queue-2.6.25/ipsec-use-the-correct-ip_local_out-function.patch

   1 From 2c2864845e1348c1e04919130c3152d60301fee2 Mon Sep 17 00:00:00 2001
   2 Message-Id: <20080609.134337.193698173.davem@davemloft.net>
   3 From: Herbert Xu <herbert@gondor.apana.org.au>
   4 Date: Tue, 20 May 2008 14:32:14 -0700
   5 Subject: ipsec: Use the correct ip_local_out function
   6
   7 From: Herbert Xu <herbert@gondor.apana.org.au>
   8
   9 [ upstream commit: 1ac06e0306d0192a7a4d9ea1c9e06d355ce7e7d3 ]
  10
  11 Because the IPsec output function xfrm_output_resume does its
  12 own dst_output call it should always call __ip_local_output
  13 instead of ip_local_output as the latter may invoke dst_output
  14 directly.  Otherwise the return values from nf_hook and dst_output
  15 may clash as they both use the value 1 but for different purposes.
  16
  17 When that clash occurs this can cause a packet to be used after
  18 it has been freed which usually leads to a crash.  Because the
  19 offending value is only returned from dst_output with qdiscs
  20 such as HTB, this bug is normally not visible.
  21
  22 Thanks to Marco Berizzi for his perseverance in tracking this
  23 down.
  24
  25 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  26 Signed-off-by: David S. Miller <davem@davemloft.net>
  27 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  28 ---
  29  net/ipv4/route.c |    2 +-
  30  net/ipv6/route.c |    2 +-
  31  2 files changed, 2 insertions(+), 2 deletions(-)
  32
  33 --- a/net/ipv4/route.c
  34 +++ b/net/ipv4/route.c
  35 @@ -162,7 +162,7 @@ static struct dst_ops ipv4_dst_ops = {
  36         .negative_advice =      ipv4_negative_advice,
  37         .link_failure =         ipv4_link_failure,
  38         .update_pmtu =          ip_rt_update_pmtu,
  39 -       .local_out =            ip_local_out,
  40 +       .local_out =            __ip_local_out,
  41         .entry_size =           sizeof(struct rtable),
  42         .entries =              ATOMIC_INIT(0),
  43  };
  44 --- a/net/ipv6/route.c
  45 +++ b/net/ipv6/route.c
  46 @@ -105,7 +105,7 @@ static struct dst_ops ip6_dst_ops = {
  47         .negative_advice        =       ip6_negative_advice,
  48         .link_failure           =       ip6_link_failure,
  49         .update_pmtu            =       ip6_rt_update_pmtu,
  50 -       .local_out              =       ip6_local_out,
  51 +       .local_out              =       __ip6_local_out,
  52         .entry_size             =       sizeof(struct rt6_info),
  53         .entries                =       ATOMIC_INIT(0),
  54  };