From: kernel test robot <lkp@intel.com>
To: Jordy Zomer <jordy@pwning.systems>
Cc: llvm@lists.linux.dev, kbuild-all@lists.01.org
Subject: Re: [PATCH] ipv6: check return value of ipv6_skip_exthdr
Date: Sun, 21 Nov 2021 02:00:33 +0800 [thread overview]
Message-ID: <202111210212.kCgrRMiO-lkp@intel.com> (raw)
In-Reply-To: <20211117181610.2731938-1-jordy@pwning.systems>
[-- Attachment #1: Type: text/plain, Size: 5396 bytes --]
Hi Jordy,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on klassert-ipsec/master]
[also build test WARNING on klassert-ipsec-next/master linux/master v5.16-rc1 next-20211118]
[cannot apply to linus/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Jordy-Zomer/ipv6-check-return-value-of-ipv6_skip_exthdr/20211118-021714
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master
config: arm64-buildonly-randconfig-r004-20211118 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project c46becf500df2a7fb4b4fce16178a036c344315a)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm64 cross compiling tool for clang build
# apt-get install binutils-aarch64-linux-gnu
# https://github.com/0day-ci/linux/commit/afe093a81395e12df66d6b2145bcb98d4fc67b55
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Jordy-Zomer/ipv6-check-return-value-of-ipv6_skip_exthdr/20211118-021714
git checkout afe093a81395e12df66d6b2145bcb98d4fc67b55
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> net/ipv6/esp6.c:814:4: warning: misleading indentation; statement is not part of the previous 'if' [-Wmisleading-indentation]
goto out;
^
net/ipv6/esp6.c:812:3: note: previous statement is here
if (offset < 0)
^
1 warning generated.
vim +/if +814 net/ipv6/esp6.c
782
783 int esp6_input_done2(struct sk_buff *skb, int err)
784 {
785 struct xfrm_state *x = xfrm_input_state(skb);
786 struct xfrm_offload *xo = xfrm_offload(skb);
787 struct crypto_aead *aead = x->data;
788 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
789 int hdr_len = skb_network_header_len(skb);
790
791 if (!xo || !(xo->flags & CRYPTO_DONE))
792 kfree(ESP_SKB_CB(skb)->tmp);
793
794 if (unlikely(err))
795 goto out;
796
797 err = esp_remove_trailer(skb);
798 if (unlikely(err < 0))
799 goto out;
800
801 if (x->encap) {
802 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
803 int offset = skb_network_offset(skb) + sizeof(*ip6h);
804 struct xfrm_encap_tmpl *encap = x->encap;
805 u8 nexthdr = ip6h->nexthdr;
806 __be16 frag_off, source;
807 struct udphdr *uh;
808 struct tcphdr *th;
809
810 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
811
812 if (offset < 0)
813 err = -EINVAL;
> 814 goto out;
815
816 uh = (void *)(skb->data + offset);
817 th = (void *)(skb->data + offset);
818 hdr_len += offset;
819
820 switch (x->encap->encap_type) {
821 case TCP_ENCAP_ESPINTCP:
822 source = th->source;
823 break;
824 case UDP_ENCAP_ESPINUDP:
825 case UDP_ENCAP_ESPINUDP_NON_IKE:
826 source = uh->source;
827 break;
828 default:
829 WARN_ON_ONCE(1);
830 err = -EINVAL;
831 goto out;
832 }
833
834 /*
835 * 1) if the NAT-T peer's IP or port changed then
836 * advertize the change to the keying daemon.
837 * This is an inbound SA, so just compare
838 * SRC ports.
839 */
840 if (!ipv6_addr_equal(&ip6h->saddr, &x->props.saddr.in6) ||
841 source != encap->encap_sport) {
842 xfrm_address_t ipaddr;
843
844 memcpy(&ipaddr.a6, &ip6h->saddr.s6_addr, sizeof(ipaddr.a6));
845 km_new_mapping(x, &ipaddr, source);
846
847 /* XXX: perhaps add an extra
848 * policy check here, to see
849 * if we should allow or
850 * reject a packet from a
851 * different source
852 * address/port.
853 */
854 }
855
856 /*
857 * 2) ignore UDP/TCP checksums in case
858 * of NAT-T in Transport Mode, or
859 * perform other post-processing fixes
860 * as per draft-ietf-ipsec-udp-encaps-06,
861 * section 3.1.2
862 */
863 if (x->props.mode == XFRM_MODE_TRANSPORT)
864 skb->ip_summed = CHECKSUM_UNNECESSARY;
865 }
866
867 skb_postpull_rcsum(skb, skb_network_header(skb),
868 skb_network_header_len(skb));
869 skb_pull_rcsum(skb, hlen);
870 if (x->props.mode == XFRM_MODE_TUNNEL)
871 skb_reset_transport_header(skb);
872 else
873 skb_set_transport_header(skb, -hdr_len);
874
875 /* RFC4303: Drop dummy packets without any error */
876 if (err == IPPROTO_NONE)
877 err = -EINVAL;
878
879 out:
880 return err;
881 }
882 EXPORT_SYMBOL_GPL(esp6_input_done2);
883
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 44884 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH] ipv6: check return value of ipv6_skip_exthdr
Date: Sun, 21 Nov 2021 02:00:33 +0800 [thread overview]
Message-ID: <202111210212.kCgrRMiO-lkp@intel.com> (raw)
In-Reply-To: <20211117181610.2731938-1-jordy@pwning.systems>
[-- Attachment #1: Type: text/plain, Size: 5547 bytes --]
Hi Jordy,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on klassert-ipsec/master]
[also build test WARNING on klassert-ipsec-next/master linux/master v5.16-rc1 next-20211118]
[cannot apply to linus/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Jordy-Zomer/ipv6-check-return-value-of-ipv6_skip_exthdr/20211118-021714
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master
config: arm64-buildonly-randconfig-r004-20211118 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project c46becf500df2a7fb4b4fce16178a036c344315a)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm64 cross compiling tool for clang build
# apt-get install binutils-aarch64-linux-gnu
# https://github.com/0day-ci/linux/commit/afe093a81395e12df66d6b2145bcb98d4fc67b55
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Jordy-Zomer/ipv6-check-return-value-of-ipv6_skip_exthdr/20211118-021714
git checkout afe093a81395e12df66d6b2145bcb98d4fc67b55
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> net/ipv6/esp6.c:814:4: warning: misleading indentation; statement is not part of the previous 'if' [-Wmisleading-indentation]
goto out;
^
net/ipv6/esp6.c:812:3: note: previous statement is here
if (offset < 0)
^
1 warning generated.
