Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp4817420ybe; Mon, 9 Sep 2019 15:19:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqxVsv7ouk+UKj5GO7w0dNurdB9q40AFJOTttBBnFhc4/InvTirL8MV9FJqkdichgUiPWzhd X-Received: by 2002:a17:906:b808:: with SMTP id dv8mr12253037ejb.119.1568067568523; Mon, 09 Sep 2019 15:19:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568067568; cv=none; d=google.com; s=arc-20160816; b=eFzASWKgeImBZWCDAMBBznPOIoQ4LGoEfa6RFnoANm1Ze2nkyDISAJPUKGNzcpPAsb 4PIGejOHiJH9DbloqgXsJkyBy6MrSQAKxtLmJ6bpZY49Lq+iLIG9UNJ77RMBMChoKcnr oAZPE0YLRKe8TFJJYyUu7gmBgQJe39VQ885NcZQumJG/TUoKE6K/3Dfs3zL+XtEtBviN 1Rn5gDkTaqNJch8yiSSrH7U+JA/nQiYHYDDMV5VPhaPn4WUFJcelDT3ObrQwJSBSOlRk IUsEKaYgpA6GcebcMuHoecgK7WHOh/zxhYnsjCx//96hEWVnpdxrZK1zInT6AlR+WJTh f+HA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=zY/1ofIhpVZLmVanmMvgSnDnQqqIxXY/7E9pjv3hfJo=; b=DfdcsWzJlc3XhQZpPjWlYlBr+jdISPw5/dGsigAE8VfQx9F0mIgLElF3fY6Cy77uY2 UO7Chr7mmFwkLw0I/IhhLaoQOgLTmlCL21Ekn06sGV1dZOLitalbJaFDJCS63QskRigf m6IFCoBbtftntLZB6+7+yRdCFs11Pj5x/+RRMmjSHFjI3bMzRl5MZcTFBC1a1kXdUUwK UyW1MCMzEZQUJAUQD0LABgXm4F2t9VK8b/ru0R5P8ElmnTMcxSZMl67hI3iLN1FQuV62 0EiNOAtRprMVDCDEch/8TOQJi5kzPq+wnC5h7DZoDGvAoQDrmUHolw9gVVD2ShoxPuUp sQqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@jv-coder.de header.s=dkim header.b=NChUk80k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f13si8174150ejf.174.2019.09.09.15.19.03; Mon, 09 Sep 2019 15:19:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@jv-coder.de header.s=dkim header.b=NChUk80k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389338AbfIIIhr (ORCPT + 99 others); Mon, 9 Sep 2019 04:37:47 -0400 Received: from mail.jv-coder.de ([5.9.79.73]:47070 "EHLO mail.jv-coder.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727003AbfIIIhr (ORCPT ); Mon, 9 Sep 2019 04:37:47 -0400 Received: from ubuntu.localdomain (unknown [37.156.92.209]) by mail.jv-coder.de (Postfix) with ESMTPSA id BD6AD9F681; Mon, 9 Sep 2019 08:37:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jv-coder.de; s=dkim; t=1568018264; bh=zY/1ofIhpVZLmVanmMvgSnDnQqqIxXY/7E9pjv3hfJo=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=NChUk80kjL96BsB0SP6L3oETn7wowCoPj3o1BojqTW7E1ZJXd8y1Ga/IdI29mF6tZ u5cCsyCN5v20qLBa2gZBkVavc71YBXxJcYMoKhmc3og8HsfuthgjPFKrWB2huuHUf5 04U2aZKP1+tEnCLe1+Aph97GQ43Y4vdVnmR3cTjU= From: Joerg Vehlow To: linux-kernel@vger.kernel.org, joerg.vehlow@aox-tech.de Cc: Sebastian Andrzej Siewior , Thomas Gleixner , Steven Rostedt Subject: [PATCH] xfrm_input: Protect queue with lock Date: Mon, 9 Sep 2019 10:37:00 +0200 Message-Id: <20190909083700.63579-1-lkml@jv-coder.de> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,RDNS_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.jv-coder.de Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Vehlow During the skb_queue_splice_init the tasklet could have been preempted and __skb_queue_tail called, which led to an inconsistent queue. Signed-off-by: Joerg Vehlow --- net/xfrm/xfrm_input.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 790b514f86b6..4c4e669fcd16 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -512,12 +512,15 @@ EXPORT_SYMBOL(xfrm_input_resume); static void xfrm_trans_reinject(unsigned long data) { + unsigned long flags; struct xfrm_trans_tasklet *trans = (void *)data; struct sk_buff_head queue; struct sk_buff *skb; __skb_queue_head_init(&queue); + spin_lock_irqsave(&trans->queue.lock, flags); skb_queue_splice_init(&trans->queue, &queue); + spin_unlock_irqrestore(&trans->queue.lock, flags); while ((skb = __skb_dequeue(&queue))) XFRM_TRANS_SKB_CB(skb)->finish(dev_net(skb->dev), NULL, skb); @@ -535,7 +538,7 @@ int xfrm_trans_queue(struct sk_buff *skb, return -ENOBUFS; XFRM_TRANS_SKB_CB(skb)->finish = finish; - __skb_queue_tail(&trans->queue, skb); + skb_queue_tail(&trans->queue, skb); tasklet_schedule(&trans->tasklet); return 0; } @@ -560,7 +563,7 @@ void __init xfrm_input_init(void) struct xfrm_trans_tasklet *trans; trans = &per_cpu(xfrm_trans_tasklet, i); - __skb_queue_head_init(&trans->queue); + skb_queue_head_init(&trans->queue); tasklet_init(&trans->tasklet, xfrm_trans_reinject, (unsigned long)trans); } -- 2.20.1