12e3594698
In ipcomp_compress(), sortirq is enabled too early, allowing the per-cpu scratch buffer to be rewritten by ipcomp_decompress() (called on the same CPU in softirq context) between populating the buffer and copying the compressed data to the skb. v2: as pointed out by Steffen Klassert, if we also move the local_bh_disable() before reading the per-cpu pointers, we can get rid of get_cpu()/put_cpu(). v3: removed ipcomp_decompress part (as explained by Herbert Xu, it cannot be called from process context), get rid of cpu variable (thanks to Eric Dumazet) Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Reviewed-by: Eric Dumazet <edumazet@google.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| xfrm_algo.c | ||
| xfrm_hash.c | ||
| xfrm_hash.h | ||
| xfrm_input.c | ||
| xfrm_ipcomp.c | ||
| xfrm_output.c | ||
| xfrm_policy.c | ||
| xfrm_proc.c | ||
| xfrm_replay.c | ||
| xfrm_state.c | ||
| xfrm_sysctl.c | ||
| xfrm_user.c | ||