Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp141875ybg; Tue, 22 Oct 2019 17:38:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqzdptjGIlFpIjB08CGq53RC8nShgMlUW+wqqwPNR8b61hbwhng6zBGlT6stCrwnoYAIjQx1 X-Received: by 2002:a17:906:5f8d:: with SMTP id a13mr19797699eju.11.1571791110478; Tue, 22 Oct 2019 17:38:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571791110; cv=none; d=google.com; s=arc-20160816; b=mgoXfDZcLM0ZXw7uhV+NwChwlFa6zupjwQE/omRYP7UbSywfrOX+PD46Mkzx1l//Gn hm8M5D+zsuF+kzkLtIsSocsyMO48Y8oBh1Nhd93FKuFckF+nV6aV74s72JH1mDNZPfXK YKaeeFaON9JYs9nY+NIbdILlkw9zOMo3rtWSH3BhTGrARPHoiMd0Y2v9vGHwHL+HXqsJ 0xuVU2dMrkoz2NRIWOKVjPqFabsMzuiXPUarnnLlCLz1WjvzJ5uJzcqf9NwCXd1tgBxg xodmToAtSkhargxeseJ939rCEE3x98KKhaQMhIggZ/THHig3R0AR5Hr8HdN6pd10vXUK 2cvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:to:subject :message-id:date:from:mime-version:dkim-signature; bh=BRtNNhXUxGj/iKOpVn/NIU4B21BikmHUzRYNqGSNsWA=; b=T2BNcOs9/8dfTht0Cf/kTX/61M5K6ZWqK8uBQDZw/r4vBhV1Owa7frK0PxQSeF/el8 D6FnK1VkcnA5zbbcM5lsVDzKAM9bFOOYAFq8xmIXakR8Ki2lE6xFoholY4r1sY+GGJkh StsGIjegEcMVy2bM12Z2sfMwD5ZPsn5roK5sYLmfld/IRQ53mvXQ/6mEcZuJtFeXZ2vk 5tLZB6+Dxo6g8e8YR8Do6XspyDIMUeZx77gevhDNb0kmKkOEKYprxsHPsceDaoebVzKy LbIJEOr5FoVsaIsUpSg/oFUcU76pDJWvcZhLN2a/0DLcI7Y1QQ4WFe9XbILsbu6anQlM cGmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FetI7HPE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o32si14272867edb.63.2019.10.22.17.38.07; Tue, 22 Oct 2019 17:38:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FetI7HPE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733052AbfJWAWS (ORCPT + 99 others); Tue, 22 Oct 2019 20:22:18 -0400 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:46569 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732704AbfJWAWS (ORCPT ); Tue, 22 Oct 2019 20:22:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1571790137; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BRtNNhXUxGj/iKOpVn/NIU4B21BikmHUzRYNqGSNsWA=; b=FetI7HPExsWO2dNfy3mGlUddt/L+vGzUdnFZJOBb4LiUqqxvhHV/zFJtBspYKWODKHcL7+ SfHDNu/ETgCJZiwYJm+e/HkRFD/JcTiw/Q5MrDuOt1qOtVymBCwl2ryXM/3gD7qfsgbUzP PG47OjGiclfEaqycaXO9ZKIBLC6ROlY= Received: from mail-yw1-f70.google.com (mail-yw1-f70.google.com [209.85.161.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-326-1-ab-zEnPuifrwmwRQWsAg-1; Tue, 22 Oct 2019 20:22:15 -0400 Received: by mail-yw1-f70.google.com with SMTP id y131so2105883ywc.11 for ; Tue, 22 Oct 2019 17:22:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+IXJWBytrC/xK/Bmd9e8MMpXuNGH/WR5SvJe1bLIZuI=; b=fOTERJhWT3H7ncHiGOwO0iZotk/daeD/+sXXhE5gGZ5vhfOwj76ZhWKmtSYMrYEpNf W3UFmcMan8cddSDijYiH4zgQB4f5/quRb1qhNc74mNBfcqB8bgo5gv8nlWVQnS2uNIFh 4tW4cFAw/ut0xliW+Gnbtt3kHD+oEIvsYITAlwsUkpydIp9zzqUHN0hBd8W2SvrtIoBr lpaXyiyXkQu09eH13JmK6Z7OVlpp54FApX5WVlBW7bG51nBkrY+F2FPRnZ0UX6SrZhMR wQpSoumOFGe6WzagDd5RnugZRe4VAbrT0uxpEGsJaMXhCMIBqQVKaUxxtMywINTOdNP7 ZP5w== X-Gm-Message-State: APjAAAWzsM+J0n2ZV+FWD6PEqKJaXaNkWpKqAbujTqFSIBixiW4rTpY0 HTVzy0k/JwBG+BBICvuBjnagOgS27swxOtf3f9QHXo2RJ9MuHKZDWoQDzfIq+Oc/U55onkBhtdY fzAMIpcRPmq7+n98smTTA+jf0Q5CD4Q7htbjhygYB X-Received: by 2002:a25:b6ca:: with SMTP id f10mr4835419ybm.376.1571790135333; Tue, 22 Oct 2019 17:22:15 -0700 (PDT) X-Received: by 2002:a25:b6ca:: with SMTP id f10mr4835396ybm.376.1571790134960; Tue, 22 Oct 2019 17:22:14 -0700 (PDT) MIME-Version: 1.0 From: Tom Rix Date: Tue, 22 Oct 2019 17:22:04 -0700 Message-ID: Subject: [PATCH v2 1/1] xfrm : lock input tasklet skb queue To: Steffen Klassert , herbert@gondor.apana.org.au, davem@davemloft.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Joerg Vehlow X-MC-Unique: 1-ab-zEnPuifrwmwRQWsAg-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On PREEMPT_RT_FULL while running netperf, a corruption of the skb queue causes an oops. This appears to be caused by a race condition here __skb_queue_tail(&trans->queue, skb); tasklet_schedule(&trans->tasklet); Where the queue is changed before the tasklet is locked by tasklet_schedule. The fix is to use the skb queue lock. This is the original work of Joerg Vehlow https://lkml.org/lkml/2019/9/9/111 xfrm_input: Protect queue with lock During the skb_queue_splice_init the tasklet could have been preempted and __skb_queue_tail called, which led to an inconsistent queue. ifdefs for CONFIG_PREEMPT_RT_FULL added to reduce runtime effects on the normal kernel. Signed-off-by: Tom Rix --- net/xfrm/xfrm_input.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 9b599ed66d97..decd515f84cf 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -755,13 +755,21 @@ EXPORT_SYMBOL(xfrm_input_resume); static void xfrm_trans_reinject(unsigned long data) { +#ifdef CONFIG_PREEMPT_RT_FULL + unsigned long flags; +#endif struct xfrm_trans_tasklet *trans =3D (void *)data; struct sk_buff_head queue; struct sk_buff *skb; __skb_queue_head_init(&queue); +#ifdef CONFIG_PREEMPT_RT_FULL + spin_lock_irqsave(&trans->queue.lock, flags); +#endif skb_queue_splice_init(&trans->queue, &queue); - +#ifdef CONFIG_PREEMPT_RT_FULL + spin_unlock_irqrestore(&trans->queue.lock, flags); +#endif while ((skb =3D __skb_dequeue(&queue))) XFRM_TRANS_SKB_CB(skb)->finish(dev_net(skb->dev), NULL, skb); } @@ -778,7 +786,11 @@ int xfrm_trans_queue(struct sk_buff *skb, return -ENOBUFS; XFRM_TRANS_SKB_CB(skb)->finish =3D finish; +#ifdef CONFIG_PREEMPT_RT_FULL + skb_queue_tail(&trans->queue, skb); +#else __skb_queue_tail(&trans->queue, skb); +#endif tasklet_schedule(&trans->tasklet); return 0; } @@ -798,7 +810,11 @@ void __init xfrm_input_init(void) struct xfrm_trans_tasklet *trans; trans =3D &per_cpu(xfrm_trans_tasklet, i); +#ifdef CONFIG_PREEMPT_RT_FULL + skb_queue_head_init(&trans->queue); +#else __skb_queue_head_init(&trans->queue); +#endif tasklet_init(&trans->tasklet, xfrm_trans_reinject, (unsigned long)trans); } --=20 2.23.0