[IPSEC]: Use the correct ip_local_out function

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: David S. Miller <davem@...>, Marco Berizzi <pupilla@...>

Cc: <linux-kernel@...>, <netdev@...>

Subject: [IPSEC]: Use the correct ip_local_out function

Date: Tuesday, May 20, 2008 - 5:25 am

On Wed, May 14, 2008 at 10:19:57AM +0200, Marco Berizzi wrote:
quoted text> 
> I hope this helps.

OK found the problem, it was my fault after all :)

Dave, this patch needs to go into stable too.

[IPSEC]: Use the correct ip_local_out function

Because the IPsec output function xfrm_output_resume does its
own dst_output call it should always call __ip_local_output
instead of ip_local_output as the latter may invoke dst_output
directly.  Otherwise the return values from nf_hook and dst_output
may clash as they both use the value 1 but for different purposes.

When that clash occurs this can cause a packet to be used after
it has been freed which usually leads to a crash.  Because the
offending value is only returned from dst_output with qdiscs
such as HTB, this bug is normally not visible.

Thanks to Marco Berizzi for his perseverance in tracking this
down.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 92f90ae..df41026 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -160,7 +160,7 @@ static struct dst_ops ipv4_dst_ops = {
 	.negative_advice =	ipv4_negative_advice,
 	.link_failure =		ipv4_link_failure,
 	.update_pmtu =		ip_rt_update_pmtu,
-	.local_out =		ip_local_out,
+	.local_out =		__ip_local_out,
 	.entry_size =		sizeof(struct rtable),
 	.entries =		ATOMIC_INIT(0),
 };
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 12bba08..849b78a 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -109,7 +109,7 @@ static struct dst_ops ip6_dst_ops_template = {
 	.negative_advice	=	ip6_negative_advice,
 	.link_failure		=	ip6_link_failure,
 	.update_pmtu		=	ip6_rt_update_pmtu,
-	.local_out		=	ip6_local_out,
+	.local_out		=	__ip6_local_out,
 	.entry_size		=	sizeof(struct rt6_info),
 	.entries		=	ATOMIC_INIT(0),
 };
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: 2.6.25 crash: EIP: [<c02e2f14>] xfrm_output_resume..., Marco Berizzi, (Wed May 14, 4:19 am)

[IPSEC]: Use the correct ip_local_out function, Herbert Xu, (Tue May 20, 5:25 am)

Re: [IPSEC]: Use the correct ip_local_out function, David Miller, (Tue May 20, 5:32 pm)


linux-kernel:
Jens Axboe	Re: [BUG] New Kernel Bugs
KAMEZAWA Hiroyuki	Re: 2.6.24-rc3-mm1
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg KH	[GIT PATCH] driver core patches against 2.6.24
git:

linux-netdev:
Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Jarek Poplawski	Re: [BUG #12364] Re: HTB - very bad precision? HFSC works fine! 2.6.28
Alexey Dobriyan	Re: [GIT]: Networking
openbsd-misc:

[IPSEC]: Use the correct ip_local_out function

Online users