xfrm: policy: only use rcu in xfrm_sk_policy_lookup
Don't acquire the readlock anymore and rely on rcu alone. In case writer on other CPU changed policy at the wrong moment (after we obtained sk policy pointer but before we could obtain the reference) just repeat the lookup. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
parent
a7c44247f7
commit
ae33786f73
|
@ -1249,10 +1249,9 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
|
||||||
const struct flowi *fl)
|
const struct flowi *fl)
|
||||||
{
|
{
|
||||||
struct xfrm_policy *pol;
|
struct xfrm_policy *pol;
|
||||||
struct net *net = sock_net(sk);
|
|
||||||
|
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
read_lock_bh(&net->xfrm.xfrm_policy_lock);
|
again:
|
||||||
pol = rcu_dereference(sk->sk_policy[dir]);
|
pol = rcu_dereference(sk->sk_policy[dir]);
|
||||||
if (pol != NULL) {
|
if (pol != NULL) {
|
||||||
bool match = xfrm_selector_match(&pol->selector, fl,
|
bool match = xfrm_selector_match(&pol->selector, fl,
|
||||||
|
@ -1267,8 +1266,8 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
|
||||||
err = security_xfrm_policy_lookup(pol->security,
|
err = security_xfrm_policy_lookup(pol->security,
|
||||||
fl->flowi_secid,
|
fl->flowi_secid,
|
||||||
policy_to_flow_dir(dir));
|
policy_to_flow_dir(dir));
|
||||||
if (!err)
|
if (!err && !xfrm_pol_hold_rcu(pol))
|
||||||
xfrm_pol_hold(pol);
|
goto again;
|
||||||
else if (err == -ESRCH)
|
else if (err == -ESRCH)
|
||||||
pol = NULL;
|
pol = NULL;
|
||||||
else
|
else
|
||||||
|
@ -1277,7 +1276,6 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
|
||||||
pol = NULL;
|
pol = NULL;
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
read_unlock_bh(&net->xfrm.xfrm_policy_lock);
|
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
return pol;
|
return pol;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue