diff options
| -rw-r--r-- | include/net/esp.h | 10 | ||||
| -rw-r--r-- | net/ipv4/esp4.c | 49 | ||||
| -rw-r--r-- | net/ipv6/esp6.c | 48 | ||||
| -rw-r--r-- | net/xfrm/xfrm_ipcomp.c | 6 | ||||
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 7 |
5 files changed, 41 insertions, 79 deletions
diff --git a/include/net/esp.h b/include/net/esp.h index 1356dda00d22..c92213c38312 100644 --- a/include/net/esp.h +++ b/include/net/esp.h | |||
| @@ -3,16 +3,6 @@ | |||
| 3 | 3 | ||
| 4 | #include <linux/skbuff.h> | 4 | #include <linux/skbuff.h> |
| 5 | 5 | ||
| 6 | struct crypto_aead; | ||
| 7 | |||
| 8 | struct esp_data { | ||
| 9 | /* 0..255 */ | ||
| 10 | int padlen; | ||
| 11 | |||
| 12 | /* Confidentiality & Integrity */ | ||
| 13 | struct crypto_aead *aead; | ||
| 14 | }; | ||
| 15 | |||
| 16 | void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); | 6 | void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len); |
| 17 | 7 | ||
| 18 | struct ip_esp_hdr; | 8 | struct ip_esp_hdr; |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 109ee89f123e..7785b28061ac 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
| @@ -121,7 +121,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 121 | struct aead_givcrypt_request *req; | 121 | struct aead_givcrypt_request *req; |
| 122 | struct scatterlist *sg; | 122 | struct scatterlist *sg; |
| 123 | struct scatterlist *asg; | 123 | struct scatterlist *asg; |
| 124 | struct esp_data *esp; | ||
| 125 | struct sk_buff *trailer; | 124 | struct sk_buff *trailer; |
| 126 | void *tmp; | 125 | void *tmp; |
| 127 | u8 *iv; | 126 | u8 *iv; |
| @@ -139,8 +138,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 139 | 138 | ||
| 140 | /* skb is pure payload to encrypt */ | 139 | /* skb is pure payload to encrypt */ |
| 141 | 140 | ||
| 142 | esp = x->data; | 141 | aead = x->data; |
| 143 | aead = esp->aead; | ||
| 144 | alen = crypto_aead_authsize(aead); | 142 | alen = crypto_aead_authsize(aead); |
| 145 | 143 | ||
| 146 | tfclen = 0; | 144 | tfclen = 0; |
| @@ -154,8 +152,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 154 | } | 152 | } |
| 155 | blksize = ALIGN(crypto_aead_blocksize(aead), 4); | 153 | blksize = ALIGN(crypto_aead_blocksize(aead), 4); |
| 156 | clen = ALIGN(skb->len + 2 + tfclen, blksize); | 154 | clen = ALIGN(skb->len + 2 + tfclen, blksize); |
| 157 | if (esp->padlen) | ||
| 158 | clen = ALIGN(clen, esp->padlen); | ||
| 159 | plen = clen - skb->len - tfclen; | 155 | plen = clen - skb->len - tfclen; |
| 160 | 156 | ||
| 161 | err = skb_cow_data(skb, tfclen + plen + alen, &trailer); | 157 | err = skb_cow_data(skb, tfclen + plen + alen, &trailer); |
| @@ -280,8 +276,7 @@ static int esp_input_done2(struct sk_buff *skb, int err) | |||
| 280 | { | 276 | { |
| 281 | const struct iphdr *iph; | 277 | const struct iphdr *iph; |
| 282 | struct xfrm_state *x = xfrm_input_state(skb); | 278 | struct xfrm_state *x = xfrm_input_state(skb); |
| 283 | struct esp_data *esp = x->data; | 279 | struct crypto_aead *aead = x->data; |
| 284 | struct crypto_aead *aead = esp->aead; | ||
| 285 | int alen = crypto_aead_authsize(aead); | 280 | int alen = crypto_aead_authsize(aead); |
| 286 | int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); | 281 | int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); |
