1
linux/net
Joy Latten 661697f728 [IPSEC] XFRM_USER: kernel panic when large security contexts in ACQUIRE
When sending a security context of 50+ characters in an ACQUIRE 
message, following kernel panic occurred.

kernel BUG in xfrm_send_acquire at net/xfrm/xfrm_user.c:1781!
cpu 0x3: Vector: 700 (Program Check) at [c0000000421bb2e0]
    pc: c00000000033b074: .xfrm_send_acquire+0x240/0x2c8
    lr: c00000000033b014: .xfrm_send_acquire+0x1e0/0x2c8
    sp: c0000000421bb560
   msr: 8000000000029032
  current = 0xc00000000fce8f00
  paca    = 0xc000000000464b00
    pid   = 2303, comm = ping
kernel BUG in xfrm_send_acquire at net/xfrm/xfrm_user.c:1781!
enter ? for help
3:mon> t
[c0000000421bb650] c00000000033538c .km_query+0x6c/0xec
[c0000000421bb6f0] c000000000337374 .xfrm_state_find+0x7f4/0xb88
[c0000000421bb7f0] c000000000332350 .xfrm_tmpl_resolve+0xc4/0x21c
[c0000000421bb8d0] c0000000003326e8 .xfrm_lookup+0x1a0/0x5b0
[c0000000421bba00] c0000000002e6ea0 .ip_route_output_flow+0x88/0xb4
[c0000000421bbaa0] c0000000003106d8 .ip4_datagram_connect+0x218/0x374
[c0000000421bbbd0] c00000000031bc00 .inet_dgram_connect+0xac/0xd4
[c0000000421bbc60] c0000000002b11ac .sys_connect+0xd8/0x120
[c0000000421bbd90] c0000000002d38d0 .compat_sys_socketcall+0xdc/0x214
[c0000000421bbe30] c00000000000869c syscall_exit+0x0/0x40
--- Exception: c00 (System Call) at 0000000007f0ca9c
SP (fc0ef8f0) is in userspace

We are using size of security context from xfrm_policy to determine
how much space to alloc skb and then putting security context from
xfrm_state into skb. Should have been using size of security context 
from xfrm_state to alloc skb. Following fix does that

Signed-off-by: Joy Latten <latten@austin.ibm.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-13 16:14:35 -07:00
..
802 [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
8021q [VLAN]: Allow VLAN interface on top of bridge interface 2007-04-13 16:12:47 -07:00
appletalk [APPLETALK]: Fix a remotely triggerable crash 2007-04-04 23:52:46 -07:00
atm [NET]: Fix neighbour destructor handling. 2007-03-25 18:48:01 -07:00
ax25 [NET] AX.25 Kconfig and docs updates and fixes 2007-03-25 18:48:02 -07:00
bluetooth [PATCH] bluetooth hid quirks: mightymouse quirk 2007-03-29 08:22:24 -07:00
bridge [NET]: fix up misplaced inlines. 2007-03-22 12:27:49 -07:00
core [PKTGEN]: Add try_to_freeze() 2007-04-12 14:45:32 -07:00
dccp [DCCP] getsockopt: Fix DCCP_SOCKOPT_[SEND,RECV]_CSCOV 2007-03-28 11:54:32 -07:00
decnet [DECNet] fib: Fix out of bound access of dn_fib_props[] 2007-03-25 18:48:04 -07:00
econet [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ethernet [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ieee80211 [PATCH] fix typos in net/ieee80211/Kconfig 2007-03-24 16:51:53 -07:00
ipv4 [NETFILTER]: ipt_ULOG: use put_unaligned 2007-04-12 14:27:03 -07:00
ipv6 [IPV6]: Revert recent change to rt6_check_dev(). 2007-04-06 11:42:27 -07:00
ipx [IPX]: Remove ancient changelog 2007-02-28 09:42:06 -08:00
irda [IrDA]: Calling ppp_unregister_channel() from process context 2007-03-20 00:09:42 -07:00
iucv [S390]: Add AF_IUCV socket support 2007-02-08 13:51:54 -08:00
key [IPSEC]: xfrm audit hook misplaced in pfkey_delete and xfrm_del_sa 2007-03-07 16:08:11 -08:00
lapb [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
llc [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
netfilter [NETFILTER]: nf_conntrack_netlink: add missing dependency on NF_NAT 2007-03-22 12:29:57 -07:00
netlabel [NET]: Fix kfree(skb) 2007-02-28 09:42:14 -08:00
netlink [PATCH] mark struct file_operations const 8 2007-02-12 09:48:46 -08:00
netrom [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
packet [AF_PACKET]: Remove unnecessary casts. 2007-02-26 11:42:45 -08:00
rose [ROSE]: Socket locking is a great invention. 2007-03-12 15:53:33 -07:00
rxrpc [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
sched [NET_SCHED]: cls_tcindex: fix compatibility breakage 2007-04-09 13:31:13 -07:00
sctp [SCTP]: Correctly reset ssthresh when restarting association 2007-03-22 12:26:25 -07:00
sunrpc [PATCH] net/sunrpc/svcsock.c: fix a check 2007-04-04 21:12:47 -07:00
tipc [NET] TIPC: Fix whitespace errors. 2007-02-10 23:20:15 -08:00
unix [NET]: Revert incorrect accept queue backlog changes. 2007-03-06 11:21:05 -08:00
wanrouter [WANROUTER]: Delete superfluous source file "net/wanrouter/af_wanpipe.c". 2007-03-12 17:06:27 -07:00
x25 [X25] x25_forward_call(): fix NULL dereferences 2007-03-20 00:09:46 -07:00
xfrm [IPSEC] XFRM_USER: kernel panic when large security contexts in ACQUIRE 2007-04-13 16:14:35 -07:00
compat.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
Kconfig [S390]: Rewrite of the IUCV base code, part 2 2007-02-08 13:37:42 -08:00
Makefile [S390]: Rewrite of the IUCV base code, part 2 2007-02-08 13:37:42 -08:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [NET]: Correct accept(2) recovery after sock_attach_fd() 2007-03-26 14:09:52 -07:00
sysctl_net.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
TUNABLE