* [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy netns exit
@ 2026-04-02 11:31 Steffen Klassert
2026-04-02 11:31 ` [PATCH ipsec 2/2] xfrm: Wait for RCU readers during state " Steffen Klassert
2026-04-02 11:52 ` [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy " Florian Westphal
0 siblings, 2 replies; 6+ messages in thread
From: Steffen Klassert @ 2026-04-02 11:31 UTC (permalink / raw)
To: netdev; +Cc: Florian Westphal
xfrm_policy_fini() frees the policy_bydst hash tables after flushing the
policy work items and deleting all policies, but it does not wait for
concurrent RCU readers to leave their read-side critical sections first.
The policy_bydst tables are published via rcu_assign_pointer() and are
looked up through rcu_dereference_check(), so netns teardown must also
wait for an RCU grace period before freeing the table memory.
Fix this by adding synchronize_rcu() before freeing the policy hash tables.
Fixes: e1e551bc5630 ("xfrm: policy: prepare policy_bydst hash for rcu lookups")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_policy.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 362939aa56cf..8f0188e763c7 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -4290,6 +4290,8 @@ static void xfrm_policy_fini(struct net *net)
#endif
xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, false);
+ synchronize_rcu();
+
WARN_ON(!list_empty(&net->xfrm.policy_all));
for (dir = 0; dir < XFRM_POLICY_MAX; dir++) {
--
2.43.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH ipsec 2/2] xfrm: Wait for RCU readers during state netns exit
2026-04-02 11:31 [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy netns exit Steffen Klassert
@ 2026-04-02 11:31 ` Steffen Klassert
2026-04-02 11:57 ` Florian Westphal
2026-04-02 11:52 ` [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy " Florian Westphal
1 sibling, 1 reply; 6+ messages in thread
From: Steffen Klassert @ 2026-04-02 11:31 UTC (permalink / raw)
To: netdev; +Cc: Florian Westphal
xfrm_state_fini() flushes the resize and GC work, destroys all states, and
then frees the state hash tables and the inbound percpu state cache.
Those objects can still be observed by concurrent RCU readers. We need
to wait for a RCU grace period before freeing the hash tables and the
percpu cache to avoid netns teardown racing with lockless lookups.
Fix this by adding synchronize_rcu() before freeing the state hash
tables and the inbound percpu state cache.
Fixes: c8406998b801 ("xfrm: state: use rcu_deref and assign_pointer helpers")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_state.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 1748d374abca..84fbf1591138 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -3327,6 +3327,8 @@ void xfrm_state_fini(struct net *net)
xfrm_state_flush(net, 0, false);
flush_work(&xfrm_state_gc_work);
+ synchronize_rcu();
+
WARN_ON(!list_empty(&net->xfrm.state_all));
for (i = 0; i <= net->xfrm.state_hmask; i++) {
--
2.43.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH ipsec 2/2] xfrm: Wait for RCU readers during state netns exit
2026-04-02 11:31 ` [PATCH ipsec 2/2] xfrm: Wait for RCU readers during state " Steffen Klassert
@ 2026-04-02 11:57 ` Florian Westphal
2026-04-02 12:06 ` Steffen Klassert
0 siblings, 1 reply; 6+ messages in thread
From: Florian Westphal @ 2026-04-02 11:57 UTC (permalink / raw)
To: Steffen Klassert; +Cc: netdev
Steffen Klassert <steffen.klassert@secunet.com> wrote:
> xfrm_state_fini() flushes the resize and GC work, destroys all states, and
> then frees the state hash tables and the inbound percpu state cache.
> Those objects can still be observed by concurrent RCU readers. We need
> to wait for a RCU grace period before freeing the hash tables and the
> percpu cache to avoid netns teardown racing with lockless lookups.
>
> Fix this by adding synchronize_rcu() before freeing the state hash
> tables and the inbound percpu state cache.
>
> Fixes: c8406998b801 ("xfrm: state: use rcu_deref and assign_pointer helpers")
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
> ---
> net/xfrm/xfrm_state.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index 1748d374abca..84fbf1591138 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
> @@ -3327,6 +3327,8 @@ void xfrm_state_fini(struct net *net)
> xfrm_state_flush(net, 0, false);
> flush_work(&xfrm_state_gc_work);
>
> + synchronize_rcu();
> +
xfrm_state_flush() is expected to relink all states to the gc list for
the gc worker to handle.
The xfrm state worker calls synchronize_rcu() and then frees states
on the state gc list.
What scenario does this additional synchronize_rcu() protect against?
AFAICS this one is not needed, but maybe i am missing something?