| 287 | int elen = skb->len - hlen; | 282 | int elen = skb->len - hlen; |
| @@ -376,8 +371,7 @@ static void esp_input_done(struct crypto_async_request *base, int err) | |||
| 376 | static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | 371 | static int esp_input(struct xfrm_state *x, struct sk_buff *skb) |
| 377 | { | 372 | { |
| 378 | struct ip_esp_hdr *esph; | 373 | struct ip_esp_hdr *esph; |
| 379 | struct esp_data *esp = x->data; | 374 | struct crypto_aead *aead = x->data; |
| 380 | struct crypto_aead *aead = esp->aead; | ||
| 381 | struct aead_request *req; | 375 | struct aead_request *req; |
| 382 | struct sk_buff *trailer; | 376 | struct sk_buff *trailer; |
| 383 | int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead); | 377 | int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead); |
| @@ -459,9 +453,8 @@ out: | |||
| 459 | 453 | ||
| 460 | static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) | 454 | static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) |
| 461 | { | 455 | { |
| 462 | struct esp_data *esp = x->data; | 456 | struct crypto_aead *aead = x->data; |
| 463 | u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); | 457 | u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4); |
| 464 | u32 align = max_t(u32, blksize, esp->padlen); | ||
| 465 | unsigned int net_adj; | 458 | unsigned int net_adj; |
| 466 | 459 | ||
| 467 | switch (x->props.mode) { | 460 | switch (x->props.mode) { |
| @@ -476,8 +469,8 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) | |||
| 476 | BUG(); | 469 | BUG(); |
| 477 | } | 470 | } |
| 478 | 471 | ||
| 479 | return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - | 472 | return ((mtu - x->props.header_len - crypto_aead_authsize(aead) - |
| 480 | net_adj) & ~(align - 1)) + net_adj - 2; | 473 | net_adj) & ~(blksize - 1)) + net_adj - 2; |
| 481 | } | 474 | } |
| 482 | 475 | ||
| 483 | static void esp4_err(struct sk_buff *skb, u32 info) | 476 | static void esp4_err(struct sk_buff *skb, u32 info) |
| @@ -511,18 +504,16 @@ static void esp4_err(struct sk_buff *skb, u32 info) | |||
| 511 | 504 | ||
| 512 | static void esp_destroy(struct xfrm_state *x) | 505 | static void esp_destroy(struct xfrm_state *x) |
| 513 | { | 506 | { |
| 514 | struct esp_data *esp = x->data; | 507 | struct crypto_aead *aead = x->data; |
| 515 | 508 | ||
| 516 | if (!esp) | 509 | if (!aead) |
| 517 | return; | 510 | return; |
| 518 | 511 | ||
| 519 | crypto_free_aead(esp->aead); | 512 | crypto_free_aead(aead); |
| 520 | kfree(esp); | ||
| 521 | } | 513 | } |
| 522 | 514 | ||
| 523 | static int esp_init_aead(struct xfrm_state *x) | 515 | static int esp_init_aead(struct xfrm_state *x) |
| 524 | { | 516 | { |
| 525 | struct esp_data *esp = x->data; | ||
| 526 | struct crypto_aead *aead; | 517 | struct crypto_aead *aead; |
| 527 | int err; | 518 | int err; |
| 528 | 519 | ||
| @@ -531,7 +522,7 @@ static int esp_init_aead(struct xfrm_state *x) | |||
| 531 | if (IS_ERR(aead)) | 522 | if (IS_ERR(aead)) |
| 532 | goto error; | 523 | goto error; |
| 533 | 524 | ||
| 534 | esp->aead = aead; | 525 | x->data = aead; |
| 535 | 526 | ||
| 536 | err = crypto_aead_setkey(aead, x->aead->alg_key, | 527 | err = crypto_aead_setkey(aead, x->aead->alg_key, |
| 537 | (x->aead->alg_key_len + 7) / 8); | 528 | (x->aead->alg_key_len + 7) / 8); |
