mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 10:40:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

macsec: fix reference counting on RXSC in macsec_handle_frame

Browse source 
Currently, we lookup the RXSC without taking a reference on it.  The
RXSA holds a reference on the RXSC, but the SA and SC could still both
disappear before we take a reference on the SA.

Take a reference on the RXSC in macsec_handle_frame.

Fixes: c09440f7dc ("macsec: introduce IEEE 802.1AE driver")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Sabrina Dubroca 2016-07-29 15:37:53 +02:00 committed by David S. Miller
parent 122e9b7127
commit c78ebe1df0
1 changed files with 8 additions and 1 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

9
drivers/net/macsec.c
View file

@ -863,6 +863,7 @@ static void macsec_decrypt_done(struct crypto_async_request *base, int err)
struct net_device *dev = skb->dev;
struct macsec_dev *macsec = macsec_priv(dev);
struct macsec_rx_sa *rx_sa = macsec_skb_cb(skb)->rx_sa;
struct macsec_rx_sc *rx_sc = rx_sa->sc;
int len, ret;
u32 pn;
@ -891,6 +892,7 @@ static void macsec_decrypt_done(struct crypto_async_request *base, int err)
out:
macsec_rxsa_put(rx_sa);
macsec_rxsc_put(rx_sc);
dev_put(dev);
}
@ -1106,6 +1108,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
list_for_each_entry_rcu(macsec, &rxd->secys, secys) {
struct macsec_rx_sc *sc = find_rx_sc(&macsec->secy, sci);
sc = sc ? macsec_rxsc_get(sc) : NULL;
if (sc) {
secy = &macsec->secy;
@ -1180,8 +1183,10 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
if (IS_ERR(skb)) {
/* the decrypt callback needs the reference */
if (PTR_ERR(skb) != -EINPROGRESS)
if (PTR_ERR(skb) != -EINPROGRESS) {
macsec_rxsa_put(rx_sa);
macsec_rxsc_put(rx_sc);
}
rcu_read_unlock();
*pskb = NULL;
return RX_HANDLER_CONSUMED;
@ -1197,6 +1202,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
if (rx_sa)
macsec_rxsa_put(rx_sa);
macsec_rxsc_put(rx_sc);
ret = gro_cells_receive(&macsec->gro_cells, skb);
if (ret == NET_RX_SUCCESS)
@ -1212,6 +1218,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
drop:
macsec_rxsa_put(rx_sa);
drop_nosa:
macsec_rxsc_put(rx_sc);
rcu_read_unlock();
drop_direct:
kfree_skb(skb);