diff options
author | Florian Westphal <fw@strlen.de> | 2017-08-06 10:19:07 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-08-07 14:25:39 -0700 |
commit | 13ead5c4f2e3b649156c74892f3cf4b62c8e3d0c (patch) | |
tree | b41158a5483fceb5d59c40ff282446f1e98d16f8 /net/xfrm | |
parent | d899cb2e5fe15d3cddc5ae2af9cd579c3280bb4b (diff) |
xfrm: check that cached bundle is still valid
Quoting Ilan Tayari:
1. Set up a host-to-host IPSec tunnel (or transport, doesn't matter)
2. Ping over IPSec, or do something to populate the pcpu cache
3. Join a MC group, then leave MC group
4. Try to ping again using same CPU as before -> traffic
doesn't egress the machine at all
Ilan debugged the problem down to the fact that one of the path dsts
devices point to lo due to earlier dst_dev_put().
In this case, dst is marked as DEAD and we cannot reuse the bundle.
The cache only asserted that the requested policy and that of the cached
bundle match, but its not enough - also verify the path is still valid.
Fixes: ec30d78c14a813 ("xfrm: add xdst pcpu cache")
Reported-by: Ayham Masood <ayhamm@mellanox.com>
Tested-by: Ilan Tayari <ilant@mellanox.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 06c3bf7ab86b..8da428f56aec 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1818,7 +1818,8 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, xdst->num_pols == num_pols && !xfrm_pol_dead(xdst) && memcmp(xdst->pols, pols, - sizeof(struct xfrm_policy *) * num_pols) == 0) { + sizeof(struct xfrm_policy *) * num_pols) == 0 && + xfrm_bundle_ok(xdst)) { dst_hold(&xdst->u.dst); return xdst; } |