From: Steffen Klassert Date: Wed, 19 Feb 2014 09:07:34 +0000 (+0100) Subject: xfrm: Fix unlink race when policies are deleted. X-Git-Tag: firefly_0821_release~176^2~4330^2~22^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=3a9016f97fdc8bfbb26ff36ba8f3dc9162eb691b;p=firefly-linux-kernel-4.4.55.git xfrm: Fix unlink race when policies are deleted. When a policy is unlinked from the lists in thread context, the xfrm timer can fire before we can mark this policy as dead. So reinitialize the bydst hlist, then hlist_unhashed() will notice that this policy is not linked and will avoid a doulble unlink of that policy. Reported-by: Xianpeng Zhao <673321875@qq.com> Signed-off-by: Steffen Klassert --- diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 4b98b25793c5..1d5c7bf29938 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1158,7 +1158,7 @@ static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol, if (hlist_unhashed(&pol->bydst)) return NULL; - hlist_del(&pol->bydst); + hlist_del_init(&pol->bydst); hlist_del(&pol->byidx); list_del(&pol->walk.all); net->xfrm.policy_count[dir]--;