summaryrefslogtreecommitdiff
path: root/net/ipv4/ah4.c
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-11-13 21:45:58 -0800
committerDavid S. Miller <davem@davemloft.net>2008-01-28 14:53:52 -0800
commit0ebea8ef3559b545c37b016f44e84c3b33e47c39 (patch)
tree7a47787c1b830084ac2d36371490b9e2574e2472 /net/ipv4/ah4.c
parent668dc8af3150f837f7f0461001bbbc0ce25d7bdf (diff)
[IPSEC]: Move state lock into x->type->input
This patch releases the lock on the state before calling x->type->input. It also adds the lock to the spots where they're currently needed. Most of those places (all except mip6) are expected to disappear with async crypto. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ah4.c')
-rw-r--r--net/ipv4/ah4.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index a989d29b44ea..d76803a3dcae 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -169,6 +169,8 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
if (ip_clear_mutable_options(iph, &dummy))
goto out;
}
+
+ spin_lock(&x->lock);
{
u8 auth_data[MAX_AH_AUTH_LEN];
@@ -176,12 +178,16 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
skb_push(skb, ihl);
err = ah_mac_digest(ahp, skb, ah->auth_data);
if (err)
- goto out;
- if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len)) {
+ goto unlock;
+ if (memcmp(ahp->work_icv, auth_data, ahp->icv_trunc_len))
err = -EBADMSG;
- goto out;
- }
}
+unlock:
+ spin_unlock(&x->lock);
+
+ if (err)
+ goto out;
+
skb->network_header += ah_hlen;
memcpy(skb_network_header(skb), work_buf, ihl);
skb->transport_header = skb->network_header;