Skip to content

Commit

Permalink
af_key: Do not call xfrm_probe_algs in parallel
Browse files Browse the repository at this point in the history 
When namespace support was added to xfrm/afkey, it caused the
previously single-threaded call to xfrm_probe_algs to become
multi-threaded.  This is buggy and needs to be fixed with a mutex.

Reported-by: Abhishek Shah <abhishek.shah@columbia.edu>
Fixes: 283bc9f ("xfrm: Namespacify xfrm state/policy locks")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
  • Loading branch information
@herbertx @klassert
herbertx authored and klassert committed Aug 5, 2022
1 parent 6aa811a commit ba953a9
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/key/af_key.c
View file
Expand Up @@ -1697,9 +1697,12 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad
pfk->registered |= (1<<hdr->sadb_msg_satype);
}

mutex_lock(&pfkey_mutex);
xfrm_probe_algs();

supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
mutex_unlock(&pfkey_mutex);

if (!supp_skb) {
if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
pfk->registered &= ~(1<<hdr->sadb_msg_satype);
Expand Down

0 comments on commit ba953a9

Please sign in to comment.