Received: by 10.223.185.116 with SMTP id b49csp1042013wrg;
        Fri, 23 Feb 2018 10:51:47 -0800 (PST)
X-Google-Smtp-Source: AH8x2270pD1u4XKI6NNuxjOHJeuKPojwB2UkQYTdteFirPa5JNtRqLZ9oc3l+j3gTn1Gjc4N5fel
X-Received: by 10.98.10.65 with SMTP id s62mr2669836pfi.234.1519411907457;
        Fri, 23 Feb 2018 10:51:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519411907; cv=none;
        d=google.com; s=arc-20160816;
        b=fNoOxE61uDmwchTHtQY6XSWvrr5hn7Y8F56pwhKwXSE5QKaVl5kN+VgxmxA+IH7FbE
         zs9RKc64A0ysEuxOHZhOIhQ84V7wDz6l0wpXJLU3poUUmpcSwhv2O2TG19TF4xE6PJIR
         RKnkDZjENMTCWoazKCIyKyVHpfV53MzW1mrlk5Wi7nWgpKcf2vMJPXuiXS4r2NVfiAYM
         VkeEAWL+eIYg5jzcqk9bDyutOXvrIkLzrd2DF8hWidsdCKjE6aQSRmsTO6fRHyFYgz9a
         8QdWwgVh//jfuek0rszxY6NwkGIkuJcG+WNJWsZEz57T2oNS8Z8q1NvjhuMTKbILzElP
         18zw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=OXLJB2jUIh2owRri2iMgtZp6v8uvNOpO9y0JT58Mcts=;
        b=QjTLokY0GfBQVCCumlSiqZwXRbgN9TIourqsHnMsHpV2/Y4+WzwSe3+5hHxX7nI4D8
         XKgAgcMUwB4tAtjCLyH8w7YpdEUg9MpUj3doc5Z9m2ZVOnLhELfbpZ99MdVenpdpnCMV
         qRDE+Qp1nKK+zRQN+PDnmhm8sMqciZGp1gjTQyDDIuoEJ3csQjESdgOoRcYSFDb6NfYg
         fl7P8HSOqiPYO7NLqD6cu4QNz6FhMi3yUgH3Spv3Yfd+DIwqn163Kjh6DiDnjrDIIvhS
         7tr3ZJFsrTF3qdvaD63UsilJlD6B90MWJ8lb/bTelgw9b3pEwgdJsIMnY8+9o5Tx7KMD
         FgyQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l14si1818764pgc.615.2018.02.23.10.51.33;
        Fri, 23 Feb 2018 10:51:47 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S934856AbeBWSuz (ORCPT <rfc822;daisukeokaopensource@gmail.com>
        + 99 others); Fri, 23 Feb 2018 13:50:55 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:45816 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S934306AbeBWSuu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Feb 2018 13:50:50 -0500
Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id C7E3212E8;
        Fri, 23 Feb 2018 18:50:49 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        syzbot+e149f7d1328c26f9c12f@syzkaller.appspotmail.com,
        Florian Westphal <fw@strlen.de>,
        Steffen Klassert <steffen.klassert@secunet.com>
Subject: [PATCH 4.14 009/159] xfrm: dont call xfrm_policy_cache_flush while holding spinlock
Date:   Fri, 23 Feb 2018 19:25:17 +0100
Message-Id: <20180223170744.323363188@linuxfoundation.org>
X-Mailer: git-send-email 2.16.2
In-Reply-To: <20180223170743.086611315@linuxfoundation.org>
References: <20180223170743.086611315@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Florian Westphal <fw@strlen.de>

commit b1bdcb59b64f806ef08d25a85c39ffb3ad841ce6 upstream.

xfrm_policy_cache_flush can sleep, so it cannot be called while holding
a spinlock.  We could release the lock first, but I don't see why we need
to invoke this function here in first place, the packet path won't reuse
an xdst entry unless its still valid.

While at it, add an annotation to xfrm_policy_cache_flush, it would
have probably caught this bug sooner.

Fixes: ec30d78c14a813 ("xfrm: add xdst pcpu cache")
Reported-by: syzbot+e149f7d1328c26f9c12f@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/xfrm/xfrm_policy.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -975,8 +975,6 @@ int xfrm_policy_flush(struct net *net, u
 	}
 	if (!cnt)
 		err = -ESRCH;
-	else
-		xfrm_policy_cache_flush();
 out:
 	spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
 	return err;
@@ -1738,6 +1736,8 @@ void xfrm_policy_cache_flush(void)
 	bool found = 0;
 	int cpu;
 
+	might_sleep();
+
 	local_bh_disable();
 	rcu_read_lock();
 	for_each_possible_cpu(cpu) {