Re: [PATCH net] net: xfrm: don't double-hold dst when sk_policy in use.

Wed, 23 Aug 2017 10:01:23 -0700 

> While removing dst_entry garbage collection, commit 52df157f17e5
> ("xfrm: take refcnt of dst when creating struct xfrm_dst bundle")
> changed xfrm_resolve_and_create_bundle so it returns an xdst with
> a refcount of 1 instead of 0.
>
> However, it did not delete the dst_hold performed by xfrm_lookup
> when a per-socket policy is in use. This means that when a
> socket policy is in use, dst entries returned by xfrm_lookup have
> a refcount of 2, and are not freed when no longer in use.
>
> Cc: Wei Wang <wei...@google.com>
> Fixes: 52df157f17 ("xfrm: take refcnt of dst when creating struct xfrm_dst 
> bundle")
> Tested: https://android-review.googlesource.com/417481
> Tested: https://android-review.googlesource.com/418659
> Tested: https://android-review.googlesource.com/424463
> Tested: https://android-review.googlesource.com/452776 passes on net-next
> Signed-off-by: Lorenzo Colitti <lore...@google.com>

Thanks for the fix.

Acked-by: Wei Wang <wei...@google.com>


On Wed, Aug 23, 2017 at 1:14 AM, Lorenzo Colitti <lore...@google.com> wrote:
> While removing dst_entry garbage collection, commit 52df157f17e5
> ("xfrm: take refcnt of dst when creating struct xfrm_dst bundle")
> changed xfrm_resolve_and_create_bundle so it returns an xdst with
> a refcount of 1 instead of 0.
>
> However, it did not delete the dst_hold performed by xfrm_lookup
> when a per-socket policy is in use. This means that when a
> socket policy is in use, dst entries returned by xfrm_lookup have
> a refcount of 2, and are not freed when no longer in use.
>
> Cc: Wei Wang <wei...@google.com>
> Fixes: 52df157f17 ("xfrm: take refcnt of dst when creating struct xfrm_dst 
> bundle")
> Tested: https://android-review.googlesource.com/417481
> Tested: https://android-review.googlesource.com/418659
> Tested: https://android-review.googlesource.com/424463
> Tested: https://android-review.googlesource.com/452776 passes on net-next
> Signed-off-by: Lorenzo Colitti <lore...@google.com>
> ---
>  net/xfrm/xfrm_policy.c | 1 -
>  1 file changed, 1 deletion(-)
>
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index 6f5a0dad50..69b16ee327 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -2226,7 +2226,6 @@ struct dst_entry *xfrm_lookup(struct net *net, struct 
> dst_entry *dst_orig,
>                                 goto no_transform;
>                         }
>
> -                       dst_hold(&xdst->u.dst);
>                         route = xdst->route;
>                 }
>         }
> --
> 2.14.1.480.gb18f417b89-goog
>

Reply via email to