summaryrefslogtreecommitdiff
path: root/net/ipv4/xfrm4_policy.c
diff options
context:
space:
mode:
authorMichal Kubecek <mkubecek@suse.cz>2013-10-17 15:07:40 +0200
committerSteffen Klassert <steffen.klassert@secunet.com>2013-10-18 10:00:00 +0200
commit12e3594698f6c3ab6ebacc79f2fb2ad2bb5952b5 (patch)
tree17915102ba31fd52f0096f77cbb38f587f16b6ec /net/ipv4/xfrm4_policy.c
parente9e4ea74f06635f2ffc1dffe5ef40c854faa0a90 (diff)
xfrm: prevent ipcomp scratch buffer race condition
In ipcomp_compress(), sortirq is enabled too early, allowing the per-cpu scratch buffer to be rewritten by ipcomp_decompress() (called on the same CPU in softirq context) between populating the buffer and copying the compressed data to the skb. v2: as pointed out by Steffen Klassert, if we also move the local_bh_disable() before reading the per-cpu pointers, we can get rid of get_cpu()/put_cpu(). v3: removed ipcomp_decompress part (as explained by Herbert Xu, it cannot be called from process context), get rid of cpu variable (thanks to Eric Dumazet) Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Reviewed-by: Eric Dumazet <edumazet@google.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv4/xfrm4_policy.c')
0 files changed, 0 insertions, 0 deletions