aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/esp6.c18
-rw-r--r--net/ipv6/netfilter/ip6_tables.c17
2 files changed, 21 insertions, 14 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 9b27460f0cc7..40d9a1935ab5 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -31,6 +31,7 @@
31#include <net/esp.h> 31#include <net/esp.h>
32#include <asm/scatterlist.h> 32#include <asm/scatterlist.h>
33#include <linux/crypto.h> 33#include <linux/crypto.h>
34#include <linux/kernel.h>
34#include <linux/pfkeyv2.h> 35#include <linux/pfkeyv2.h>
35#include <linux/random.h> 36#include <linux/random.h>
36#include <net/icmp.h> 37#include <net/icmp.h>
@@ -66,10 +67,10 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
66 67
67 alen = esp->auth.icv_trunc_len; 68 alen = esp->auth.icv_trunc_len;
68 tfm = esp->conf.tfm; 69 tfm = esp->conf.tfm;
69 blksize = (crypto_tfm_alg_blocksize(tfm) + 3) & ~3; 70 blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4);
70 clen = (clen + 2 + blksize-1)&~(blksize-1); 71 clen = ALIGN(clen + 2, blksize);
71 if (esp->conf.padlen) 72 if (esp->conf.padlen)
72 clen = (clen + esp->conf.padlen-1)&~(esp->conf.padlen-1); 73 clen = ALIGN(clen, esp->conf.padlen);
73 74
74 if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) { 75 if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) {
75 goto error; 76 goto error;
@@ -133,7 +134,7 @@ static int esp6_input(struct xfrm_state *x, struct xfrm_decap_state *decap, stru
133 struct ipv6_esp_hdr *esph; 134 struct ipv6_esp_hdr *esph;
134 struct esp_data *esp = x->data; 135 struct esp_data *esp = x->data;
135 struct sk_buff *trailer; 136 struct sk_buff *trailer;
136 int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); 137 int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);
137 int alen = esp->auth.icv_trunc_len; 138 int alen = esp->auth.icv_trunc_len;
138 int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; 139 int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen;
139 140
@@ -235,16 +236,17 @@ out_nofree:
235static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) 236static u32 esp6_get_max_size(struct xfrm_state *x, int mtu)
236{ 237{
237 struct esp_data *esp = x->data; 238 struct esp_data *esp = x->data;
238 u32 blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); 239 u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);
239 240
240 if (x->props.mode) { 241 if (x->props.mode) {
241 mtu = (mtu + 2 + blksize-1)&~(blksize-1); 242 mtu = ALIGN(mtu + 2, blksize);
242 } else { 243 } else {
243 /* The worst case. */ 244 /* The worst case. */
244 mtu += 2 + blksize; 245 u32 padsize = ((blksize - 1) & 7) + 1;
246 mtu = ALIGN(mtu + 2, padsize) + blksize - padsize;
245 } 247 }
246 if (esp->conf.padlen) 248 if (esp->conf.padlen)
247 mtu = (mtu + esp->conf.padlen-1)&~(esp->conf.padlen-1); 249 mtu = ALIGN(mtu, esp->conf.padlen);
248 250
249 return mtu + x->props.header_len + esp->auth.icv_full_len; 251 return mtu + x->props.header_len + esp->auth.icv_full_len;
250} 252}
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 2da514b16d95..21deec25a12b 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -28,6 +28,7 @@
28#include <asm/uaccess.h> 28#include <asm/uaccess.h>
29#include <asm/semaphore.h> 29#include <asm/semaphore.h>
30#include <linux/proc_fs.h> 30#include <linux/proc_fs.h>
31#include <linux/cpumask.h>
31 32
32#include <linux/netfilter_ipv6/ip6_tables.h> 33#include <linux/netfilter_ipv6/ip6_tables.h>
33 34
@@ -950,8 +951,10 @@ translate_table(const char *name,
950 } 951 }
951 952
952 /* And one copy for every other CPU */ 953 /* And one copy for every other CPU */
953 for (i = 1; i < num_possible_cpus(); i++) { 954 for_each_cpu(i) {
954 memcpy(newinfo->entries + SMP_ALIGN(newinfo->size)*i, 955 if (i == 0)
956 continue;
957 memcpy(newinfo->entries + SMP_ALIGN(newinfo->size) * i,
955 newinfo->entries, 958 newinfo->entries,
956 SMP_ALIGN(newinfo->size)); 959 SMP_ALIGN(newinfo->size));
957 } 960 }
@@ -972,7 +975,7 @@ replace_table(struct ip6t_table *table,
972 struct ip6t_entry *table_base; 975 struct ip6t_entry *table_base;
973 unsigned int i; 976 unsigned int i;
974 977
975 for (i = 0; i < num_possible_cpus(); i++) { 978 for_each_cpu(i) {
976 table_base = 979 table_base =
977 (void *)newinfo->entries 980 (void *)newinfo->entries
978 + TABLE_OFFSET(newinfo, i); 981 + TABLE_OFFSET(newinfo, i);
@@ -1019,7 +1022,7 @@ get_counters(const struct ip6t_table_info *t,
1019 unsigned int cpu; 1022 unsigned int cpu;
1020 unsigned int i; 1023 unsigned int i;
1021 1024
1022 for (cpu = 0; cpu < num_possible_cpus(); cpu++) { 1025 for_each_cpu(cpu) {
1023 i = 0; 1026 i = 0;
1024 IP6T_ENTRY_ITERATE(t->entries + TABLE_OFFSET(t, cpu), 1027 IP6T_ENTRY_ITERATE(t->entries + TABLE_OFFSET(t, cpu),
1025 t->size, 1028 t->size,
@@ -1153,7 +1156,8 @@ do_replace(void __user *user, unsigned int len)
1153 return -ENOMEM; 1156 return -ENOMEM;
1154 1157
1155 newinfo = vmalloc(sizeof(struct ip6t_table_info) 1158 newinfo = vmalloc(sizeof(struct ip6t_table_info)
1156 + SMP_ALIGN(tmp.size) * num_possible_cpus()); 1159 + SMP_ALIGN(tmp.size) *
1160 (highest_possible_processor_id()+1));
1157 if (!newinfo) 1161 if (!newinfo)
1158 return -ENOMEM; 1162 return -ENOMEM;
1159 1163
@@ -1467,7 +1471,8 @@ int ip6t_register_table(struct ip6t_table *table,
1467 = { 0, 0, 0, { 0 }, { 0 }, { } }; 1471 = { 0, 0, 0, { 0 }, { 0 }, { } };
1468 1472
1469 newinfo = vmalloc(sizeof(struct ip6t_table_info) 1473 newinfo = vmalloc(sizeof(struct ip6t_table_info)
1470 + SMP_ALIGN(repl->size) * num_possible_cpus()); 1474 + SMP_ALIGN(repl->size) *
1475 (highest_possible_processor_id()+1));
1471 if (!newinfo) 1476 if (!newinfo)
1472 return -ENOMEM; 1477 return -ENOMEM;
1473 1478
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-23 16:28:28 -0400