tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

xfrm: flush all states in xfrm_state_fini

While reverting commit f75a2804da39 ("xfrm: destroy xfrm_state
synchronously on net exit path"), I incorrectly changed
xfrm_state_flush's "proto" argument back to IPSEC_PROTO_ANY. This
reverts some of the changes in commit dbb2483b2a46 ("xfrm: clean up
xfrm protocol checks"), and leads to some states not being removed
when we exit the netns.

Pass 0 instead of IPSEC_PROTO_ANY from both xfrm_state_fini
xfrm6_tunnel_net_exit, so that xfrm_state_flush deletes all states.

Fixes: 2a198bbec691 ("Revert "xfrm: destroy xfrm_state synchronously on net exit path"")
Reported-by: syzbot+6641a61fe0e2e89ae8c5@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6641a61fe0e2e89ae8c5
Tested-by: syzbot+6641a61fe0e2e89ae8c5@syzkaller.appspotmail.com
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

authored by

Sabrina Dubroca and committed by
Steffen Klassert 42e42562 d942fe13

+2 -2
+1 -1
net/ipv6/xfrm6_tunnel.c
··· 334 334 struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net); 335 335 unsigned int i; 336 336 337 - xfrm_state_flush(net, IPSEC_PROTO_ANY, false); 337 + xfrm_state_flush(net, 0, false); 338 338 xfrm_flush_gc(); 339 339 340 340 for (i = 0; i < XFRM6_TUNNEL_SPI_BYADDR_HSIZE; i++)
+1 -1
net/xfrm/xfrm_state.c
··· 3297 3297 unsigned int sz; 3298 3298 3299 3299 flush_work(&net->xfrm.state_hash_work); 3300 - xfrm_state_flush(net, IPSEC_PROTO_ANY, false); 3300 + xfrm_state_flush(net, 0, false); 3301 3301 flush_work(&xfrm_state_gc_work); 3302 3302 3303 3303 WARN_ON(!list_empty(&net->xfrm.state_all));