[PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it

[PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it

[baker.kernel]

From: "baker.zhang" <baker.kernel@gmail.com>

Signed-off-by: baker.zhang <baker.kernel@gmail.com>
---
For current kernel source, there is no problem.

In our vpn product, we need a xfrm_km in kernel module
to monitor the xfrm state change.
thus, the 'acquire' and 'compile_policy' may be NULL.

So I think we should do the check before use it.

 net/xfrm/xfrm_state.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b9c3f9e..541f684 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1679,9 +1679,11 @@ int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
 
 	rcu_read_lock();
 	list_for_each_entry_rcu(km, &xfrm_km_list, list) {
-		acqret = km->acquire(x, t, pol);
-		if (!acqret)
-			err = acqret;
+		if (km->acquire) {
+			acqret = km->acquire(x, t, pol);
+			if (!acqret)
+				err = acqret;
+		}
 	}
 	rcu_read_unlock();
 	return err;
@@ -1783,10 +1785,12 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
 	err = -EINVAL;
 	rcu_read_lock();
 	list_for_each_entry_rcu(km, &xfrm_km_list, list) {
-		pol = km->compile_policy(sk, optname, data,
-					 optlen, &err);
-		if (err >= 0)
-			break;
+		if (km->compile_policy) {
+			pol = km->compile_policy(sk, optname, data,
+					optlen, &err);
+			if (err >= 0)
+				break;
+		}
 	}
 	rcu_read_unlock();
 
-- 
1.8.3.2

Re: [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it

[Sergei Shtylyov]

Hello.

On 10-11-2013 18:25, baker.kernel@gmail.com wrote:

> From: "baker.zhang" <baker.kernel@gmail.com>

> Signed-off-by: baker.zhang <baker.kernel@gmail.com>
> ---
> For current kernel source, there is no problem.

> In our vpn product, we need a xfrm_km in kernel module
> to monitor the xfrm state change.
> thus, the 'acquire' and 'compile_policy' may be NULL.

> So I think we should do the check before use it.

>   net/xfrm/xfrm_state.c | 18 +++++++++++-------
>   1 file changed, 11 insertions(+), 7 deletions(-)

> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index b9c3f9e..541f684 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
[...]
> @@ -1783,10 +1785,12 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
>   	err = -EINVAL;
>   	rcu_read_lock();
>   	list_for_each_entry_rcu(km, &xfrm_km_list, list) {
> -		pol = km->compile_policy(sk, optname, data,
> -					 optlen, &err);
> -		if (err >= 0)
> -			break;
> +		if (km->compile_policy) {
> +			pol = km->compile_policy(sk, optname, data,
> +					optlen, &err);

    According the networking coding style, the continuation line should start 
right under 'sk' on the previous line.

WBR, Sergei

[PATCH V2 net-next] xfrm: check function pointer of xfrm_mgr before use it

[baker.kernel]

From: "baker.zhang" <baker.kernel@gmail.com>

Signed-off-by: baker.zhang <baker.kernel@gmail.com>
---
V1:
For current kernel source, there is no problem.

In our vpn product, we need a xfrm_km in kernel module
to monitor the xfrm state change.
thus, the 'acquire' and 'compile_policy' may be NULL.

So I think we should do the check before use it.

V2:
Align the continuation line according the networking coding style.

 net/xfrm/xfrm_state.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b9c3f9e..d716031 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1679,9 +1679,11 @@ int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
 
 	rcu_read_lock();
 	list_for_each_entry_rcu(km, &xfrm_km_list, list) {
-		acqret = km->acquire(x, t, pol);
-		if (!acqret)
-			err = acqret;
+		if (km->acquire) {
+			acqret = km->acquire(x, t, pol);
+			if (!acqret)
+				err = acqret;
+		}
 	}
 	rcu_read_unlock();
 	return err;
@@ -1783,10 +1785,12 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
 	err = -EINVAL;
 	rcu_read_lock();
 	list_for_each_entry_rcu(km, &xfrm_km_list, list) {
-		pol = km->compile_policy(sk, optname, data,
-					 optlen, &err);
-		if (err >= 0)
-			break;
+		if (km->compile_policy) {
+			pol = km->compile_policy(sk, optname, data,
+						 optlen, &err);
+			if (err >= 0)
+				break;
+		}
 	}
 	rcu_read_unlock();
 
-- 
1.8.3.2

Re: [PATCH V2 net-next] xfrm: check function pointer of xfrm_mgr before use it

[David Miller]

From: baker.kernel@gmail.com
Date: Mon, 11 Nov 2013 07:31:57 +0800

> From: "baker.zhang" <baker.kernel@gmail.com>
> 
> Signed-off-by: baker.zhang <baker.kernel@gmail.com>

It is not valid to register a key manager that does not implement
these callbacks.

I'm not applying this patch, sorry.  Although I would apply a patch
that validates that all the callbacks are non-NULL at register time.

[PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager

[baker.kernel]

From: Baker Zhang <Baker.kernel@gmail.com>

"acquire" and "compile_policy" callbacks are necessary for a key manager.

Signed-off-by: Baker Zhang <Baker.kernel@gmail.com>
---
Thanks for all reply.

V1:
For current kernel source, there is no problem.

In our vpn product, we need a xfrm_km in kernel module
to monitor the xfrm state change.
thus, the 'acquire' and 'compile_policy' may be NULL.

So I think we should do the check before use it. 

V2:
Align the continuation line according the networking coding style.

V3:
Add check to prevent un-complete key manager at register time.

 net/xfrm/xfrm_state.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b9c3f9e..178283e 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1806,6 +1806,9 @@ static DEFINE_SPINLOCK(xfrm_km_lock);
 
 int xfrm_register_km(struct xfrm_mgr *km)
 {
+	if (km->acquire == NULL || km->compile_policy == NULL)
+		return -EINVAL;
+
 	spin_lock_bh(&xfrm_km_lock);
 	list_add_tail_rcu(&km->list, &xfrm_km_list);
 	spin_unlock_bh(&xfrm_km_lock);
-- 
1.8.3.2

[PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager

[baker.kernel]

From: Baker Zhang <Baker.kernel@gmail.com>

"acquire" and "compile_policy" callbacks are necessary for a key manager.

Signed-off-by: Baker Zhang <Baker.kernel@gmail.com>
---
Thanks for all reply.

V1:
For current kernel source, there is no problem.

In our vpn product, we need a xfrm_km in kernel module
to monitor the xfrm state change.
thus, the 'acquire' and 'compile_policy' may be NULL.

So I think we should do the check before use it. 

V2:
Align the continuation line according the networking coding style.

V3:
Add check to prevent un-complete key manager at register time.

 net/xfrm/xfrm_state.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b9c3f9e..178283e 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1806,6 +1806,9 @@ static DEFINE_SPINLOCK(xfrm_km_lock);
 
 int xfrm_register_km(struct xfrm_mgr *km)
 {
+	if (km->acquire == NULL || km->compile_policy == NULL)
+		return -EINVAL;
+
 	spin_lock_bh(&xfrm_km_lock);
 	list_add_tail_rcu(&km->list, &xfrm_km_list);
 	spin_unlock_bh(&xfrm_km_lock);
-- 
1.8.3.2

Re: [PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager

[Fan Du]

On 2013年11月11日 14:39, baker.kernel@gmail.com wrote:
> From: Baker Zhang<Baker.kernel@gmail.com>
>
> "acquire" and "compile_policy" callbacks are necessary for a key manager.
>
> Signed-off-by: Baker Zhang<Baker.kernel@gmail.com>
> ---
> Thanks for all reply.
>
> V1:
> For current kernel source, there is no problem.
>
> In our vpn product, we need a xfrm_km in kernel module
> to monitor the xfrm state change.
> thus, the 'acquire' and 'compile_policy' may be NULL.
>
> So I think we should do the check before use it.
>
> V2:
> Align the continuation line according the networking coding style.
>
> V3:
> Add check to prevent un-complete key manager at register time.
>
>   net/xfrm/xfrm_state.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index b9c3f9e..178283e 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
> @@ -1806,6 +1806,9 @@ static DEFINE_SPINLOCK(xfrm_km_lock);
>
>   int xfrm_register_km(struct xfrm_mgr *km)
>   {
> +	if (km->acquire == NULL || km->compile_policy == NULL)

"acquire" is a MUST, "compile_policy" is not a necessity.

 From  the fist commit log, you probably add functionality providing SA state changes
in your private key manager, which current implementation does not. Maybe it's worthwhile
to elaborate the missing functionality than add those checking, because both key manage
(pfkeyv2/netlink) in use has "acquire" and "compile_policy" at the same time.



-- 
浮沉随浪只记今朝笑

--fan

Re: [PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager

[David Miller]

From: baker.kernel@gmail.com
Date: Mon, 11 Nov 2013 14:39:11 +0800

> +	if (km->acquire == NULL || km->compile_policy == NULL)
> +		return -EINVAL;

There are 7 function pointer methods that must be fully implemented
in an xfrm_mgr object, not just two.

And really we absolutely do not care at all about your out-of-tree
product, it has no bearing upon what should happen here.

Re: [PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager

[David Miller]

From: baker.kernel@gmail.com
Date: Mon, 11 Nov 2013 14:39:11 +0800

> +	if (km->acquire == NULL || km->compile_policy == NULL)
> +		return -EINVAL;

There are 7 function pointer methods that must be fully implemented
in an xfrm_mgr object, not just two.

And really we absolutely do not care at all about your out-of-tree
product, it has no bearing upon what should happen here.

Re: [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it

[Stephen Hemminger]

On Sun, 10 Nov 2013 22:25:56 +0800
baker.kernel@gmail.com wrote:

> For current kernel source, there is no problem.
> 
> In our vpn product, we need a xfrm_km in kernel module
> to monitor the xfrm state change.
> thus, the 'acquire' and 'compile_policy' may be NULL.
> 
> So I think we should do the check before use it

The upstream kernel does not accept or make changes to accommodate code that
is not part of the kernel source.

The only way this change would be considered would be as part of a submission
of the kernel module. I.e. part 1 of N.

So if you are willing to submit your module upstream under GPLv2, then
it will be reviewed an possibly accepted. If you just want this change to
make your product easier, then sorry no.