| @@ -548,7 +539,6 @@ error: | |||
| 548 | 539 | ||
| 549 | static int esp_init_authenc(struct xfrm_state *x) | 540 | static int esp_init_authenc(struct xfrm_state *x) |
| 550 | { | 541 | { |
| 551 | struct esp_data *esp = x->data; | ||
| 552 | struct crypto_aead *aead; | 542 | struct crypto_aead *aead; |
| 553 | struct crypto_authenc_key_param *param; | 543 | struct crypto_authenc_key_param *param; |
| 554 | struct rtattr *rta; | 544 | struct rtattr *rta; |
| @@ -583,7 +573,7 @@ static int esp_init_authenc(struct xfrm_state *x) | |||
| 583 | if (IS_ERR(aead)) | 573 | if (IS_ERR(aead)) |
| 584 | goto error; | 574 | goto error; |
| 585 | 575 | ||
| 586 | esp->aead = aead; | 576 | x->data = aead; |
| 587 | 577 | ||
| 588 | keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) + | 578 | keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) + |
| 589 | (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param)); | 579 | (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param)); |
| @@ -638,16 +628,11 @@ error: | |||
| 638 | 628 | ||
| 639 | static int esp_init_state(struct xfrm_state *x) | 629 | static int esp_init_state(struct xfrm_state *x) |
| 640 | { | 630 | { |
| 641 | struct esp_data *esp; | ||
| 642 | struct crypto_aead *aead; | 631 | struct crypto_aead *aead; |
| 643 | u32 align; | 632 | u32 align; |
| 644 | int err; | 633 | int err; |
| 645 | 634 | ||
| 646 | esp = kzalloc(sizeof(*esp), GFP_KERNEL); | 635 | x->data = NULL; |
| 647 | if (esp == NULL) | ||
| 648 | return -ENOMEM; | ||
| 649 | |||
| 650 | x->data = esp; | ||
| 651 | 636 | ||
| 652 | if (x->aead) | 637 | if (x->aead) |
| 653 | err = esp_init_aead(x); | 638 | err = esp_init_aead(x); |
| @@ -657,9 +642,7 @@ static int esp_init_state(struct xfrm_state *x) | |||
| 657 | if (err) | 642 | if (err) |
| 658 | goto error; | 643 | goto error; |
| 659 | 644 | ||
| 660 | aead = esp->aead; | 645 | aead = x->data; |
| 661 | |||
| 662 | esp->padlen = 0; | ||
| 663 | 646 | ||
| 664 | x->props.header_len = sizeof(struct ip_esp_hdr) + | 647 | x->props.header_len = sizeof(struct ip_esp_hdr) + |
| 665 | crypto_aead_ivsize(aead); | 648 | crypto_aead_ivsize(aead); |
| @@ -683,9 +666,7 @@ static int esp_init_state(struct xfrm_state *x) | |||
| 683 | } | 666 | } |
| 684 | 667 | ||
| 685 | align = ALIGN(crypto_aead_blocksize(aead), 4); | 668 | align = ALIGN(crypto_aead_blocksize(aead), 4); |
| 686 | if (esp->padlen) | 669 | x->props.trailer_len = align + 1 + crypto_aead_authsize(aead); |
| 687 | align = max_t(u32, align, esp->padlen); | ||
| 688 | x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead); | ||
| 689 | 670 | ||
| 690 | error: | 671 | error: |
| 691 | return err; | 672 | return err; |
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index e67e63f9858d..b8719df0366e 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
| @@ -164,10 +164,9 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 164 | u8 *iv; | 164 | u8 *iv; |
| 165 | u8 *tail; | 165 | u8 *tail; |
| 166 | __be32 *seqhi; | 166 | __be32 *seqhi; |
| 167 | struct esp_data *esp = x->data; | ||
| 168 | 167 | ||
| 169 | /* skb is pure payload to encrypt */ | 168 | /* skb is pure payload to encrypt */ |
| 170 | aead = esp->aead; | 169 | aead = x->data; |
