proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-11-19 22:01:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
91fe0e70db
mirror_ubuntu-kernels/net/xfrm
History
Hangbin Liu 138437f591 xfrm: move xfrm_garbage_collect out of xfrm_policy_flush 
Now we will force to do garbage collection if any policy removed in
xfrm_policy_flush(). But during xfrm_net_exit(). We call flow_cache_fini()
first and set set fc->percpu to NULL. Then after we call xfrm_policy_fini()
-> frxm_policy_flush() -> flow_cache_flush(), we will get NULL pointer
dereference when check percpu_empty. The code path looks like:

flow_cache_fini()
  - fc->percpu = NULL
xfrm_policy_fini()
  - xfrm_policy_flush()
    - xfrm_garbage_collect()
      - flow_cache_flush()
        - flow_cache_percpu_empty()
	  - fcp = per_cpu_ptr(fc->percpu, cpu)

To reproduce, just add ipsec in netns and then remove the netns.

v2:
As Xin Long suggested, since only two other places need to call it. move
xfrm_garbage_collect() outside xfrm_policy_flush().

v3:
Fix subject mismatch after v2 fix.

Fixes: 35db069121 ("xfrm: do the garbage collection after flushing policy")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2017-06-12 11:51:21 +02:00
..
Kconfig Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2017-02-16 21:25:49 -05:00
Makefile xfrm: fix xfrm_dev_event() missing when compile without CONFIG_XFRM_OFFLOAD 2017-06-07 08:16:27 +02:00
xfrm_algo.c xfrm: use IS_ENABLED() instead of checking for built-in or module 2016-09-10 21:19:11 -07:00
xfrm_device.c xfrm: fix xfrm_dev_event() missing when compile without CONFIG_XFRM_OFFLOAD 2017-06-07 08:16:27 +02:00
xfrm_hash.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
xfrm_hash.h xfrm: use "unsigned int" in __xfrm6_pref_hash() 2017-03-24 07:03:12 +01:00
xfrm_input.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-04 13:48:30 -05:00
xfrm_output.c xfrm: Add encapsulation header offsets while SKB is not encrypted 2017-04-14 10:07:39 +02:00
xfrm_policy.c xfrm: move xfrm_garbage_collect out of xfrm_policy_flush 2017-06-12 11:51:21 +02:00
xfrm_proc.c proc: Reduce cache miss in xfrm_statistics_seq_show 2016-09-30 01:50:45 -04:00
xfrm_replay.c xfrm: Add xfrm_replay_overflow functions for offloading 2017-04-14 10:07:01 +02:00
xfrm_state.c xfrm: fix state migration copy replay sequence numbers 2017-05-19 12:49:13 +02:00
xfrm_sysctl.c net: xfrm: Change u32 sysctl entries to use proc_douintvec 2016-09-07 23:17:53 -07:00
xfrm_user.c xfrm: move xfrm_garbage_collect out of xfrm_policy_flush 2017-06-12 11:51:21 +02:00