6 files changed, 69 insertions, 33 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index a989d29b44ea..d76803a3dcae 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -169,6 +169,8 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
                if (ip_clear_mutable_options(iph, &dummy))
                        goto out;
        }
+        spin_lock(&x->lock);
        {
                u8 auth_data[MAX_AH_AUTH_LEN];
@@ -176,12 +178,16 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
                skb_push(skb, ihl);
                err = ah_mac_digest(ahp, skb, ah->auth_data);
                if (err)
-                        goto out;
+                        goto unlock;
-                if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {
+                if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len))
                        err = -EBADMSG;
-                        goto out;
-                }
        }
+unlock:
+        spin_unlock(&x->lock);
+        if (err)
+                goto out;
        skb->network_header += ah_hlen;
        memcpy(skb_network_header(skb), work_buf, ihl);
        skb->transport_header = skb->network_header;
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 3350a7d50669..28ea5c77ca23 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -171,29 +171,31 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
        if (elen <= 0 || (elen & (blksize-1)))
                goto out;
+        if ((err = skb_cow_data(skb, 0, &trailer)) < 0)
+                goto out;
+        nfrags = err;
+        skb->ip_summed = CHECKSUM_NONE;
+        spin_lock(&x->lock);
        /* If integrity check is required, do this. */
        if (esp->auth.icv_full_len) {
                u8 sum[alen];
                err = esp_mac_digest(esp, skb, 0, skb->len - alen);
                if (err)
-                        goto out;
+                        goto unlock;
                if (skb_copy_bits(skb, skb->len - alen, sum, alen))
                        BUG();
                if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
                        err = -EBADMSG;
-                        goto out;
+                        goto unlock;
                }
        }
-        if ((err = skb_cow_data(skb, 0, &trailer)) < 0)
-                goto out;
-        nfrags = err;
-        skb->ip_summed = CHECKSUM_NONE;
        esph = (struct ip_esp_hdr *)skb->data;
        /* Get ivec. This can be wrong, check against another impls. */
@@ -206,7 +208,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
                err = -ENOMEM;
                sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
                if (!sg)
-                        goto out;
+                        goto unlock;
        }
        sg_init_table(sg, nfrags);
        skb_to_sgvec(skb, sg,
@@ -215,6 +217,10 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
        err = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
        if (unlikely(sg != &esp->sgbuf[0]))
                kfree(sg);
+unlock:
+        spin_unlock(&x->lock);
        if (unlikely(err))
                goto out;
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index d4b59ecb0b57..1b51d1eedbde 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -370,6 +370,7 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
        ip6h->flow_lbl[2] = 0;
        ip6h->hop_limit   = 0;
+        spin_lock(&x->lock);
        {
                u8 auth_data[MAX_AH_AUTH_LEN];
@@ -378,13 +379,17 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
                skb_push(skb, hdr_len);
                err = ah_mac_digest(ahp, skb, ah->auth_data);
                if (err)
-                        goto free_out;
+                        goto unlock;
                if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {
