xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module [Linux 3.16.72]

This Linux kernel change "xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module" is included in the Linux 3.16.72 release. This change is authored by Su Yanjun <suyj.fnst [at] cn.fujitsu.com> on Thu Mar 14 14:59:42 2019 +0800. The commit for this change in Linux stable tree is 520f412 (patch) which is from upstream commit 6ee02a5. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 6ee02a5.

xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module

commit 6ee02a54ef990a71bf542b6f0a4e3321de9d9c66 upstream.

When unloading xfrm6_tunnel module, xfrm6_tunnel_fini directly
frees the xfrm6_tunnel_spi_kmem. Maybe someone has gotten the
xfrm6_tunnel_spi, so need to wait it.

Fixes: 91cc3bb0b04ff("xfrm6_tunnel: RCU conversion")
Signed-off-by: Su Yanjun <suyj.fnst@cn.fujitsu.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

There are 4 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/ipv6/xfrm6_tunnel.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
index 1c66465..f1491b0 100644
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -390,6 +390,10 @@ static void __exit xfrm6_tunnel_fini(void)
    xfrm6_tunnel_deregister(&xfrm6_tunnel_handler, AF_INET6);
    xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6);
    unregister_pernet_subsys(&xfrm6_tunnel_net_ops);
+   /* Someone maybe has gotten the xfrm6_tunnel_spi.
+    * So need to wait it.
+    */
+   rcu_barrier();
    kmem_cache_destroy(xfrm6_tunnel_spi_kmem);
 }

Leave a Reply

Your email address will not be published. Required fields are marked *