Re: [PATCH net-next] xfrm: policy: Remove obsolete WARN while xfrm policy inserting

[Steffen Klassert]

On Mon, Mar 30, 2020 at 10:05:32PM +0800, Yuehaibing wrote:
> On 2020/3/28 19:23, Steffen Klassert wrote:
> > On Fri, Mar 27, 2020 at 08:34:43PM +0800, YueHaibing wrote:
> >> Since commit 7cb8a93968e3 ("xfrm: Allow inserting policies with matching
> >> mark and different priorities"), we allow duplicate policies with
> >> different priority, this WARN is not needed any more.
> > 
> > Can you please describe a bit more detailed why this warning
> > can't trigger anymore?
> 
> No, this warning is triggered while detect a duplicate entry in the policy list
> 
> regardless of the priority. If we insert policy like this:
> 
> policy A (mark.v = 3475289, mark.m = 0, priority = 1)	//A is inserted
> policy B (mark.v = 0, mark.m = 0, priority = 0) 	//B is inserted
> policy C (mark.v = 3475289, mark.m = 0, priority = 0)	//C is inserted and B is deleted

The codepath that replaces a policy by another should just trigger
on policy updates (XFRM_MSG_UPDPOLICY). Is that the case in your
test?

It should not be possible to add policy C with XFRM_MSG_NEWPOLICY
as long as you have policy B inserted.

The update replaces an old policy by a new one, the lookup keys of
the old policy must match the lookup keys of the new one. But policy
B has not the same lookup keys as C, the mark is different. So B should
not be replaced with C.

> policy D (mark.v = 3475289, mark.m = 0, priority = 1)	
> 
> while finding delpol in xfrm_policy_insert_list,
> first round delpol is matched C, whose priority is less than D, so contiue the loop,
> then A is matchedï WARN_ON is triggered.  It seems the WARN is useless.

Looks like the warning is usefull, it found a bug.