git://ftp.safe.ca / safe / jmp / linux-2.6 / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fcaa406) | patch
ipsec: Fix xfrm_state_walk race
authorHerbert Xu <herbert@gondor.apana.org.au>
Tue, 23 Sep 2008 02:48:19 +0000 (19:48 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 23 Sep 2008 02:48:19 +0000 (19:48 -0700)
commit5c1824587f0797373c95719a196f6098f7c6d20c
treec3a5af01afc01d88e111c7e1821b03bf404566f6tree | snapshot
parentfcaa40669cd798ca2ac0d15441e8a1d1145f2b16commit | diff
ipsec: Fix xfrm_state_walk race

As discovered by Timo Teräs, the currently xfrm_state_walk scheme
is racy because if a second dump finishes before the first, we
may free xfrm states that the first dump would walk over later.

This patch fixes this by storing the dumps in a list in order
to calculate the correct completion counter which cures this
problem.

I've expanded netlink_cb in order to accomodate the extra state
related to this.  It shouldn't be a big deal since netlink_cb
is kmalloced for each dump and we're just increasing it by 4 or
8 bytes.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netlink.h diff | blob | history
include/net/xfrm.h diff | blob | history
net/xfrm/xfrm_state.c diff | blob | history
Full containers within linux kernel