Re: [PATCH] xfrm: init skb_head lock for transport-mode packets

[Artem Savkov]

On Thu, Jan 04, 2018 at 10:01:32PM +1100, Herbert Xu wrote:
> On Thu, Jan 04, 2018 at 11:36:28AM +0100, Artem Savkov wrote:
> > Commit acf568ee859f "xfrm: Reinject transport-mode packets through tasklet"
> > adds an sk_buff_head queue, but never initializes trans->queue.lock, which
> > results in a "spinlock bad magic" BUG on skb_queue_tail() call in
> > xfrm_trans_queue.
> > Use skb_queue_head_init() instead of __skb_queue_head_init() to properly
> > initialize said lock.
> > 
> > Signed-off-by: Artem Savkov <asav...@redhat.com>
> 
> Thanks for catching this.  But we don't need the lock as this
> is meant to be per-CPU only.  So we should remove the locking
> instead:

Right, thats a better solution.

Reported-and-tested-by: Artem Savkov <asav...@redhat.com>

Thank you.

> ---8<---
> xfrm: Use __skb_queue_tail in xfrm_trans_queue
> 
> We do not need locking in xfrm_trans_queue because it is designed
> to use per-CPU buffers.  However, the original code incorrectly
> used skb_queue_tail which takes the lock.  This patch switches
> it to __skb_queue_tail instead.
> 
> Reported-by: Artem Savkov <asav...@redhat.com>
> Fixes: acf568ee859f ("xfrm: Reinject transport-mode packets...")
> Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
> 
> diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
> index 098f47a..1eb0bba 100644
> --- a/net/xfrm/xfrm_input.c
> +++ b/net/xfrm/xfrm_input.c
> @@ -511,7 +511,7 @@ int xfrm_trans_queue_net(struct net *net, struct sk_buff 
> *skb,
>  
>       XFRM_TRANS_SKB_CB(skb)->finish = finish;
>       XFRM_TRANS_SKB_CB(skb)->net = net;
> -     skb_queue_tail(&trans->queue, skb);
> +     __skb_queue_tail(&trans->queue, skb);
>       tasklet_schedule(&trans->tasklet);
>       return 0;
>  }

-- 
Regards,
  Artem