aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch')
-rw-r--r--main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch91
1 files changed, 91 insertions, 0 deletions
diff --git a/main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch b/main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch
new file mode 100644
index 0000000000..4a45c7f40d
--- /dev/null
+++ b/main/linux-grsec/0016-xfrm-remove-policy-garbage-collection.patch
@@ -0,0 +1,91 @@
+From 4c53c9239069f48ec9a86f8e596c163b72e8bc4d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Wed, 7 Apr 2010 00:30:06 +0000
+Subject: [PATCH 16/18] xfrm: remove policy garbage collection
+
+Policies are now properly reference counted and destroyed from
+all code paths. The delayed gc is just an overhead now and can
+be removed.
+
+Signed-off-by: Timo Teras <timo.teras@iki.fi>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+(cherry picked from commit 285ead175c5dd5075cab5b6c94f35a3e6c0a3ae6)
+---
+ net/xfrm/xfrm_policy.c | 39 +++++----------------------------------
+ 1 files changed, 5 insertions(+), 34 deletions(-)
+
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index 0379d82..5606841 100644
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -46,9 +46,6 @@ static struct xfrm_policy_afinfo *xfrm_policy_afinfo[NPROTO];
+
+ static struct kmem_cache *xfrm_dst_cache __read_mostly;
+
+-static HLIST_HEAD(xfrm_policy_gc_list);
+-static DEFINE_SPINLOCK(xfrm_policy_gc_lock);
+-
+ static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family);
+ static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo);
+ static void xfrm_init_pmtu(struct dst_entry *dst);
+@@ -288,32 +285,6 @@ void xfrm_policy_destroy(struct xfrm_policy *policy)
+ }
+ EXPORT_SYMBOL(xfrm_policy_destroy);
+
+-static void xfrm_policy_gc_kill(struct xfrm_policy *policy)
+-{
+- atomic_inc(&policy->genid);
+-
+- if (del_timer(&policy->timer))
+- atomic_dec(&policy->refcnt);
+-
+- xfrm_pol_put(policy);
+-}
+-
+-static void xfrm_policy_gc_task(struct work_struct *work)
+-{
+- struct xfrm_policy *policy;
+- struct hlist_node *entry, *tmp;
+- struct hlist_head gc_list;
+-
+- spin_lock_bh(&xfrm_policy_gc_lock);
+- gc_list.first = xfrm_policy_gc_list.first;
+- INIT_HLIST_HEAD(&xfrm_policy_gc_list);
+- spin_unlock_bh(&xfrm_policy_gc_lock);
+-
+- hlist_for_each_entry_safe(policy, entry, tmp, &gc_list, bydst)
+- xfrm_policy_gc_kill(policy);
+-}
+-static DECLARE_WORK(xfrm_policy_gc_work, xfrm_policy_gc_task);
+-
+ /* Rule must be locked. Release descentant resources, announce
+ * entry dead. The rule must be unlinked from lists to the moment.
+ */
+@@ -322,11 +293,12 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
+ {
+ policy->walk.dead = 1;
+
+- spin_lock_bh(&xfrm_policy_gc_lock);
+- hlist_add_head(&policy->bydst, &xfrm_policy_gc_list);
+- spin_unlock_bh(&xfrm_policy_gc_lock);
++ atomic_inc(&policy->genid);
+
+- schedule_work(&xfrm_policy_gc_work);
++ if (del_timer(&policy->timer))
++ xfrm_pol_put(policy);
++
++ xfrm_pol_put(policy);
+ }
+
+ static unsigned int xfrm_policy_hashmax __read_mostly = 1 * 1024 * 1024;
+@@ -2535,7 +2507,6 @@ static void xfrm_policy_fini(struct net *net)
+ audit_info.sessionid = -1;
+ audit_info.secid = 0;
+ xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
+- flush_work(&xfrm_policy_gc_work);
+
+ WARN_ON(!list_empty(&net->xfrm.policy_all));
+
+--
+1.7.0.2
+