From patchwork Mon Jul 8 06:58:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leon Romanovsky X-Patchwork-Id: 13726234 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3DEC218C36 for ; Mon, 8 Jul 2024 06:58:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720421907; cv=none; b=FrFtmcwbh1j2V0nTOG1Wgtzhyh4qqCtrhi8ESXoQpvKVz8vGL3QXkIk9SZO7Lbj+jHcWd680ZIb8XSk1V0qTHGFcR8njm7OpWJIuffKtERbb5Efcr/S9+bMC70RsJgvxEnwY3VNCpMgOHn7EwJaS3Gn6S8Hedu09jNCg57HQXsg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720421907; c=relaxed/simple; bh=w6n2XtZAbd4uA+APTTv+2Vc+iMaH7gJW+4J7RHH9Ljc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VRJF7yS1CxEc/tZShftaUmWyWjcVr2MzOaPcjz1hdRBrP0evws4urIr0V1kqYeUSbpjKiVERY+ncKEuhwsQPs1eiA4cOnZoOZyOIHfpSppD1zvs+ZmtWCnpLR2jnyWaUgsI0RHtV9j6uCTdrw4FSnzyBjvkwAIDb0aCsSj3hecg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=G2z+naOu; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="G2z+naOu" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F484C4AF0D; Mon, 8 Jul 2024 06:58:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1720421906; bh=w6n2XtZAbd4uA+APTTv+2Vc+iMaH7gJW+4J7RHH9Ljc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G2z+naOul1WKYEbyb8LXpBILJA11i+RGM4RUMIk7SoZc6qtxHenOU37uq9NzFMA5F 71WdyyGc8oZICXPjp6/0+57N89f7SlilUiGUckzE6kISuscuc3xakQZt8A+ga6gRok Y3S+UVd4UslEHzcHbdI2afimoqM/oxOBjzvpG6EuZReNcwYnjLO4AnG7T/Cko1Mz0x dQbNWzXSaUbuCNrDBGOPaGOqsfTP048IsjgUzX7XSuoKnnlsJ1IBi6gZ4s/ZWc8aP0 zo4GGo0Ey1RnizXAFmEg4KFdCVaV0EDw0mtsnvl8bBNX0Nzljvy6H9YqIODiN/5P6b ixREWEyzZ4tZw== From: Leon Romanovsky To: Steffen Klassert Cc: Jianbo Liu , Cosmin Ratiu , Herbert Xu , netdev@vger.kernel.org, Raed Salem Subject: [PATCH ipsec 1/2] xfrm: fix netdev reference count imbalance Date: Mon, 8 Jul 2024 09:58:11 +0300 Message-ID: <7496160665a6e1cbc93bded06c4bcc31d595e6a2.1720421559.git.leon@kernel.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jianbo Liu In cited commit, netdev_tracker_alloc() is called for the newly allocated xfrm state, but dev_hold() is missed, which causes netdev reference count imbalance, because netdev_put() is called when the state is freed in xfrm_dev_state_free(). Fix the issue by replacing netdev_tracker_alloc() with netdev_hold(). Fixes: f8a70afafc17 ("xfrm: add TX datapath support for IPsec packet offload mode") Signed-off-by: Jianbo Liu Reviewed-by: Cosmin Ratiu Signed-off-by: Leon Romanovsky --- net/xfrm/xfrm_state.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 5249c3574bb3..bf7904edd2fb 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1274,8 +1274,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr, xso->dev = xdo->dev; xso->real_dev = xdo->real_dev; xso->flags = XFRM_DEV_OFFLOAD_FLAG_ACQ; - netdev_tracker_alloc(xso->dev, &xso->dev_tracker, - GFP_ATOMIC); + netdev_hold(xso->dev, &xso->dev_tracker, GFP_ATOMIC); error = xso->dev->xfrmdev_ops->xdo_dev_state_add(x, NULL); if (error) { xso->dir = 0; From patchwork Mon Jul 8 06:58:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leon Romanovsky X-Patchwork-Id: 13726233 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 12B6618C36 for ; Mon, 8 Jul 2024 06:58:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720421903; cv=none; b=kZcMT25/dwUsoxV8p7UDNpcyVlXXksZNBuwifztg8hAkkiwyhJ0AxkaT765+rSnV0L/Og5xHWiR9vPDkIinehCdCc2QGZ8llE5BMtRkaA7UQFnHDvbZCYDGgw2mpUSoLippTwDQzvY8DIgyWISLC6Cg4zB+ue9+Wm+3oLHzgjb0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720421903; c=relaxed/simple; bh=ai25rRPS8dDX78UdtMDcWHBmYaMzRL/hqLNklBwgEPY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Qp4Xtz/fz0voExTv0RCGwZbhuT80ohtyUbiTjXO778fiNBgcEXcgN0roxvqb4J7QPne3IinvFPQ5NMf6We2U7Hu05UhbR4EVTlTxW5K8WBOuBLNG/NOQAaw4itG2iBMb8+ttiT1d314ni55ghsJfF0ebfNfpbSMNGcwXgySR1n0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WAFHdYHi; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WAFHdYHi" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6C819C116B1; Mon, 