On Wed, Jun 30, 2021 at 08:57:53AM +0200, Steffen Klassert wrote:
On Mon, Jun 28, 2021 at 03:34:28PM +0200, Frederic Weisbecker wrote:
xfrm_bydst_resize() calls synchronize_rcu() while holding hash_resize_mutex. But then on PREEMPT_RT configurations, xfrm_policy_lookup_bytype() may acquire that mutex while running in an RCU read side critical section. This results in a deadlock.
In fact the scope of hash_resize_mutex is way beyond the purpose of xfrm_policy_lookup_bytype() to just fetch a coherent and stable policy for a given destination/direction, along with other details.
The lower level net->xfrm.xfrm_policy_lock, which among other things protects per destination/direction references to policy entries, is enough to serialize and benefit from priority inheritance against the write side. As a bonus, it makes it officially a per network namespace synchronization business where a policy table resize on namespace A shouldn't block a policy lookup on namespace B.
Fixes: 77cc278f7b20 (xfrm: policy: Use sequence counters with associated lock) Cc: stable@vger.kernel.org Cc: Ahmed S. Darwish a.darwish@linutronix.de Cc: Peter Zijlstra (Intel) peterz@infradead.org Cc: Varad Gautam varad.gautam@suse.com Cc: Steffen Klassert steffen.klassert@secunet.com Cc: Herbert Xu herbert@gondor.apana.org.au Cc: David S. Miller davem@davemloft.net Signed-off-by: Frederic Weisbecker frederic@kernel.org
Your patch has a conflicht with ("commit d7b0408934c7 xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype") from Varad. Can you please rebase onto the ipsec tree?
This patch is now applied to the ipsec tree (on top of the revert of commit d7b0408934c7).
Thanks everyone!