Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec [Linux 5.1]

Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec [Linux 5.1]

This Linux kernel change "Merge branch ‘master’ of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec" is included in the Linux 5.1 release. This change is authored by David S. Miller <davem [at] davemloft.net> on Tue Apr 30 09:11:10 2019 -0400. The commit for this change in Linux stable tree is b145745 (patch). Other info about this change: Merge: 6c0afef 837f741

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says:

====================
pull request (net): ipsec 2019-04-30

1) Fix an out-of-bound array accesses in __xfrm_policy_unlink.
   From YueHaibing.

2) Reset the secpath on failure in the ESP GRO handlers
   to avoid dereferencing an invalid pointer on error.
   From Myungho Jung.

3) Add and revert a patch that tried to add rcu annotations
   to netns_xfrm. From Su Yanjun.

4) Wait for rcu callbacks before freeing xfrm6_tunnel_spi_kmem.
   From Su Yanjun.

5) Fix forgotten vti4 ipip tunnel deregistration.
   From Jeremy Sowden:

6) Remove some duplicated log messages in vti4.
   From Jeremy Sowden.

7) Don't use IPSEC_PROTO_ANY when flushing states because
   this will flush only IPsec portocol speciffic states.
   IPPROTO_ROUTING states may remain in the lists when
   doing net exit. Fix this by replacing IPSEC_PROTO_ANY
   with zero. From Cong Wang.

8) Add length check for UDP encapsulation to fix "Oversized IP packet"
   warnings on receive side. From Sabrina Dubroca.

9) Fix xfrm interface lookup when the interface is associated to
   a vrf layer 3 master device. From Martin Willi.

10) Reload header pointers after pskb_may_pull() in _decode_session4(),
    otherwise we may read from uninitialized memory.

11) Update the documentation about xfrm[46]_gc_thresh, it
    is not used anymore after the flowcache removal.
    From Nicolas Dichtel.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

There is no are 0 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/ipv6/ip6_flowlabel.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index a05036bc..be5f3d7c 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -94,15 +94,21 @@ static struct ip6_flowlabel *fl_lookup(struct net *net, __be32 label)
    return fl;
 }

+static void fl_free_rcu(struct rcu_head *head)
+{
+   struct ip6_flowlabel *fl = container_of(head, struct ip6_flowlabel, rcu);
+
+   if (fl->share == IPV6_FL_S_PROCESS)
+       put_pid(fl->owner.pid);
+   kfree(fl->opt);
+   kfree(fl);
+}
+

 static void fl_free(struct ip6_flowlabel *fl)
 {
-   if (fl) {
-       if (fl->share == IPV6_FL_S_PROCESS)
-           put_pid(fl->owner.pid);
-       kfree(fl->opt);
-       kfree_rcu(fl, rcu);
-   }
+   if (fl)
+       call_rcu(&fl->rcu, fl_free_rcu);
 }

 static void fl_release(struct ip6_flowlabel *fl)

Leave a Reply

Your email address will not be published. Required fields are marked *