提交 9e0d57fd 编写于 作者: Y Yury Polyanskiy 提交者: David S. Miller

xfrm: SAD entries do not expire correctly after suspend-resume

  This fixes the following bug in the current implementation of
net/xfrm: SAD entries timeouts do not count the time spent by the machine 
in the suspended state. This leads to the connectivity problems because 
after resuming local machine thinks that the SAD entry is still valid, while 
it has already been expired on the remote server.

  The cause of this is very simple: the timeouts in the net/xfrm are bound to 
the old mod_timer() timers. This patch reassigns them to the
CLOCK_REALTIME hrtimer.

  I have been using this version of the patch for a few months on my
machines without any problems. Also run a few stress tests w/o any
issues.

  This version of the patch uses tasklet_hrtimer by Peter Zijlstra
(commit 9ba5f0).

  This patch is against 2.6.31.4. Please CC me.
Signed-off-by: NYury Polyanskiy <polyanskiy@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 7a50a240
...@@ -19,6 +19,9 @@ ...@@ -19,6 +19,9 @@
#include <net/route.h> #include <net/route.h>
#include <net/ipv6.h> #include <net/ipv6.h>
#include <net/ip6_fib.h> #include <net/ip6_fib.h>
#include <linux/interrupt.h>
#ifdef CONFIG_XFRM_STATISTICS #ifdef CONFIG_XFRM_STATISTICS
#include <net/snmp.h> #include <net/snmp.h>
#endif #endif
...@@ -198,7 +201,7 @@ struct xfrm_state { ...@@ -198,7 +201,7 @@ struct xfrm_state {
struct xfrm_stats stats; struct xfrm_stats stats;
struct xfrm_lifetime_cur curlft; struct xfrm_lifetime_cur curlft;
struct timer_list timer; struct tasklet_hrtimer mtimer;
/* Last used time */ /* Last used time */
unsigned long lastused; unsigned long lastused;
......
...@@ -21,6 +21,9 @@ ...@@ -21,6 +21,9 @@
#include <linux/cache.h> #include <linux/cache.h>
#include <linux/audit.h> #include <linux/audit.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
#include <linux/ktime.h>
#include <linux/interrupt.h>
#include <linux/kernel.h>
#include "xfrm_hash.h" #include "xfrm_hash.h"
...@@ -352,7 +355,7 @@ static void xfrm_put_mode(struct xfrm_mode *mode) ...@@ -352,7 +355,7 @@ static void xfrm_put_mode(struct xfrm_mode *mode)
static void xfrm_state_gc_destroy(struct xfrm_state *x) static void xfrm_state_gc_destroy(struct xfrm_state *x)
{ {
del_timer_sync(&x->timer); tasklet_hrtimer_cancel(&x->mtimer);
del_timer_sync(&x->rtimer); del_timer_sync(&x->rtimer);
kfree(x->aalg); kfree(x->aalg);
kfree(x->ealg); kfree(x->ealg);
...@@ -398,9 +401,10 @@ static inline unsigned long make_jiffies(long secs) ...@@ -398,9 +401,10 @@ static inline unsigned long make_jiffies(long secs)
return secs*HZ; return secs*HZ;
} }
static void xfrm_timer_handler(unsigned long data) static enum hrtimer_restart xfrm_timer_handler(struct hrtimer * me)
{ {
struct xfrm_state *x = (struct xfrm_state*)data; struct tasklet_hrtimer *thr = container_of(me, struct tasklet_hrtimer, timer);
struct xfrm_state *x = container_of(thr, struct xfrm_state, mtimer);
struct net *net = xs_net(x); struct net *net = xs_net(x);
unsigned long now = get_seconds(); unsigned long now = get_seconds();
long next = LONG_MAX; long next = LONG_MAX;
...@@ -451,8 +455,9 @@ static void xfrm_timer_handler(unsigned long data) ...@@ -451,8 +455,9 @@ static void xfrm_timer_handler(unsigned long data)
if (warn) if (warn)
km_state_expired(x, 0, 0); km_state_expired(x, 0, 0);
resched: resched:
if (next != LONG_MAX) if (next != LONG_MAX){
mod_timer(&x->timer, jiffies + make_jiffies(next)); tasklet_hrtimer_start(&x->mtimer, ktime_set(next, 0), HRTIMER_MODE_REL);
}
goto out; goto out;
...@@ -474,6 +479,7 @@ static void xfrm_timer_handler(unsigned long data) ...@@ -474,6 +479,7 @@ static void xfrm_timer_handler(unsigned long data)
out: out:
spin_unlock(&x->lock); spin_unlock(&x->lock);
return HRTIMER_NORESTART;
} }
