diff options
author | Patrick McHardy <kaber@trash.net> | 2006-03-20 22:40:54 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-03-20 22:40:54 -0800 |
commit | be33690d8fcf40377f16193c463681170eb6b295 (patch) | |
tree | 08c7be2ba1d046fca40bbb1d3ddac789b393ecc9 /include/net | |
parent | 15d99e02babae8bc20b836917ace07d93e318149 (diff) | |
download | kernel-crypto-be33690d8fcf40377f16193c463681170eb6b295.tar.gz kernel-crypto-be33690d8fcf40377f16193c463681170eb6b295.tar.xz kernel-crypto-be33690d8fcf40377f16193c463681170eb6b295.zip |
[XFRM]: Fix aevent related crash
When xfrm_user isn't loaded xfrm_nl is NULL, which makes IPsec crash because
xfrm_aevent_is_on passes the NULL pointer to netlink_has_listeners as socket.
A second problem is that the xfrm_nl pointer is not cleared when the socket
is releases at module unload time.
Protect references of xfrm_nl from outside of xfrm_user by RCU, check
that the socket is present in xfrm_aevent_is_on and set it to NULL
when unloading xfrm_user.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/xfrm.h | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 786371365f2..61b7504fc2b 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1001,7 +1001,15 @@ static inline int xfrm_policy_id2dir(u32 index) static inline int xfrm_aevent_is_on(void) { - return netlink_has_listeners(xfrm_nl,XFRMNLGRP_AEVENTS); + struct sock *nlsk; + int ret = 0; + + rcu_read_lock(); + nlsk = rcu_dereference(xfrm_nl); + if (nlsk) + ret = netlink_has_listeners(nlsk, XFRMNLGRP_AEVENTS); + rcu_read_unlock(); + return ret; } static inline void xfrm_aevent_doreplay(struct xfrm_state *x) |