diff options
author | Patrick McHardy <kaber@trash.net> | 2006-03-21 01:40:54 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-03-21 01:40:54 -0500 |
commit | be33690d8fcf40377f16193c463681170eb6b295 (patch) | |
tree | 08c7be2ba1d046fca40bbb1d3ddac789b393ecc9 /include/net/xfrm.h | |
parent | 15d99e02babae8bc20b836917ace07d93e318149 (diff) |
[XFRM]: Fix aevent related crash
When xfrm_user isn't loaded xfrm_nl is NULL, which makes IPsec crash because
xfrm_aevent_is_on passes the NULL pointer to netlink_has_listeners as socket.
A second problem is that the xfrm_nl pointer is not cleared when the socket
is releases at module unload time.
Protect references of xfrm_nl from outside of xfrm_user by RCU, check
that the socket is present in xfrm_aevent_is_on and set it to NULL
when unloading xfrm_user.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r-- | include/net/xfrm.h | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 786371365f2b..61b7504fc2ba 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -1001,7 +1001,15 @@ static inline int xfrm_policy_id2dir(u32 index) | |||
1001 | 1001 | ||
1002 | static inline int xfrm_aevent_is_on(void) | 1002 | static inline int xfrm_aevent_is_on(void) |
1003 | { | 1003 | { |
1004 | return netlink_has_listeners(xfrm_nl,XFRMNLGRP_AEVENTS); | 1004 | struct sock *nlsk; |
1005 | int ret = 0; | ||
1006 | |||
1007 | rcu_read_lock(); | ||
1008 | nlsk = rcu_dereference(xfrm_nl); | ||
1009 | if (nlsk) | ||
1010 | ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS); | ||
1011 | rcu_read_unlock(); | ||
1012 | return ret; | ||
1005 | } | 1013 | } |
1006 | 1014 | ||
1007 | static inline void xfrm_aevent_doreplay(struct xfrm_state *x) | 1015 | static inline void xfrm_aevent_doreplay(struct xfrm_state *x) |