Re: [PATCH] xfrm: policy: Restructure RCU-read locking in xfrm_sk_policy_lookup

[Steffen Klassert]

On Fri, Jun 18, 2021 at 04:11:01PM +0200, Varad Gautam wrote:
> Commit "xfrm: policy: Read seqcount outside of rcu-read side in
> xfrm_policy_lookup_bytype" [Linked] resolved a locking bug in
> xfrm_policy_lookup_bytype that causes an RCU reader-writer deadlock on
> the mutex wrapped by xfrm_policy_hash_generation on PREEMPT_RT since
> 77cc278f7b20 ("xfrm: policy: Use sequence counters with associated
> lock").
> 
> However, xfrm_sk_policy_lookup can still reach xfrm_policy_lookup_bytype
> while holding rcu_read_lock(), as:
> xfrm_sk_policy_lookup()
>   rcu_read_lock()
>   security_xfrm_policy_lookup()
>     xfrm_policy_lookup()

Hm, I don't see that call chain. security_xfrm_policy_lookup() calls
a hook with the name xfrm_policy_lookup. The only LSM that has
registered a function to that hook is selinux. It registers
selinux_xfrm_policy_lookup() and I don't see how we can call
xfrm_policy_lookup() from there.

Did you actually trigger that bug?