projects / cascardo / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xfrm: fix xfrm_input/xfrm_tunnel_check oops
[cascardo/linux.git] / net / xfrm / xfrm_input.c
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 85d1d47..526c4fe 100644 (file)
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -238,11 +238,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 
                skb->sp->xvec[skb->sp->len++] = x;
 
-               if (xfrm_tunnel_check(skb, x, family)) {
-                       XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
-                       goto drop;
-               }
-
                spin_lock(&x->lock);
                if (unlikely(x->km.state == XFRM_STATE_ACQ)) {
                        XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
@@ -271,6 +266,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 
                spin_unlock(&x->lock);
 
+               if (xfrm_tunnel_check(skb, x, family)) {
+                       XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
+                       goto drop;
+               }
+
                seq_hi = htonl(xfrm_replay_seqhi(x, seq));
 
                XFRM_SKB_CB(skb)->seq.input.low = seq;
Unnamed repository; edit this file 'description' to name the repository.