aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorWei Yongjun <yjwei@cn.fujitsu.com>2011-03-21 21:08:28 -0400
committerDavid S. Miller <davem@davemloft.net>2011-03-21 21:08:28 -0400
commita454f0ccefbfdbfc0e1aa8a5f8010af5e48b8845 (patch)
tree359fdf6dbff1494ffe3d5cc8861fb0c0b72cc831 /net
parent0e24d34a5b95226cfc335817aefd9cf9744e5659 (diff)
xfrm: Fix initialize repl field of struct xfrm_state
Commit 'xfrm: Move IPsec replay detection functions to a separate file' (9fdc4883d92d20842c5acea77a4a21bb1574b495) introduce repl field to struct xfrm_state, and only initialize it under SA's netlink create path, the other path, such as pf_key, ipcomp/ipcomp6 etc, the repl field remaining uninitialize. So if the SA is created by pf_key, any input packet with SA's encryption algorithm will cause panic. int xfrm_input() { ... x->repl->advance(x, seq); ... } This patch fixed it by introduce new function __xfrm_init_state(). Pid: 0, comm: swapper Not tainted 2.6.38-next+ #14 Bochs Bochs EIP: 0060:[<c078e5d5>] EFLAGS: 00010206 CPU: 0 EIP is at xfrm_input+0x31c/0x4cc EAX: dd839c00 EBX: 00000084 ECX: 00000000 EDX: 01000000 ESI: dd839c00 EDI: de3a0780 EBP: dec1de88 ESP: dec1de64 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process swapper (pid: 0, ti=dec1c000 task=c09c0f20 task.ti=c0992000) Stack: 00000000 00000000 00000002 c0ba27c0 00100000 01000000 de3a0798 c0ba27c0 00000033 dec1de98 c0786848 00000000 de3a0780 dec1dea4 c0786868 00000000 dec1debc c074ee56 e1da6b8c de3a0780 c074ed44 de3a07a8 dec1decc c074ef32 Call Trace: [<c0786848>] xfrm4_rcv_encap+0x22/0x27 [<c0786868>] xfrm4_rcv+0x1b/0x1d [<c074ee56>] ip_local_deliver_finish+0x112/0x1b1 [<c074ed44>] ? ip_local_deliver_finish+0x0/0x1b1 [<c074ef32>] NF_HOOK.clone.1+0x3d/0x44 [<c074ef77>] ip_local_deliver+0x3e/0x44 [<c074ed44>] ? ip_local_deliver_finish+0x0/0x1b1 [<c074ec03>] ip_rcv_finish+0x30a/0x332 [<c074e8f9>] ? ip_rcv_finish+0x0/0x332 [<c074ef32>] NF_HOOK.clone.1+0x3d/0x44 [<c074f188>] ip_rcv+0x20b/0x247 [<c074e8f9>] ? ip_rcv_finish+0x0/0x332 [<c072797d>] __netif_receive_skb+0x373/0x399 [<c0727bc1>] netif_receive_skb+0x4b/0x51 [<e0817e2a>] cp_rx_poll+0x210/0x2c4 [8139cp] [<c072818f>] net_rx_action+0x9a/0x17d [<c0445b5c>] __do_softirq+0xa1/0x149 [<c0445abb>] ? __do_softirq+0x0/0x149 Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/xfrm/xfrm_state.c15
-rw-r--r--net/xfrm/xfrm_user.c2
2 files changed, 15 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index d575f0534868..f83a3d1da81b 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1907,7 +1907,7 @@ int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1907 return res; 1907 return res;
1908} 1908}
1909 1909
1910int xfrm_init_state(struct xfrm_state *x) 1910int __xfrm_init_state(struct xfrm_state *x, bool init_replay)
1911{ 1911{
1912 struct xfrm_state_afinfo *afinfo; 1912 struct xfrm_state_afinfo *afinfo;
1913 struct xfrm_mode *inner_mode; 1913 struct xfrm_mode *inner_mode;
@@ -1980,12 +1980,25 @@ int xfrm_init_state(struct xfrm_state *x)
1980 if (x->outer_mode == NULL) 1980 if (x->outer_mode == NULL)
1981 goto error; 1981 goto error;
1982 1982
1983 if (init_replay) {
1984 err = xfrm_init_replay(x);
1985 if (err)
1986 goto error;
1987 }
1988
1983 x->km.state = XFRM_STATE_VALID; 1989 x->km.state = XFRM_STATE_VALID;
1984 1990
1985error: 1991error:
1986 return err; 1992 return err;
1987} 1993}
1988 1994
1995EXPORT_SYMBOL(__xfrm_init_state);
1996
1997int xfrm_init_state(struct xfrm_state *x)
1998{
1999 return __xfrm_init_state(x, true);
2000}
2001
1989EXPORT_SYMBOL(xfrm_init_state); 2002EXPORT_SYMBOL(xfrm_init_state);
1990 2003
1991int __net_init xfrm_state_init(struct net *net) 2004int __net_init xfrm_state_init(struct net *net)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 706385ae3e4b..fc152d28753c 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -511,7 +511,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
511 511
512 xfrm_mark_get(attrs, &x->mark); 512 xfrm_mark_get(attrs, &x->mark);
513 513
514 err = xfrm_init_state(x); 514 err = __xfrm_init_state(x, false);
515 if (err) 515 if (err)
516 goto error; 516 goto error;
517 517