| 171 | alen = crypto_aead_authsize(aead); | 170 | alen = crypto_aead_authsize(aead); |
| 172 | 171 | ||
| 173 | tfclen = 0; | 172 | tfclen = 0; |
| @@ -181,8 +180,6 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 181 | } | 180 | } |
| 182 | blksize = ALIGN(crypto_aead_blocksize(aead), 4); | 181 | blksize = ALIGN(crypto_aead_blocksize(aead), 4); |
| 183 | clen = ALIGN(skb->len + 2 + tfclen, blksize); | 182 | clen = ALIGN(skb->len + 2 + tfclen, blksize); |
| 184 | if (esp->padlen) | ||
| 185 | clen = ALIGN(clen, esp->padlen); | ||
| 186 | plen = clen - skb->len - tfclen; | 183 | plen = clen - skb->len - tfclen; |
| 187 | 184 | ||
| 188 | err = skb_cow_data(skb, tfclen + plen + alen, &trailer); | 185 | err = skb_cow_data(skb, tfclen + plen + alen, &trailer); |
| @@ -271,8 +268,7 @@ error: | |||
| 271 | static int esp_input_done2(struct sk_buff *skb, int err) | 268 | static int esp_input_done2(struct sk_buff *skb, int err) |
| 272 | { | 269 | { |
| 273 | struct xfrm_state *x = xfrm_input_state(skb); | 270 | struct xfrm_state *x = xfrm_input_state(skb); |
| 274 | struct esp_data *esp = x->data; | 271 | struct crypto_aead *aead = x->data; |
| 275 | struct crypto_aead *aead = esp->aead; | ||
| 276 | int alen = crypto_aead_authsize(aead); | 272 | int alen = crypto_aead_authsize(aead); |
| 277 | int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); | 273 | int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); |
| 278 | int elen = skb->len - hlen; | 274 | int elen = skb->len - hlen; |
| @@ -325,8 +321,7 @@ static void esp_input_done(struct crypto_async_request *base, int err) | |||
| 325 | static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) | 321 | static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) |
| 326 | { | 322 | { |
| 327 | struct ip_esp_hdr *esph; | 323 | struct ip_esp_hdr *esph; |
| 328 | struct esp_data *esp = x->data; | 324 | struct crypto_aead *aead = x->data; |
| 329 | struct crypto_aead *aead = esp->aead; | ||
| 330 | struct aead_request *req; | 325 | struct aead_request *req; |
| 331 | struct sk_buff *trailer; | 326 | struct sk_buff *trailer; |
| 332 | int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead); | 327 | int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead); |
| @@ -414,9 +409,8 @@ out: | |||
| 414 | 409 | ||
| 415 | static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) | 410 | static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) |
| 416 | { | 411 | { |
| 417 | struct esp_data *esp = x->data; | 412 | struct crypto_aead *aead = x->data; |
| 418 | u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); | 413 | u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4); |
| 419 | u32 align = max_t(u32, blksize, esp->padlen); | ||
| 420 | unsigned int net_adj; | 414 | unsigned int net_adj; |
| 421 | 415 | ||
| 422 | if (x->props.mode != XFRM_MODE_TUNNEL) | 416 | if (x->props.mode != XFRM_MODE_TUNNEL) |
| @@ -424,8 +418,8 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) | |||
| 424 | else | 418 | else |
| 425 | net_adj = 0; | 419 | net_adj = 0; |
| 426 | 420 | ||
| 427 | return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - | 421 | return ((mtu - x->props.header_len - crypto_aead_authsize(aead) - |
| 428 | net_adj) & ~(align - 1)) + net_adj - 2; | 422 | net_adj) & ~(blksize - 1)) + net_adj - 2; |
