2.6.38-stable review patch. If anyone has any objections, please let us know.
------------------ From: Steffen Klassert <[email protected]> [ Upstream commit fbd5060875d25f7764fd1c3d35b83a8ed1d88d7b ] We return a destination entry without refcount if a socket policy is found in xfrm_lookup. This triggers a warning on a negative refcount when freeeing this dst entry. So take a refcount in this case to fix it. This refcount was forgotten when xfrm changed to cache bundles instead of policies for outgoing flows. Signed-off-by: Steffen Klassert <[email protected]> Acked-by: Timo Teräs <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- net/xfrm/xfrm_policy.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1778,6 +1778,8 @@ restart: goto no_transform; } + dst_hold(&xdst->u.dst); + spin_lock_bh(&xfrm_policy_sk_bundle_lock); xdst->u.dst.next = xfrm_policy_sk_bundles; xfrm_policy_sk_bundles = &xdst->u.dst;
_______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