static void xfrm_replay_timer_handler(unsigned long data); static void xfrm_replay_timer_handler(unsigned long data);
...@@ -492,7 +498,7 @@ struct xfrm_state *xfrm_state_alloc(struct net *net) ...@@ -492,7 +498,7 @@ struct xfrm_state *xfrm_state_alloc(struct net *net)
INIT_HLIST_NODE(&x->bydst); INIT_HLIST_NODE(&x->bydst);
INIT_HLIST_NODE(&x->bysrc); INIT_HLIST_NODE(&x->bysrc);
INIT_HLIST_NODE(&x->byspi); INIT_HLIST_NODE(&x->byspi);
setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x); tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler, CLOCK_REALTIME, HRTIMER_MODE_ABS);
setup_timer(&x->rtimer, xfrm_replay_timer_handler, setup_timer(&x->rtimer, xfrm_replay_timer_handler,
(unsigned long)x); (unsigned long)x);
x->curlft.add_time = get_seconds(); x->curlft.add_time = get_seconds();
...@@ -843,8 +849,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, ...@@ -843,8 +849,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
hlist_add_head(&x->byspi, net->xfrm.state_byspi+h); hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
} }
x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires; x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ; tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
add_timer(&x->timer);
net->xfrm.state_num++; net->xfrm.state_num++;
xfrm_hash_grow_check(net, x->bydst.next != NULL); xfrm_hash_grow_check(net, x->bydst.next != NULL);
} else { } else {
...@@ -921,7 +926,7 @@ static void __xfrm_state_insert(struct xfrm_state *x) ...@@ -921,7 +926,7 @@ static void __xfrm_state_insert(struct xfrm_state *x)
hlist_add_head(&x->byspi, net->xfrm.state_byspi+h); hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
} }
mod_timer(&x->timer, jiffies + HZ); tasklet_hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
if (x->replay_maxage) if (x->replay_maxage)
mod_timer(&x->rtimer, jiffies + x->replay_maxage); mod_timer(&x->rtimer, jiffies + x->replay_maxage);
...@@ -1019,8 +1024,7 @@ static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family ...@@ -1019,8 +1024,7 @@ static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family
x->props.reqid = reqid; x->props.reqid = reqid;
x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires; x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
xfrm_state_hold(x); xfrm_state_hold(x);
x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ; tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
add_timer(&x->timer);
list_add(&x->km.all, &net->xfrm.state_all); list_add(&x->km.all, &net->xfrm.state_all);
hlist_add_head(&x->bydst, net->xfrm.state_bydst+h); hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
h = xfrm_src_hash(net, daddr, saddr, family); h = xfrm_src_hash(net, daddr, saddr, family);
...@@ -1300,7 +1304,7 @@ int xfrm_state_update(struct xfrm_state *x) ...@@ -1300,7 +1304,7 @@ int xfrm_state_update(struct xfrm_state *x)
memcpy(&x1->lft, &x->lft, sizeof(x1->lft)); memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
x1->km.dying = 0; x1->km.dying = 0;
mod_timer(&x1->timer, jiffies + HZ); tasklet_hrtimer_start(&x1->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
if (x1->curlft.use_time) if (x1->curlft.use_time)
xfrm_state_check_expire(x1); xfrm_state_check_expire(x1);
...@@ -1325,7 +1329,7 @@ int xfrm_state_check_expire(struct xfrm_state *x) ...@@ -1325,7 +1329,7 @@ int xfrm_state_check_expire(struct xfrm_state *x)
if (x->curlft.bytes >= x->lft.hard_byte_limit || if (x->curlft.bytes >= x->lft.hard_byte_limit ||
x->curlft.packets >= x->lft.hard_packet_limit) { x->curlft.packets >= x->lft.hard_packet_limit) {
x->km.state = XFRM_STATE_EXPIRED; x->km.state = XFRM_STATE_EXPIRED;
mod_timer(&x->timer, jiffies); tasklet_hrtimer_start(&x->mtimer, ktime_set(0,0), HRTIMER_MODE_REL);
return -EINVAL; return -EINVAL;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册