diff mbox series

af_key: Do not call xfrm_probe_algs in parallel

Message ID YuuZgsdmJK8roKLD@gondor.apana.org.au (mailing list archive)
State Not Applicable
Delegated to: Netdev Maintainers
Headers show
Series af_key: Do not call xfrm_probe_algs in parallel | expand

Checks

Context Check Description
netdev/tree_selection success Guessed tree name to be net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers success CCed 8 of 8 maintainers
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 12 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Herbert Xu Aug. 4, 2022, 10:03 a.m. UTC 
When namespace support was added to xfrm/afkey, it caused the
previously single-threaded call to xfrm_probe_algs to become
multi-threaded.  This is buggy and needs to be fixed with a mutex.

Reported-by: Abhishek Shah <abhishek.shah@columbia.edu>
Fixes: 283bc9f35bbb ("xfrm: Namespacify xfrm state/policy locks")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Comments

Steffen Klassert Aug. 9, 2022, 5:47 a.m. UTC | #1 
On Thu, Aug 04, 2022 at 06:03:46PM +0800, Herbert Xu wrote:
> When namespace support was added to xfrm/afkey, it caused the
> previously single-threaded call to xfrm_probe_algs to become
> multi-threaded.  This is buggy and needs to be fixed with a mutex.
> 
> Reported-by: Abhishek Shah <abhishek.shah@columbia.edu>
> Fixes: 283bc9f35bbb ("xfrm: Namespacify xfrm state/policy locks")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied, thanks a lot Herbert!
Gabriel Ryan Aug. 22, 2022, 4:19 p.m. UTC | #2 
We can confirm we tested this patch and it prevents the race we
detected in xfrm_ealg_get_byname / xfrm_probe_algs.

Best,

Gabe


On Thu, Aug 4, 2022 at 6:03 AM Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
> When namespace support was added to xfrm/afkey, it caused the
> previously single-threaded call to xfrm_probe_algs to become
> multi-threaded.  This is buggy and needs to be fixed with a mutex.
>
> Reported-by: Abhishek Shah <abhishek.shah@columbia.edu>
> Fixes: 283bc9f35bbb ("xfrm: Namespacify xfrm state/policy locks")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> diff --git a/net/key/af_key.c b/net/key/af_key.c
> index fb16d7c4e1b8..20e73643b9c8 100644
> --- a/net/key/af_key.c
> +++ b/net/key/af_key.c
> @@ -1697,9 +1697,12 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad
>                 pfk->registered |= (1<<hdr->sadb_msg_satype);
>         }
>
> +       mutex_lock(&pfkey_mutex);
>         xfrm_probe_algs();
>
>         supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
> +       mutex_unlock(&pfkey_mutex);
> +
>         if (!supp_skb) {
>                 if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
>                         pfk->registered &= ~(1<<hdr->sadb_msg_satype);
> --
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff mbox series

Patch

diff --git a/net/key/af_key.c b/net/key/af_key.c
index fb16d7c4e1b8..20e73643b9c8 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1697,9 +1697,12 @@  static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad
 		pfk->registered |= (1<<hdr->sadb_msg_satype);
 	}
 
+	mutex_lock(&pfkey_mutex);
 	xfrm_probe_algs();
 
 	supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
+	mutex_unlock(&pfkey_mutex);
+
 	if (!supp_skb) {
 		if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
 			pfk->registered &= ~(1<<hdr->sadb_msg_satype);