8 Jul 2024 06:58:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1720421902; bh=ai25rRPS8dDX78UdtMDcWHBmYaMzRL/hqLNklBwgEPY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WAFHdYHixJd3wLKEeIvCtwGN1TWXs6esRNZILAsklkqqm3g7wr04eeAKjFTp9UtEk 1uDw/lSVQt6GoJIsVwqu35KeIAWf6KT8SsjqKPCvBHKonqnus+NOFPOzJOlJj0PE5b ++x4Q2bo7QI3anjt5h3v9lS9qe4aGB4hd6ggMrY3Px3PaWfqn3dvloucqguG+igHaB /hm7xIYvnEzRmVTyGMjgejnGLljnf4XJ9J9IxEItRxDQq4KwlTJitwou+1wFGe7ZXi 2vdQ+LbiiUObEkX1ZRdccyadL+6JV1uy02/x4XaVnEyecdRzaUTBXbokgW8FZLPlU3 o/cgdWOR9vw8A== From: Leon Romanovsky To: Steffen Klassert Cc: Jianbo Liu , Cosmin Ratiu , Herbert Xu , netdev@vger.kernel.org, Raed Salem Subject: [PATCH ipsec 2/2] xfrm: call xfrm_dev_policy_delete when kill policy Date: Mon, 8 Jul 2024 09:58:12 +0300 Message-ID: X-Mailer: git-send-email 2.45.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jianbo Liu xfrm_policy_kill() is called at different places to delete xfrm policy. It will call xfrm_pol_put(). But xfrm_dev_policy_delete() is not called to free the policy offloaded to hardware. The three commits cited here are to handle this issue by calling xfrm_dev_policy_delete() outside xfrm_get_policy(). But they didn't cover all the cases. An example, which is not handled for now, is xfrm_policy_insert(). It is called when XFRM_MSG_UPDPOLICY request is received. Old policy is replaced by new one, but the offloaded policy is not deleted, so driver doesn't have the chance to release hardware resources. To resolve this issue for all cases, move xfrm_dev_policy_delete() into xfrm_policy_kill(), so the offloaded policy can be deleted from hardware when it is called, which avoids hardware resources leakage. Fixes: 919e43fad516 ("xfrm: add an interface to offload policy") Fixes: bf06fcf4be0f ("xfrm: add missed call to delete offloaded policies") Fixes: 982c3aca8bac ("xfrm: delete offloaded policy") Signed-off-by: Jianbo Liu Reviewed-by: Cosmin Ratiu Signed-off-by: Leon Romanovsky --- net/xfrm/xfrm_policy.c | 5 ++--- net/xfrm/xfrm_user.c | 1 - 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 6603d3bd171f..27117dd7ba60 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -452,6 +452,8 @@ EXPORT_SYMBOL(xfrm_policy_destroy); static void xfrm_policy_kill(struct xfrm_policy *policy) { + xfrm_dev_policy_delete(policy); + write_lock_bh(&policy->lock); policy->walk.dead = 1; write_unlock_bh(&policy->lock); @@ -1850,7 +1852,6 @@ int xfrm_policy_flush(struct net *net, u8 type, bool task_valid) __xfrm_policy_unlink(pol, dir); spin_unlock_bh(&net->xfrm.xfrm_policy_lock); - xfrm_dev_policy_delete(pol); cnt++; xfrm_audit_policy_delete(pol, 1, task_valid); xfrm_policy_kill(pol); @@ -1891,7 +1892,6 @@ int xfrm_dev_policy_flush(struct net *net, struct net_device *dev, __xfrm_policy_unlink(pol, dir); spin_unlock_bh(&net->xfrm.xfrm_policy_lock); - xfrm_dev_policy_delete(pol); cnt++; xfrm_audit_policy_delete(pol, 1, task_valid); xfrm_policy_kill(pol); @@ -2342,7 +2342,6 @@ int xfrm_policy_delete(struct xfrm_policy *pol, int dir) pol = __xfrm_policy_unlink(pol, dir); spin_unlock_bh(&net->xfrm.xfrm_policy_lock); if (pol) { - xfrm_dev_policy_delete(pol); xfrm_policy_kill(pol); return 0; } diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index a552cfa623ea..55f039ec3d59 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -2466,7 +2466,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, NETLINK_CB(skb).portid); } } else { - xfrm_dev_policy_delete(xp); xfrm_audit_policy_delete(xp, err ? 0 : 1, true); if (err != 0)