pull request (net): ipsec 2015-04-09

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* pull request (net): ipsec 2015-04-09
@ 2015-04-09 10:32 Steffen Klassert
  2015-04-09 10:32 ` [PATCH 1/2] xfrm: fix xfrm_input/xfrm_tunnel_check oops Steffen Klassert
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Steffen Klassert @ 2015-04-09 10:32 UTC (permalink / raw)
  To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev

1) We dereferenced the xfrm outer_mode too early, larval
   SAs don't have it set. Move the dereference of the
   outer mode below the larval SA check to fix it.
   From Alexey Dobriyan.

2) Fix vti6 tunnel uninit on namespace crosssing.
   From Yao Xiwei.

Please pull or let me know if there are problems.

Thanks!

The following changes since commit f22e6e847115abc3a0e2ad7bb18d243d42275af1:

  Linux 4.0-rc7 (2015-04-06 15:39:45 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master

for you to fetch changes up to 092a29a40bab8bb4530bb3e58a0597001cdecdef:

  vti6: fix uninit when using x-netns (2015-04-07 07:52:28 +0200)

----------------------------------------------------------------
Alexey Dobriyan (1):
      xfrm: fix xfrm_input/xfrm_tunnel_check oops

Yao Xiwei (1):
      vti6: fix uninit when using x-netns

 net/ipv6/ip6_vti.c    |  3 +--
 net/xfrm/xfrm_input.c | 10 +++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/2] xfrm: fix xfrm_input/xfrm_tunnel_check oops
  2015-04-09 10:32 pull request (net): ipsec 2015-04-09 Steffen Klassert
@ 2015-04-09 10:32 ` Steffen Klassert
  2015-04-09 10:32 ` [PATCH 2/2] vti6: fix uninit when using x-netns Steffen Klassert
  2015-04-09 18:39 ` pull request (net): ipsec 2015-04-09 David Miller
  2 siblings, 0 replies; 4+ messages in thread
From: Steffen Klassert @ 2015-04-09 10:32 UTC (permalink / raw)
  To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev

From: Alexey Dobriyan <adobriyan@gmail.com>

https://bugzilla.kernel.org/show_bug.cgi?id=95211

Commit 70be6c91c86596ad2b60c73587880b47df170a41
("xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer") added check
which dereferences ->outer_mode too early but larval SAs don't have
this pointer set (yet). So check for tunnel stuff later.

Mike Noordermeer reported this bug and patiently applied all the debugging.

Technically this is remote-oops-in-interrupt-context type of thing.

BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
IP: [<ffffffff8150dca2>] xfrm_input+0x3c2/0x5a0
	...
[<ffffffff81500fc6>] ? xfrm4_esp_rcv+0x36/0x70
[<ffffffff814acc9a>] ? ip_local_deliver_finish+0x9a/0x200
[<ffffffff81471b83>] ? __netif_receive_skb_core+0x6f3/0x8f0
	...

RIP  [<ffffffff8150dca2>] xfrm_input+0x3c2/0x5a0
Kernel panic - not syncing: Fatal exception in interrupt

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/xfrm/xfrm_input.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 85d1d47..526c4fe 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -238,11 +238,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 
 		skb->sp->xvec[skb->sp->len++] = x;
 
-		if (xfrm_tunnel_check(skb, x, family)) {
-			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
-			goto drop;
-		}
-
 		spin_lock(&x->lock);
 		if (unlikely(x->km.state == XFRM_STATE_ACQ)) {
 			XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
@@ -271,6 +266,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 
 		spin_unlock(&x->lock);
 
+		if (xfrm_tunnel_check(skb, x, family)) {
+			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
+			goto drop;
+		}
+
 		seq_hi = htonl(xfrm_replay_seqhi(x, seq));
 
 		XFRM_SKB_CB(skb)->seq.input.low = seq;
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] vti6: fix uninit when using x-netns
  2015-04-09 10:32 pull request (net): ipsec 2015-04-09 Steffen Klassert
  2015-04-09 10:32 ` [PATCH 1/2] xfrm: fix xfrm_input/xfrm_tunnel_check oops Steffen Klassert
@ 2015-04-09 10:32 ` Steffen Klassert
  2015-04-09 18:39 ` pull request (net): ipsec 2015-04-09 David Miller
  2 siblings, 0 replies; 4+ messages in thread
From: Steffen Klassert @ 2015-04-09 10:32 UTC (permalink / raw)
  To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev

From: Yao Xiwei <xiwei.yao@6wind.com>

When the kernel deleted a vti6 interface, this interface was not removed from
the tunnels list. Thus, when the ip6_vti module was removed, this old interface
was found and the kernel tried to delete it again. This was leading to a kernel
panic.

Fixes: 61220ab34948 ("vti6: Enable namespace changing")
Signed-off-by: Yao Xiwei <xiwei.yao@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/ipv6/ip6_vti.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 5fb9e21..a4ac850 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -288,8 +288,7 @@ static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p,
 static void vti6_dev_uninit(struct net_device *dev)
 {
 	struct ip6_tnl *t = netdev_priv(dev);
-	struct net *net = dev_net(dev);
-	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
+	struct vti6_net *ip6n = net_generic(t->net, vti6_net_id);
 
 	if (dev == ip6n->fb_tnl_dev)
 		RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: pull request (net): ipsec 2015-04-09
  2015-04-09 10:32 pull request (net): ipsec 2015-04-09 Steffen Klassert
  2015-04-09 10:32 ` [PATCH 1/2] xfrm: fix xfrm_input/xfrm_tunnel_check oops Steffen Klassert
  2015-04-09 10:32 ` [PATCH 2/2] vti6: fix uninit when using x-netns Steffen Klassert
@ 2015-04-09 18:39 ` David Miller
  2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2015-04-09 18:39 UTC (permalink / raw)
  To: steffen.klassert; +Cc: herbert, netdev

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Thu, 9 Apr 2015 12:32:09 +0200

> 1) We dereferenced the xfrm outer_mode too early, larval
>    SAs don't have it set. Move the dereference of the
>    outer mode below the larval SA check to fix it.
>    From Alexey Dobriyan.
> 
> 2) Fix vti6 tunnel uninit on namespace crosssing.
>    From Yao Xiwei.
> 
> Please pull or let me know if there are problems.

Pulled, thanks a lot Steffen.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-04-09 18:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-04-09 10:32 pull request (net): ipsec 2015-04-09 Steffen Klassert
2015-04-09 10:32 ` [PATCH 1/2] xfrm: fix xfrm_input/xfrm_tunnel_check oops Steffen Klassert
2015-04-09 10:32 ` [PATCH 2/2] vti6: fix uninit when using x-netns Steffen Klassert
2015-04-09 18:39 ` pull request (net): ipsec 2015-04-09 David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).