From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Yan Yan <evitayan@google.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
Sasha Levin <sashal@kernel.org>,
davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.10 02/20] xfrm: Fix xfrm migrate issues when address family changes
Date: Wed, 9 Mar 2022 11:21:40 -0500 [thread overview]
Message-ID: <20220309162158.136467-2-sashal@kernel.org> (raw)
In-Reply-To: <20220309162158.136467-1-sashal@kernel.org>
From: Yan Yan <evitayan@google.com>
[ Upstream commit e03c3bba351f99ad932e8f06baa9da1afc418e02 ]
xfrm_migrate cannot handle address family change of an xfrm_state.
The symptons are the xfrm_state will be migrated to a wrong address,
and sending as well as receiving packets wil be broken.
This commit fixes it by breaking the original xfrm_state_clone
method into two steps so as to update the props.family before
running xfrm_init_state. As the result, xfrm_state's inner mode,
outer mode, type and IP header length in xfrm_state_migrate can
be updated with the new address family.
Tested with additions to Android's kernel unit test suite:
https://android-review.googlesource.com/c/kernel/tests/+/1885354
Signed-off-by: Yan Yan <evitayan@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_state.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 37fe22b2e843..1befc6db723b 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1542,9 +1542,6 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
memcpy(&x->mark, &orig->mark, sizeof(x->mark));
memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark));
- if (xfrm_init_state(x) < 0)
- goto error;
-
x->props.flags = orig->props.flags;
x->props.extra_flags = orig->props.extra_flags;
@@ -1631,6 +1628,11 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
if (!xc)
return NULL;
+ xc->props.family = m->new_family;
+
+ if (xfrm_init_state(xc) < 0)
+ goto error;
+
memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
--
2.34.1
next prev parent reply other threads:[~2022-03-09 16:32 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-09 16:21 [PATCH AUTOSEL 5.10 01/20] xfrm: Check if_id in xfrm_migrate Sasha Levin
2022-03-09 16:21 ` Sasha Levin [this message]
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 03/20] arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity Sasha Levin
2022-03-09 16:21 ` Sasha Levin
2022-03-09 16:21 ` Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 04/20] arm64: dts: rockchip: reorder rk3399 hdmi clocks Sasha Levin
2022-03-09 16:21 ` Sasha Levin
2022-03-09 16:21 ` Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 05/20] arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 06/20] ARM: dts: rockchip: reorder rk322x hmdi clocks Sasha Levin
2022-03-09 16:21 ` Sasha Levin
2022-03-09 16:21 ` Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 07/20] ARM: dts: rockchip: fix a typo on rk3288 crypto-controller Sasha Levin
2022-03-09 16:21 ` Sasha Levin
2022-03-09 16:21 ` Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 08/20] mac80211: refuse aggregations sessions before authorized Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 09/20] MIPS: smp: fill in sibling and core maps earlier Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 10/20] ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 11/20] can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 12/20] atm: firestream: check the return value of ioremap() in fs_init() Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 13/20] Input: goodix - workaround Cherry Trail devices with a bogus ACPI Interrupt() resource Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 14/20] iwlwifi: don't advertise TWT support Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 15/20] drm/vrr: Set VRR capable prop only if it is attached to connector Sasha Levin
2022-03-09 16:21 ` Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 16/20] nl80211: Update bss channel on channel switch for P2P_CLIENT Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 17/20] tcp: make tcp_read_sock() more robust Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 18/20] sfc: extend the locking on mcdi->seqno Sasha Levin
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 19/20] bnx2: Fix an error message Sasha Levin
2022-03-17 11:23 ` Pavel Machek
2022-03-09 16:21 ` [PATCH AUTOSEL 5.10 20/20] kselftest/vm: fix tests build with old libc Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220309162158.136467-2-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=evitayan@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.