instead of system_wq
Using a dedicated workqueue (macsec_wq) allows macsec_exit() to drain
exactly the work items belonging to this module — by calling
destroy_workqueue() after rcu_barrier(). If system_wq were used,
flush_scheduled_work() would drain all pending work items across the
entire system, creating unnecessary coupling with unrelated subsystems
and potentially causing unexpected delays. The dedicated workqueue
provides a clean, contained teardown path.
Changes in v2:
- Use rcu_work instead of work_struct to avoid the manual RCU callback
wrapper (suggested by Kuniyuki Iwashima)
- Introduce a dedicated workqueue and drain it properly in macsec_exit()
to prevent potential crash on module unload (noted by Sabrina Dubroca)
- Extend the fix to TX SAs, which suffer from the same issue
(noted by Sabrina Dubroca)
- Add Fixes tag (noted by Sabrina Dubroca)
- Split into three patches
Thanks to Kuniyuki Iwashima and Sabrina Dubroca for the review.
Link: https://lore.kernel.org/netdev/20260506100107.388184-1-alexjlzheng@tencent.com/T/#u
Jinliang Zheng (3):
macsec: introduce dedicated workqueue for SA crypto cleanup
macsec: use rcu_work to defer RX SA crypto cleanup out of softirq
macsec: use rcu_work to defer TX SA crypto cleanup out of softirq
drivers/net/macsec.c | 27 ++++++++++++++++++++-------
include/net/macsec.h | 5 +++--
2 files changed, 23 insertions(+), 9 deletions(-)
--
2.39.3
next reply other threads:[~2026-05-07 2:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-07 2:04 alexjlzheng [this message]
2026-05-07 2:04 ` [PATCH net v2 v2 1/3] macsec: introduce dedicated workqueue for SA crypto cleanup alexjlzheng
2026-05-08 22:42 ` Jakub Kicinski
2026-05-09 2:00 ` [PATCH net " alexjlzheng
2026-05-09 2:19 ` Jakub Kicinski
2026-05-09 2:50 ` alexjlzheng
2026-05-07 2:04 ` [PATCH net v2 v2 2/3] macsec: use rcu_work to defer RX SA crypto cleanup out of softirq alexjlzheng
2026-05-08 22:42 ` Jakub Kicinski
2026-05-07 2:04 ` [PATCH net v2 v2 3/3] macsec: use rcu_work to defer TX " alexjlzheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260507020426.1126254-1-alexjlzheng@tencent.com \
--to=alexjlzheng@gmail.com \
--cc=albinwyang@tencent.com \
--cc=alexjlzheng@tencent.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hannes@stressinduktion.org \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=kuniyu@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sd@queasysnail.net \
--cc=shenyangyang4@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox