diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2008-09-22 19:48:19 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-09-22 19:48:19 -0700 |
commit | 5c1824587f0797373c95719a196f6098f7c6d20c (patch) | |
tree | c3a5af01afc01d88e111c7e1821b03bf404566f6 /include/linux | |
parent | fcaa40669cd798ca2ac0d15441e8a1d1145f2b16 (diff) | |
download | lwn-5c1824587f0797373c95719a196f6098f7c6d20c.tar.gz lwn-5c1824587f0797373c95719a196f6098f7c6d20c.zip |
ipsec: Fix xfrm_state_walk race
As discovered by Timo Teräs, the currently xfrm_state_walk scheme
is racy because if a second dump finishes before the first, we
may free xfrm states that the first dump would walk over later.
This patch fixes this by storing the dumps in a list in order
to calculate the correct completion counter which cures this
problem.
I've expanded netlink_cb in order to accomodate the extra state
related to this. It shouldn't be a big deal since netlink_cb
is kmalloced for each dump and we're just increasing it by 4 or
8 bytes.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netlink.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/netlink.h b/include/linux/netlink.h index 9ff1b54908f3..cbba7760545b 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h @@ -220,7 +220,7 @@ struct netlink_callback int (*dump)(struct sk_buff * skb, struct netlink_callback *cb); int (*done)(struct netlink_callback *cb); int family; - long args[6]; + long args[7]; }; struct netlink_notify |