| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jun 2021 07:27:21 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Frederic Weisbecker <frederic@...nel.org>
CC: Varad Gautam <varad.gautam@...e.com>,
<linux-kernel@...r.kernel.org>,
linux-rt-users <linux-rt-users@...r.kernel.org>,
<netdev@...r.kernel.org>, Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Florian Westphal <fw@...len.de>,
"Ahmed S. Darwish" <a.darwish@...utronix.de>,
<stable@...r.kernel.org>
Subject: Re: [PATCH] xfrm: policy: Restructure RCU-read locking in
xfrm_sk_policy_lookup
On Tue, Jun 22, 2021 at 01:51:24PM +0200, Frederic Weisbecker wrote:
> On Tue, Jun 22, 2021 at 01:21:59PM +0200, Steffen Klassert wrote:
> > On Mon, Jun 21, 2021 at 01:05:28PM +0200, Steffen Klassert wrote:
> > > On Mon, Jun 21, 2021 at 11:11:18AM +0200, Varad Gautam wrote:
> >
> > Varad, can you try to replace the seqcount_mutex_t for xfrm_policy_hash_generation
> > by a seqcount_spinlock_t? I'm not familiar with that seqcount changes,
> > but we should not end up with using a mutex in this codepath.
>
> Something like this? (beware, untested, also I don't know if the read side
> should then disable bh, doesn't look necessary for PREEMPT_RT, but I may be
> missing something...)
>
> diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
> index e816b6a3ef2b..9b376b87bd54 100644
> --- a/include/net/netns/xfrm.h
> +++ b/include/net/netns/xfrm.h
> @@ -74,6 +74,7 @@ struct netns_xfrm {
> #endif
> spinlock_t xfrm_state_lock;
> seqcount_spinlock_t xfrm_state_hash_generation;
> + seqcount_spinlock_t xfrm_policy_hash_generation;
>
> spinlock_t xfrm_policy_lock;
> struct mutex xfrm_cfg_mutex;
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index ce500f847b99..46a6d15b66d6 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -155,7 +155,6 @@ static struct xfrm_policy_afinfo const __rcu *xfrm_policy_afinfo[AF_INET6 + 1]
> __read_mostly;
>
> static struct kmem_cache *xfrm_dst_cache __ro_after_init;
> -static __read_mostly seqcount_mutex_t xfrm_policy_hash_generation;
>
> static struct rhashtable xfrm_policy_inexact_table;
> static const struct rhashtable_params xfrm_pol_inexact_params;
> @@ -585,7 +584,7 @@ static void xfrm_bydst_resize(struct net *net, int dir)
> return;
>
> spin_lock_bh(&net->xfrm.xfrm_policy_lock);
> - write_seqcount_begin(&xfrm_policy_hash_generation);
> + write_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
>
> odst = rcu_dereference_protected(net->xfrm.policy_bydst[dir].table,
> lockdep_is_held(&net->xfrm.xfrm_policy_lock));
> @@ -596,7 +595,7 @@ static void xfrm_bydst_resize(struct net *net, int dir)
> rcu_assign_pointer(net->xfrm.policy_bydst[dir].table, ndst);
> net->xfrm.policy_bydst[dir].hmask = nhashmask;
>
> - write_seqcount_end(&xfrm_policy_hash_generation);
> + write_seqcount_end(&net->xfrm.xfrm_policy_hash_generation);
> spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
>
> synchronize_rcu();
> @@ -1245,7 +1244,7 @@ static void xfrm_hash_rebuild(struct work_struct *work)
> } while (read_seqretry(&net->xfrm.policy_hthresh.lock, seq));
>
> spin_lock_bh(&net->xfrm.xfrm_policy_lock);
> - write_seqcount_begin(&xfrm_policy_hash_generation);
> + write_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
>
> /* make sure that we can insert the indirect policies again before
> * we start with destructive action.
> @@ -1354,7 +1353,7 @@ static void xfrm_hash_rebuild(struct work_struct *work)
>
> out_unlock:
> __xfrm_policy_inexact_flush(net);
> - write_seqcount_end(&xfrm_policy_hash_generation);
> + write_seqcount_end(&net->xfrm.xfrm_policy_hash_generation);
> spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
>
> mutex_unlock(&hash_resize_mutex);
> @@ -2095,9 +2094,9 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,
> rcu_read_lock();
> retry:
> do {
> - sequence = read_seqcount_begin(&xfrm_policy_hash_generation);
> + sequence = read_seqcount_begin(&net->xfrm.xfrm_policy_hash_generation);
> chain = policy_hash_direct(net, daddr, saddr, family, dir);
> - } while (read_seqcount_retry(&xfrm_policy_hash_generation, sequence));
> + } while (read_seqcount_retry(&net->xfrm.xfrm_policy_hash_generation, sequence));
>
> ret = NULL;
> hlist_for_each_entry_rcu(pol, chain, bydst) {
> @@ -2128,7 +2127,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,
> }
>
> skip_inexact:
> - if (read_seqcount_retry(&xfrm_policy_hash_generation, sequence))
> + if (read_seqcount_retry(&net->xfrm.xfrm_policy_hash_generation, sequence))
> goto retry;
>
> if (ret && !xfrm_pol_hold_rcu(ret))
> @@ -4084,6 +4083,7 @@ static int __net_init xfrm_net_init(struct net *net)
> /* Initialize the per-net locks here */
> spin_lock_init(&net->xfrm.xfrm_state_lock);
> spin_lock_init(&net->xfrm.xfrm_policy_lock);
> + seqcount_spinlock_init(&net->xfrm.xfrm_policy_hash_generation, &net->xfrm.xfrm_policy_lock);
> mutex_init(&net->xfrm.xfrm_cfg_mutex);
>
> rv = xfrm_statistics_init(net);
> @@ -4128,7 +4128,6 @@ void __init xfrm_init(void)
> {
> register_pernet_subsys(&xfrm_net_ops);
> xfrm_dev_init();
> - seqcount_mutex_init(&xfrm_policy_hash_generation, &hash_resize_mutex);
> xfrm_input_init();
>
> #ifdef CONFIG_XFRM_ESPINTCP
Yes, looks like your patch should do it. The xfrm_policy_lock is the
write side protection for the seqcount here.
Thanks!
Powered by blists - more mailing lists