| 429 | } | 423 | } |
| 430 | 424 | ||
| 431 | static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | 425 | static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
| @@ -454,18 +448,16 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 454 | 448 | ||
| 455 | static void esp6_destroy(struct xfrm_state *x) | 449 | static void esp6_destroy(struct xfrm_state *x) |
| 456 | { | 450 | { |
| 457 | struct esp_data *esp = x->data; | 451 | struct crypto_aead *aead = x->data; |
| 458 | 452 | ||
| 459 | if (!esp) | 453 | if (!aead) |
| 460 | return; | 454 | return; |
| 461 | 455 | ||
| 462 | crypto_free_aead(esp->aead); | 456 | crypto_free_aead(aead); |
| 463 | kfree(esp); | ||
| 464 | } | 457 | } |
| 465 | 458 | ||
| 466 | static int esp_init_aead(struct xfrm_state *x) | 459 | static int esp_init_aead(struct xfrm_state *x) |
| 467 | { | 460 | { |
| 468 | struct esp_data *esp = x->data; | ||
| 469 | struct crypto_aead *aead; | 461 | struct crypto_aead *aead; |
| 470 | int err; | 462 | int err; |
| 471 | 463 | ||
| @@ -474,7 +466,7 @@ static int esp_init_aead(struct xfrm_state *x) | |||
| 474 | if (IS_ERR(aead)) | 466 | if (IS_ERR(aead)) |
| 475 | goto error; | 467 | goto error; |
| 476 | 468 | ||
| 477 | esp->aead = aead; | 469 | x->data = aead; |
| 478 | 470 | ||
| 479 | err = crypto_aead_setkey(aead, x->aead->alg_key, | 471 | err = crypto_aead_setkey(aead, x->aead->alg_key, |
| 480 | (x->aead->alg_key_len + 7) / 8); | 472 | (x->aead->alg_key_len + 7) / 8); |
| @@ -491,7 +483,6 @@ error: | |||
| 491 | 483 | ||
| 492 | static int esp_init_authenc(struct xfrm_state *x) | 484 | static int esp_init_authenc(struct xfrm_state *x) |
| 493 | { | 485 | { |
| 494 | struct esp_data *esp = x->data; | ||
| 495 | struct crypto_aead *aead; | 486 | struct crypto_aead *aead; |
| 496 | struct crypto_authenc_key_param *param; | 487 | struct crypto_authenc_key_param *param; |
| 497 | struct rtattr *rta; | 488 | struct rtattr *rta; |
| @@ -526,7 +517,7 @@ static int esp_init_authenc(struct xfrm_state *x) | |||
| 526 | if (IS_ERR(aead)) | 517 | if (IS_ERR(aead)) |
| 527 | goto error; | 518 | goto error; |
| 528 | 519 | ||
| 529 | esp->aead = aead; | 520 | x->data = aead; |
| 530 | 521 | ||
| 531 | keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) + | 522 | keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) + |
| 532 | (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param)); | 523 | (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param)); |
| @@ -581,7 +572,6 @@ error: | |||
| 581 | 572 | ||
| 582 | static int esp6_init_state(struct xfrm_state *x) | 573 | static int esp6_init_state(struct xfrm_state *x) |
| 583 | { | 574 | { |
| 584 | struct esp_data *esp; | ||
| 585 | struct crypto_aead *aead; | 575 | struct crypto_aead *aead; |
| 586 | u32 align; | 576 | u32 align; |
| 587 | int err; | 577 | int err; |
| @@ -589,11 +579,7 @@ static int esp6_init_state(struct xfrm_state *x) | |||
| 589 | if (x->encap) | 579 | if (x->encap) |
| 590 | return -EINVAL; | 580 | return -EINVAL; |
| 591 | 581 | ||
| 592 | esp = kzalloc(sizeof(*esp), GFP_KERNEL); | 582 | x->data = NULL; |
| 593 | if (esp == NULL) | ||
| 594 | return -ENOMEM; | ||
| 595 | |||
| 596 | x->data = esp; | ||
| 597 | 583 | ||
| 598 | if (x->aead) | 584 | if (x->aead) |