                        LIMIT_NETDEBUG(KERN_WARNING "ipsec ah authentication error\n");
                        err = -EBADMSG;
-                        goto free_out;
                }
        }
+unlock:
+        spin_unlock(&x->lock);
+        if (err)
+                goto free_out;
        skb->network_header += ah_hlen;
        memcpy(skb_network_header(skb), tmp_hdr, hdr_len);
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 096974ba6420..5bd5292ad9fa 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -165,30 +165,32 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
                goto out;
        }
+        if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
+                ret = -EINVAL;
+                goto out;
+        }
+        skb->ip_summed = CHECKSUM_NONE;
+        spin_lock(&x->lock);
        /* If integrity check is required, do this. */
        if (esp->auth.icv_full_len) {
                u8 sum[alen];
                ret = esp_mac_digest(esp, skb, 0, skb->len - alen);
                if (ret)
-                        goto out;
+                        goto unlock;
                if (skb_copy_bits(skb, skb->len - alen, sum, alen))
                        BUG();
                if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
                        ret = -EBADMSG;
-                        goto out;
+                        goto unlock;
                }
        }
-        if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
-                ret = -EINVAL;
-                goto out;
-        }
-        skb->ip_summed = CHECKSUM_NONE;
        esph = (struct ip_esp_hdr *)skb->data;
        iph = ipv6_hdr(skb);
@@ -197,15 +199,13 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
                crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen);
        {
-                u8 nexthdr[2];
                struct scatterlist *sg = &esp->sgbuf[0];
-                u8 padlen;
                if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
                        sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
                        if (!sg) {
                                ret = -ENOMEM;
-                                goto out;
+                                goto unlock;
                        }
                }
                sg_init_table(sg, nfrags);
@@ -215,8 +215,17 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
                ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
                if (unlikely(sg != &esp->sgbuf[0]))
                        kfree(sg);
-                if (unlikely(ret))
+        }
-                        goto out;
+unlock:
+        spin_unlock(&x->lock);
+        if (unlikely(ret))
+                goto out;
+        {
+                u8 nexthdr[2];
+                u8 padlen;
                if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
                        BUG();
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index edfd9cdd721c..49d396620eac 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -128,12 +128,15 @@ static int mip6_destopt_input(struct xfrm_state *x, struct sk_buff *skb)
 {
        struct ipv6hdr *iph = ipv6_hdr(skb);
        struct ipv6_destopt_hdr *destopt = (struct ipv6_destopt_hdr *)skb->data;
+        int err = destopt->nexthdr;
+        spin_lock(&x->lock);
        if (!ipv6_addr_equal(&iph->saddr, (struct in6_addr *)x->coaddr) &&
            !ipv6_addr_any((struct in6_addr *)x->coaddr))
-                return -ENOENT;
+                err = -ENOENT;
+        spin_unlock(&x->lock);
-        return destopt->nexthdr;
+        return err;
 }
 /* Destination Option Header is inserted.
@@ -344,12 +347,15 @@ static struct xfrm_type mip6_destopt_type =
 static int mip6_rthdr_input(struct xfrm_state *x, struct sk_buff *skb)
 {
        struct rt2_hdr *rt2 = (struct rt2_hdr *)skb->data;
