mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-14 15:54:15 +08:00
xfrm: Force a dst refcount before entering the xfrm type handlers
Crypto requests might return asynchronous. In this case we leave the rcu protected region, so force a refcount on the skb's destination entry before we enter the xfrm type input/output handlers. This fixes a crash when a route is deleted whilst sending IPsec data that is transformed by an asynchronous algorithm. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
1fbc784392
commit
3bc07321cc
@ -190,6 +190,8 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
|
|||||||
XFRM_SKB_CB(skb)->seq.input.low = seq;
|
XFRM_SKB_CB(skb)->seq.input.low = seq;
|
||||||
XFRM_SKB_CB(skb)->seq.input.hi = seq_hi;
|
XFRM_SKB_CB(skb)->seq.input.hi = seq_hi;
|
||||||
|
|
||||||
|
skb_dst_force(skb);
|
||||||
|
|
||||||
nexthdr = x->type->input(x, skb);
|
nexthdr = x->type->input(x, skb);
|
||||||
|
|
||||||
if (nexthdr == -EINPROGRESS)
|
if (nexthdr == -EINPROGRESS)
|
||||||
|
@ -78,6 +78,8 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
|
|||||||
|
|
||||||
spin_unlock_bh(&x->lock);
|
spin_unlock_bh(&x->lock);
|
||||||
|
|
||||||
|
skb_dst_force(skb);
|
||||||
|
|
||||||
err = x->type->output(x, skb);
|
err = x->type->output(x, skb);
|
||||||
if (err == -EINPROGRESS)
|
if (err == -EINPROGRESS)
|
||||||
goto out_exit;
|
goto out_exit;
|
||||||
|
Loading…
Reference in New Issue
Block a user