* [PATCH RFC ipsec] xfrm: Fix crash when the hold queue is used.
@ 2020-07-17 8:34 Steffen Klassert
2020-07-24 5:27 ` Steffen Klassert
0 siblings, 1 reply; 2+ messages in thread
From: Steffen Klassert @ 2020-07-17 8:34 UTC (permalink / raw)
To: netdev
The commits "xfrm: Move dst->path into struct xfrm_dst"
and "net: Create and use new helper xfrm_dst_child()."
changed xfrm bundle handling under the assumption
that xdst->path and dst->child are not a NULL pointer
only if dst->xfrm is not a NULL pointer. That is true
with one exception. If the xfrm hold queue is used
to wait until a SA is installed by the key manager,
we create a dummy bundle without a valid dst->xfrm
pointer. The current xfrm bundle handling crashes
in that case. Fix this by extending the NULL check
of dst->xfrm with a test of the DST_XFRM_QUEUE flag.
Fixes: 0f6c480f23f4 ("xfrm: Move dst->path into struct xfrm_dst")
Fixes: b92cf4aab8e6 ("net: Create and use new helper xfrm_dst_child().")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
include/net/xfrm.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 5c20953c8deb..51f65d23ebaf 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -941,7 +941,7 @@ struct xfrm_dst {
static inline struct dst_entry *xfrm_dst_path(const struct dst_entry *dst)
{
#ifdef CONFIG_XFRM
- if (dst->xfrm) {
+ if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) {
const struct xfrm_dst *xdst = (const struct xfrm_dst *) dst;
return xdst->path;
@@ -953,7 +953,7 @@ static inline struct dst_entry *xfrm_dst_path(const struct dst_entry *dst)
static inline struct dst_entry *xfrm_dst_child(const struct dst_entry *dst)
{
#ifdef CONFIG_XFRM
- if (dst->xfrm) {
+ if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) {
struct xfrm_dst *xdst = (struct xfrm_dst *) dst;
return xdst->child;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH RFC ipsec] xfrm: Fix crash when the hold queue is used.
2020-07-17 8:34 [PATCH RFC ipsec] xfrm: Fix crash when the hold queue is used Steffen Klassert
@ 2020-07-24 5:27 ` Steffen Klassert
0 siblings, 0 replies; 2+ messages in thread
From: Steffen Klassert @ 2020-07-24 5:27 UTC (permalink / raw)
To: netdev
On Fri, Jul 17, 2020 at 10:34:27AM +0200, Steffen Klassert wrote:
> The commits "xfrm: Move dst->path into struct xfrm_dst"
> and "net: Create and use new helper xfrm_dst_child()."
> changed xfrm bundle handling under the assumption
> that xdst->path and dst->child are not a NULL pointer
> only if dst->xfrm is not a NULL pointer. That is true
> with one exception. If the xfrm hold queue is used
> to wait until a SA is installed by the key manager,
> we create a dummy bundle without a valid dst->xfrm
> pointer. The current xfrm bundle handling crashes
> in that case. Fix this by extending the NULL check
> of dst->xfrm with a test of the DST_XFRM_QUEUE flag.
>
> Fixes: 0f6c480f23f4 ("xfrm: Move dst->path into struct xfrm_dst")
> Fixes: b92cf4aab8e6 ("net: Create and use new helper xfrm_dst_child().")
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Now applied to the ipsec tree.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-24 5:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-17 8:34 [PATCH RFC ipsec] xfrm: Fix crash when the hold queue is used Steffen Klassert
2020-07-24 5:27 ` Steffen Klassert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.