aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-03-21 01:40:54 -0500
committerDavid S. Miller <davem@davemloft.net>2006-03-21 01:40:54 -0500
commitbe33690d8fcf40377f16193c463681170eb6b295 (patch)
tree08c7be2ba1d046fca40bbb1d3ddac789b393ecc9 /include/net
parent15d99e02babae8bc20b836917ace07d93e318149 (diff)
[XFRM]: Fix aevent related crash
When xfrm_user isn't loaded xfrm_nl is NULL, which makes IPsec crash because xfrm_aevent_is_on passes the NULL pointer to netlink_has_listeners as socket. A second problem is that the xfrm_nl pointer is not cleared when the socket is releases at module unload time. Protect references of xfrm_nl from outside of xfrm_user by RCU, check that the socket is present in xfrm_aevent_is_on and set it to NULL when unloading xfrm_user. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/xfrm.h10
1 files changed, 9 insertions, 1 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 786371365f2b..61b7504fc2ba 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1001,7 +1001,15 @@ static inline int xfrm_policy_id2dir(u32 index)
1001 1001
1002static inline int xfrm_aevent_is_on(void) 1002static inline int xfrm_aevent_is_on(void)
1003{ 1003{
1004 return netlink_has_listeners(xfrm_nl,XFRMNLGRP_AEVENTS); 1004 struct sock *nlsk;
1005 int ret = 0;
1006
1007 rcu_read_lock();
1008 nlsk = rcu_dereference(xfrm_nl);
1009 if (nlsk)
1010 ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS);
1011 rcu_read_unlock();
1012 return ret;
1005} 1013}
1006 1014
1007static inline void xfrm_aevent_doreplay(struct xfrm_state *x) 1015static inline void xfrm_aevent_doreplay(struct xfrm_state *x)