[PATCH 6.12.y v3 0/2] xfrm: hold dev ref until after transport_finish NF_HOOK

Next message: Simon Liebold: "[PATCH 6.12.y v3 1/2] xfrm: hold device only for the asynchronous decryption"
Previous message: Ard Biesheuvel: "Re: [PATCH v2 6/6] efi/runtime-wrappers: retire the worker if a wedged call ever returns"
Next in thread: Simon Liebold: "[PATCH 6.12.y v3 1/2] xfrm: hold device only for the asynchronous decryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Simon Liebold

Date: Fri Jun 12 2026 - 07:14:28 EST

Thanks for the detailed analysis on v2, Sasha. Here's v3.

v3: Backport b05d42eefac7 ("xfrm: hold device only for the asynchronous
decryption") as a prerequisite, making the tree structurally match mainline so
the fix applies without the lifetime gap Sasha identified in v2, where the
dev_put at resume: dropped the ref before the re-hold could cover it.

v2: Restore unconditional dev_put at resume: and instead take a fresh dev_hold
immediately before transport_finish (when async && !xfrm_gro), avoiding the
reference leak on nested transport-mode that v1's suppressed resume: dev_put
caused. Prerequisite b05d42eefac7 ("xfrm: hold device only for the asynchronous
decryption") was not backported as it restructures the lock ordering and resume:
label semantics of the decryption loop, requiring non-trivial adaptation beyond
what a minimal stable fix warrants.

Jianbo Liu (1):
xfrm: hold device only for the asynchronous decryption

Qi Tang (1):
xfrm: hold dev ref until after transport_finish NF_HOOK

net/ipv4/xfrm4_input.c | 5 ++++-
net/ipv6/xfrm6_input.c | 5 ++++-
net/xfrm/xfrm_input.c | 25 +++++++++++++++++--------
3 files changed, 25 insertions(+), 10 deletions(-)

base-commit: 1d3a00d3bacff25652c96e1527610c69e91f7c38
--
2.50.1

Amazon Web Services Development Center Germany GmbH
Tamara-Danz-Str. 13
10243 Berlin
Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597