git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Sun, 6 Aug 2017 08:19:07 +0000 (10:19 +0200)
committer	David S. Miller <davem@davemloft.net>
	Mon, 7 Aug 2017 21:25:39 +0000 (14:25 -0700)
commit	1e16068d209028f5de8390de0d7570309756f594
tree	b41158a5483fceb5d59c40ff282446f1e98d16f8	tree \| snapshot
parent	ce2ab4507ce3bbc3e254f7e65490b8222137221b	commit \| diff

xfrm: check that cached bundle is still valid

Quoting Ilan Tayari:
  1. Set up a host-to-host IPSec tunnel (or transport, doesn't matter)
  2. Ping over IPSec, or do something to populate the pcpu cache
  3. Join a MC group, then leave MC group
  4. Try to ping again using same CPU as before -> traffic
     doesn't egress the machine at all

Ilan debugged the problem down to the fact that one of the path dsts
devices point to lo due to earlier dst_dev_put().
In this case, dst is marked as DEAD and we cannot reuse the bundle.

The cache only asserted that the requested policy and that of the cached
bundle match, but its not enough - also verify the path is still valid.

Fixes: 2e7d8bbbf6914e ("xfrm: add xdst pcpu cache")
Reported-by: Ayham Masood <ayhamm@mellanox.com>
Tested-by: Ilan Tayari <ilant@mellanox.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>