[IPSEC]: Move state lock into x->type->input

This patch releases the lock on the state before calling
x->type->input.  It also adds the lock to the spots where they're
currently needed.

Most of those places (all except mip6) are expected to disappear with
async crypto.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 10 insertions, 4 deletions

diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index a989d29b44ea..d76803a3dcae 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -169,6 +169,8 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
                 if (ip_clear_mutable_options(iph, &dummy))
                         goto out;
         }
+
+        spin_lock(&x->lock);
         {
                 u8 auth_data[MAX_AH_AUTH_LEN];
 
@@ -176,12 +178,16 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
                 skb_push(skb, ihl);
                 err = ah_mac_digest(ahp, skb, ah->auth_data);
                 if (err)
-                        goto out;
-                if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {
+                        goto unlock;
+                if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len))
                         err = -EBADMSG;
-                        goto out;
-                }
         }
+unlock:
+        spin_unlock(&x->lock);
+
+        if (err)
+                goto out;
+
         skb->network_header += ah_hlen;
         memcpy(skb_network_header(skb), work_buf, ihl);
         skb->transport_header = skb->network_header;