summaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2017-08-25 07:16:07 +0200
committerSteffen Klassert <steffen.klassert@secunet.com>2017-08-25 09:26:12 +0200
commit36ff0dd39f9b88ca83e1733b735e9f22b7be893b (patch)
tree4630219935215d5488958b705ee3a84ffccf17bf /net/ipv4
parent8a4b5784fac2af93ad6a8c08fb56d021e0c0416b (diff)
downloadlinux-36ff0dd39f9b88ca83e1733b735e9f22b7be893b.tar.bz2
esp: Fix locking on page fragment allocation
We allocate the page fragment for the ESP trailer inside a spinlock, but consume it outside of the lock. This is racy as some other cou could get the same page fragment then. Fix this by consuming the page fragment inside the lock too. Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible") Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible") Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/esp4.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index dbb31a942dfa..a8ddb95e7f06 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -292,8 +292,6 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
kunmap_atomic(vaddr);
- spin_unlock_bh(&x->lock);
-
nfrags = skb_shinfo(skb)->nr_frags;
__skb_fill_page_desc(skb, nfrags, page, pfrag->offset,
@@ -301,6 +299,9 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
skb_shinfo(skb)->nr_frags = ++nfrags;
pfrag->offset = pfrag->offset + allocsize;
+
+ spin_unlock_bh(&x->lock);
+
nfrags++;
skb->len += tailen;