Commit bdddbf69 authored Apr 29, 2015 by Li RongQing Committed by Steffen Klassert Apr 29, 2015

xfrm: fix a race in xfrm_state_lookup_byspi



The returned xfrm_state should be hold before unlock xfrm_state_lock,
otherwise the returned xfrm_state maybe be released.

Fixes: c454997e[{pktgen, xfrm} Introduce xfrm_state_lookup_byspi..]
Cc: Fan Du <fan.du@intel.com>
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Acked-by: Fan Du <fan.du@intel.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

parent 39376ccb

net/xfrm/xfrm_state.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -927,8 +927,8 @@ struct xfrm_state xfrm_state_lookup_byspi(struct net net, __be32 spi,
	x->id.spi != spi)		x->id.spi != spi)
	continue;		continue;

	spin_unlock_bh(&net->xfrm.xfrm_state_lock);
	xfrm_state_hold(x);		xfrm_state_hold(x);
			spin_unlock_bh(&net->xfrm.xfrm_state_lock);
	return x;		return x;
	}		}
	spin_unlock_bh(&net->xfrm.xfrm_state_lock);		spin_unlock_bh(&net->xfrm.xfrm_state_lock);