Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...

[linux-2.6-omap-h63xx.git] / net / ipv6 / esp6.c

diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 72a659806cadfb4f7d026e10e6eef9df41f9e0ef..5bd5292ad9fa9021cf31899355db8cd60857a165 100644 (file)
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -29,7 +29,7 @@
 #include <net/ip.h>
 #include <net/xfrm.h>
 #include <net/esp.h>
-#include <asm/scatterlist.h>
+#include <linux/scatterlist.h>
 #include <linux/crypto.h>
 #include <linux/kernel.h>
 #include <linux/pfkeyv2.h>
@@ -109,7 +109,11 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
                        if (!sg)
                                goto unlock;
                }
-               skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
+               sg_init_table(sg, nfrags);
+               skb_to_sgvec(skb, sg,
+                            esph->enc_data +
+                            esp->conf.ivlen -
+                            skb->data, clen);
                err = crypto_blkcipher_encrypt(&desc, sg, sg, clen);
                if (unlikely(sg != &esp->sgbuf[0]))
                        kfree(sg);
@@ -161,31 +165,32 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
                goto out;
        }
 
+       if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
+               ret = -EINVAL;
+               goto out;
+       }
+
+       skb->ip_summed = CHECKSUM_NONE;
+
+       spin_lock(&x->lock);
+
        /* If integrity check is required, do this. */
        if (esp->auth.icv_full_len) {
                u8 sum[alen];
 
                ret = esp_mac_digest(esp, skb, 0, skb->len - alen);
                if (ret)
-                       goto out;
+                       goto unlock;
 
                if (skb_copy_bits(skb, skb->len - alen, sum, alen))
                        BUG();
 
                if (unlikely(memcmp(esp->auth.work_icv, sum, alen))) {
-                       x->stats.integrity_failed++;
-                       ret = -EINVAL;
-                       goto out;
+                       ret = -EBADMSG;
+                       goto unlock;
                }
        }
 
-       if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
-               ret = -EINVAL;
-               goto out;
-       }
-
-       skb->ip_summed = CHECKSUM_NONE;
-
        esph = (struct ip_esp_hdr *)skb->data;
        iph = ipv6_hdr(skb);
 
@@ -194,23 +199,33 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
                crypto_blkcipher_set_iv(tfm, esph->enc_data, esp->conf.ivlen);
 
        {
-               u8 nexthdr[2];
                struct scatterlist *sg = &esp->sgbuf[0];
-               u8 padlen;
 
                if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
                        sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
                        if (!sg) {
                                ret = -ENOMEM;
-                               goto out;
+                               goto unlock;
                        }
                }
-               skb_to_sgvec(skb, sg, sizeof(*esph) + esp->conf.ivlen, elen);
+               sg_init_table(sg, nfrags);
+               skb_to_sgvec(skb, sg,
+                            sizeof(*esph) + esp->conf.ivlen,
+                            elen);
                ret = crypto_blkcipher_decrypt(&desc, sg, sg, elen);
                if (unlikely(sg != &esp->sgbuf[0]))
                        kfree(sg);
-               if (unlikely(ret))
-                       goto out;
+       }
+
+unlock:
+       spin_unlock(&x->lock);
+
+       if (unlikely(ret))
+               goto out;
+
+       {
+               u8 nexthdr[2];
+               u8 padlen;
 
                if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
                        BUG();
@@ -223,6 +238,12 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
                }
                /* ... check padding bits here. Silly. :-) */
 
+               /* RFC4303: Drop dummy packets without any error */
+               if (nexthdr[1] == IPPROTO_NONE) {
+                       ret = -EINVAL;
+                       goto out;
+               }
+
                pskb_trim(skb, skb->len - alen - padlen - 2);
                ret = nexthdr[1];
        }