On Wed, May 16, 2018 at 11:43:06AM -0700, Alistair Strachan wrote:
From: Herbert Xu herbert@gondor.apana.org.au
commit d16b46e4fd8bc6063624605f25b8c0835bb1fbe3 upstream.
From: Herbert Xu herbert@gondor.apana.org.au
We do not need locking in xfrm_trans_queue because it is designed to use per-CPU buffers. However, the original code incorrectly used skb_queue_tail which takes the lock. This patch switches it to __skb_queue_tail instead.
Fixes the following stack trace seen when testing ipsec:
BUG: spinlock bad magic on CPU#1, xfrm_algorithm_/945 lock: 0xffff8fb3dfd1fe78, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PID: 945 Comm: xfrm_algorithm_ Not tainted 4.14.40-00047-g99a610f9568b #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: dump_stack+0xa1/0xd0 ? spin_bug+0x99/0xb0 do_raw_spin_lock+0x5c/0x90 _raw_spin_lock_irqsave+0x33/0x60 skb_queue_tail+0x17/0x40 ? xfrm4_rcv+0x40/0x40 xfrm_trans_queue+0x5c/0xa0 ? nf_hook_slow+0x3d/0xb0 xfrm4_transport_finish+0x1a1/0x1d0 ? xfrm4_transport_finish+0x1d0/0x1d0 xfrm_input+0x7f4/0x920 xfrm4_esp_rcv+0x2e/0x60 ip_local_deliver_finish+0x140/0x210 ip_local_deliver+0xc7/0xf0 ? ip_local_deliver+0xf0/0xf0 ip_rcv+0x2f9/0x410 ? ip_rcv+0x410/0x410 __netif_receive_skb_core+0x927/0xa50 netif_receive_skb_internal+0xef/0x190 ? __skb_get_hash_symmetric+0xbc/0x110 netif_receive_skb+0x90/0xc0 tun_get_user+0xd30/0xfc0 tun_chr_write_iter+0x5a/0x80 __vfs_write+0x10c/0x150 vfs_write+0xdf/0x190 SyS_write+0x4c/0xb0 do_syscall_64+0x59/0x70 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
Reported-and-tested-by: Artem Savkov asavkov@redhat.com Fixes: e095ecaec6d9 ("xfrm: Reinject transport-mode packets...") Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Steffen Klassert steffen.klassert@secunet.com Cc: stable@vger.kernel.org Cc: kernel-team@android.com Signed-off-by: Alistair Strachan astrachan@google.com
net/xfrm/xfrm_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks, now queued up.
greg k-h