[Top] [All Lists]

Re: IPSec Oops when deleting an ip address

To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: Re: IPSec Oops when deleting an ip address
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 24 May 2004 21:47:51 +1000
Cc: netdev@xxxxxxxxxxx, linux-net@xxxxxxxxxxxxxxx
In-reply-to: <>
References: <> <> <>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/
On Fri, May 21, 2004 at 02:43:46PM -0700, David S. Miller wrote:
> On Fri, 21 May 2004 23:19:50 +1000
> Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> > doing a mod_timer on a live state without holding a lock or for that
> > matter not even checking whether the state is dead is definitely a bad
> > idea
> Applied, thanks Herbert.

Looks like I was too hasty in blaming myself :) Although my patch does
fix a real bug, it cannot have been responsible for the crash that the OP
reported.  The reason is that the state timer always keeps a reference to
the state so even if it is incorrectly re-added the reference will prevent
the crash.

Hence the problem is still a bug in the ref counting.  I think I've found
the real culprit now.  __xfrm?_find_acq() is missing an xfrm_state_hold
on the create path.  This also explains why I never see it myself since
Openswan never creates states through that code-path.

Visit Openswan at
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page:
PGP Key:

Attachment: p
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>