From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Yan Yan <evitayan@google.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 01/16] xfrm: Fix xfrm migrate issues when address family changes
Date: Mon, 21 Mar 2022 14:51:31 +0100 [thread overview]
Message-ID: <20220321133216.693646575@linuxfoundation.org> (raw)
In-Reply-To: <20220321133216.648316863@linuxfoundation.org>
From: Yan Yan <evitayan@google.com>
[ Upstream commit e03c3bba351f99ad932e8f06baa9da1afc418e02 ]
xfrm_migrate cannot handle address family change of an xfrm_state.
The symptons are the xfrm_state will be migrated to a wrong address,
and sending as well as receiving packets wil be broken.
This commit fixes it by breaking the original xfrm_state_clone
method into two steps so as to update the props.family before
running xfrm_init_state. As the result, xfrm_state's inner mode,
outer mode, type and IP header length in xfrm_state_migrate can
be updated with the new address family.
Tested with additions to Android's kernel unit test suite:
https://android-review.googlesource.com/c/kernel/tests/+/1885354
Signed-off-by: Yan Yan <evitayan@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_state.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 4d19f2ff6e05..73b4e7c0d336 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1238,9 +1238,6 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
memcpy(&x->mark, &orig->mark, sizeof(x->mark));
- if (xfrm_init_state(x) < 0)
- goto error;
-
x->props.flags = orig->props.flags;
x->props.extra_flags = orig->props.extra_flags;
@@ -1317,6 +1314,11 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
if (!xc)
return NULL;
+ xc->props.family = m->new_family;
+
+ if (xfrm_init_state(xc) < 0)
+ goto error;
+
memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
--
2.34.1
next prev parent reply other threads:[~2022-03-21 13:51 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-21 13:51 [PATCH 4.9 00/16] 4.9.308-rc1 review Greg Kroah-Hartman
2022-03-21 13:51 ` Greg Kroah-Hartman [this message]
2022-03-21 13:51 ` [PATCH 4.9 02/16] ARM: dts: rockchip: fix a typo on rk3288 crypto-controller Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 03/16] MIPS: smp: fill in sibling and core maps earlier Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 04/16] ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 05/16] can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 06/16] atm: firestream: check the return value of ioremap() in fs_init() Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 07/16] nl80211: Update bss channel on channel switch for P2P_CLIENT Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 08/16] tcp: make tcp_read_sock() more robust Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 09/16] sfc: extend the locking on mcdi->seqno Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 10/16] kselftest/vm: fix tests build with old libc Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 11/16] fs: sysfs_emit: Remove PAGE_SIZE alignment check Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 12/16] net/packet: fix slab-out-of-bounds access in packet_recvmsg() Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 13/16] atm: eni: Add check for dma_map_single Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 14/16] usb: gadget: rndis: prevent integer overflow in rndis_set_response() Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 15/16] usb: gadget: Fix use-after-free bug by not setting udc->dev.driver Greg Kroah-Hartman
2022-03-21 13:51 ` [PATCH 4.9 16/16] Input: aiptek - properly check endpoint type Greg Kroah-Hartman
2022-03-21 17:27 ` [PATCH 4.9 00/16] 4.9.308-rc1 review Florian Fainelli
2022-03-21 17:59 ` Pavel Machek
2022-03-21 19:16 ` Jon Hunter
2022-03-21 23:25 ` Shuah Khan
2022-03-22 1:58 ` Guenter Roeck
2022-03-22 15:32 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220321133216.693646575@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=evitayan@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.