Re: IPSec freeze - Patrick McHardy

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Beschorner Daniel <Daniel.Beschorner@facton.com>
Cc: netdev@vger.kernel.org, Eric Dumazet <dada1@cosmosbay.com>
Subject: Re: IPSec freeze
Date: Tue, 17 Jul 2007 18:10:13 +0200	[thread overview]
Message-ID: <469CE9E5.7040003@trash.net> (raw)
In-Reply-To: <469BB50C.10203@trash.net>

[-- Attachment #1: Type: text/plain, Size: 775 bytes --]

Patrick McHardy wrote:
> Beschorner Daniel wrote:
>   
>>> I managed to reproduce a crash with ipcomp, will try to fix it later.
>>>       
>> Yes, I can confirm this.
>> After disabling IPComp the crashes went away.
>>     
>
>
> The crash happens in xfrm_bundle_ok when walking the bundle upwards
> following xfrm_dst->u.next. The loop should be stopped when
> xfrm_dst->u.next == first (the topmost xfrm_dst), but it points to
> NULL instead. I'm pretty sure the attached patch is responsible,
> it breaks XFRM's assumption that dst->next and xfrm_dst->u.next are
> the same pointer and xfrm_dst now shares the next pointer with
> rcu_head.next in struct dst_entry.
>
> Eric, could you look into this please?

I fixed it myself. Daniel, can you please test this patch?




[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1543 bytes --]

[XFRM]: Fix crash introduced by struct dst_entry reordering

XFRM expects xfrm_dst->u.next to be same pointer as dst->next, which
was broken by the dst_entry reordering in commit 1e19e02c~, causing
an oops in xfrm_bundle_ok when walking the bundle upwards.

Kill xfrm_dst->u.next and change the only user to use dst->next instead.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 20c2fee8cc562817f11752e1d87350d5994fa098
tree f42318b847e962aa637136e94722a688c231111a
parent 308ac1b6249226730b70fcf7c13a289c27ce2bf3
author Patrick McHardy <kaber@trash.net> Tue, 17 Jul 2007 18:11:29 +0200
committer Patrick McHardy <kaber@trash.net> Tue, 17 Jul 2007 18:11:29 +0200

 include/net/xfrm.h     |    1 -
 net/xfrm/xfrm_policy.c |    2 +-
 2 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index ae959e9..a5f80bf 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -585,7 +585,6 @@ static inline int xfrm_sec_ctx_match(struct xfrm_sec_ctx *s1, struct xfrm_sec_ct
 struct xfrm_dst
 {
 	union {
-		struct xfrm_dst		*next;
 		struct dst_entry	dst;
 		struct rtable		rt;
 		struct rt6_info		rt6;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 157bfbd..b48f06f 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2141,7 +2141,7 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
 		if (last == first)
 			break;
 
-		last = last->u.next;
+		last = (struct xfrm_dst *)last->u.dst.next;
 		last->child_mtu_cached = mtu;
 	}

next prev parent reply	other threads:[~2007-07-17 16:13 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-15  6:29 IPSec freeze Beschorner Daniel
2007-07-15 15:00 ` Patrick McHardy
2007-07-16  8:27   ` Beschorner Daniel
2007-07-16 13:09     ` Beschorner Daniel
2007-07-16 13:17       ` Patrick McHardy
2007-07-16 13:26         ` Beschorner Daniel
2007-07-16 14:07           ` Patrick McHardy
2007-07-16 14:17             ` Beschorner Daniel
2007-07-16 14:58               ` Patrick McHardy
2007-07-16 14:59                 ` Patrick McHardy
2007-07-16 15:18                 ` Patrick McHardy
2007-07-16 15:36                   ` Beschorner Daniel
2007-07-16 18:12                     ` Patrick McHardy
2007-07-17 16:10                       ` Patrick McHardy [this message]
2007-07-17 19:03                         ` Beschorner Daniel
2007-07-17 21:45                           ` Patrick McHardy
2007-07-18 12:21                             ` pmtu discovery on SA Beschorner Daniel
2007-07-18 13:14                               ` Patrick McHardy
2007-07-18 16:13                                 ` Beschorner Daniel
2007-07-18 16:27                                   ` Patrick McHardy
2007-07-18 16:56                                     ` Mika Penttilä
2007-07-18 18:27                                       ` Patrick McHardy
2007-07-18 18:39                                         ` Mika Penttilä
2007-07-18 18:41                                           ` Patrick McHardy
2007-07-18 18:47                                             ` Mika Penttilä
2007-07-19 15:51                                     ` Beschorner Daniel
2007-07-18  8:58                           ` IPSec freeze David Miller
2007-07-18  8:58                         ` David Miller
  -- strict thread matches above, loose matches on Subject: below --
2007-07-16 16:49 Beschorner Daniel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ae959e9 dfblob:a5f80bf dfblob:157bfbd dfblob:b48f06f )
 OR (
bs:"Re: IPSec freeze" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=469CE9E5.7040003@trash.net \
    --to=kaber@trash.net \
    --cc=Daniel.Beschorner@facton.com \
    --cc=dada1@cosmosbay.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).