提交 bdddbf69 编写于 作者: L Li RongQing 提交者: Steffen Klassert

xfrm: fix a race in xfrm_state_lookup_byspi

The returned xfrm_state should be hold before unlock xfrm_state_lock,
otherwise the returned xfrm_state maybe be released.

Fixes: c454997e[{pktgen, xfrm} Introduce xfrm_state_lookup_byspi..]
Cc: Fan Du <fan.du@intel.com>
Signed-off-by: NLi RongQing <roy.qing.li@gmail.com>
Acked-by: NFan Du <fan.du@intel.com>
Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
上级 39376ccb
...@@ -927,8 +927,8 @@ struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi, ...@@ -927,8 +927,8 @@ struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
x->id.spi != spi) x->id.spi != spi)
continue; continue;
spin_unlock_bh(&net->xfrm.xfrm_state_lock);
xfrm_state_hold(x); xfrm_state_hold(x);
spin_unlock_bh(&net->xfrm.xfrm_state_lock);
return x; return x;
} }
spin_unlock_bh(&net->xfrm.xfrm_state_lock); spin_unlock_bh(&net->xfrm.xfrm_state_lock);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册