aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-10-09 16:33:35 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:55:03 -0400
commitb7c6538cd84f8072fad43bfce530f5bf695edbba (patch)
treee0ba79ffe7b79355985a45de9961b17a0462764f /net/ipv6
parent050f009e16f908932070313c1745d09dc69fd62b (diff)
[IPSEC]: Move state lock into x->type->output
This patch releases the lock on the state before calling x->type->output. It also adds the lock to the spots where they're currently needed. Most of those places (all except mip6) are expected to disappear with async crypto. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/ah6.c9
-rw-r--r--net/ipv6/esp6.c10
-rw-r--r--net/ipv6/mip6.c4
3 files changed, 18 insertions, 5 deletions
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index ff904a711f3a..c51d77564b44 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -29,6 +29,7 @@
29#include <net/ah.h> 29#include <net/ah.h>
30#include <linux/crypto.h> 30#include <linux/crypto.h>
31#include <linux/pfkeyv2.h> 31#include <linux/pfkeyv2.h>
32#include <linux/spinlock.h>
32#include <linux/string.h> 33#include <linux/string.h>
33#include <net/icmp.h> 34#include <net/icmp.h>
34#include <net/ipv6.h> 35#include <net/ipv6.h>
@@ -284,12 +285,14 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb)
284 ah->reserved = 0; 285 ah->reserved = 0;
285 ah->spi = x->id.spi; 286 ah->spi = x->id.spi;
286 ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq); 287 ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
288
289 spin_lock_bh(&x->lock);
287 err = ah_mac_digest(ahp, skb, ah->auth_data); 290 err = ah_mac_digest(ahp, skb, ah->auth_data);
288 if (err)
289 goto error_free_iph;
290 memcpy(ah->auth_data, ahp->work_icv, ahp->icv_trunc_len); 291 memcpy(ah->auth_data, ahp->work_icv, ahp->icv_trunc_len);
292 spin_unlock_bh(&x->lock);
291 293
292 err = 0; 294 if (err)
295 goto error_free_iph;
293 296
294 memcpy(top_iph, tmp_base, sizeof(tmp_base)); 297 memcpy(top_iph, tmp_base, sizeof(tmp_base));
295 if (tmp_ext) { 298 if (tmp_ext) {
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 9fc19400b851..7355bb0345e2 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -34,6 +34,7 @@
34#include <linux/kernel.h> 34#include <linux/kernel.h>
35#include <linux/pfkeyv2.h> 35#include <linux/pfkeyv2.h>
36#include <linux/random.h> 36#include <linux/random.h>
37#include <linux/spinlock.h>
37#include <net/icmp.h> 38#include <net/icmp.h>
38#include <net/ipv6.h> 39#include <net/ipv6.h>
39#include <net/protocol.h> 40#include <net/protocol.h>
@@ -98,6 +99,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
98 esph->spi = x->id.spi; 99 esph->spi = x->id.spi;
99 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); 100 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
100 101
102 spin_lock_bh(&x->lock);
103
101 if (esp->conf.ivlen) { 104 if (esp->conf.ivlen) {
102 if (unlikely(!esp->conf.ivinitted)) { 105 if (unlikely(!esp->conf.ivinitted)) {
103 get_random_bytes(esp->conf.ivec, esp->conf.ivlen); 106 get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
@@ -112,7 +115,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
112 if (unlikely(nfrags > ESP_NUM_FAST_SG)) { 115 if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
113 sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC); 116 sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
114 if (!sg) 117 if (!sg)
115 goto error; 118 goto unlock;
116 } 119 }
117 skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen); 120 skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
118 err = crypto_blkcipher_encrypt(&desc, sg, sg, clen); 121 err = crypto_blkcipher_encrypt(&desc, sg, sg, clen);
@@ -121,7 +124,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
121 } while (0); 124 } while (0);
122 125
123 if (unlikely(err)) 126 if (unlikely(err))
124 goto error; 127 goto unlock;
125 128
126 if (esp->conf.ivlen) { 129 if (esp->conf.ivlen) {
127 memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen); 130 memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen);
@@ -134,6 +137,9 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
134 memcpy(pskb_put(skb, trailer, alen), esp->auth.work_icv, alen); 137 memcpy(pskb_put(skb, trailer, alen), esp->auth.work_icv, alen);
135 } 138 }
136 139
140unlock:
141 spin_unlock_bh(&x->lock);
142
137error: 143error:
138 return err; 144 return err;
139} 145}
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index 7261c29898cb..6475baca63d2 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -172,7 +172,9 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb)
172 len = ((char *)hao - (char *)dstopt) + sizeof(*hao); 172 len = ((char *)hao - (char *)dstopt) + sizeof(*hao);
173 173
174 memcpy(&hao->addr, &iph->saddr, sizeof(hao->addr)); 174 memcpy(&hao->addr, &iph->saddr, sizeof(hao->addr));
175 spin_lock_bh(&x->lock);
175 memcpy(&iph->saddr, x->coaddr, sizeof(iph->saddr)); 176 memcpy(&iph->saddr, x->coaddr, sizeof(iph->saddr));
177 spin_unlock_bh(&x->lock);
176 178
177 BUG_TRAP(len == x->props.header_len); 179 BUG_TRAP(len == x->props.header_len);
178 dstopt->hdrlen = (x->props.header_len >> 3) - 1; 180 dstopt->hdrlen = (x->props.header_len >> 3) - 1;
@@ -381,7 +383,9 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb)
381 BUG_TRAP(rt2->rt_hdr.hdrlen == 2); 383 BUG_TRAP(rt2->rt_hdr.hdrlen == 2);
382 384
383 memcpy(&rt2->addr, &iph->daddr, sizeof(rt2->addr)); 385 memcpy(&rt2->addr, &iph->daddr, sizeof(rt2->addr));
386 spin_lock_bh(&x->lock);
384 memcpy(&iph->daddr, x->coaddr, sizeof(iph->daddr)); 387 memcpy(&iph->daddr, x->coaddr, sizeof(iph->daddr));
388 spin_unlock_bh(&x->lock);
385 389
386 return 0; 390 return 0;
387} 391}