From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Steffen Klassert <steffen.klassert@secunet.com>,
<netdev@vger.kernel.org>
Subject: [PATCH 05/10] xfrm: policy: fix reinsertion on node merge
Date: Fri, 25 Jan 2019 08:44:21 +0100 [thread overview]
Message-ID: <20190125074426.31053-6-steffen.klassert@secunet.com> (raw)
In-Reply-To: <20190125074426.31053-1-steffen.klassert@secunet.com>
From: Florian Westphal <fw@strlen.de>
"newpos" has wrong scope. It must be NULL on each iteration of the loop.
Otherwise, when policy is to be inserted at the start, we would instead
insert at point found by the previous loop-iteration instead.
Also, we need to unlink the policy before we reinsert it to the new node,
else we can get next-points-to-self loops.
Because policies are only ordered by priority it is irrelevant which policy
is "more recent" except when two policies have same priority.
(the more recent one is placed after the older one).
In these cases, we can use the ->pos id number to know which one is the
'older': the higher the id, the more recent the policy.
So we only need to unlink all policies from the node that is about to be
removed, and insert them to the replacement node.
Fixes: 9cf545ebd591da ("xfrm: policy: store inexact policies in a tree ordered by destination address")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_policy.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 24dfd1e47cf0..e691683223ee 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -823,13 +823,13 @@ static void xfrm_policy_inexact_list_reinsert(struct net *net,
u16 family)
{
unsigned int matched_s, matched_d;
- struct hlist_node *newpos = NULL;
struct xfrm_policy *policy, *p;
matched_s = 0;
matched_d = 0;
list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {
+ struct hlist_node *newpos = NULL;
bool matches_s, matches_d;
if (!policy->bydst_reinsert)
@@ -839,7 +839,10 @@ static void xfrm_policy_inexact_list_reinsert(struct net *net,
policy->bydst_reinsert = false;
hlist_for_each_entry(p, &n->hhead, bydst) {
- if (policy->priority >= p->priority)
+ if (policy->priority > p->priority)
+ newpos = &p->bydst;
+ else if (policy->priority == p->priority &&
+ policy->pos > p->pos)
newpos = &p->bydst;
else
break;
@@ -955,12 +958,11 @@ static void xfrm_policy_inexact_node_merge(struct net *net,
family);
}
- hlist_for_each_entry(tmp, &v->hhead, bydst)
- tmp->bydst_reinsert = true;
- hlist_for_each_entry(tmp, &n->hhead, bydst)
+ hlist_for_each_entry(tmp, &v->hhead, bydst) {
tmp->bydst_reinsert = true;
+ hlist_del_rcu(&tmp->bydst);
+ }
- INIT_HLIST_HEAD(&n->hhead);
xfrm_policy_inexact_list_reinsert(net, n, family);
}
--
2.17.1
next prev parent reply other threads:[~2019-01-25 7:44 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-25 7:44 pull request (net): ipsec 2019-01-25 Steffen Klassert
2019-01-25 7:44 ` [PATCH 01/10] selftests: xfrm: add block rules with adjacent/overlapping subnets Steffen Klassert
2019-01-25 7:44 ` [PATCH 02/10] xfrm: policy: use hlist rcu variants on inexact insert, part 2 Steffen Klassert
2019-01-25 7:44 ` [PATCH 03/10] xfrm: policy: increment xfrm_hash_generation on hash rebuild Steffen Klassert
2019-01-25 7:44 ` [PATCH 04/10] xfrm: policy: delete inexact policies from inexact list " Steffen Klassert
2019-01-25 7:44 ` Steffen Klassert [this message]
2019-01-25 7:44 ` [PATCH 06/10] selftests: xfrm: alter htresh to trigger move of policies to hash table Steffen Klassert
2019-01-25 7:44 ` [PATCH 07/10] xfrm: policy: fix infinite loop when merging src-nodes Steffen Klassert
2019-01-25 7:44 ` [PATCH 08/10] vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel Steffen Klassert
2019-01-25 7:44 ` [PATCH 09/10] xfrm: refine validation of template and selector families Steffen Klassert
2019-01-25 7:44 ` [PATCH 10/10] xfrm: Make set-mark default behavior backward compatible Steffen Klassert
2019-01-27 18:32 ` pull request (net): ipsec 2019-01-25 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190125074426.31053-6-steffen.klassert@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.