| To: | "David S. Miller" <davem@xxxxxxxxxx> |
|---|---|
| Subject: | [PATCH 1/5] ipcomp_tunnel_create doesn't set tunnel state |
| From: | Krishna Kumar <krkumar@xxxxxxxxxx> |
| Date: | Tue, 13 Jan 2004 13:21:19 -0800 (PST) |
| Cc: | Krishna Kumar <krkumar@xxxxxxxxxx>, <netdev@xxxxxxxxxxx> |
| In-reply-to: | <20040110121134.08481951.davem@xxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
> > Or should I send separate patches this time ?
>
> I think this would be a good idea.
ipcomp_tunnel_create doesn't set x->km.state to XFRM_STATE_DEAD. This can lead
to the BUG_TRAP in __xfrm_state_destroy when xfrm_state_put() finds this is
the last reference. This was reported as one of the symptoms of [Bug 1754]
some time back.
thanks,
- KK
diff -ruN linux-2.6.0-rc2-bk6.org/net/ipv4/ipcomp.c
linux-2.6.0-rc2-bk6/net/ipv4/ipcomp.c
--- linux-2.6.0-rc2-bk6.org/net/ipv4/ipcomp.c 2004-01-05 13:43:50.000000000
-0800
+++ linux-2.6.0-rc2-bk6/net/ipv4/ipcomp.c 2004-01-09 13:00:22.000000000
-0800
@@ -294,6 +294,7 @@
return t;
error:
+ t->km.state = XFRM_STATE_DEAD;
xfrm_state_put(t);
t = NULL;
goto out;
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [no subject], Hubertus Krogmann |
|---|---|
| Next by Date: | [PATCH 2/5] Bad dereference of xfrm_state in pf_key, Krishna Kumar |
| Previous by Thread: | Re: [PATCH] Bugs in xfrm, David S. Miller |
| Next by Thread: | [PATCH 2/5] Bad dereference of xfrm_state in pf_key, Krishna Kumar |
| Indexes: | [Date] [Thread] [Top] [All Lists] |