aboutsummaryrefslogtreecommitdiff
path: root/lib/libufs/libufs.h
diff options
context:
space:
mode:
authorAndrey V. Elsukov <ae@FreeBSD.org>2017-05-23 09:01:48 +0000
committerAndrey V. Elsukov <ae@FreeBSD.org>2017-05-23 09:01:48 +0000
commit5f7c516f216995249523ed43e57e3f91bd8f5ff0 (patch)
treea6c3b1965be4a9cd4371ba3b5aae33b77c4f0536 /lib/libufs/libufs.h
parent5a7c7dc571b80448ba4200f73d11113841b52f45 (diff)
downloadsrc-5f7c516f216995249523ed43e57e3f91bd8f5ff0.tar.gz
src-5f7c516f216995249523ed43e57e3f91bd8f5ff0.zip
Fix possible double releasing for SA reference.
There are two possible ways how crypto callback are called: directly from caller and deffered from crypto thread. For inbound packets the direct call chain is the following: IPSEC_INPUT() method -> ipsec_common_input() -> xform_input() -> -> crypto_dispatch() -> crypto_invoke() -> crypto_done() -> -> xform_input_cb() -> ipsec[46]_common_input_cb() -> netisr_queue(). The SA reference is held while crypto processing is not finished. The error handling code wrongly expected that crypto callback always called from the crypto thread context, and it did SA reference releasing in xform_input_cb(). But when the crypto callback called directly, in case of error (e.g. data authentification failed) the error handling in ipsec_common_input() also did SA reference releasing. To fix this, remove error handling from ipsec_common_input() and do it in xform_input() before crypto_dispatch(). PR: 219356 MFC after: 10 days
Notes
Notes: svn path=/head/; revision=318734
Diffstat (limited to 'lib/libufs/libufs.h')
0 files changed, 0 insertions, 0 deletions