+        int err = rt2->rt_hdr.nexthdr;
+        spin_lock(&x->lock);
        if (!ipv6_addr_equal(&rt2->addr, (struct in6_addr *)x->coaddr) &&
            !ipv6_addr_any((struct in6_addr *)x->coaddr))
-                return -ENOENT;
+                err = -ENOENT;
+        spin_unlock(&x->lock);
-        return rt2->rt_hdr.nexthdr;
+        return err;
 }
 /* Routing Header type 2 is inserted.
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index b7d68eb9434c..5cad522e8ef6 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -146,7 +146,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                if (xfrm_state_check_expire(x))
                        goto drop_unlock;
+                spin_unlock(&x->lock);
                nexthdr = x->type->input(x, skb);
+                spin_lock(&x->lock);
                if (nexthdr <= 0) {
                        if (nexthdr == -EBADMSG)
                                x->stats.integrity_failed++;

diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index a989d29b44ea..d76803a3dcae 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c
@@ -169,6 +169,8 @@ static int ah_input(struct xfrm_state x, struct sk_buff skb)
169	if (ip_clear_mutable_options(iph, &dummy))	169	if (ip_clear_mutable_options(iph, &dummy))
170	goto out;	170	goto out;
171	}	171	}
		172
		173	spin_lock(&x->lock);
172	{	174	{
173	u8 auth_data[MAX_AH_AUTH_LEN];	175	u8 auth_data[MAX_AH_AUTH_LEN];
174		176
@@ -176,12 +178,16 @@ static int ah_input(struct xfrm_state x, struct sk_buff skb)
176	skb_push(skb, ihl);	178	skb_push(skb, ihl);
177	err = ah_mac_digest(ahp, skb, ah->auth_data);	179	err = ah_mac_digest(ahp, skb, ah->auth_data);
178	if (err)	180	if (err)
179	goto out;	181	goto unlock;
180	if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {	182	if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len))
181	err = -EBADMSG;	183	err = -EBADMSG;
182	goto out;
183	}
184	}	184	}
		185	unlock:
		186	spin_unlock(&x->lock);
		187
		188	if (err)
		189	goto out;
		190
185	skb->network_header += ah_hlen;	191	skb->network_header += ah_hlen;
186	memcpy(skb_network_header(skb), work_buf, ihl);	192	memcpy(skb_network_header(skb), work_buf, ihl);
187	skb->transport_header = skb->network_header;	193	skb->transport_header = skb->network_header;


diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 3350a7d50669..28ea5c77ca23 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c
@@ -171,29 +171,31 @@ static int esp_input(struct xfrm_state x, struct sk_buff skb)
171	if (elen <= 0 \|\| (elen & (blksize-1)))	171	if (elen <= 0 \|\| (elen & (blksize-1)))
172	goto out;	172	goto out;
173		173
		174	if ((err = skb_cow_data(skb, 0, &trailer)) < 0)
		175	goto out;
		176	nfrags = err;
		177
		178	skb->ip_summed = CHECKSUM_NONE;
		179
		180	spin_lock(&x->lock);
		181
174	/* If integrity check is required, do this. */	182	/* If integrity check is required, do this. */
175	if (esp->auth.icv_full_len) {	183	if (esp->auth.icv_full_len) {
176	u8 sum[alen];	184	u8 sum[alen];
177		185
178	err = esp_mac_digest(esp, skb, 0, skb->len - alen);	186	err = esp_mac_digest(esp, skb, 0, skb->len - alen);
179	if (err)	187	if (err)
180	goto out;	188	goto unlock;
181		189
182	if (skb_copy_bits(skb, skb->len - alen, sum, alen))	190	if (skb_copy_bits(skb, skb->len - alen, sum, alen))
183	BUG();	191	BUG();
184		192
185	if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {	193	if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
186	err = -EBADMSG;	194	err = -EBADMSG;
187	goto out;	195	goto unlock;
188	}	196	}
189	}	197	}
190		198
191	if ((err = skb_cow_data(skb, 0, &trailer)) < 0)
192	goto out;
193	nfrags = err;
194
195	skb->ip_summed = CHECKSUM_NONE;
196
197	esph = (struct ip_esp_hdr *)skb->data;	199	esph = (struct ip_esp_hdr *)skb->data;
198		200
199	/* Get ivec. This can be wrong, check against another impls. */	201	/* Get ivec. This can be wrong, check against another impls. */