vim +/if +814 net/ipv6/esp6.c
782
783 int esp6_input_done2(struct sk_buff *skb, int err)
784 {
785 struct xfrm_state *x = xfrm_input_state(skb);
786 struct xfrm_offload *xo = xfrm_offload(skb);
787 struct crypto_aead *aead = x->data;
788 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
789 int hdr_len = skb_network_header_len(skb);
790
791 if (!xo || !(xo->flags & CRYPTO_DONE))
792 kfree(ESP_SKB_CB(skb)->tmp);
793
794 if (unlikely(err))
795 goto out;
796
797 err = esp_remove_trailer(skb);
798 if (unlikely(err < 0))
799 goto out;
800
801 if (x->encap) {
802 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
803 int offset = skb_network_offset(skb) + sizeof(*ip6h);
804 struct xfrm_encap_tmpl *encap = x->encap;
805 u8 nexthdr = ip6h->nexthdr;
806 __be16 frag_off, source;
807 struct udphdr *uh;
808 struct tcphdr *th;
809
810 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
811
812 if (offset < 0)
813 err = -EINVAL;
> 814 goto out;
815
816 uh = (void *)(skb->data + offset);
817 th = (void *)(skb->data + offset);
818 hdr_len += offset;
819
820 switch (x->encap->encap_type) {
821 case TCP_ENCAP_ESPINTCP:
822 source = th->source;
823 break;
824 case UDP_ENCAP_ESPINUDP:
825 case UDP_ENCAP_ESPINUDP_NON_IKE:
826 source = uh->source;
827 break;
828 default:
829 WARN_ON_ONCE(1);
830 err = -EINVAL;
831 goto out;
832 }
833
834 /*
835 * 1) if the NAT-T peer's IP or port changed then
836 * advertize the change to the keying daemon.
837 * This is an inbound SA, so just compare
838 * SRC ports.
839 */
840 if (!ipv6_addr_equal(&ip6h->saddr, &x->props.saddr.in6) ||
841 source != encap->encap_sport) {
842 xfrm_address_t ipaddr;
843
844 memcpy(&ipaddr.a6, &ip6h->saddr.s6_addr, sizeof(ipaddr.a6));
845 km_new_mapping(x, &ipaddr, source);
846
847 /* XXX: perhaps add an extra
848 * policy check here, to see
849 * if we should allow or
850 * reject a packet from a
851 * different source
852 * address/port.
853 */
854 }
855
856 /*
857 * 2) ignore UDP/TCP checksums in case
858 * of NAT-T in Transport Mode, or
859 * perform other post-processing fixes
860 * as per draft-ietf-ipsec-udp-encaps-06,
861 * section 3.1.2
862 */
863 if (x->props.mode == XFRM_MODE_TRANSPORT)
864 skb->ip_summed = CHECKSUM_UNNECESSARY;
865 }
866
867 skb_postpull_rcsum(skb, skb_network_header(skb),
868 skb_network_header_len(skb));
869 skb_pull_rcsum(skb, hlen);
870 if (x->props.mode == XFRM_MODE_TUNNEL)
871 skb_reset_transport_header(skb);
872 else
873 skb_set_transport_header(skb, -hdr_len);
874
875 /* RFC4303: Drop dummy packets without any error */
876 if (err == IPPROTO_NONE)
877 err = -EINVAL;
878
879 out:
880 return err;
881 }
882 EXPORT_SYMBOL_GPL(esp6_input_done2);
883
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 44884 bytes --]
next prev parent reply other threads:[~2021-11-20 18:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-17 18:16 [PATCH] ipv6: check return value of ipv6_skip_exthdr Jordy Zomer
2021-11-17 18:44 ` Kees Cook
2021-11-17 18:46 ` Kees Cook
2021-11-17 19:06 ` [PATCH v2] " Jordy Zomer
2021-11-18 11:50 ` patchwork-bot+netdevbpf
2021-11-19 22:36 ` [PATCH] " kernel test robot
2021-11-20 18:00 ` kernel test robot [this message]
2021-11-20 18:00 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202111210212.kCgrRMiO-lkp@intel.com \
--to=lkp@intel.com \
--cc=jordy@pwning.systems \
--cc=kbuild-all@lists.01.org \
--cc=llvm@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.