diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2010-05-16 03:34:04 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-05-16 03:34:04 -0400 |
commit | 35790c0421121364883a167bab8a2e37e1f67f78 (patch) | |
tree | a3e032a9ba6bb77337176bef407d7408d6a10a4d /net/ipv4 | |
parent | d77f873fdd21912803836da78f627d2efd267082 (diff) |
tcp: fix MD5 (RFC2385) support
TCP MD5 support uses percpu data for temporary storage. It currently
disables preemption so that same storage cannot be reclaimed by another
thread on same cpu.
We also have to make sure a softirq handler wont try to use also same
context. Various bug reports demonstrated corruptions.
Fix is to disable preemption and BH.
Reported-by: Bhaskar Dutta <bhaskie@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/tcp.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 0f8caf64caa3..296150b2a62f 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c | |||
@@ -2839,7 +2839,6 @@ static void __tcp_free_md5sig_pool(struct tcp_md5sig_pool * __percpu *pool) | |||
2839 | if (p->md5_desc.tfm) | 2839 | if (p->md5_desc.tfm) |
2840 | crypto_free_hash(p->md5_desc.tfm); | 2840 | crypto_free_hash(p->md5_desc.tfm); |
2841 | kfree(p); | 2841 | kfree(p); |
2842 | p = NULL; | ||
2843 | } | 2842 | } |
2844 | } | 2843 | } |
2845 | free_percpu(pool); | 2844 | free_percpu(pool); |
@@ -2937,25 +2936,40 @@ retry: | |||
2937 | 2936 | ||
2938 | EXPORT_SYMBOL(tcp_alloc_md5sig_pool); | 2937 | EXPORT_SYMBOL(tcp_alloc_md5sig_pool); |
2939 | 2938 | ||
2940 | struct tcp_md5sig_pool *__tcp_get_md5sig_pool(int cpu) | 2939 | |
2940 | /** | ||
2941 | * tcp_get_md5sig_pool - get md5sig_pool for this user | ||
2942 | * | ||
2943 | * We use percpu structure, so if we succeed, we exit with preemption | ||
2944 | * and BH disabled, to make sure another thread or softirq handling | ||
2945 | * wont try to get same context. | ||
2946 | */ | ||
2947 | struct tcp_md5sig_pool *tcp_get_md5sig_pool(void) | ||
2941 | { | 2948 | { |
2942 | struct tcp_md5sig_pool * __percpu *p; | 2949 | struct tcp_md5sig_pool * __percpu *p; |
2943 | spin_lock_bh(&tcp_md5sig_pool_lock); | 2950 | |
2951 | local_bh_disable(); | ||
2952 | |||
2953 | spin_lock(&tcp_md5sig_pool_lock); | ||
2944 | p = tcp_md5sig_pool; | 2954 | p = tcp_md5sig_pool; |
2945 | if (p) | 2955 | if (p) |
2946 | tcp_md5sig_users++; | 2956 | tcp_md5sig_users++; |
2947 | spin_unlock_bh(&tcp_md5sig_pool_lock); | 2957 | spin_unlock(&tcp_md5sig_pool_lock); |
2948 | return (p ? *per_cpu_ptr(p, cpu) : NULL); | 2958 | |
2949 | } | 2959 | if (p) |
2960 | return *per_cpu_ptr(p, smp_processor_id()); | ||
2950 | 2961 | ||
2951 | EXPORT_SYMBOL(__tcp_get_md5sig_pool); | 2962 | local_bh_enable(); |
2963 | return NULL; | ||
2964 | } | ||
2965 | EXPORT_SYMBOL(tcp_get_md5sig_pool); | ||
2952 | 2966 | ||
2953 | void __tcp_put_md5sig_pool(void) | 2967 | void tcp_put_md5sig_pool(void) |
2954 | { | 2968 | { |
2969 | local_bh_enable(); | ||
2955 | tcp_free_md5sig_pool(); | 2970 | tcp_free_md5sig_pool(); |
2956 | } | 2971 | } |
2957 | 2972 | EXPORT_SYMBOL(tcp_put_md5sig_pool); | |
2958 | EXPORT_SYMBOL(__tcp_put_md5sig_pool); | ||
2959 | 2973 | ||
2960 | int tcp_md5_hash_header(struct tcp_md5sig_pool *hp, | 2974 | int tcp_md5_hash_header(struct tcp_md5sig_pool *hp, |
2961 | struct tcphdr *th) | 2975 | struct tcphdr *th) |