diff options
| author | Yan, Zheng <zheng.z.yan@intel.com> | 2011-09-29 13:10:10 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-10-04 23:31:24 -0400 |
| commit | 260fcbeb1ae9e768a44c9925338fbacb0d7e5ba9 (patch) | |
| tree | 741dea73d68eca24c8d515bb7091cbedb77192a4 | |
| parent | cb2d0f3e968bff7c6d262aca3e3ab8d4184e69b2 (diff) | |
tcp: properly handle md5sig_pool references
tcp_v4_clear_md5_list() assumes that multiple tcp md5sig peers
only hold one reference to md5sig_pool. but tcp_v4_md5_do_add()
increases use count of md5sig_pool for each peer. This patch
makes tcp_v4_md5_do_add() only increases use count for the first
tcp md5sig peer.
Signed-off-by: Zheng Yan <zheng.z.yan@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 11 | ||||
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 8 |
2 files changed, 12 insertions, 7 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index c34f01513945..7963e03f1068 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -927,18 +927,21 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr, | |||
| 927 | } | 927 | } |
| 928 | sk_nocaps_add(sk, NETIF_F_GSO_MASK); | 928 | sk_nocaps_add(sk, NETIF_F_GSO_MASK); |
| 929 | } | 929 | } |
| 930 | if (tcp_alloc_md5sig_pool(sk) == NULL) { | 930 | |
| 931 | md5sig = tp->md5sig_info; | ||
| 932 | if (md5sig->entries4 == 0 && | ||
| 933 | tcp_alloc_md5sig_pool(sk) == NULL) { | ||
| 931 | kfree(newkey); | 934 | kfree(newkey); |
| 932 | return -ENOMEM; | 935 | return -ENOMEM; |
| 933 | } | 936 | } |
| 934 | md5sig = tp->md5sig_info; | ||
| 935 | 937 | ||
| 936 | if (md5sig->alloced4 == md5sig->entries4) { | 938 | if (md5sig->alloced4 == md5sig->entries4) { |
| 937 | keys = kmalloc((sizeof(*keys) * | 939 | keys = kmalloc((sizeof(*keys) * |
| 938 | (md5sig->entries4 + 1)), GFP_ATOMIC); | 940 | (md5sig->entries4 + 1)), GFP_ATOMIC); |
| 939 | if (!keys) { | 941 | if (!keys) { |
| 940 | kfree(newkey); | 942 | kfree(newkey); |
| 941 | tcp_free_md5sig_pool(); | 943 | if (md5sig->entries4 == 0) |
| 944 | tcp_free_md5sig_pool(); | ||
| 942 | return -ENOMEM; | 945 | return -ENOMEM; |
| 943 | } | 946 | } |
| 944 | 947 | ||
| @@ -982,6 +985,7 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr) | |||
| 982 | kfree(tp->md5sig_info->keys4); | 985 | kfree(tp->md5sig_info->keys4); |
| 983 | tp->md5sig_info->keys4 = NULL; | 986 | tp->md5sig_info->keys4 = NULL; |
| 984 | tp->md5sig_info->alloced4 = 0; | 987 | tp->md5sig_info->alloced4 = 0; |
| 988 | tcp_free_md5sig_pool(); | ||
| 985 | } else if (tp->md5sig_info->entries4 != i) { | 989 | } else if (tp->md5sig_info->entries4 != i) { |
| 986 | /* Need to do some manipulation */ | 990 | /* Need to do some manipulation */ |
| 987 | memmove(&tp->md5sig_info->keys4[i], | 991 | memmove(&tp->md5sig_info->keys4[i], |
| @@ -989,7 +993,6 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr) | |||
| 989 | (tp->md5sig_info->entries4 - i) * | 993 | (tp->md5sig_info->entries4 - i) * |
| 990 | sizeof(struct tcp4_md5sig_key)); | 994 | sizeof(struct tcp4_md5sig_key)); |
| 991 | } | 995 | } |
| 992 | tcp_free_md5sig_pool(); | ||
| 993 | return 0; | 996 | return 0; |
| 994 | } | 997 | } |
| 995 | } | 998 | } |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 79cc6469508d..7b8fc5794352 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -591,7 +591,8 @@ static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer, | |||
| 591 | } | 591 | } |
| 592 | sk_nocaps_add(sk, NETIF_F_GSO_MASK); | 592 | sk_nocaps_add(sk, NETIF_F_GSO_MASK); |
| 593 | } | 593 | } |
| 594 | if (tcp_alloc_md5sig_pool(sk) == NULL) { | 594 | if (tp->md5sig_info->entries6 == 0 && |
| 595 | tcp_alloc_md5sig_pool(sk) == NULL) { | ||
| 595 | kfree(newkey); | 596 | kfree(newkey); |
| 596 | return -ENOMEM; | 597 | return -ENOMEM; |
| 597 | } | 598 | } |
| @@ -600,8 +601,9 @@ static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer, | |||
| 600 | (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); | 601 | (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); |
| 601 | 602 | ||
| 602 | if (!keys) { | 603 | if (!keys) { |
| 603 | tcp_free_md5sig_pool(); | ||
| 604 | kfree(newkey); | 604 | kfree(newkey); |
| 605 | if (tp->md5sig_info->entries6 == 0) | ||
| 606 | tcp_free_md5sig_pool(); | ||
| 605 | return -ENOMEM; | 607 | return -ENOMEM; |
| 606 | } | 608 | } |
| 607 | 609 | ||
| @@ -647,6 +649,7 @@ static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer) | |||
| 647 | kfree(tp->md5sig_info->keys6); | 649 | kfree(tp->md5sig_info->keys6); |
| 648 | tp->md5sig_info->keys6 = NULL; | 650 | tp->md5sig_info->keys6 = NULL; |
| 649 | tp->md5sig_info->alloced6 = 0; | 651 | tp->md5sig_info->alloced6 = 0; |
| 652 | tcp_free_md5sig_pool(); | ||
| 650 | } else { | 653 | } else { |
| 651 | /* shrink the database */ | 654 | /* shrink the database */ |
| 652 | if (tp->md5sig_info->entries6 != i) | 655 | if (tp->md5sig_info->entries6 != i) |
| @@ -655,7 +658,6 @@ static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer) | |||
| 655 | (tp->md5sig_info->entries6 - i) | 658 | (tp->md5sig_info->entries6 - i) |
| 656 | * sizeof (tp->md5sig_info->keys6[0])); | 659 | * sizeof (tp->md5sig_info->keys6[0])); |
| 657 | } | 660 | } |
| 658 | tcp_free_md5sig_pool(); | ||
| 659 | return 0; | 661 | return 0; |
| 660 | } | 662 | } |
| 661 | } | 663 | } |