| 599 | err = esp_init_aead(x); | 585 | err = esp_init_aead(x); |
| @@ -603,9 +589,7 @@ static int esp6_init_state(struct xfrm_state *x) | |||
| 603 | if (err) | 589 | if (err) |
| 604 | goto error; | 590 | goto error; |
| 605 | 591 | ||
| 606 | aead = esp->aead; | 592 | aead = x->data; |
| 607 | |||
| 608 | esp->padlen = 0; | ||
| 609 | 593 | ||
| 610 | x->props.header_len = sizeof(struct ip_esp_hdr) + | 594 | x->props.header_len = sizeof(struct ip_esp_hdr) + |
| 611 | crypto_aead_ivsize(aead); | 595 | crypto_aead_ivsize(aead); |
| @@ -625,9 +609,7 @@ static int esp6_init_state(struct xfrm_state *x) | |||
| 625 | } | 609 | } |
| 626 | 610 | ||
| 627 | align = ALIGN(crypto_aead_blocksize(aead), 4); | 611 | align = ALIGN(crypto_aead_blocksize(aead), 4); |
| 628 | if (esp->padlen) | 612 | x->props.trailer_len = align + 1 + crypto_aead_authsize(aead); |
| 629 | align = max_t(u32, align, esp->padlen); | ||
| 630 | x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead); | ||
| 631 | 613 | ||
| 632 | error: | 614 | error: |
| 633 | return err; | 615 | return err; |
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c index 2906d520eea7..b943c7fc5ed2 100644 --- a/net/xfrm/xfrm_ipcomp.c +++ b/net/xfrm/xfrm_ipcomp.c | |||
| @@ -220,8 +220,8 @@ static void ipcomp_free_scratches(void) | |||
| 220 | 220 | ||
| 221 | static void * __percpu *ipcomp_alloc_scratches(void) | 221 | static void * __percpu *ipcomp_alloc_scratches(void) |
| 222 | { | 222 | { |
| 223 | int i; | ||
| 224 | void * __percpu *scratches; | 223 | void * __percpu *scratches; |
| 224 | int i; | ||
| 225 | 225 | ||
| 226 | if (ipcomp_scratch_users++) | 226 | if (ipcomp_scratch_users++) |
| 227 | return ipcomp_scratches; | 227 | return ipcomp_scratches; |
| @@ -233,7 +233,9 @@ static void * __percpu *ipcomp_alloc_scratches(void) | |||
| 233 | ipcomp_scratches = scratches; | 233 | ipcomp_scratches = scratches; |
| 234 | 234 | ||
| 235 | for_each_possible_cpu(i) { | 235 | for_each_possible_cpu(i) { |
| 236 | void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE); | 236 | void *scratch; |
| 237 | |||
| 238 | scratch = vmalloc_node(IPCOMP_SCRATCH_SIZE, cpu_to_node(i)); | ||
| 237 | if (!scratch) | 239 | if (!scratch) |
| 238 | return NULL; | 240 | return NULL; |
| 239 | *per_cpu_ptr(scratches, i) = scratch; | 241 | *per_cpu_ptr(scratches, i) = scratch; |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 76e1873811d4..9a91f7431c41 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1844,6 +1844,13 @@ static int xdst_queue_output(struct sk_buff *skb) | |||
| 1844 | struct xfrm_dst *xdst = (struct xfrm_dst *) dst; | 1844 | struct xfrm_dst *xdst = (struct xfrm_dst *) dst; |
| 1845 | struct xfrm_policy *pol = xdst->pols[0]; | 1845 | struct xfrm_policy *pol = xdst->pols[0]; |
| 1846 | struct xfrm_policy_queue *pq = &pol->polq; | 1846 | struct xfrm_policy_queue *pq = &pol->polq; |
| 1847 | const struct sk_buff *fclone = skb + 1; | ||
| 1848 | |||
| 1849 | if (unlikely(skb->fclone == SKB_FCLONE_ORIG && | ||
| 1850 | fclone->fclone == SKB_FCLONE_CLONE)) { | ||
| 1851 | kfree_skb(skb); | ||
| 1852 | return 0; | ||
| 1853 | } | ||
| 1847 | 1854 | ||
| 1848 | if (pq->hold_queue.qlen > XFRM_MAX_QUEUE_LEN) { | 1855 | if (pq->hold_queue.qlen > XFRM_MAX_QUEUE_LEN) { |
| 1849 | kfree_skb(skb); | 1856 | kfree_skb(skb); |