diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2020-07-17 10:34:27 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2020-07-21 08:33:56 +0200 |
commit | 101dde4207f1daa1fda57d714814a03835dccc3f (patch) | |
tree | 8a36358a1e3983731cfc0858cadd8b7d9020e903 /include/net/xfrm.h | |
parent | 0a266f8954e29139654dcca529be099f3404b61c (diff) | |
download | lwn-101dde4207f1daa1fda57d714814a03835dccc3f.tar.gz lwn-101dde4207f1daa1fda57d714814a03835dccc3f.zip |
xfrm: Fix crash when the hold queue is used.
The commits "xfrm: Move dst->path into struct xfrm_dst"
and "net: Create and use new helper xfrm_dst_child()."
changed xfrm bundle handling under the assumption
that xdst->path and dst->child are not a NULL pointer
only if dst->xfrm is not a NULL pointer. That is true
with one exception. If the xfrm hold queue is used
to wait until a SA is installed by the key manager,
we create a dummy bundle without a valid dst->xfrm
pointer. The current xfrm bundle handling crashes
in that case. Fix this by extending the NULL check
of dst->xfrm with a test of the DST_XFRM_QUEUE flag.
Fixes: 0f6c480f23f4 ("xfrm: Move dst->path into struct xfrm_dst")
Fixes: b92cf4aab8e6 ("net: Create and use new helper xfrm_dst_child().")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r-- | include/net/xfrm.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 5c20953c8deb..51f65d23ebaf 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -941,7 +941,7 @@ struct xfrm_dst { static inline struct dst_entry *xfrm_dst_path(const struct dst_entry *dst) { #ifdef CONFIG_XFRM - if (dst->xfrm) { + if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { const struct xfrm_dst *xdst = (const struct xfrm_dst *) dst; return xdst->path; @@ -953,7 +953,7 @@ static inline struct dst_entry *xfrm_dst_path(const struct dst_entry *dst) static inline struct dst_entry *xfrm_dst_child(const struct dst_entry *dst) { #ifdef CONFIG_XFRM - if (dst->xfrm) { + if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { struct xfrm_dst *xdst = (struct xfrm_dst *) dst; return xdst->child; } |