@@ -206,7 +208,7 @@ static int esp_input(struct xfrm_state x, struct sk_buff skb)
206	err = -ENOMEM;	208	err = -ENOMEM;
207	sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);	209	sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
208	if (!sg)	210	if (!sg)
209	goto out;	211	goto unlock;
210	}	212	}
211	sg_init_table(sg, nfrags);	213	sg_init_table(sg, nfrags);
212	skb_to_sgvec(skb, sg,	214	skb_to_sgvec(skb, sg,
@@ -215,6 +217,10 @@ static int esp_input(struct xfrm_state x, struct sk_buff skb)
215	err = crypto_blkcipher_decrypt(&desc, sg, sg, elen);	217	err = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
216	if (unlikely(sg != &esp->sgbuf[0]))	218	if (unlikely(sg != &esp->sgbuf[0]))
217	kfree(sg);	219	kfree(sg);
		220
		221	unlock:
		222	spin_unlock(&x->lock);
		223
218	if (unlikely(err))	224	if (unlikely(err))
219	goto out;	225	goto out;
220		226


diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index d4b59ecb0b57..1b51d1eedbde 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c
@@ -370,6 +370,7 @@ static int ah6_input(struct xfrm_state x, struct sk_buff skb)
370	ip6h->flow_lbl[2] = 0;	370	ip6h->flow_lbl[2] = 0;
371	ip6h->hop_limit = 0;	371	ip6h->hop_limit = 0;
372		372
		373	spin_lock(&x->lock);
373	{	374	{
374	u8 auth_data[MAX_AH_AUTH_LEN];	375	u8 auth_data[MAX_AH_AUTH_LEN];
375		376
@@ -378,13 +379,17 @@ static int ah6_input(struct xfrm_state x, struct sk_buff skb)
378	skb_push(skb, hdr_len);	379	skb_push(skb, hdr_len);
379	err = ah_mac_digest(ahp, skb, ah->auth_data);	380	err = ah_mac_digest(ahp, skb, ah->auth_data);
380	if (err)	381	if (err)
381	goto free_out;	382	goto unlock;
382	if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {	383	if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {
383	LIMIT_NETDEBUG(KERN_WARNING "ipsec ah authentication error\n");	384	LIMIT_NETDEBUG(KERN_WARNING "ipsec ah authentication error\n");
384	err = -EBADMSG;	385	err = -EBADMSG;
385	goto free_out;
386	}	386	}
387	}	387	}
		388	unlock:
		389	spin_unlock(&x->lock);
		390
		391	if (err)
		392	goto free_out;
388		393
389	skb->network_header += ah_hlen;	394	skb->network_header += ah_hlen;
390	memcpy(skb_network_header(skb), tmp_hdr, hdr_len);	395	memcpy(skb_network_header(skb), tmp_hdr, hdr_len);


diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 096974ba6420..5bd5292ad9fa 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c
@@ -165,30 +165,32 @@ static int esp6_input(struct xfrm_state x, struct sk_buff skb)
165	goto out;	165	goto out;
166	}	166	}
167		167
		168	if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
		169	ret = -EINVAL;
		170	goto out;
		171	}
		172
		173	skb->ip_summed = CHECKSUM_NONE;
		174
		175	spin_lock(&x->lock);
		176
168	/* If integrity check is required, do this. */	177	/* If integrity check is required, do this. */
169	if (esp->auth.icv_full_len) {	178	if (esp->auth.icv_full_len) {
170	u8 sum[alen];	179	u8 sum[alen];
171		180
172	ret = esp_mac_digest(esp, skb, 0, skb->len - alen);	181	ret = esp_mac_digest(esp, skb, 0, skb->len - alen);
173	if (ret)	182	if (ret)
174	goto out;	183	goto unlock;
175		184
176	if (skb_copy_bits(skb, skb->len - alen, sum, alen))	185	if (skb_copy_bits(skb, skb->len - alen, sum, alen))
177	BUG();	186	BUG();
178		187
179	if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {	188	if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
180	ret = -EBADMSG;	189	ret = -EBADMSG;
181	goto out;	190	goto unlock;
182	}	191	}
183	}	192	}
184		193
185	if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
186	ret = -EINVAL;
187	goto out;
188	}
189
190	skb->ip_summed = CHECKSUM_NONE;
191
192	esph = (struct ip_esp_hdr *)skb->data;	194	esph = (struct ip_esp_hdr *)skb->data;
193	iph = ipv6_hdr(skb);	195	iph = ipv6_hdr(skb);
194		196
@@ -197,15 +199,13 @@ static int esp6_input(struct xfrm_state x, struct sk_buff skb)
