Commit df249a10 authored by Li RongQing's avatar Li RongQing Committed by Kamal Mostafa

xfrm: fix a race in xfrm_state_lookup_byspi

commit bdddbf69 upstream.

The returned xfrm_state should be hold before unlock xfrm_state_lock,
otherwise the returned xfrm_state maybe be released.

Fixes: c454997e[{pktgen, xfrm} Introduce xfrm_state_lookup_byspi..]
Cc: Fan Du <fan.du@intel.com>
Signed-off-by: default avatarLi RongQing <roy.qing.li@gmail.com>
Acked-by: default avatarFan Du <fan.du@intel.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
parent de49101e
...@@ -927,8 +927,8 @@ struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi, ...@@ -927,8 +927,8 @@ struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
x->id.spi != spi) x->id.spi != spi)
continue; continue;
spin_unlock_bh(&net->xfrm.xfrm_state_lock);
xfrm_state_hold(x); xfrm_state_hold(x);
spin_unlock_bh(&net->xfrm.xfrm_state_lock);
return x; return x;
} }
spin_unlock_bh(&net->xfrm.xfrm_state_lock); spin_unlock_bh(&net->xfrm.xfrm_state_lock);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment