xfrm: policy: only use rcu in xfrm_sk_policy_lookup
authorFlorian Westphal <fw@strlen.de>
Thu, 11 Aug 2016 13:17:57 +0000 (15:17 +0200)
committerSteffen Klassert <steffen.klassert@secunet.com>
Fri, 12 Aug 2016 06:07:12 +0000 (08:07 +0200)
Don't acquire the readlock anymore and rely on rcu alone.

In case writer on other CPU changed policy at the wrong moment (after we
obtained sk policy pointer but before we could obtain the reference)
just repeat the lookup.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
net/xfrm/xfrm_policy.c

index 9302647f20a0952b541a2abcbf5c113dabb40657..3d27b9a2fbacbb5c814a2915b527b5104310cdbc 100644 (file)
@@ -1249,10 +1249,9 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
                                                 const struct flowi *fl)
 {
        struct xfrm_policy *pol;
-       struct net *net = sock_net(sk);
 
        rcu_read_lock();
-       read_lock_bh(&net->xfrm.xfrm_policy_lock);
+ again:
        pol = rcu_dereference(sk->sk_policy[dir]);
        if (pol != NULL) {
                bool match = xfrm_selector_match(&pol->selector, fl,
@@ -1267,8 +1266,8 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
                        err = security_xfrm_policy_lookup(pol->security,
                                                      fl->flowi_secid,
                                                      policy_to_flow_dir(dir));
-                       if (!err)
-                               xfrm_pol_hold(pol);
+                       if (!err && !xfrm_pol_hold_rcu(pol))
+                               goto again;
                        else if (err == -ESRCH)
                                pol = NULL;
                        else
@@ -1277,7 +1276,6 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
                        pol = NULL;
        }
 out:
-       read_unlock_bh(&net->xfrm.xfrm_policy_lock);
        rcu_read_unlock();
        return pol;
 }