mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-04 12:16:41 +00:00
ipsec-2024-07-11
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEH7ZpcWbFyOOp6OJbrB3Eaf9PW7cFAmaPqSEACgkQrB3Eaf9P W7eOmQ//YVp6OL+oS5lRzLMvhKLXh42qGbaOPAZl/k0cOACsOnNhubTQHUToIMYt FXLVCDrXHU3F4JVGdgzwJb+/2wqElP+3Wlw48WCnycAlB8NpFc24qKwZHWzo04Mv uutWG5oVXXMYsnLEQhsQCMj+rCjDnSJG2bmsQCHS8GFB4PKP/SSGm/H0UFUbYjIE leZ6rPmqmHf/FShqSmm0VTbXyeLE3bIJQ5zfDLzKW9/nO5h/VyZcZCEzEENF5i2i bKaEGSNrK4evyj+9j/B8FDdujEfVbNyanTAkChJgx3Wug6rIy1QdsG2xDpPn3zm+ pdDvSLPAjjLHrCr7yPPnHEdtOYBvnvjW035VBG/q7pNZfHUaKcutvQJESiNVjsV0 hqmL8XhKgdT/0dPrevXVSXcLOXT25EkzLoN8W4P3qOY4OSFQPC8V+ELCOhWGlZwB rKA8/NfEwV2yIlxhEzSYUTaGT3YZVLJsAVuEfR8Y3tq/j7X5G6h4lCKddxNKhLn+ jJroKlKQEHsC7HCMOW9kJijiXWxNjT4cAPRXMSIxf3cL29UwU9zPE1wx1oq1Pr97 FZiGg9IapcK5nKslaim+nwn6PtEJzVzCWtZ5gddtS4qOrZKuveql/B2P1I8EL9S6 LUqOE9gUeQpSdG/M5FqkLJnUE1knHYRZhQw682fA1zvZFj+G9lo= =xFmH -----END PGP SIGNATURE----- Merge tag 'ipsec-2024-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2024-07-11 1) Fix esp_output_tail_tcp() on unsupported ESPINTCP. From Hagar Hemdan. 2) Fix two bugs in the recently introduced SA direction separation. From Antony Antony. 3) Fix unregister netdevice hang on hardware offload. We had to add another list where skbs linked to that are unlinked from the lists (deleted) but not yet freed. 4) Fix netdev reference count imbalance in xfrm_state_find. From Jianbo Liu. 5) Call xfrm_dev_policy_delete when killingi them on offloaded policies. Jianbo Liu. * tag 'ipsec-2024-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec: xfrm: call xfrm_dev_policy_delete when kill policy xfrm: fix netdev reference count imbalance xfrm: Export symbol xfrm_dev_state_delete. xfrm: Fix unregister netdevice hang on hardware offload. xfrm: Log input direction mismatch error in one place xfrm: Fix input error path memory access net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP ==================== Link: https://patch.msgid.link/20240711100025.1949454-1-steffen.klassert@secunet.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
commit
70c676cb3d
@ -178,7 +178,10 @@ struct xfrm_state {
|
||||
struct hlist_node gclist;
|
||||
struct hlist_node bydst;
|
||||
};
|
||||
struct hlist_node bysrc;
|
||||
union {
|
||||
struct hlist_node dev_gclist;
|
||||
struct hlist_node bysrc;
|
||||
};
|
||||
struct hlist_node byspi;
|
||||
struct hlist_node byseq;
|
||||
|
||||
@ -1588,7 +1591,7 @@ void xfrm_state_update_stats(struct net *net);
|
||||
static inline void xfrm_dev_state_update_stats(struct xfrm_state *x)
|
||||
{
|
||||
struct xfrm_dev_offload *xdo = &x->xso;
|
||||
struct net_device *dev = xdo->dev;
|
||||
struct net_device *dev = READ_ONCE(xdo->dev);
|
||||
|
||||
if (dev && dev->xfrmdev_ops &&
|
||||
dev->xfrmdev_ops->xdo_dev_state_update_stats)
|
||||
@ -1946,13 +1949,16 @@ int xfrm_dev_policy_add(struct net *net, struct xfrm_policy *xp,
|
||||
struct xfrm_user_offload *xuo, u8 dir,
|
||||
struct netlink_ext_ack *extack);
|
||||
bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x);
|
||||
void xfrm_dev_state_delete(struct xfrm_state *x);
|
||||
void xfrm_dev_state_free(struct xfrm_state *x);
|
||||
|
||||
static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x)
