• Frederic Weisbecker's avatar
    xfrm: Fix RCU vs hash_resize_mutex lock inversion · 2580d3f4
    Frederic Weisbecker authored
    xfrm_bydst_resize() calls synchronize_rcu() while holding
    hash_resize_mutex. But then on PREEMPT_RT configurations,
    xfrm_policy_lookup_bytype() may acquire that mutex while running in an
    RCU read side critical section. This results in a deadlock.
    
    In fact the scope of hash_resize_mutex is way beyond the purpose of
    xfrm_policy_lookup_bytype() to just fetch a coherent and stable policy
    for a given destination/direction, along with other details.
    
    The lower level net->xfrm.xfrm_policy_lock, which among other things
    protects per destination/direction references to policy entries, is
    enough to serialize and benefit from priority inheritance against the
    write side. As a bonus, it makes it officially a per network namespace
    synchronization business where a policy table resize on namespace A
    shouldn't block a policy lookup on namespace B.
    
    Fixes: 77cc278f (xfrm: policy: Use sequence counters with associated lock)
    Cc: stable@vger.kernel.org
    Cc: Ahmed S. Darwish <a.darwish@linutronix.de>
    Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
    Cc: Varad Gautam <varad.gautam@suse.com>
    Cc: Steffen Klassert <steffen.klassert@secunet.com>
    Cc: Herbert Xu <herbert@gondor.apana.org.au>
    Cc: David S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarFrederic Weisbecker <frederic@kernel.org>
    Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
    2580d3f4
xfrm_policy.c 105 KB