Re: ipsec hang
From: Patrick McHardy
Date: Tue Nov 23 2004 - 20:33:37 EST
Marcin Gibu³a wrote:
Hi,
today I tried to configure ipsec on my linux workstation (with openswan) and
it hanged just after the init had run /etc/rc.d/init.d/ipsec start.
It was on linux-2.6.10-rc1-bk20, so I upgraded to 2.6.10-rc2-mm3 but it didn't
make any difference.
The alt-sysrq-p shows the following call trace:
xfrm_policy_insert
xfrm_netlink_rcv
netlink_data_ready
netlink_sendmsg
sock_aio_write
do_sync_write
sock_map_fd
sys_select
vfs_write
system_call
The full trace (with regs, etc) is available at
http://www.iceni.pl/marcin/lockup.jpg
.config attached. This hang is 100%-reproductible for me. I can attach
openswan config if needed.
This patch should fix it. The patch "Fix policy update bug when increasing
priority of last policy" broke this, when a policy with lower priority than
an existing policy is inserted xfrm_policy_insert loops forever.
Regards
Patrick
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/11/24 02:25:16+01:00 kaber@xxxxxxxxxxxx
# [XFRM]: Fix endless loop in xfrm_policy_insert
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# net/xfrm/xfrm_policy.c
# 2004/11/24 02:25:07+01:00 kaber@xxxxxxxxxxxx +1 -0
# [XFRM]: Fix endless loop in xfrm_policy_insert
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
diff -Nru a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
--- a/net/xfrm/xfrm_policy.c 2004-11-24 02:31:08 +01:00
+++ b/net/xfrm/xfrm_policy.c 2004-11-24 02:31:08 +01:00
@@ -353,6 +353,7 @@
newpos = p;
if (delpol)
break;
+ p = &pol->next;
}
if (newpos)
p = newpos;