197	crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen);	199	crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen);
198		200
199	{	201	{
200	u8 nexthdr[2];
201	struct scatterlist *sg = &esp->sgbuf[0];	202	struct scatterlist *sg = &esp->sgbuf[0];
202	u8 padlen;
203		203
204	if (unlikely(nfrags > ESP_NUM_FAST_SG)) {	204	if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
205	sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);	205	sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
206	if (!sg) {	206	if (!sg) {
207	ret = -ENOMEM;	207	ret = -ENOMEM;
208	goto out;	208	goto unlock;
209	}	209	}
210	}	210	}
211	sg_init_table(sg, nfrags);	211	sg_init_table(sg, nfrags);
@@ -215,8 +215,17 @@ static int esp6_input(struct xfrm_state x, struct sk_buff skb)
215	ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen);	215	ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
216	if (unlikely(sg != &esp->sgbuf[0]))	216	if (unlikely(sg != &esp->sgbuf[0]))
217	kfree(sg);	217	kfree(sg);
218	if (unlikely(ret))	218	}
219	goto out;	219
		220	unlock:
		221	spin_unlock(&x->lock);
		222
		223	if (unlikely(ret))
		224	goto out;
		225
		226	{
		227	u8 nexthdr[2];
		228	u8 padlen;
220		229
221	if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))	230	if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
222	BUG();	231	BUG();


diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c index edfd9cdd721c..49d396620eac 100644 --- a/net/ipv6/mip6.c +++ b/net/ipv6/mip6.c
@@ -128,12 +128,15 @@ static int mip6_destopt_input(struct xfrm_state x, struct sk_buff skb)
128	{	128	{
129	struct ipv6hdr *iph = ipv6_hdr(skb);	129	struct ipv6hdr *iph = ipv6_hdr(skb);
130	struct ipv6_destopt_hdr destopt = (struct ipv6_destopt_hdr )skb->data;	130	struct ipv6_destopt_hdr destopt = (struct ipv6_destopt_hdr )skb->data;
		131	int err = destopt->nexthdr;
131		132
		133	spin_lock(&x->lock);
132	if (!ipv6_addr_equal(&iph->saddr, (struct in6_addr *)x->coaddr) &&	134	if (!ipv6_addr_equal(&iph->saddr, (struct in6_addr *)x->coaddr) &&
133	!ipv6_addr_any((struct in6_addr *)x->coaddr))	135	!ipv6_addr_any((struct in6_addr *)x->coaddr))
134	return -ENOENT;	136	err = -ENOENT;
		137	spin_unlock(&x->lock);
135		138
136	return destopt->nexthdr;	139	return err;
137	}	140	}
138		141
139	/* Destination Option Header is inserted.	142	/* Destination Option Header is inserted.
@@ -344,12 +347,15 @@ static struct xfrm_type mip6_destopt_type =
344	static int mip6_rthdr_input(struct xfrm_state x, struct sk_buff skb)	347	static int mip6_rthdr_input(struct xfrm_state x, struct sk_buff skb)
345	{	348	{
346	struct rt2_hdr rt2 = (struct rt2_hdr )skb->data;	349	struct rt2_hdr rt2 = (struct rt2_hdr )skb->data;
		350	int err = rt2->rt_hdr.nexthdr;
347		351
		352	spin_lock(&x->lock);
348	if (!ipv6_addr_equal(&rt2->addr, (struct in6_addr *)x->coaddr) &&	353	if (!ipv6_addr_equal(&rt2->addr, (struct in6_addr *)x->coaddr) &&
349	!ipv6_addr_any((struct in6_addr *)x->coaddr))	354	!ipv6_addr_any((struct in6_addr *)x->coaddr))
350	return -ENOENT;	355	err = -ENOENT;
		356	spin_unlock(&x->lock);
351		357
352	return rt2->rt_hdr.nexthdr;	358	return err;
353	}	359	}
354		360
355	/* Routing Header type 2 is inserted.	361	/* Routing Header type 2 is inserted.


diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index b7d68eb9434c..5cad522e8ef6 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c
@@ -146,7 +146,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
146	if (xfrm_state_check_expire(x))	146	if (xfrm_state_check_expire(x))
147	goto drop_unlock;	147	goto drop_unlock;
148		148
		149	spin_unlock(&x->lock);
		150
149	nexthdr = x->type->input(x, skb);	151	nexthdr = x->type->input(x, skb);
		152
		153	spin_lock(&x->lock);
150	if (nexthdr <= 0) {	154	if (nexthdr <= 0) {
151	if (nexthdr == -EBADMSG)	155	if (nexthdr == -EBADMSG)
152	x->stats.integrity_failed++;	156	x->stats.integrity_failed++;