From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: kaber@trash.net, davem@davemloft.net, netdev@oss.sgi.com
Subject: [05/08] [IPSEC]: Do not hold state lock while checking size
Date: Tue, 5 Apr 2005 09:47:27 -0700 [thread overview]
Message-ID: <20050405164726.GF17299@kroah.com> (raw)
In-Reply-To: <20050405164539.GA17299@kroah.com>
-stable review patch. If anyone has any objections, please let us know.
------------------
This patch from Herbert Xu fixes a deadlock with IPsec.
When an ICMP frag. required is sent and the ICMP message
needs the same SA as the packet that caused it the state
will be locked twice.
[IPSEC]: Do not hold state lock while checking size.
This can elicit ICMP message output and thus result in a
deadlock.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff -Nru a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
--- a/net/ipv4/xfrm4_output.c 2005-03-20 16:53:05 +01:00
+++ b/net/ipv4/xfrm4_output.c 2005-03-20 16:53:05 +01:00
@@ -103,16 +103,16 @@
goto error_nolock;
}
- spin_lock_bh(&x->lock);
- err = xfrm_state_check(x, skb);
- if (err)
- goto error;
-
if (x->props.mode) {
err = xfrm4_tunnel_check_size(skb);
if (err)
- goto error;
+ goto error_nolock;
}
+
+ spin_lock_bh(&x->lock);
+ err = xfrm_state_check(x, skb);
+ if (err)
+ goto error;
xfrm4_encap(skb);
diff -Nru a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
--- a/net/ipv6/xfrm6_output.c 2005-03-20 16:53:05 +01:00
+++ b/net/ipv6/xfrm6_output.c 2005-03-20 16:53:05 +01:00
@@ -103,16 +103,16 @@
goto error_nolock;
}
- spin_lock_bh(&x->lock);
- err = xfrm_state_check(x, skb);
- if (err)
- goto error;
-
if (x->props.mode) {
err = xfrm6_tunnel_check_size(skb);
if (err)
- goto error;
+ goto error_nolock;
}
+
+ spin_lock_bh(&x->lock);
+ err = xfrm_state_check(x, skb);
+ if (err)
+ goto error;
xfrm6_encap(skb);
next prev parent reply other threads:[~2005-04-05 16:51 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-05 16:45 [00/11] -stable review Greg KH
2005-04-05 16:46 ` [01/08] Fix Oops with ALSA timer event notification Greg KH
2005-04-05 16:46 ` Greg KH
2005-04-05 16:46 ` [02/08] Prevent race condition in jbd Greg KH
2005-04-05 16:46 ` [03/08] fix ia64 syscall auditing Greg KH
2005-04-05 16:46 ` Greg KH
2005-04-05 20:27 ` David Mosberger
2005-04-05 20:27 ` David Mosberger
2005-04-05 20:49 ` Greg KH
2005-04-05 20:49 ` Greg KH
2005-04-05 21:01 ` Randy.Dunlap
2005-04-05 21:01 ` Randy.Dunlap
2005-04-05 23:46 ` Ryan Anderson
2005-04-05 23:46 ` Ryan Anderson
2005-04-06 0:05 ` Greg KH
2005-04-06 0:05 ` Greg KH
2005-04-06 0:48 ` Dave Jones
2005-04-06 0:48 ` Dave Jones
2005-04-06 22:43 ` Andrew Morton
2005-04-06 22:43 ` Andrew Morton
2005-04-05 16:47 ` [04/08] I2C: Fix oops in eeprom driver Greg KH
2005-05-19 6:25 ` Greg KH
2005-04-05 16:47 ` Greg KH [this message]
2005-04-05 16:47 ` [06/08] rwsem fix Greg KH
2005-04-05 16:47 ` [07/08] [TCP] Fix BIC congestion avoidance algorithm error Greg KH
2005-04-05 18:22 ` Theodore Ts'o
2005-04-05 18:26 ` David S. Miller
2005-04-05 18:32 ` Stephen Hemminger
2005-04-05 16:48 ` [08/08] uml: va_copy fix Greg KH
2005-04-05 18:47 ` Renate Meijer
2005-04-05 18:53 ` Blaisorblade
2005-04-05 20:18 ` Renate Meijer
2005-04-06 11:32 ` Jörn Engel
2005-04-06 12:04 ` Renate Meijer
2005-04-06 12:27 ` Jörn Engel
2005-04-06 15:46 ` [stable] " Greg KH
2005-04-06 17:29 ` Renate Meijer
2005-04-06 17:33 ` Jörn Engel
2005-04-06 17:58 ` Renate Meijer
2005-04-06 18:13 ` Jörn Engel
2005-04-06 19:13 ` Blaisorblade
2005-04-06 19:09 ` Blaisorblade
2005-04-06 19:30 ` Jörn Engel
2005-04-07 9:16 ` Renate Meijer
2005-04-07 18:25 ` Blaisorblade
2005-04-05 17:28 ` [00/11] -stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050405164726.GF17299@kroah.com \
--to=gregkh@suse.de \
--cc=davem@davemloft.net \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.