| Message ID | 1430268164-19019-1-git-send-email-roy.qing.li@gmail.com |
|---|---|
| State | Awaiting Upstream, archived |
| Delegated to: | David Miller |
| Headers | show |
>-----Original Message----- >From: roy.qing.li@gmail.com [mailto:roy.qing.li@gmail.com] >Sent: Wednesday, April 29, 2015 8:43 AM >To: netdev@vger.kernel.org >Cc: Du, Fan; steffen.klassert@secunet.com >Subject: [PATCH] xfrm: fix a race in xfrm_state_lookup_byspi > >From: Li RongQing <roy.qing.li@gmail.com> > >The returned xfrm_state should be hold before unlock xfrm_state_lock, >otherwise the returned xfrm_state maybe be released. > >Fixes: c454997e6[{pktgen, xfrm} Introduce xfrm_state_lookup_byspi..] >Cc: Fan Du <fan.du@intel.com> >Signed-off-by: Li RongQing <roy.qing.li@gmail.com> Acked-by: Fan Du <fan.du@intel.com> >--- > net/xfrm/xfrm_state.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c >index f5e39e3..96688cd 100644 >--- a/net/xfrm/xfrm_state.c >+++ b/net/xfrm/xfrm_state.c >@@ -927,8 +927,8 @@ struct xfrm_state *xfrm_state_lookup_byspi(struct net >*net, __be32 spi, > x->id.spi != spi) > continue; > >- spin_unlock_bh(&net->xfrm.xfrm_state_lock); > xfrm_state_hold(x); >+ spin_unlock_bh(&net->xfrm.xfrm_state_lock); > return x; > } > spin_unlock_bh(&net->xfrm.xfrm_state_lock); >-- >2.1.0 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Apr 29, 2015 at 05:25:25AM +0000, Du, Fan wrote: > > >-----Original Message----- > >From: roy.qing.li@gmail.com [mailto:roy.qing.li@gmail.com] > >Sent: Wednesday, April 29, 2015 8:43 AM > >To: netdev@vger.kernel.org > >Cc: Du, Fan; steffen.klassert@secunet.com > >Subject: [PATCH] xfrm: fix a race in xfrm_state_lookup_byspi > > > >From: Li RongQing <roy.qing.li@gmail.com> > > > >The returned xfrm_state should be hold before unlock xfrm_state_lock, > >otherwise the returned xfrm_state maybe be released. > > > >Fixes: c454997e6[{pktgen, xfrm} Introduce xfrm_state_lookup_byspi..] > >Cc: Fan Du <fan.du@intel.com> > >Signed-off-by: Li RongQing <roy.qing.li@gmail.com> > > Acked-by: Fan Du <fan.du@intel.com> Applied to the ipsec tree, thanks a lot! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f5e39e3..96688cd 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -927,8 +927,8 @@ struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi, x->id.spi != spi) continue; - spin_unlock_bh(&net->xfrm.xfrm_state_lock); xfrm_state_hold(x); + spin_unlock_bh(&net->xfrm.xfrm_state_lock); return x; } spin_unlock_bh(&net->xfrm.xfrm_state_lock);