netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [IPSEC]: Do xfrm_state_check_space before encapsulation
       [not found] <4768A7CA.4090503@taca.jp>
@ 2007-12-19  6:12 ` Herbert Xu
  2007-12-19  6:14   ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: Herbert Xu @ 2007-12-19  6:12 UTC (permalink / raw)
  To: Kazunori MIYAZAWA; +Cc: David Miller, usagi-core, netdev

On Wed, Dec 19, 2007 at 02:10:34PM +0900, Kazunori MIYAZAWA wrote:
>
> Dec 19 11:31:44 hawaii kernel: ip6_rcv_finish: head=f7505000(**)
> Dec 19 11:31:44 hawaii kernel: ip6_rcv_finish: data=f7505020(**)
> Dec 19 11:31:44 hawaii kernel: xfrm6_tunnel_output: head=f7505000
> Dec 19 11:31:44 hawaii kernel: xfrm6_tunnel_output: data=f7505020

Sorry I introduced this bug when I moved the encapsulation output
function to the top of the loop.  Here's the fix.

[IPSEC]: Do xfrm_state_check_space before encapsulation

While merging the IPsec output path I moved the encapsulation output
operation to the top of the loop so that it sits outside of the locked
section.  Unfortunately in doing so it now sits in front of the space
check as well which could be a fatal error.

This patch rearranges the calls so that the space check happens as
the thing on the output path.

This patch also fixes an incorrect goto should the encapsulation output
fail.

Thanks to Kazunori MIYAZAWA for finding this bug.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 3c277a4..26fa0cb 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -33,16 +33,6 @@ static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
 	return 0;
 }
 
-static int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
-{
-	int err = xfrm_state_check_expire(x);
-	if (err < 0)
-		goto err;
-	err = xfrm_state_check_space(x, skb);
-err:
-	return err;
-}
-
 static int xfrm_output_one(struct sk_buff *skb, int err)
 {
 	struct dst_entry *dst = skb->dst;
@@ -52,12 +42,16 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
 		goto resume;
 
 	do {
+		err = xfrm_state_check_space(x, skb);
+		if (err)
+			goto error_nolock;
+
 		err = x->outer_mode->output(x, skb);
 		if (err)
-			goto error;
+			goto error_nolock;
 
 		spin_lock_bh(&x->lock);
-		err = xfrm_state_check(x, skb);
+		err = xfrm_state_check_expire(x);
 		if (err)
 			goto error;
 
Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [IPSEC]: Do xfrm_state_check_space before encapsulation
  2007-12-19  6:12 ` [IPSEC]: Do xfrm_state_check_space before encapsulation Herbert Xu
@ 2007-12-19  6:14   ` David Miller
  2007-12-19 13:23     ` (usagi-core 34069) " Kazunori MIAZAWA
  0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2007-12-19  6:14 UTC (permalink / raw)
  To: herbert; +Cc: miyazawa, usagi-core, netdev

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Wed, 19 Dec 2007 14:12:10 +0800

> [IPSEC]: Do xfrm_state_check_space before encapsulation
> 
> While merging the IPsec output path I moved the encapsulation output
> operation to the top of the loop so that it sits outside of the locked
> section.  Unfortunately in doing so it now sits in front of the space
> check as well which could be a fatal error.
> 
> This patch rearranges the calls so that the space check happens as
> the thing on the output path.
> 
> This patch also fixes an incorrect goto should the encapsulation output
> fail.
> 
> Thanks to Kazunori MIYAZAWA for finding this bug.
> 
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied, thanks Herbert.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: (usagi-core 34069) Re: [IPSEC]: Do xfrm_state_check_space before encapsulation
  2007-12-19  6:14   ` David Miller
@ 2007-12-19 13:23     ` Kazunori MIAZAWA
  0 siblings, 0 replies; 3+ messages in thread
From: Kazunori MIAZAWA @ 2007-12-19 13:23 UTC (permalink / raw)
  To: usagi-core; +Cc: herbert, miyazawa, netdev

David Miller wrote:
> From: Herbert Xu <herbert@gondor.apana.org.au>
> Date: Wed, 19 Dec 2007 14:12:10 +0800
> 
>> [IPSEC]: Do xfrm_state_check_space before encapsulation
>>
>> While merging the IPsec output path I moved the encapsulation output
>> operation to the top of the loop so that it sits outside of the locked
>> section.  Unfortunately in doing so it now sits in front of the space
>> check as well which could be a fatal error.
>>
>> This patch rearranges the calls so that the space check happens as
>> the thing on the output path.
>>
>> This patch also fixes an incorrect goto should the encapsulation output
>> fail.
>>
>> Thanks to Kazunori MIYAZAWA for finding this bug.
>>
>> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> Applied, thanks Herbert.
> 
> 

Thank you for your quick response :-)

--
Kazunori Miyazawa


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-12-19 13:23 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <4768A7CA.4090503@taca.jp>
2007-12-19  6:12 ` [IPSEC]: Do xfrm_state_check_space before encapsulation Herbert Xu
2007-12-19  6:14   ` David Miller
2007-12-19 13:23     ` (usagi-core 34069) " Kazunori MIAZAWA

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).