|
||||
{
|
||||
struct xfrm_dev_offload *xso = &x->xso;
|
||||
struct net_device *dev = READ_ONCE(xso->dev);
|
||||
|
||||
if (xso->dev && xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn)
|
||||
xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn(x);
|
||||
if (dev && dev->xfrmdev_ops->xdo_dev_state_advance_esn)
|
||||
dev->xfrmdev_ops->xdo_dev_state_advance_esn(x);
|
||||
}
|
||||
|
||||
static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
|
||||
@ -1973,28 +1979,6 @@ static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
|
||||
return false;
|
||||
}
|
||||
|
||||
static inline void xfrm_dev_state_delete(struct xfrm_state *x)
|
||||
{
|
||||
struct xfrm_dev_offload *xso = &x->xso;
|
||||
|
||||
if (xso->dev)
|
||||
xso->dev->xfrmdev_ops->xdo_dev_state_delete(x);
|
||||
}
|
||||
|
||||
static inline void xfrm_dev_state_free(struct xfrm_state *x)
|
||||
{
|
||||
struct xfrm_dev_offload *xso = &x->xso;
|
||||
struct net_device *dev = xso->dev;
|
||||
|
||||
if (dev && dev->xfrmdev_ops) {
|
||||
if (dev->xfrmdev_ops->xdo_dev_state_free)
|
||||
dev->xfrmdev_ops->xdo_dev_state_free(x);
|
||||
xso->dev = NULL;
|
||||
xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
|
||||
netdev_put(dev, &xso->dev_tracker);
|
||||
}
|
||||
}
|
||||
|
||||
static inline void xfrm_dev_policy_delete(struct xfrm_policy *x)
|
||||
{
|
||||
struct xfrm_dev_offload *xdo = &x->xdo;
|
||||
|
@ -239,8 +239,7 @@ static int esp_output_tail_tcp(struct xfrm_state *x, struct sk_buff *skb)
|
||||
#else
|
||||
static int esp_output_tail_tcp(struct xfrm_state *x, struct sk_buff *skb)
|
||||
{
|
||||
kfree_skb(skb);
|
||||
|
||||
WARN_ON(1);
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
#endif
|
||||
|
@ -56,6 +56,13 @@ static struct sk_buff *esp4_gro_receive(struct list_head *head,
|
||||
x = xfrm_state_lookup(dev_net(skb->dev), skb->mark,
|
||||
(xfrm_address_t *)&ip_hdr(skb)->daddr,
|
||||
spi, IPPROTO_ESP, AF_INET);
|
||||
|
||||
if (unlikely(x && x->dir && x->dir != XFRM_SA_DIR_IN)) {
|
||||
/* non-offload path will record the error and audit log */
|
||||
xfrm_state_put(x);
|
||||
x = NULL;
|
||||
}
|
||||
|
||||
if (!x)
|
||||
goto out_reset;
|
||||
|
||||
|
@ -256,8 +256,7 @@ static int esp_output_tail_tcp(struct xfrm_state *x, struct sk_buff *skb)
|
||||
#else
|
||||
static int esp_output_tail_tcp(struct xfrm_state *x, struct sk_buff *skb)
|
||||
{
|
||||
kfree_skb(skb);
|
||||
|
||||
WARN_ON(1);
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
#endif
|
||||
|
@ -83,6 +83,13 @@ static struct sk_buff *esp6_gro_receive(struct list_head *head,
|
||||
x = xfrm_state_lookup(dev_net(skb->dev), skb->mark,
|
||||
(xfrm_address_t *)&ipv6_hdr(skb)->daddr,
|
||||
spi, IPPROTO_ESP, AF_INET6);
|
||||
|
||||
if (unlikely(x && x->dir && x->dir != XFRM_SA_DIR_IN)) {
|
||||
/* non-offload path will record the error and audit log */
|
||||
xfrm_state_put(x);
|
||||
x = NULL;
|
||||
}
|
||||
|
||||
if (!x)
|
||||
goto out_reset;
|
||||
|
||||
|
@ -474,11 +474,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
|
||||
if (encap_type < 0 || (xo && xo->flags & XFRM_GRO)) {
|
||||
x = xfrm_input_state(skb);
|
||||
|
||||
if (unlikely(x->dir && x->dir != XFRM_SA_DIR_IN)) {
|
||||
