From: Herbert Xu <herbert@gondor.apana.org.au>
To: "David S. Miller" <davem@davemloft.net>,
Marco Berizzi <pupilla@hotmail.com>
Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: [IPSEC]: Use the correct ip_local_out function
Date: Tue, 20 May 2008 17:25:11 +0800 [thread overview]
Message-ID: <20080520092511.GA9005@gondor.apana.org.au> (raw)
In-Reply-To: <BAY103-DAV88950FC99CDE9EAAE27B2B2CE0@phx.gbl>
On Wed, May 14, 2008 at 10:19:57AM +0200, Marco Berizzi wrote:
>
> I hope this helps.
OK found the problem, it was my fault after all :)
Dave, this patch needs to go into stable too.
[IPSEC]: Use the correct ip_local_out function
Because the IPsec output function xfrm_output_resume does its
own dst_output call it should always call __ip_local_output
instead of ip_local_output as the latter may invoke dst_output
directly. Otherwise the return values from nf_hook and dst_output
may clash as they both use the value 1 but for different purposes.
When that clash occurs this can cause a packet to be used after
it has been freed which usually leads to a crash. Because the
offending value is only returned from dst_output with qdiscs
such as HTB, this bug is normally not visible.
Thanks to Marco Berizzi for his perseverance in tracking this
down.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 92f90ae..df41026 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -160,7 +160,7 @@ static struct dst_ops ipv4_dst_ops = {
.negative_advice = ipv4_negative_advice,
.link_failure = ipv4_link_failure,
.update_pmtu = ip_rt_update_pmtu,
- .local_out = ip_local_out,
+ .local_out = __ip_local_out,
.entry_size = sizeof(struct rtable),
.entries = ATOMIC_INIT(0),
};
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 12bba08..849b78a 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -109,7 +109,7 @@ static struct dst_ops ip6_dst_ops_template = {
.negative_advice = ip6_negative_advice,
.link_failure = ip6_link_failure,
.update_pmtu = ip6_rt_update_pmtu,
- .local_out = ip6_local_out,
+ .local_out = __ip6_local_out,
.entry_size = sizeof(struct rt6_info),
.entries = ATOMIC_INIT(0),
};
next prev parent reply other threads:[~2008-05-20 9:25 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-28 9:25 2.6.25 crash: EIP: [<c02e2f14>] xfrm_output_resume+0x64/0x100 ss:esp 0068:c03a1e5c Marco Berizzi
2008-04-28 9:42 ` David Miller
2008-04-28 10:18 ` Marco Berizzi
2008-04-29 14:37 ` Marco Berizzi
2008-05-02 12:02 ` Herbert Xu
2008-05-02 12:26 ` Marco Berizzi
2008-05-06 10:44 ` Marco Berizzi
2008-05-09 9:50 ` Marco Berizzi
2008-05-09 10:25 ` Herbert Xu
2008-05-09 10:28 ` Marco Berizzi
2008-05-09 11:11 ` Ingo Molnar
2008-05-12 7:14 ` Marco Berizzi
2008-05-12 7:46 ` Herbert Xu
2008-05-12 8:24 ` Marco Berizzi
2008-05-12 15:06 ` Marco Berizzi
2008-05-12 16:10 ` Marco Berizzi
2008-05-14 8:19 ` Marco Berizzi
2008-05-14 12:03 ` Marco Berizzi
2008-05-14 12:21 ` Herbert Xu
2008-05-14 12:32 ` Marco Berizzi
2008-05-20 9:25 ` Herbert Xu [this message]
2008-05-20 10:18 ` [IPSEC]: Use the correct ip_local_out function Marco Berizzi
2008-05-20 21:32 ` David Miller
2008-05-27 9:04 ` Marco Berizzi
2008-06-07 20:27 ` [patch 00/50] 2.6.25.6 -stable review Marco Berizzi
2008-06-07 20:43 ` Willy Tarreau
2008-06-08 11:56 ` Marco Berizzi
2008-06-08 12:36 ` Willy Tarreau
2008-06-08 14:10 ` David Miller
2008-06-08 14:19 ` Willy Tarreau
2008-06-08 15:38 ` Jay Cliburn
2008-06-08 16:06 ` Willy Tarreau
2008-06-08 20:07 ` Jeff Garzik
2008-06-09 2:26 ` David Miller
2008-05-05 14:01 ` 2.6.25 crash: EIP: [<c02e2f14>] xfrm_output_resume+0x64/0x100 ss:esp 0068:c03a1e5c Marco Berizzi
2008-04-30 15:15 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080520092511.GA9005@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pupilla@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).