From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Steffen Klassert <steffen.klassert@secunet.com>,
<netdev@vger.kernel.org>
Subject: [PATCH 06/10] xfrm: Fix crash when the hold queue is used.
Date: Fri, 31 Jul 2020 09:18:00 +0200 [thread overview]
Message-ID: <20200731071804.29557-7-steffen.klassert@secunet.com> (raw)
In-Reply-To: <20200731071804.29557-1-steffen.klassert@secunet.com>
The commits "xfrm: Move dst->path into struct xfrm_dst"
and "net: Create and use new helper xfrm_dst_child()."
changed xfrm bundle handling under the assumption
that xdst->path and dst->child are not a NULL pointer
only if dst->xfrm is not a NULL pointer. That is true
with one exception. If the xfrm hold queue is used
to wait until a SA is installed by the key manager,
we create a dummy bundle without a valid dst->xfrm
pointer. The current xfrm bundle handling crashes
in that case. Fix this by extending the NULL check
of dst->xfrm with a test of the DST_XFRM_QUEUE flag.
Fixes: 0f6c480f23f4 ("xfrm: Move dst->path into struct xfrm_dst")
Fixes: b92cf4aab8e6 ("net: Create and use new helper xfrm_dst_child().")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
include/net/xfrm.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 5c20953c8deb..51f65d23ebaf 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -941,7 +941,7 @@ struct xfrm_dst {
static inline struct dst_entry *xfrm_dst_path(const struct dst_entry *dst)
{
#ifdef CONFIG_XFRM
- if (dst->xfrm) {
+ if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) {
const struct xfrm_dst *xdst = (const struct xfrm_dst *) dst;
return xdst->path;
@@ -953,7 +953,7 @@ static inline struct dst_entry *xfrm_dst_path(const struct dst_entry *dst)
static inline struct dst_entry *xfrm_dst_child(const struct dst_entry *dst)
{
#ifdef CONFIG_XFRM
- if (dst->xfrm) {
+ if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) {
struct xfrm_dst *xdst = (struct xfrm_dst *) dst;
return xdst->child;
}
--
2.17.1
next prev parent reply other threads:[~2020-07-31 7:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-31 7:17 pull request (net): ipsec 2020-07-31 Steffen Klassert
2020-07-31 7:17 ` [PATCH 01/10] xfrm: policy: match with both mark and mask on user interfaces Steffen Klassert
2020-07-31 7:17 ` [PATCH 02/10] xfrm: esp6: fix encapsulation header offset computation Steffen Klassert
2020-07-31 7:17 ` [PATCH 03/10] espintcp: support non-blocking sends Steffen Klassert
2020-07-31 7:17 ` [PATCH 04/10] espintcp: recv() should return 0 when the peer socket is closed Steffen Klassert
2020-07-31 7:17 ` [PATCH 05/10] xfrm: policy: fix IPv6-only espintcp compilation Steffen Klassert
2020-07-31 7:18 ` Steffen Klassert [this message]
2020-07-31 7:18 ` [PATCH 07/10] af_key: pfkey_dump needs parameter validation Steffen Klassert
2020-07-31 7:18 ` [PATCH 08/10] xfrm: esp6: fix the location of the transport header with encapsulation Steffen Klassert
2020-07-31 7:18 ` [PATCH 09/10] espintcp: handle short messages instead of breaking the encap socket Steffen Klassert
2020-07-31 7:18 ` [PATCH 10/10] espintcp: count packets dropped in espintcp_rcv Steffen Klassert
2020-08-01 0:11 ` pull request (net): ipsec 2020-07-31 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200731071804.29557-7-steffen.klassert@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).