aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/esp6.c
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-11-14 00:45:58 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:53:52 -0500
commit0ebea8ef3559b545c37b016f44e84c3b33e47c39 (patch)
tree7a47787c1b830084ac2d36371490b9e2574e2472 /net/ipv6/esp6.c
parent668dc8af3150f837f7f0461001bbbc0ce25d7bdf (diff)
[IPSEC]: Move state lock into x->type->input
This patch releases the lock on the state before calling x->type->input. It also adds the lock to the spots where they're currently needed. Most of those places (all except mip6) are expected to disappear with async crypto. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/esp6.c')
-rw-r--r--net/ipv6/esp6.c37
1 files changed, 23 insertions, 14 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 096974ba6420..5bd5292ad9fa 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -165,30 +165,32 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
165 goto out; 165 goto out;
166 } 166 }
167 167
168 if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
169 ret = -EINVAL;
170 goto out;
171 }
172
173 skb->ip_summed = CHECKSUM_NONE;
174
175 spin_lock(&x->lock);
176
168 /* If integrity check is required, do this. */ 177 /* If integrity check is required, do this. */
169 if (esp->auth.icv_full_len) { 178 if (esp->auth.icv_full_len) {
170 u8 sum[alen]; 179 u8 sum[alen];
171 180
172 ret = esp_mac_digest(esp, skb, 0, skb->len - alen); 181 ret = esp_mac_digest(esp, skb, 0, skb->len - alen);
173 if (ret) 182 if (ret)
174 goto out; 183 goto unlock;
175 184
176 if (skb_copy_bits(skb, skb->len - alen, sum, alen)) 185 if (skb_copy_bits(skb, skb->len - alen, sum, alen))
177 BUG(); 186 BUG();
178 187
179 if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) { 188 if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
180 ret = -EBADMSG; 189 ret = -EBADMSG;
181 goto out; 190 goto unlock;
182 } 191 }
183 } 192 }
184 193
185 if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
186 ret = -EINVAL;
187 goto out;
188 }
189
190 skb->ip_summed = CHECKSUM_NONE;
191
192 esph = (struct ip_esp_hdr *)skb->data; 194 esph = (struct ip_esp_hdr *)skb->data;
193 iph = ipv6_hdr(skb); 195 iph = ipv6_hdr(skb);
194 196
@@ -197,15 +199,13 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
197 crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen); 199 crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen);
198 200
199 { 201 {
200 u8 nexthdr[2];
201 struct scatterlist *sg = &esp->sgbuf[0]; 202 struct scatterlist *sg = &esp->sgbuf[0];
202 u8 padlen;
203 203
204 if (unlikely(nfrags > ESP_NUM_FAST_SG)) { 204 if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
205 sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC); 205 sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
206 if (!sg) { 206 if (!sg) {
207 ret = -ENOMEM; 207 ret = -ENOMEM;
208 goto out; 208 goto unlock;
209 } 209 }
210 } 210 }
211 sg_init_table(sg, nfrags); 211 sg_init_table(sg, nfrags);
@@ -215,8 +215,17 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
215 ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen); 215 ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
216 if (unlikely(sg != &esp->sgbuf[0])) 216 if (unlikely(sg != &esp->sgbuf[0]))
217 kfree(sg); 217 kfree(sg);
218 if (unlikely(ret)) 218 }
219 goto out; 219
220unlock:
221 spin_unlock(&x->lock);
222
223 if (unlikely(ret))
224 goto out;
225
226 {
227 u8 nexthdr[2];
228 u8 padlen;
220 229
221 if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) 230 if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
222 BUG(); 231 BUG();
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-30 05:23:27 -0400