[IPSEC]: Move state lock into x->type->output
This patch releases the lock on the state before calling x->type->output. It also adds the lock to the spots where they're currently needed. Most of those places (all except mip6) are expected to disappear with async crypto. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Herbert Xu
committed by
David S. Miller
David S. Miller
parent
050f009e16
commit
b7c6538cd8
+6
-1
@@ -5,6 +5,7 @@
|
||||
#include <net/ah.h>
|
||||
#include <linux/crypto.h>
|
||||
#include <linux/pfkeyv2.h>
|
||||
#include <linux/spinlock.h>
|
||||
#include <net/icmp.h>
|
||||
#include <net/protocol.h>
|
||||
#include <asm/scatterlist.h>
|
||||
@@ -97,10 +98,14 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
|
||||
ah->reserved = 0;
|
||||
ah->spi = x->id.spi;
|
||||
ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
|
||||
|
||||
spin_lock_bh(&x->lock);
|
||||
err = ah_mac_digest(ahp, skb, ah->auth_data);
|
||||
memcpy(ah->auth_data, ahp->work_icv, ahp->icv_trunc_len);
|
||||
spin_unlock_bh(&x->lock);
|
||||
|
||||
if (err)
|
||||
goto error;
|
||||
memcpy(ah->auth_data, ahp->work_icv, ahp->icv_trunc_len);
|
||||
|
||||
top_iph->tos = iph->tos;
|
||||
top_iph->ttl = iph->ttl;
|
||||
|
||||
+8
-2
@@ -8,6 +8,7 @@
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/pfkeyv2.h>
|
||||
#include <linux/random.h>
|
||||
#include <linux/spinlock.h>
|
||||
#include <net/icmp.h>
|
||||
#include <net/protocol.h>
|
||||
#include <net/udp.h>
|
||||
@@ -66,6 +67,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
|
||||
top_iph->tot_len = htons(skb->len + alen);
|
||||
*(skb_tail_pointer(trailer) - 1) = top_iph->protocol;
|
||||
|
||||
spin_lock_bh(&x->lock);
|
||||
|
||||
/* this is non-NULL only with UDP Encapsulation */
|
||||
if (x->encap) {
|
||||
struct xfrm_encap_tmpl *encap = x->encap;
|
||||
@@ -111,7 +114,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
|
||||
if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
|
||||
sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
|
||||
if (!sg)
|
||||
goto error;
|
||||
goto unlock;
|
||||
}
|
||||
skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
|
||||
err = crypto_blkcipher_encrypt(&desc, sg, sg, clen);
|
||||
@@ -120,7 +123,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
|
||||
} while (0);
|
||||
|
||||
if (unlikely(err))
|
||||
goto error;
|
||||
goto unlock;
|
||||
|
||||
if (esp->conf.ivlen) {
|
||||
memcpy(esph->enc_data, esp->conf.ivec, esp->conf.ivlen);
|
||||
@@ -133,6 +136,9 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
|
||||
memcpy(pskb_put(skb, trailer, alen), esp->auth.work_icv, alen);
|
||||
}
|
||||
|
||||
unlock:
|
||||
spin_unlock_bh(&x->lock);
|
||||
|
||||
ip_send_check(top_iph);
|
||||
|
||||
error:
|
||||
|
||||
Reference in New Issue
Block a user