Commit 260fcbeb authored by Yan, Zheng's avatar Yan, Zheng Committed by David S. Miller

tcp: properly handle md5sig_pool references

tcp_v4_clear_md5_list() assumes that multiple tcp md5sig peers
only hold one reference to md5sig_pool. but tcp_v4_md5_do_add()
increases use count of md5sig_pool for each peer. This patch
makes tcp_v4_md5_do_add() only increases use count for the first
tcp md5sig peer.
Signed-off-by: default avatarZheng Yan <zheng.z.yan@intel.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent cb2d0f3e
...@@ -927,17 +927,20 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr, ...@@ -927,17 +927,20 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
} }
sk_nocaps_add(sk, NETIF_F_GSO_MASK); sk_nocaps_add(sk, NETIF_F_GSO_MASK);
} }
if (tcp_alloc_md5sig_pool(sk) == NULL) {
md5sig = tp->md5sig_info;
if (md5sig->entries4 == 0 &&
tcp_alloc_md5sig_pool(sk) == NULL) {
kfree(newkey); kfree(newkey);
return -ENOMEM; return -ENOMEM;
} }
md5sig = tp->md5sig_info;
if (md5sig->alloced4 == md5sig->entries4) { if (md5sig->alloced4 == md5sig->entries4) {
keys = kmalloc((sizeof(*keys) * keys = kmalloc((sizeof(*keys) *
(md5sig->entries4 + 1)), GFP_ATOMIC); (md5sig->entries4 + 1)), GFP_ATOMIC);
if (!keys) { if (!keys) {
kfree(newkey); kfree(newkey);
if (md5sig->entries4 == 0)
tcp_free_md5sig_pool(); tcp_free_md5sig_pool();
return -ENOMEM; return -ENOMEM;
} }
...@@ -982,6 +985,7 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr) ...@@ -982,6 +985,7 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
kfree(tp->md5sig_info->keys4); kfree(tp->md5sig_info->keys4);
tp->md5sig_info->keys4 = NULL; tp->md5sig_info->keys4 = NULL;
tp->md5sig_info->alloced4 = 0; tp->md5sig_info->alloced4 = 0;
tcp_free_md5sig_pool();
} else if (tp->md5sig_info->entries4 != i) { } else if (tp->md5sig_info->entries4 != i) {
/* Need to do some manipulation */ /* Need to do some manipulation */
memmove(&tp->md5sig_info->keys4[i], memmove(&tp->md5sig_info->keys4[i],
...@@ -989,7 +993,6 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr) ...@@ -989,7 +993,6 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
(tp->md5sig_info->entries4 - i) * (tp->md5sig_info->entries4 - i) *
sizeof(struct tcp4_md5sig_key)); sizeof(struct tcp4_md5sig_key));
} }
tcp_free_md5sig_pool();
return 0; return 0;
} }
} }
......
...@@ -591,7 +591,8 @@ static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer, ...@@ -591,7 +591,8 @@ static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer,
} }
sk_nocaps_add(sk, NETIF_F_GSO_MASK); sk_nocaps_add(sk, NETIF_F_GSO_MASK);
} }
if (tcp_alloc_md5sig_pool(sk) == NULL) { if (tp->md5sig_info->entries6 == 0 &&
tcp_alloc_md5sig_pool(sk) == NULL) {
kfree(newkey); kfree(newkey);
return -ENOMEM; return -ENOMEM;
} }
...@@ -600,8 +601,9 @@ static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer, ...@@ -600,8 +601,9 @@ static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer,
(tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
if (!keys) { if (!keys) {
tcp_free_md5sig_pool();
kfree(newkey); kfree(newkey);
if (tp->md5sig_info->entries6 == 0)
tcp_free_md5sig_pool();
return -ENOMEM; return -ENOMEM;
} }
...@@ -647,6 +649,7 @@ static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer) ...@@ -647,6 +649,7 @@ static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer)
kfree(tp->md5sig_info->keys6); kfree(tp->md5sig_info->keys6);
tp->md5sig_info->keys6 = NULL; tp->md5sig_info->keys6 = NULL;
tp->md5sig_info->alloced6 = 0; tp->md5sig_info->alloced6 = 0;
tcp_free_md5sig_pool();
} else { } else {
/* shrink the database */ /* shrink the database */
if (tp->md5sig_info->entries6 != i) if (tp->md5sig_info->entries6 != i)
...@@ -655,7 +658,6 @@ static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer) ...@@ -655,7 +658,6 @@ static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer)
(tp->md5sig_info->entries6 - i) (tp->md5sig_info->entries6 - i)
* sizeof (tp->md5sig_info->keys6[0])); * sizeof (tp->md5sig_info->keys6[0]));
} }
tcp_free_md5sig_pool();
return 0; return 0;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment