From nobody Fri Aug 30 13:08:32 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwJPD50hLz5MYvS; Fri, 30 Aug 2024 13:08:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwJPD4ZL3z4r4V; Fri, 30 Aug 2024 13:08:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725023312; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0O1t5C2f0/BQPtCIrE80YtFx5hi4XEHjqY9LOeOvPJc=; b=KaWzVAsZY6judFuDgVOEhHV0RqwyUIptUCRKqoEiUXU43z7cfSjdfEAWOWkasv/SzGt8YF sqkcq4rdJg0kOHJ8U3iP5b1YgRAzSsjKHU3Kz9jH3YDEmN71N1Iu2xT/E9swC7bfP+BZgt fz+/KoNYffEmO6ceiwaHJNr+YYCAq/x8sTwyQkGzqDeXR9Lmw9PvYU8vlc8Q3E7sjGnfNI aeZuIWLMUXkz+lxakttOjCrKq7IpcGSP1V+DN2qfeMYsZ+iCmndSws87ytzvYoQbiELBvW QwDgU4lCekoJtm4mso0zxAEkYZ1jA3Wgah8l8S0i6Ap2HHEVSR0E+q9jjvfiAg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725023312; a=rsa-sha256; cv=none; b=ByjWzPgITuXeE+d6gGlvpGZWJZ1iM+OB+FbJ9WgCIszU2CObu7tHHLF4biAAEHuKTzRSdV CGWkjcBFPdAGsJLbG75AAK8SLdLpQKg9EPOYFRT4dREllLcVNdkZJjCZq/6OxHR2CAZgHv 2qEOpKp1Q05sgG15OWODUs1B+W1UeuvZIxJ2ENXX2O44hOHKNexjruUduNmFmg6b+Wpcha yiqZMFn3JqPXBXrTFYmebL6n0p3hiqhmlXe4dM7RBvtayRZOI0JkhNszhDq1PBerfLM6nl jshaMS+3j+bkT6yCoV1ShBlPDw95iGhPPsgRM5HE8ipcf+I159Af/WHFdPBdNQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725023312; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0O1t5C2f0/BQPtCIrE80YtFx5hi4XEHjqY9LOeOvPJc=; b=mLZdVFsPsIRgzOAQ1c/5eBOVaaMCMoqOqRVYslN7zKnTmEnBoylIal1p39EGJuvbmAk4Ou dvTWhAakpBtrysCv6agCYt+diJ4CKXeXPRo/10T7qnR5/mQV6K84ILRbAl60mmWQtIvWYR 8Cu2Ko3/uzFLK2zeLB9DBiRXt5UaqGpfgAOVVSbZOoGFwCNkCLh6vSC7Qy2PTrGWVKa88k EKAa4n+0gpxPTxtChnfYrghTmrR7QT5gs1V8bWQ1HV4F/qDHILxyc/XMVYrpCxCyTAQ4At qleaHkEt2DgZNFpRGwsQWBLmRjZ1uEKo3JMUcN17ohIRRKCQVjLP7JsbwTTGxQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwJPD49Smz12k8; Fri, 30 Aug 2024 13:08:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47UD8WPO022765; Fri, 30 Aug 2024 13:08:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47UD8WmU022762; Fri, 30 Aug 2024 13:08:32 GMT (envelope-from git) Date: Fri, 30 Aug 2024 13:08:32 GMT Message-Id: <202408301308.47UD8WmU022762@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: e196b12f4d4d - main - ipsec: Drain async ipsec_offload work when destroying a vnet List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e196b12f4d4d13982d42cf7841b77dca1405effa Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=e196b12f4d4d13982d42cf7841b77dca1405effa commit e196b12f4d4d13982d42cf7841b77dca1405effa Author: Mark Johnston AuthorDate: 2024-08-30 00:44:45 +0000 Commit: Mark Johnston CommitDate: 2024-08-30 13:08:20 +0000 ipsec: Drain async ipsec_offload work when destroying a vnet The ipsec_offload code in some cases releases object references in an asynchronous context where it needs to set the current VNET. Make sure that all such work completes before the VNET is actually destroyed, otherwise a use-after-free is possible. Reported by: KASAN Reviewed by: kib Fixes: ef2a572bf6bd ("ipsec_offload: kernel infrastructure") Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D46483 --- sys/netipsec/ipsec_offload.c | 2 +- sys/netipsec/key.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c index bbf98ac7a676..1ff91ec585c2 100644 --- a/sys/netipsec/ipsec_offload.c +++ b/sys/netipsec/ipsec_offload.c @@ -386,7 +386,7 @@ ipsec_accel_sa_newkey_impl(struct secasvar *sav) TASK_INIT(&tq->install_task, 0, ipsec_accel_sa_newkey_act, tq); tq->sav = sav; - tq->install_vnet = curthread->td_vnet; /* XXXKIB liveness */ + tq->install_vnet = curthread->td_vnet; taskqueue_enqueue(taskqueue_thread, &tq->install_task); } diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 5a3e5727bc2e..ad1d6164f158 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -8713,6 +8713,9 @@ key_vnet_destroy(void *arg __unused) } SAHTREE_WUNLOCK(); + /* Wait for async work referencing this VNET to finish. */ + ipsec_accel_sync(); + key_freesah_flushed(&sahdrainq); hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask);