From: David Miller <davem@davemloft.net>
To: herbert@gondor.apana.org.au
Cc: pupilla@hotmail.com, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org
Subject: Re: [IPSEC]: Use the correct ip_local_out function
Date: Tue, 20 May 2008 14:32:38 -0700 (PDT) [thread overview]
Message-ID: <20080520.143238.87085088.davem@davemloft.net> (raw)
In-Reply-To: <20080520092511.GA9005@gondor.apana.org.au>
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue, 20 May 2008 17:25:11 +0800
> On Wed, May 14, 2008 at 10:19:57AM +0200, Marco Berizzi wrote:
> >
> > I hope this helps.
>
> OK found the problem, it was my fault after all :)
>
> Dave, this patch needs to go into stable too.
>
> [IPSEC]: Use the correct ip_local_out function
>
> Because the IPsec output function xfrm_output_resume does its
> own dst_output call it should always call __ip_local_output
> instead of ip_local_output as the latter may invoke dst_output
> directly. Otherwise the return values from nf_hook and dst_output
> may clash as they both use the value 1 but for different purposes.
>
> When that clash occurs this can cause a packet to be used after
> it has been freed which usually leads to a crash. Because the
> offending value is only returned from dst_output with qdiscs
> such as HTB, this bug is normally not visible.
>
> Thanks to Marco Berizzi for his perseverance in tracking this
> down.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Applied and queued to -stable, thanks!
next prev parent reply other threads:[~2008-05-20 21:32 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <BAY103-DAV11F874912A45144805FC26B2DE0@phx.gbl>
2008-04-28 9:42 ` 2.6.25 crash: EIP: [<c02e2f14>] xfrm_output_resume+0x64/0x100 ss:esp 0068:c03a1e5c David Miller
2008-04-28 10:18 ` Marco Berizzi
2008-04-29 14:37 ` Marco Berizzi
2008-05-02 12:02 ` Herbert Xu
2008-05-02 12:26 ` Marco Berizzi
2008-05-06 10:44 ` Marco Berizzi
2008-05-09 9:50 ` Marco Berizzi
2008-05-09 10:25 ` Herbert Xu
2008-05-09 10:28 ` Marco Berizzi
2008-05-09 11:11 ` Ingo Molnar
2008-05-12 7:14 ` Marco Berizzi
2008-05-12 7:46 ` Herbert Xu
2008-05-12 8:24 ` Marco Berizzi
2008-05-12 15:06 ` Marco Berizzi
2008-05-12 16:10 ` Marco Berizzi
2008-05-14 8:19 ` Marco Berizzi
2008-05-14 12:03 ` Marco Berizzi
2008-05-14 12:21 ` Herbert Xu
2008-05-14 12:32 ` Marco Berizzi
2008-05-20 9:25 ` [IPSEC]: Use the correct ip_local_out function Herbert Xu
2008-05-20 10:18 ` Marco Berizzi
2008-05-20 21:32 ` David Miller [this message]
2008-05-27 9:04 ` Marco Berizzi
2008-06-07 20:27 ` [patch 00/50] 2.6.25.6 -stable review Marco Berizzi
2008-06-07 20:43 ` Willy Tarreau
2008-06-08 11:56 ` Marco Berizzi
2008-06-08 12:36 ` Willy Tarreau
2008-06-08 14:10 ` David Miller
2008-06-08 14:19 ` Willy Tarreau
2008-06-08 15:38 ` Jay Cliburn
2008-06-08 16:06 ` Willy Tarreau
2008-06-08 20:07 ` Jeff Garzik
2008-06-09 2:26 ` David Miller
2008-05-05 14:01 ` 2.6.25 crash: EIP: [<c02e2f14>] xfrm_output_resume+0x64/0x100 ss:esp 0068:c03a1e5c Marco Berizzi
2008-04-30 15:15 ` Herbert Xu
2008-04-30 15:38 ` Marco Berizzi
2008-05-01 11:53 ` Herbert Xu
2008-05-01 12:59 ` Marco Berizzi
2008-05-01 14:09 ` Herbert Xu
2008-05-01 19:14 ` Marco Berizzi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080520.143238.87085088.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pupilla@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).