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH ipsec 2/2] xfrm: Wait for RCU readers during state netns exit
2026-04-02 11:57 ` Florian Westphal
@ 2026-04-02 12:06 ` Steffen Klassert
0 siblings, 0 replies; 6+ messages in thread
From: Steffen Klassert @ 2026-04-02 12:06 UTC (permalink / raw)
To: Florian Westphal; +Cc: netdev
On Thu, Apr 02, 2026 at 01:57:37PM +0200, Florian Westphal wrote:
> Steffen Klassert <steffen.klassert@secunet.com> wrote:
> > xfrm_state_fini() flushes the resize and GC work, destroys all states, and
> > then frees the state hash tables and the inbound percpu state cache.
> > Those objects can still be observed by concurrent RCU readers. We need
> > to wait for a RCU grace period before freeing the hash tables and the
> > percpu cache to avoid netns teardown racing with lockless lookups.
> >
> > Fix this by adding synchronize_rcu() before freeing the state hash
> > tables and the inbound percpu state cache.
> >
> > Fixes: c8406998b801 ("xfrm: state: use rcu_deref and assign_pointer helpers")
> > Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
> > ---
> > net/xfrm/xfrm_state.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> > index 1748d374abca..84fbf1591138 100644
> > --- a/net/xfrm/xfrm_state.c
> > +++ b/net/xfrm/xfrm_state.c
> > @@ -3327,6 +3327,8 @@ void xfrm_state_fini(struct net *net)
> > xfrm_state_flush(net, 0, false);
> > flush_work(&xfrm_state_gc_work);
> >
> > + synchronize_rcu();
> > +
>
> xfrm_state_flush() is expected to relink all states to the gc list for
> the gc worker to handle.
>
> The xfrm state worker calls synchronize_rcu() and then frees states
> on the state gc list.
Yes, xfrm_state_gc_task() does the synchronize_rcu() already. I found
the ploicy thing and had the impression we need it here as well.
I'll skip this one out.
Thanks!
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy netns exit
2026-04-02 11:31 [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy netns exit Steffen Klassert
2026-04-02 11:31 ` [PATCH ipsec 2/2] xfrm: Wait for RCU readers during state " Steffen Klassert
@ 2026-04-02 11:52 ` Florian Westphal
2026-04-07 8:16 ` Steffen Klassert
1 sibling, 1 reply; 6+ messages in thread
From: Florian Westphal @ 2026-04-02 11:52 UTC (permalink / raw)
To: Steffen Klassert; +Cc: netdev
Steffen Klassert <steffen.klassert@secunet.com> wrote:
> xfrm_policy_fini() frees the policy_bydst hash tables after flushing the
> policy work items and deleting all policies, but it does not wait for
> concurrent RCU readers to leave their read-side critical sections first.
>
> The policy_bydst tables are published via rcu_assign_pointer() and are
> looked up through rcu_dereference_check(), so netns teardown must also
> wait for an RCU grace period before freeing the table memory.
>
> Fix this by adding synchronize_rcu() before freeing the policy hash tables.
>
> Fixes: e1e551bc5630 ("xfrm: policy: prepare policy_bydst hash for rcu lookups")
Reviewed-by: Florian Westphal <fw@strlen.de>
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy netns exit
2026-04-02 11:52 ` [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy " Florian Westphal
@ 2026-04-07 8:16 ` Steffen Klassert
0 siblings, 0 replies; 6+ messages in thread
From: Steffen Klassert @ 2026-04-07 8:16 UTC (permalink / raw)
To: Florian Westphal; +Cc: netdev
On Thu, Apr 02, 2026 at 01:52:08PM +0200, Florian Westphal wrote:
> Steffen Klassert <steffen.klassert@secunet.com> wrote:
> > xfrm_policy_fini() frees the policy_bydst hash tables after flushing the
> > policy work items and deleting all policies, but it does not wait for
> > concurrent RCU readers to leave their read-side critical sections first.
> >
> > The policy_bydst tables are published via rcu_assign_pointer() and are
> > looked up through rcu_dereference_check(), so netns teardown must also
> > wait for an RCU grace period before freeing the table memory.
> >
> > Fix this by adding synchronize_rcu() before freeing the policy hash tables.
> >
> > Fixes: e1e551bc5630 ("xfrm: policy: prepare policy_bydst hash for rcu lookups")
>
> Reviewed-by: Florian Westphal <fw@strlen.de>
This is now applied to the ipsec tree.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-04-07 8:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-02 11:31 [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy netns exit Steffen Klassert
2026-04-02 11:31 ` [PATCH ipsec 2/2] xfrm: Wait for RCU readers during state " Steffen Klassert
2026-04-02 11:57 ` Florian Westphal
2026-04-02 12:06 ` Steffen Klassert
2026-04-02 11:52 ` [PATCH ipsec 1/2] xfrm: Wait for RCU readers during policy " Florian Westphal
2026-04-07 8:16 ` Steffen Klassert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox