Commit 6d4799e0 authored by Natanael Copa's avatar Natanael Copa

main/linux-grsec: new xfrm patch

(cherry picked from commit e7fb30d0)
parent 8685520f
From patchwork Thu Jun 24 05:45:19 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: xfrm: check bundle policy existance before dereferencing it
Date: Wed, 23 Jun 2010 19:45:19 -0000
From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?=
X-Patchwork-Id: 56759
Message-Id: <1277358319-9868-1-git-send-email-timo.teras@iki.fi>
To: netdev@vger.kernel.org, "Justin P. Mattock" <justinmattock@gmail.com>,
Eric Dumazet <eric.dumazet@gmail.com>,
"John W.Linville" <linville@tuxdriver.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
davem@davemloft.net
Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Fix the bundle validation code to not assume having a valid policy.
When we have multiple transformations for a xfrm policy, the bundle
instance will be a chain of bundles with only the first one having
the policy reference. When policy_genid is bumped it will expire the
first bundle in the chain which is equivalent of expiring the whole
chain.
Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
net/xfrm/xfrm_policy.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 4bf27d9..af1c173 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2300,7 +2300,8 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
return 0;
if (xdst->xfrm_genid != dst->xfrm->genid)
return 0;
- if (xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
+ if (xdst->num_pols > 0 &&
+ xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
return 0;
if (strict && fl &&
......@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.32.15
_kernver=2.6.32
pkgrel=7
pkgrel=8
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
......@@ -31,6 +31,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
0017-flow-delayed-deletion-of-flow-cache-entries.patch
0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
0019-ipv4-check-rt_genid-in-dst_check.patch
0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
xfrm-fix-policy-unreferencing-on-larval-drop.patch
r8169-fix-random-mdio_write-failures.patch
r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
......@@ -164,6 +165,7 @@ c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-fo
3b83f0972ab715819d1119b120a987e7 0017-flow-delayed-deletion-of-flow-cache-entries.patch
45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
74e511f12854972db08d3fddc4df0f52 0019-ipv4-check-rt_genid-in-dst_check.patch
edfac5844f91721d49a00a09b6ef258b 0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch
ce4a74190febe13713bab1b886dd5bee r8169-fix-random-mdio_write-failures.patch
b41ee19f13498fb25992fd60cd1126d4 r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment