Merge branch 'stable-3.17' of git://git.infradead.org/users/pcmoore/selinux

[firefly-linux-kernel-4.4.55.git] / net / ipv6 / tcp_ipv6.c

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 22055b098428df812ca0dfabe3e39420b650d321..f2ce95502392c0e685654df5792614118626f316 100644 (file)
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -667,7 +667,8 @@ clear_hash_noput:
        return 1;
 }
 
-static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
+static int __tcp_v6_inbound_md5_hash(struct sock *sk,
+                                    const struct sk_buff *skb)
 {
        const __u8 *hash_location = NULL;
        struct tcp_md5sig_key *hash_expected;
@@ -707,6 +708,18 @@ static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
        }
        return 0;
 }
+
+static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
+{
+       int ret;
+
+       rcu_read_lock();
+       ret = __tcp_v6_inbound_md5_hash(sk, skb);
+       rcu_read_unlock();
+
+       return ret;
+}
+
 #endif
 
 static void tcp_v6_init_req(struct request_sock *req, struct sock *sk,
@@ -1247,11 +1260,6 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
        if (skb->protocol == htons(ETH_P_IP))
                return tcp_v4_do_rcv(sk, skb);
 
-#ifdef CONFIG_TCP_MD5SIG
-       if (tcp_v6_inbound_md5_hash(sk, skb))
-               goto discard;
-#endif
-
        if (sk_filter(sk, skb))
                goto discard;
 
@@ -1424,6 +1432,11 @@ process:
        if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
                goto discard_and_relse;
 
+#ifdef CONFIG_TCP_MD5SIG
+       if (tcp_v6_inbound_md5_hash(sk, skb))
+               goto discard_and_relse;
+#endif
+
        if (sk_filter(sk, skb))
                goto discard_and_relse;