xfrm: avoid creating temporary SA when there are no listeners

In the case when KMs have no listeners, km_query() will fail and temporary SAs are garbage collected immediately after their allocation. This causes strain on memory allocation, leading even to OOM since temporary SA alloc/free cycle is performed for every packet and garbage collection does not keep up the pace. The sane thing to do is to make sure we have audience before temporary SA allocation. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Horia Geanta <horia.geanta@freescale.com> 2014-02-12 09:20:06 -0500
committer: Steffen Klassert <steffen.klassert@secunet.com> 2014-02-13 01:40:30 -0500
commit: 0f24558e91563888d51e9be5b70981da920c37ac (patch)
tree: 31aba2926b9f641fe30e235acc5a87b1b4dab73b /net/key
parent: 5826bdd1816fa2baa122b62e14905c0ad8e7b96a (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 1a04c1329362..e1c69d024197 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3059,6 +3059,24 @@ static u32 get_acqseq(void)
        return res;
 }
+static bool pfkey_is_alive(const struct km_event *c)
+{
+        struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id);
+        struct sock *sk;
+        bool is_alive = false;
+        rcu_read_lock();
+        sk_for_each_rcu(sk, &net_pfkey->table) {
+                if (pfkey_sk(sk)->registered) {
+                        is_alive = true;
+                        break;
+                }
+        }
+        rcu_read_unlock();
+        return is_alive;
+}
 static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
 {
        struct sk_buff *skb;
@@ -3784,6 +3802,7 @@ static struct xfrm_mgr pfkeyv2_mgr =
        .new_mapping    = pfkey_send_new_mapping,
        .notify_policy  = pfkey_send_policy_notify,
        .migrate        = pfkey_send_migrate,
+        .is_alive       = pfkey_is_alive,
 };
 static int __net_init pfkey_net_init(struct net *net)
author	Horia Geanta <horia.geanta@freescale.com>	2014-02-12 09:20:06 -0500
committer	Steffen Klassert <steffen.klassert@secunet.com>	2014-02-13 01:40:30 -0500
commit	0f24558e91563888d51e9be5b70981da920c37ac (patch)
tree	31aba2926b9f641fe30e235acc5a87b1b4dab73b /net/key
parent	5826bdd1816fa2baa122b62e14905c0ad8e7b96a (diff)

diff --git a/net/key/af_key.c b/net/key/af_key.c index 1a04c1329362..e1c69d024197 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c
@@ -3059,6 +3059,24 @@ static u32 get_acqseq(void)
3059	return res;	3059	return res;
3060	}	3060	}
3061		3061
		3062	static bool pfkey_is_alive(const struct km_event *c)
		3063	{
		3064	struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id);
		3065	struct sock *sk;
		3066	bool is_alive = false;
		3067
		3068	rcu_read_lock();
		3069	sk_for_each_rcu(sk, &net_pfkey->table) {
		3070	if (pfkey_sk(sk)->registered) {
		3071	is_alive = true;
		3072	break;
		3073	}
		3074	}
		3075	rcu_read_unlock();
		3076
		3077	return is_alive;
		3078	}
		3079
3062	static int pfkey_send_acquire(struct xfrm_state x, struct xfrm_tmpl t, struct xfrm_policy *xp)	3080	static int pfkey_send_acquire(struct xfrm_state x, struct xfrm_tmpl t, struct xfrm_policy *xp)
3063	{	3081	{
3064	struct sk_buff *skb;	3082	struct sk_buff *skb;
@@ -3784,6 +3802,7 @@ static struct xfrm_mgr pfkeyv2_mgr =
3784	.new_mapping = pfkey_send_new_mapping,	3802	.new_mapping = pfkey_send_new_mapping,
3785	.notify_policy = pfkey_send_policy_notify,	3803	.notify_policy = pfkey_send_policy_notify,
3786	.migrate = pfkey_send_migrate,	3804	.migrate = pfkey_send_migrate,
		3805	.is_alive = pfkey_is_alive,
3787	};	3806	};
3788		3807
3789	static int __net_init pfkey_net_init(struct net *net)	3808	static int __net_init pfkey_net_init(struct net *net)