netdev
[Top] [All Lists]

Re: IPSec Oops when deleting an ip address

To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: Re: IPSec Oops when deleting an ip address
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 25 May 2004 21:52:20 +1000
Cc: netdev@xxxxxxxxxxx, linux-net@xxxxxxxxxxxxxxx
In-reply-to: <20040524114751.GA28571@gondor.apana.org.au>
References: <20040510134958.13691.qmail@mason.oriente.labs.it> <20040521131950.GA20040@gondor.apana.org.au> <20040521144346.7887dbf0.davem@redhat.com> <20040524114751.GA28571@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i
On Mon, May 24, 2004 at 09:47:51PM +1000, herbert wrote:
> 
> Hence the problem is still a bug in the ref counting.  I think I've found
> the real culprit now.  __xfrm?_find_acq() is missing an xfrm_state_hold
> on the create path.  This also explains why I never see it myself since
> Openswan never creates states through that code-path.

The same bug exists in xfrm_state_find.  This is actually used by
Openswan.  However, the larval state never actually matures with
Openswan so it only ever gets deleted by the timer which means that
the timer crash can't happen :) It becomes a (possible) memory leak
instead.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Attachment: p
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>