https://github.com/torvalds/linux
Revision 661697f728d75302e1f661a58db2fcba71d5cbc9 authored by Joy Latten on 13 April 2007, 23:14:35 UTC, committed by David S. Miller on 13 April 2007, 23:14:35 UTC
When sending a security context of 50+ characters in an ACQUIRE message, following kernel panic occurred. kernel BUG in xfrm_send_acquire at net/xfrm/xfrm_user.c:1781! cpu 0x3: Vector: 700 (Program Check) at [c0000000421bb2e0] pc: c00000000033b074: .xfrm_send_acquire+0x240/0x2c8 lr: c00000000033b014: .xfrm_send_acquire+0x1e0/0x2c8 sp: c0000000421bb560 msr: 8000000000029032 current = 0xc00000000fce8f00 paca = 0xc000000000464b00 pid = 2303, comm = ping kernel BUG in xfrm_send_acquire at net/xfrm/xfrm_user.c:1781! enter ? for help 3:mon> t [c0000000421bb650] c00000000033538c .km_query+0x6c/0xec [c0000000421bb6f0] c000000000337374 .xfrm_state_find+0x7f4/0xb88 [c0000000421bb7f0] c000000000332350 .xfrm_tmpl_resolve+0xc4/0x21c [c0000000421bb8d0] c0000000003326e8 .xfrm_lookup+0x1a0/0x5b0 [c0000000421bba00] c0000000002e6ea0 .ip_route_output_flow+0x88/0xb4 [c0000000421bbaa0] c0000000003106d8 .ip4_datagram_connect+0x218/0x374 [c0000000421bbbd0] c00000000031bc00 .inet_dgram_connect+0xac/0xd4 [c0000000421bbc60] c0000000002b11ac .sys_connect+0xd8/0x120 [c0000000421bbd90] c0000000002d38d0 .compat_sys_socketcall+0xdc/0x214 [c0000000421bbe30] c00000000000869c syscall_exit+0x0/0x40 --- Exception: c00 (System Call) at 0000000007f0ca9c SP (fc0ef8f0) is in userspace We are using size of security context from xfrm_policy to determine how much space to alloc skb and then putting security context from xfrm_state into skb. Should have been using size of security context from xfrm_state to alloc skb. Following fix does that Signed-off-by: Joy Latten <latten@austin.ibm.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 279e172
Tip revision: 661697f728d75302e1f661a58db2fcba71d5cbc9 authored by Joy Latten on 13 April 2007, 23:14:35 UTC
[IPSEC] XFRM_USER: kernel panic when large security contexts in ACQUIRE
[IPSEC] XFRM_USER: kernel panic when large security contexts in ACQUIRE
Tip revision: 661697f
File | Mode | Size |
---|---|---|
irq | ||
power | ||
time | ||
.gitignore | -rw-r--r-- | 51 bytes |
Kconfig.hz | -rw-r--r-- | 1.6 KB |
Kconfig.preempt | -rw-r--r-- | 2.3 KB |
Makefile | -rw-r--r-- | 2.9 KB |
acct.c | -rw-r--r-- | 15.9 KB |
audit.c | -rw-r--r-- | 34.3 KB |
audit.h | -rw-r--r-- | 4.6 KB |
auditfilter.c | -rw-r--r-- | 42.9 KB |
auditsc.c | -rw-r--r-- | 49.1 KB |
capability.c | -rw-r--r-- | 6.7 KB |
compat.c | -rw-r--r-- | 27.7 KB |
