xfrm: avoid creating temporary SA when there are no listeners

In the case when KMs have no listeners, km_query() will fail and
temporary SAs are garbage collected immediately after their allocation.
This causes strain on memory allocation, leading even to OOM since
temporary SA alloc/free cycle is performed for every packet
and garbage collection does not keep up the pace.

The sane thing to do is to make sure we have audience before
temporary SA allocation.

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Change-Id: I241fdd8133f4974aaf14a9bc12be089aaa1730ae
Reviewed-on: http://git.am.freescale.net:8181/12383
Reviewed-by: Marian Cristian Rotariu <marian.rotariu@freescale.com>
Reviewed-by: Jose Rivera <German.Rivera@freescale.com>
Tested-by: Jose Rivera <German.Rivera@freescale.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/net/key/af_key.c b/net/key/af_key.c
index 545f047..dc66136 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3049,6 +3049,24 @@ static u32 get_acqseq(void)
 	return res;
 }
 
+static bool pfkey_is_alive(const struct km_event *c)
+{
+	struct netns_pfkey *net_pfkey = net_generic(c->net, pfkey_net_id);
+	struct sock *sk;
+	bool is_alive = false;
+
+	rcu_read_lock();
+	sk_for_each_rcu(sk, &net_pfkey->table) {
+		if (pfkey_sk(sk)->registered) {
+			is_alive = true;
+			break;
+		}
+	}
+	rcu_read_unlock();
+
+	return is_alive;
+}
+
 static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *xp)
 {
 	struct sk_buff *skb;
@@ -3773,6 +3791,7 @@ static struct xfrm_mgr pfkeyv2_mgr =
 	.new_mapping	= pfkey_send_new_mapping,
 	.notify_policy	= pfkey_send_policy_notify,
 	.migrate	= pfkey_send_migrate,
+	.is_alive	= pfkey_is_alive,
 };
 
 static int __net_init pfkey_net_init(struct net *net)