git.baikalelectronics.ru Git - kernel.git/commit

net: xfrm: Localize sequence counter per network namespace

A sequence counter write section must be serialized or its internal
state can get corrupted. The "xfrm_state_hash_generation" seqcount is
global, but its write serialization lock (net->xfrm.xfrm_state_lock) is
instantiated per network namespace. The write protection is thus
insufficient.

To provide full protection, localize the sequence counter per network
namespace instead. This should be safe as both the seqcount read and
write sections access data exclusively within the network namespace. It
also lays the foundation for transforming "xfrm_state_hash_generation"
data type from seqcount_t to seqcount_LOCKNAME_t in further commits.

Fixes: 71bed809bd2e ("xfrm: state: add sequence count to detect hash resizes")
Signed-off-by: Ahmed S. Darwish <a.darwish@linutronix.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

author	Ahmed S. Darwish <a.darwish@linutronix.de>
	Tue, 16 Mar 2021 10:56:29 +0000 (11:56 +0100)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Mon, 22 Mar 2021 06:35:42 +0000 (07:35 +0100)
commit	5aadac6e7b2f89425dc9c05b4ea4b56e303b735f
tree	1fac4eca5c1dd13969ea43793af3d92ce98e3031	tree \| snapshot
parent	8bee6c2ee9a6959f528fd7abe99ff6661914843b	commit \| diff

include/net/netns/xfrm.h		diff \| blob \| history
net/xfrm/xfrm_state.c		diff \| blob \| history