Commit ae33786f authored by Florian Westphal's avatar Florian Westphal Committed by Steffen Klassert

xfrm: policy: only use rcu in xfrm_sk_policy_lookup

Don't acquire the readlock anymore and rely on rcu alone.

In case writer on other CPU changed policy at the wrong moment (after we
obtained sk policy pointer but before we could obtain the reference)
just repeat the lookup.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent a7c44247
...@@ -1249,10 +1249,9 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, ...@@ -1249,10 +1249,9 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
const struct flowi *fl) const struct flowi *fl)
{ {
struct xfrm_policy *pol; struct xfrm_policy *pol;
struct net *net = sock_net(sk);
rcu_read_lock(); rcu_read_lock();
read_lock_bh(&net->xfrm.xfrm_policy_lock); again:
pol = rcu_dereference(sk->sk_policy[dir]); pol = rcu_dereference(sk->sk_policy[dir]);
if (pol != NULL) { if (pol != NULL) {
bool match = xfrm_selector_match(&pol->selector, fl, bool match = xfrm_selector_match(&pol->selector, fl,
...@@ -1267,8 +1266,8 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, ...@@ -1267,8 +1266,8 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
err = security_xfrm_policy_lookup(pol->security, err = security_xfrm_policy_lookup(pol->security,
fl->flowi_secid, fl->flowi_secid,
policy_to_flow_dir(dir)); policy_to_flow_dir(dir));
if (!err) if (!err && !xfrm_pol_hold_rcu(pol))
xfrm_pol_hold(pol); goto again;
else if (err == -ESRCH) else if (err == -ESRCH)
pol = NULL; pol = NULL;
else else
...@@ -1277,7 +1276,6 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, ...@@ -1277,7 +1276,6 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
pol = NULL; pol = NULL;
} }
out: out:
read_unlock_bh(&net->xfrm.xfrm_policy_lock);
rcu_read_unlock(); rcu_read_unlock();
return pol; return pol;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment