[IPSEC]: Do xfrm_state_check_space before encapsulation

Tue, 29 Jan 2008 05:21:04 -0800 

Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=910ef70aa301eb018255683499b8e51426c213a0
Commit:     910ef70aa301eb018255683499b8e51426c213a0
Parent:     33b8e776056202aceaf4c90f465d0f4ee53432ac
Author:     Herbert Xu <[EMAIL PROTECTED]>
AuthorDate: Tue Dec 18 22:14:25 2007 -0800
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Mon Jan 28 14:59:13 2008 -0800

    [IPSEC]: Do xfrm_state_check_space before encapsulation
    
    While merging the IPsec output path I moved the encapsulation output
    operation to the top of the loop so that it sits outside of the locked
    section.  Unfortunately in doing so it now sits in front of the space
    check as well which could be a fatal error.
    
    This patch rearranges the calls so that the space check happens as
    the thing on the output path.
    
    This patch also fixes an incorrect goto should the encapsulation output
    fail.
    
    Thanks to Kazunori MIYAZAWA for finding this bug.
    
    Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
 net/xfrm/xfrm_output.c |   18 ++++++------------
 1 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 3c277a4..26fa0cb 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -33,16 +33,6 @@ static int xfrm_state_check_space(struct xfrm_state *x, 
struct sk_buff *skb)
        return 0;
 }
 
-static int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
-{
-       int err = xfrm_state_check_expire(x);
-       if (err < 0)
-               goto err;
-       err = xfrm_state_check_space(x, skb);
-err:
-       return err;
-}
-
 static int xfrm_output_one(struct sk_buff *skb, int err)
 {
        struct dst_entry *dst = skb->dst;
@@ -52,12 +42,16 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
                goto resume;
 
        do {
+               err = xfrm_state_check_space(x, skb);
+               if (err)
+                       goto error_nolock;
+
                err = x->outer_mode->output(x, skb);
                if (err)
-                       goto error;
+                       goto error_nolock;
 
                spin_lock_bh(&x->lock);
-               err = xfrm_state_check(x, skb);
+               err = xfrm_state_check_expire(x);
                if (err)
                        goto error;
 
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to