| Message ID | 20110316071249.GS31402@secunet.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On 03/16/2011 09:12 AM, Steffen Klassert wrote: > We return a destination entry without refcount if a socket > policy is found in xfrm_lookup. This triggers a warning on > a negative refcount when freeeing this dst entry. So take > a refcount in this case to fix it. > > This refcount was forgotten when xfrm changed to cache bundles > instead of policies for outgoing flows. > > Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Timo Teräs <timo.teras@iki.fi> Ok. This is one of the corner cases I did not test: having socket policy something else than no action. I just didn't have the application ready for it. Sorry about the bug. And good catch Steffen. > --- > net/xfrm/xfrm_policy.c | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c > index 027e3c6..15792d8 100644 > --- a/net/xfrm/xfrm_policy.c > +++ b/net/xfrm/xfrm_policy.c > @@ -1804,6 +1804,8 @@ restart: > goto no_transform; > } > > + dst_hold(&xdst->u.dst); > + > spin_lock_bh(&xfrm_policy_sk_bundle_lock); > xdst->u.dst.next = xfrm_policy_sk_bundles; > xfrm_policy_sk_bundles = &xdst->u.dst; -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Timo Teräs <timo.teras@iki.fi> Date: Wed, 16 Mar 2011 10:03:23 +0200 > On 03/16/2011 09:12 AM, Steffen Klassert wrote: >> We return a destination entry without refcount if a socket >> policy is found in xfrm_lookup. This triggers a warning on >> a negative refcount when freeeing this dst entry. So take >> a refcount in this case to fix it. >> >> This refcount was forgotten when xfrm changed to cache bundles >> instead of policies for outgoing flows. >> >> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> > > Acked-by: Timo Teräs <timo.teras@iki.fi> > > Ok. This is one of the corner cases I did not test: having socket policy > something else than no action. I just didn't have the application ready > for it. Sorry about the bug. And good catch Steffen. Applied and queued up for -stable, thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 027e3c6..15792d8 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1804,6 +1804,8 @@ restart: goto no_transform; } + dst_hold(&xdst->u.dst); + spin_lock_bh(&xfrm_policy_sk_bundle_lock); xdst->u.dst.next = xfrm_policy_sk_bundles; xfrm_policy_sk_bundles = &xdst->u.dst;
We return a destination entry without refcount if a socket policy is found in xfrm_lookup. This triggers a warning on a negative refcount when freeeing this dst entry. So take a refcount in this case to fix it. This refcount was forgotten when xfrm changed to cache bundles instead of policies for outgoing flows. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> --- net/xfrm/xfrm_policy.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)