From patchwork Thu Jun 24 05:45:19 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Timo Teras X-Patchwork-Id: 56759 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id E70DCB6F14 for ; Thu, 24 Jun 2010 15:46:17 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751491Ab0FXFpx (ORCPT ); Thu, 24 Jun 2010 01:45:53 -0400 Received: from mail-ww0-f46.google.com ([74.125.82.46]:38578 "EHLO mail-ww0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751180Ab0FXFpw (ORCPT ); Thu, 24 Jun 2010 01:45:52 -0400 Received: by wwb34 with SMTP id 34so394196wwb.19 for ; Wed, 23 Jun 2010 22:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:from:to:cc:subject :date:message-id:x-mailer:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=6PJipV8LPsl2UpC5cdisEcOAHOCT/QhAJ7RdU5HoocE=; b=A1EGfkZOrPJnnn1ntp+IFN3qks7YSLqzkOQoxpAShYM1i5eGlVwUGTuMs+vxp5eQJU PxVB7H0W6LvBBWg2avOQijo/8h5ELLE21UKYi28d+t9Ury4cVYlRYvC+INS+WKxU7kbi os9kMqmbXKfha0LX6GFRg0Rn22t70dqYniaC8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references:mime-version:content-type:content-transfer-encoding; b=F17/SZHQWNzp8pL4jE7+j1XeuaOT25siEWp7yLLqJIFzfK9wNsqpiIuIYo5C5Tw2UV 9VB4aNMytYSK+YddmPDex3VNB+Mlwr3kDq6D+A1/IEaStnThIWJGEpc66hFbtGNMAdS5 DJzydxdC1CTeJkiHJvApMRz3xqXIdWcYjDf2g= Received: by 10.227.157.80 with SMTP id a16mr8383355wbx.185.1277358350127; Wed, 23 Jun 2010 22:45:50 -0700 (PDT) Received: from localhost.localdomain (letku109.adsl.netsonic.fi [194.29.195.109]) by mx.google.com with ESMTPS id k33sm17445335wbn.0.2010.06.23.22.45.47 (version=SSLv3 cipher=RC4-MD5); Wed, 23 Jun 2010 22:45:49 -0700 (PDT) From: =?UTF-8?q?Timo=20Ter=C3=A4s?= To: netdev@vger.kernel.org, "Justin P. Mattock" , Eric Dumazet , "John W.Linville" , Linux Kernel Mailing List , davem@davemloft.net Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= Subject: [PATCH] xfrm: check bundle policy existance before dereferencing it Date: Thu, 24 Jun 2010 08:45:19 +0300 Message-Id: <1277358319-9868-1-git-send-email-timo.teras@iki.fi> X-Mailer: git-send-email 1.7.0.4 In-Reply-To: <4C22805A.3080307@gmail.com> References: <4C22805A.3080307@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Fix the bundle validation code to not assume having a valid policy. When we have multiple transformations for a xfrm policy, the bundle instance will be a chain of bundles with only the first one having the policy reference. When policy_genid is bumped it will expire the first bundle in the chain which is equivalent of expiring the whole chain. Reported-bisected-and-tested-by: Justin P. Mattock Signed-off-by: Timo Teräs --- net/xfrm/xfrm_policy.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 4bf27d9..af1c173 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -2300,7 +2300,8 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first, return 0; if (xdst->xfrm_genid != dst->xfrm->genid) return 0; - if (xdst->policy_genid != atomic_read(&xdst->pols[0]->genid)) + if (xdst->num_pols > 0 && + xdst->policy_genid != atomic_read(&xdst->pols[0]->genid)) return 0; if (strict && fl &&