configs.c | -rw-r--r-- | 3.2 KB |
cpu.c | -rw-r--r-- | 7.2 KB |
cpuset.c | -rw-r--r-- | 77.9 KB |
delayacct.c | -rw-r--r-- | 4.3 KB |
dma.c | -rw-r--r-- | 3.7 KB |
exec_domain.c | -rw-r--r-- | 4.3 KB |
exit.c | -rw-r--r-- | 41.7 KB |
extable.c | -rw-r--r-- | 2.0 KB |
fork.c | -rw-r--r-- | 42.2 KB |
futex.c | -rw-r--r-- | 43.9 KB |
futex_compat.c | -rw-r--r-- | 3.7 KB |
hrtimer.c | -rw-r--r-- | 35.0 KB |
itimer.c | -rw-r--r-- | 9.2 KB |
kallsyms.c | -rw-r--r-- | 11.0 KB |
kexec.c | -rw-r--r-- | 28.9 KB |
kfifo.c | -rw-r--r-- | 5.1 KB |
kmod.c | -rw-r--r-- | 9.6 KB |
kprobes.c | -rw-r--r-- | 23.4 KB |
ksysfs.c | -rw-r--r-- | 2.3 KB |
kthread.c | -rw-r--r-- | 6.8 KB |
latency.c | -rw-r--r-- | 8.4 KB |
lockdep.c | -rw-r--r-- | 69.5 KB |
lockdep_internals.h | -rw-r--r-- | 2.4 KB |
lockdep_proc.c | -rw-r--r-- | 10.3 KB |
module.c | -rw-r--r-- | 62.9 KB |
mutex-debug.c | -rw-r--r-- | 3.1 KB |
mutex-debug.h | -rw-r--r-- | 1.7 KB |
mutex.c | -rw-r--r-- | 9.4 KB |
mutex.h | -rw-r--r-- | 1.1 KB |
nsproxy.c | -rw-r--r-- | 2.9 KB |
panic.c | -rw-r--r-- | 6.7 KB |
params.c | -rw-r--r-- | 17.3 KB |
pid.c | -rw-r--r-- | 10.2 KB |
posix-cpu-timers.c | -rw-r--r-- | 42.5 KB |
posix-timers.c | -rw-r--r-- | 28.0 KB |
printk.c | -rw-r--r-- | 28.1 KB |
profile.c | -rw-r--r-- | 15.7 KB |
ptrace.c | -rw-r--r-- | 11.0 KB |
rcupdate.c | -rw-r--r-- | 17.4 KB |
rcutorture.c | -rw-r--r-- | 26.9 KB |
relay.c | -rw-r--r-- | 26.2 KB |
resource.c | -rw-r--r-- | 15.9 KB |
rtmutex-debug.c | -rw-r--r-- | 5.7 KB |
rtmutex-debug.h | -rw-r--r-- | 1.4 KB |
rtmutex-tester.c | -rw-r--r-- | 9.0 KB |
rtmutex.c | -rw-r--r-- | 25.3 KB |
rtmutex.h | -rw-r--r-- | 1.1 KB |
rtmutex_common.h | -rw-r--r-- | 3.2 KB |
rwsem.c | -rw-r--r-- | 2.4 KB |
sched.c | -rw-r--r-- | 173.0 KB |
seccomp.c | -rw-r--r-- | 1.1 KB |
signal.c | -rw-r--r-- | 67.6 KB |
softirq.c | -rw-r--r-- | 14.4 KB |
softlockup.c | -rw-r--r-- | 4.0 KB |
spinlock.c | -rw-r--r-- | 10.6 KB |
srcu.c | -rw-r--r-- | 8.5 KB |
stacktrace.c | -rw-r--r-- | 462 bytes |
stop_machine.c | -rw-r--r-- | 4.8 KB |
sys.c | -rw-r--r-- | 53.5 KB |
sys_ni.c | -rw-r--r-- | 3.9 KB |
sysctl.c | -rw-r--r-- | 54.7 KB |
taskstats.c | -rw-r--r-- | 12.1 KB |
time.c | -rw-r--r-- | 18.7 KB |
timer.c | -rw-r--r-- | 50.3 KB |
tsacct.c | -rw-r--r-- | 3.8 KB |
uid16.c | -rw-r--r-- | 5.1 KB |
user.c | -rw-r--r-- | 5.4 KB |
utsname.c | -rw-r--r-- | 2.0 KB |
utsname_sysctl.c | -rw-r--r-- | 3.4 KB |
wait.c | -rw-r--r-- | 7.3 KB |
workqueue.c | -rw-r--r-- | 20.9 KB |
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...