]> err.no Git - linux-2.6/commitdiff
projects / linux-2.6 / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5e41fb8)
[XFRM]: Fix potential race vs xfrm_state(only)_find and xfrm_hash_resize.
authorPavel Emelyanov <xemul@openvz.org>
Fri, 14 Dec 2007 19:38:04 +0000 (11:38 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:58:07 +0000 (14:58 -0800)
The _find calls calculate the hash value using the
xfrm_state_hmask, without the xfrm_state_lock. But the
value of this mask can change in the _resize call under
the state_lock, so we risk to fail in finding the desired
entry in hash.

I think, that the hash value is better to calculate
under the state lock.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/xfrm/xfrm_state.c patch | blob | history

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b2343d48fe96048a9ee12ffd910050b68c832985..f7c0951c9fd98003a4636d8149702eaf2e3fcc3d 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -756,7 +756,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
                struct xfrm_policy *pol, int *err,
                unsigned short family)
 {
-       unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
+       unsigned int h;
        struct hlist_node *entry;
        struct xfrm_state *x, *x0;
        int acquire_in_progress = 0;
@@ -764,6 +764,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
        struct xfrm_state *best = NULL;
 
        spin_lock_bh(&xfrm_state_lock);
+       h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
        hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
                if (x->props.family == family &&
                    x->props.reqid == tmpl->reqid &&
@@ -865,11 +866,12 @@ struct xfrm_state *
 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
                    unsigned short family, u8 mode, u8 proto, u32 reqid)
 {
-       unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
+       unsigned int h;
        struct xfrm_state *rx = NULL, *x = NULL;
        struct hlist_node *entry;
 
        spin_lock(&xfrm_state_lock);
+       h = xfrm_dst_hash(daddr, saddr, reqid, family);
        hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
                if (x->props.family == family &&
                    x->props.reqid == reqid &&
Linux 2.6 source tree