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEDIRERROR);
|
||||
goto drop;
|
||||
}
|
||||
|
||||
if (unlikely(x->km.state != XFRM_STATE_VALID)) {
|
||||
if (x->km.state == XFRM_STATE_ACQ)
|
||||
XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
|
||||
@ -585,8 +580,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
|
||||
}
|
||||
|
||||
if (unlikely(x->dir && x->dir != XFRM_SA_DIR_IN)) {
|
||||
secpath_reset(skb);
|
||||
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEDIRERROR);
|
||||
xfrm_audit_state_notfound(skb, family, spi, seq);
|
||||
xfrm_state_put(x);
|
||||
x = NULL;
|
||||
goto drop;
|
||||
}
|
||||
|
||||
|
@ -452,6 +452,8 @@ EXPORT_SYMBOL(xfrm_policy_destroy);
|
||||
|
||||
static void xfrm_policy_kill(struct xfrm_policy *policy)
|
||||
{
|
||||
xfrm_dev_policy_delete(policy);
|
||||
|
||||
write_lock_bh(&policy->lock);
|
||||
policy->walk.dead = 1;
|
||||
write_unlock_bh(&policy->lock);
|
||||
@ -1850,7 +1852,6 @@ int xfrm_policy_flush(struct net *net, u8 type, bool task_valid)
|
||||
|
||||
__xfrm_policy_unlink(pol, dir);
|
||||
spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
|
||||
xfrm_dev_policy_delete(pol);
|
||||
cnt++;
|
||||
xfrm_audit_policy_delete(pol, 1, task_valid);
|
||||
xfrm_policy_kill(pol);
|
||||
@ -1891,7 +1892,6 @@ int xfrm_dev_policy_flush(struct net *net, struct net_device *dev,
|
||||
|
||||
__xfrm_policy_unlink(pol, dir);
|
||||
spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
|
||||
xfrm_dev_policy_delete(pol);
|
||||
cnt++;
|
||||
xfrm_audit_policy_delete(pol, 1, task_valid);
|
||||
xfrm_policy_kill(pol);
|
||||
@ -2342,7 +2342,6 @@ int xfrm_policy_delete(struct xfrm_policy *pol, int dir)
|
||||
pol = __xfrm_policy_unlink(pol, dir);
|
||||
spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
|
||||
if (pol) {
|
||||
xfrm_dev_policy_delete(pol);
|
||||
xfrm_policy_kill(pol);
|
||||
return 0;
|
||||
}
|
||||
|
@ -49,6 +49,7 @@ static struct kmem_cache *xfrm_state_cache __ro_after_init;
|
||||
|
||||
static DECLARE_WORK(xfrm_state_gc_work, xfrm_state_gc_task);
|
||||
static HLIST_HEAD(xfrm_state_gc_list);
|
||||
static HLIST_HEAD(xfrm_state_dev_gc_list);
|
||||
|
||||
static inline bool xfrm_state_hold_rcu(struct xfrm_state __rcu *x)
|
||||
{
|
||||
@ -214,6 +215,7 @@ static DEFINE_SPINLOCK(xfrm_state_afinfo_lock);
|
||||
static struct xfrm_state_afinfo __rcu *xfrm_state_afinfo[NPROTO];
|
||||
|
||||
static DEFINE_SPINLOCK(xfrm_state_gc_lock);
|
||||
static DEFINE_SPINLOCK(xfrm_state_dev_gc_lock);
|
||||
|
||||
int __xfrm_state_delete(struct xfrm_state *x);
|
||||
|
||||
@ -683,6 +685,41 @@ struct xfrm_state *xfrm_state_alloc(struct net *net)
|
||||
}
|
||||
EXPORT_SYMBOL(xfrm_state_alloc);
|
||||
|
||||
#ifdef CONFIG_XFRM_OFFLOAD
|
||||
void xfrm_dev_state_delete(struct xfrm_state *x)
|
||||
{
|
||||
struct xfrm_dev_offload *xso = &x->xso;
|
||||
struct net_device *dev = READ_ONCE(xso->dev);
|
||||
|
||||
if (dev) {
|
||||
dev->xfrmdev_ops->xdo_dev_state_delete(x);
|
||||
spin_lock_bh(&xfrm_state_dev_gc_lock);
|
||||
hlist_add_head(&x->dev_gclist, &xfrm_state_dev_gc_list);
|
||||
spin_unlock_bh(&xfrm_state_dev_gc_lock);
|
||||
}
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(xfrm_dev_state_delete);
