The fixed commit placed mutex_lock() inside spin_lock_bh(), which triggers
a warning like:
BUG: sleeping function called from invalid context at...
Fix this by moving the mutex_lock() operation to a work queue.
Fixes: 2aeeef906d5a ("bonding: change ipsec_lock from spin lock to mutex")
Reported-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Closes: https://lore.kernel.org/netdev/20241212062734.182a0164@xxxxxxxxxx
Signed-off-by: Hangbin Liu <liuhangbin@xxxxxxxxx>
---
drivers/net/bonding/bond_main.c | 41 +++++++++++++++++++++++++--------
include/net/bonding.h | 6 +++++
2 files changed, 37 insertions(+), 10 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index e45bba240cbc..cc7064aa4b35 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -551,6 +551,25 @@ static void bond_ipsec_add_sa_all(struct bonding *bond)
mutex_unlock(&bond->ipsec_lock);
}
+static void bond_xfrm_state_gc_work(struct work_struct *work)
+{
+ struct bond_xfrm_work *xfrm_work = container_of(work, struct bond_xfrm_work, work);
+ struct bonding *bond = xfrm_work->bond;
+ struct xfrm_state *xs = xfrm_work->xs;
+ struct bond_ipsec *ipsec;
+
+ mutex_lock(&bond->ipsec_lock);
+ list_for_each_entry(ipsec, &bond->ipsec_list, list) {
+ if (ipsec->xs == xs) {
+ list_del(&ipsec->list);
+ kfree(ipsec);
+ xfrm_state_put(xs);
+ break;
+ }
+ }
+ mutex_unlock(&bond->ipsec_lock);
+}
+
/**
* bond_ipsec_del_sa - clear out this specific SA
* @xs: pointer to transformer state struct
@@ -558,9 +577,9 @@ static void bond_ipsec_add_sa_all(struct bonding *bond)
static void bond_ipsec_del_sa(struct xfrm_state *xs)
{
struct net_device *bond_dev = xs->xso.dev;
+ struct bond_xfrm_work *xfrm_work;
struct net_device *real_dev;
netdevice_tracker tracker;
- struct bond_ipsec *ipsec;
struct bonding *bond;
struct slave *slave;
@@ -592,15 +611,17 @@ static void bond_ipsec_del_sa(struct xfrm_state *xs)
real_dev->xfrmdev_ops->xdo_dev_state_delete(xs);
out:
netdev_put(real_dev, &tracker);
- mutex_lock(&bond->ipsec_lock);
- list_for_each_entry(ipsec, &bond->ipsec_list, list) {
- if (ipsec->xs == xs) {
- list_del(&ipsec->list);
- kfree(ipsec);
- break;
- }
- }
- mutex_unlock(&bond->ipsec_lock);
+
+ xfrm_work = kmalloc(sizeof(*xfrm_work), GFP_ATOMIC);
+ if (!xfrm_work)
+ return;
+
+ INIT_WORK(&xfrm_work->work, bond_xfrm_state_gc_work);
+ xfrm_work->bond = bond;
+ xfrm_work->xs = xs;
+ xfrm_state_hold(xs);
+
+ queue_work(bond->wq, &xfrm_work->work);
}
static void bond_ipsec_del_sa_all(struct bonding *bond)
diff --git a/include/net/bonding.h b/include/net/bonding.h
index 8bb5f016969f..d54ba5e3affb 100644
--- a/include/net/bonding.h
+++ b/include/net/bonding.h
@@ -209,6 +209,12 @@ struct bond_ipsec {
struct xfrm_state *xs;
};
+struct bond_xfrm_work {
+ struct work_struct work;
+ struct bonding *bond;
+ struct xfrm_state *xs;
+};
+
/*
* Here are the locking policies for the two bonding locks:
* Get rcu_read_lock when reading or RTNL when writing slave list.
--
2.46.0
