On Wed, Jun 30, 2021 at 08:57:53AM +0200, Steffen Klassert wrote: > On Mon, Jun 28, 2021 at 03:34:28PM +0200, Frederic Weisbecker wrote: > > xfrm_bydst_resize() calls synchronize_rcu() while holding > > hash_resize_mutex. But then on PREEMPT_RT configurations, > > xfrm_policy_lookup_bytype() may acquire that mutex while running in an > > RCU read side critical section. This results in a deadlock. > > > > In fact the scope of hash_resize_mutex is way beyond the purpose of > > xfrm_policy_lookup_bytype() to just fetch a coherent and stable policy > > for a given destination/direction, along with other details. > > > > The lower level net->xfrm.xfrm_policy_lock, which among other things > > protects per destination/direction references to policy entries, is > > enough to serialize and benefit from priority inheritance against the > > write side. As a bonus, it makes it officially a per network namespace > > synchronization business where a policy table resize on namespace A > > shouldn't block a policy lookup on namespace B. > > > > Fixes: 77cc278f7b20 (xfrm: policy: Use sequence counters with associated lock) > > Cc: stable@xxxxxxxxxxxxxxx > > Cc: Ahmed S. Darwish <a.darwish@xxxxxxxxxxxxx> > > Cc: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> > > Cc: Varad Gautam <varad.gautam@xxxxxxxx> > > Cc: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> > > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > > Cc: David S. Miller <davem@xxxxxxxxxxxxx> > > Signed-off-by: Frederic Weisbecker <frederic@xxxxxxxxxx> > > Your patch has a conflicht with ("commit d7b0408934c7 xfrm: policy: Read > seqcount outside of rcu-read side in xfrm_policy_lookup_bytype") > from Varad. Can you please rebase onto the ipsec tree? This patch is now applied to the ipsec tree (on top of the revert of commit d7b0408934c7). Thanks everyone!