Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752845AbeADLUb (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Thu, 4 Jan 2018 06:20:31 -0500
Received: from mx1.redhat.com ([209.132.183.28]:58718 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752159AbeADLU3 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 4 Jan 2018 06:20:29 -0500
Date: Thu, 4 Jan 2018 12:20:26 +0100
From: Artem Savkov <asavkov@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] xfrm: init skb_head lock for transport-mode packets
Message-ID: <20180104112026.436rgqaeokcden4r@shodan.usersys.redhat.com>
References: <20180104103628.9461-1-asavkov@redhat.com>
 <20180104110132.GA6256@gondor.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20180104110132.GA6256@gondor.apana.org.au>
User-Agent: NeoMutt/20161126 (1.7.1)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 04 Jan 2018 11:20:27 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Thu, Jan 04, 2018 at 10:01:32PM +1100, Herbert Xu wrote:
> On Thu, Jan 04, 2018 at 11:36:28AM +0100, Artem Savkov wrote:
> > Commit acf568ee859f "xfrm: Reinject transport-mode packets through tasklet"
> > adds an sk_buff_head queue, but never initializes trans->queue.lock, which
> > results in a "spinlock bad magic" BUG on skb_queue_tail() call in
> > xfrm_trans_queue.
> > Use skb_queue_head_init() instead of __skb_queue_head_init() to properly
> > initialize said lock.
> > 
> > Signed-off-by: Artem Savkov <asavkov@redhat.com>
> 
> Thanks for catching this.  But we don't need the lock as this
> is meant to be per-CPU only.  So we should remove the locking
> instead:

Right, thats a better solution.

Reported-and-tested-by: Artem Savkov <asavkov@redhat.com>

Thank you.

> ---8<---
> xfrm: Use __skb_queue_tail in xfrm_trans_queue
> 
> We do not need locking in xfrm_trans_queue because it is designed
> to use per-CPU buffers.  However, the original code incorrectly
> used skb_queue_tail which takes the lock.  This patch switches
> it to __skb_queue_tail instead.
> 
> Reported-by: Artem Savkov <asavkov@redhat.com>
> Fixes: acf568ee859f ("xfrm: Reinject transport-mode packets...")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
> index 098f47a..1eb0bba 100644
> --- a/net/xfrm/xfrm_input.c
> +++ b/net/xfrm/xfrm_input.c
> @@ -511,7 +511,7 @@ int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb,
>  
>  	XFRM_TRANS_SKB_CB(skb)->finish = finish;
>  	XFRM_TRANS_SKB_CB(skb)->net = net;
> -	skb_queue_tail(&trans->queue, skb);
> +	__skb_queue_tail(&trans->queue, skb);
>  	tasklet_schedule(&trans->tasklet);
>  	return 0;
>  }

-- 
Regards,
  Artem