On Mon, Jun 28, 2021 at 03:34:28PM +0200, Frederic Weisbecker wrote: > xfrm_bydst_resize() calls synchronize_rcu() while holding > hash_resize_mutex. But then on PREEMPT_RT configurations, > xfrm_policy_lookup_bytype() may acquire that mutex while running in an > RCU read side critical section. This results in a deadlock. > > In fact the scope of hash_resize_mutex is way beyond the purpose of > xfrm_policy_lookup_bytype() to just fetch a coherent and stable policy > for a given destination/direction, along with other details. > > The lower level net->xfrm.xfrm_policy_lock, which among other things > protects per destination/direction references to policy entries, is > enough to serialize and benefit from priority inheritance against the > write side. As a bonus, it makes it officially a per network namespace > synchronization business where a policy table resize on namespace A > shouldn't block a policy lookup on namespace B. > > Fixes: 77cc278f7b20 (xfrm: policy: Use sequence counters with associated lock) > Cc: stable@xxxxxxxxxxxxxxx > Cc: Ahmed S. Darwish <a.darwish@xxxxxxxxxxxxx> > Cc: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> > Cc: Varad Gautam <varad.gautam@xxxxxxxx> > Cc: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Cc: David S. Miller <davem@xxxxxxxxxxxxx> > Signed-off-by: Frederic Weisbecker <frederic@xxxxxxxxxx> Your patch has a conflicht with ("commit d7b0408934c7 xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype") from Varad. Can you please rebase onto the ipsec tree? Btw. Varad, your above mentioned patch tried to fix the same issue. Do we still need it, or is it obsolete with the fix from Frederic? Thanks!