|
||||
|
||||
void xfrm_dev_state_free(struct xfrm_state *x)
|
||||
{
|
||||
struct xfrm_dev_offload *xso = &x->xso;
|
||||
struct net_device *dev = READ_ONCE(xso->dev);
|
||||
|
||||
if (dev && dev->xfrmdev_ops) {
|
||||
spin_lock_bh(&xfrm_state_dev_gc_lock);
|
||||
if (!hlist_unhashed(&x->dev_gclist))
|
||||
hlist_del(&x->dev_gclist);
|
||||
spin_unlock_bh(&xfrm_state_dev_gc_lock);
|
||||
|
||||
if (dev->xfrmdev_ops->xdo_dev_state_free)
|
||||
dev->xfrmdev_ops->xdo_dev_state_free(x);
|
||||
WRITE_ONCE(xso->dev, NULL);
|
||||
xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
|
||||
netdev_put(dev, &xso->dev_tracker);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
void __xfrm_state_destroy(struct xfrm_state *x, bool sync)
|
||||
{
|
||||
WARN_ON(x->km.state != XFRM_STATE_DEAD);
|
||||
@ -848,6 +885,9 @@ EXPORT_SYMBOL(xfrm_state_flush);
|
||||
|
||||
int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_valid)
|
||||
{
|
||||
struct xfrm_state *x;
|
||||
struct hlist_node *tmp;
|
||||
struct xfrm_dev_offload *xso;
|
||||
int i, err = 0, cnt = 0;
|
||||
|
||||
spin_lock_bh(&net->xfrm.xfrm_state_lock);
|
||||
@ -857,8 +897,6 @@ int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_vali
|
||||
|
||||
err = -ESRCH;
|
||||
for (i = 0; i <= net->xfrm.state_hmask; i++) {
|
||||
struct xfrm_state *x;
|
||||
struct xfrm_dev_offload *xso;
|
||||
restart:
|
||||
hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
|
||||
xso = &x->xso;
|
||||
@ -868,6 +906,8 @@ int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_vali
|
||||
spin_unlock_bh(&net->xfrm.xfrm_state_lock);
|
||||
|
||||
err = xfrm_state_delete(x);
|
||||
xfrm_dev_state_free(x);
|
||||
|
||||
xfrm_audit_state_delete(x, err ? 0 : 1,
|
||||
task_valid);
|
||||
xfrm_state_put(x);
|
||||
@ -884,6 +924,24 @@ int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_vali
|
||||
|
||||
out:
|
||||
spin_unlock_bh(&net->xfrm.xfrm_state_lock);
|
||||
|
||||
spin_lock_bh(&xfrm_state_dev_gc_lock);
|
||||
restart_gc:
|
||||
hlist_for_each_entry_safe(x, tmp, &xfrm_state_dev_gc_list, dev_gclist) {
|
||||
xso = &x->xso;
|
||||
|
||||
if (xso->dev == dev) {
|
||||
spin_unlock_bh(&xfrm_state_dev_gc_lock);
|
||||
xfrm_dev_state_free(x);
|
||||
spin_lock_bh(&xfrm_state_dev_gc_lock);
|
||||
goto restart_gc;
|
||||
}
|
||||
|
||||
}
|
||||
spin_unlock_bh(&xfrm_state_dev_gc_lock);
|
||||
|
||||
xfrm_flush_gc();
|
||||
|
||||
return err;
|
||||
}
|
||||
EXPORT_SYMBOL(xfrm_dev_state_flush);
|
||||
@ -1273,8 +1331,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
|
||||
xso->dev = xdo->dev;
|
||||
xso->real_dev = xdo->real_dev;
|
||||
xso->flags = XFRM_DEV_OFFLOAD_FLAG_ACQ;
|
||||
netdev_tracker_alloc(xso->dev, &xso->dev_tracker,
|
||||
GFP_ATOMIC);
|
||||
netdev_hold(xso->dev, &xso->dev_tracker, GFP_ATOMIC);
|
||||
error = xso->dev->xfrmdev_ops->xdo_dev_state_add(x, NULL);
|
||||
if (error) {
|
||||
xso->dir = 0;
|
||||
|
@ -2455,7 +2455,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
|
||||
NETLINK_CB(skb).portid);
|
||||
}
|
||||
} else {
|
||||
xfrm_dev_policy_delete(xp);
|
||||
xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
|
||||
|
||||
if (err != 0)
|
||||
|
Loading…
Reference in New Issue
Block a user