CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Andrey V. Elsukov <ae@FreeBSD.org>
	Tue, 23 May 2017 09:01:48 +0000 (09:01 +0000)
committer	Andrey V. Elsukov <ae@FreeBSD.org>
	Tue, 23 May 2017 09:01:48 +0000 (09:01 +0000)
commit	5f7c516f216995249523ed43e57e3f91bd8f5ff0
tree	a6c3b1965be4a9cd4371ba3b5aae33b77c4f0536	tree \| snapshot
parent	5a7c7dc571b80448ba4200f73d11113841b52f45	commit \| diff

Fix possible double releasing for SA reference.

There are two possible ways how crypto callback are called: directly from
caller and deffered from crypto thread.

For inbound packets the direct call chain is the following:
IPSEC_INPUT() method -> ipsec_common_input() -> xform_input() ->
-> crypto_dispatch() -> crypto_invoke() -> crypto_done() ->
-> xform_input_cb() -> ipsec[46]_common_input_cb() -> netisr_queue().

The SA reference is held while crypto processing is not finished.
The error handling code wrongly expected that crypto callback always called
from the crypto thread context, and it did SA reference releasing in
xform_input_cb(). But when the crypto callback called directly, in case of
error (e.g. data authentification failed) the error handling in
ipsec_common_input() also did SA reference releasing.

To fix this, remove error handling from ipsec_common_input() and do it
in xform_input() before crypto_dispatch().

PR: 219356
MFC after: 10 days

sys/netipsec/ipsec_input.c		diff \| blob \| history
sys/netipsec/xform_ah.c		diff \| blob \| history
sys/netipsec/xform_esp.c		diff \| blob \| history
sys/netipsec/xform_ipcomp.c		diff \| blob \| history