netdev
[Top] [All Lists]

Re: [2/4] [IPSEC] Kill spurious hard expire messages

To: jamal <hadi@xxxxxxxxxx>
Subject: Re: [2/4] [IPSEC] Kill spurious hard expire messages
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Apr 2005 22:08:01 +1000
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>, Masahide NAKAMURA <nakam@xxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, netdev <netdev@xxxxxxxxxxx>
In-reply-to: <1113220648.1090.364.camel@xxxxxxxxxxxxxxxx>
References: <20050409105452.GA7171@xxxxxxxxxxxxxxxxxxx> <20050409111244.GB7171@xxxxxxxxxxxxxxxxxxx> <1113049844.1090.23.camel@xxxxxxxxxxxxxxxx> <20050409192926.GA9423@xxxxxxxxxxxxxxxxxxx> <20050409200306.GA9660@xxxxxxxxxxxxxxxxxxx> <1113142244.1088.287.camel@xxxxxxxxxxxxxxxx> <20050410212707.GA30337@xxxxxxxxxxxxxxxxxxx> <1113218420.1090.351.camel@xxxxxxxxxxxxxxxx> <20050411113040.GA25718@xxxxxxxxxxxxxxxxxxx> <1113220648.1090.364.camel@xxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
On Mon, Apr 11, 2005 at 07:57:29AM -0400, jamal wrote:
> Herbert,
> 
> Ok, what you are saying is sensible, but: does this mean there was never
> an issue then there was never a possibility of delete and expire
> intefering with each other then?

The problem before was that the timer didn't check the return value
of xfrm_policy_delete (in fact the latter didn't return anything).
xfrm_policy_delete tself always checked whether it succeeded in
deleting the entry from xfrm_policy_list.  This is used to determine
whether it should call xfrm_policy_kill.

Not checking the return value in the timer allows the following
situation to occur:

CPU 0                           CPU 1
xfrm_policy_timer
        goto expired
                                xfrm_get_policy(delete == 1)
                                        xfrm_policy_byid() succeeds
                                        notification is sent
        xfrm_policy_delete
        km_policy_expired <--- BUG

So as long as xfrm_policy_delete returns the correct value and it's
checked by the xfrm_policy_timer then we're OK.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>