[PATCH net-2.6 1/4] xfrm: Fix replay window size calculation on initialization

[PATCH net-2.6 1/4] xfrm: Fix replay window size calculation on initialization

[Steffen Klassert]

On replay initialization, we compute the size of the replay
buffer to see if the replay window fits into the buffer.
This computation lacks a mutliplication by 8 because we need
the size in bit, not in byte. So we might return an error
even though the replay window would fit into the buffer.
This patch fixes this issue.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/xfrm/xfrm_replay.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index f218385..e8a7814 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -532,7 +532,7 @@ int xfrm_init_replay(struct xfrm_state *x)
 
 	if (replay_esn) {
 		if (replay_esn->replay_window >
-		    replay_esn->bmp_len * sizeof(__u32))
+		    replay_esn->bmp_len * sizeof(__u32) * 8)
 			return -EINVAL;
 
 	if ((x->props.flags & XFRM_STATE_ESN) && x->replay_esn)
-- 
1.7.0.4

[PATCH net-2.6 2/4] esp6: Fix scatterlist initialization

[Steffen Klassert]

When we use IPsec extended sequence numbers, we may overwrite
the last scatterlist of the associated data by the scatterlist
for the skb. This patch fixes this by placing the scatterlist
for the skb right behind the last scatterlist of the associated
data. esp4 does it already like that.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/ipv6/esp6.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 5aa8ec8..59dccfb 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -371,7 +371,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
 	iv = esp_tmp_iv(aead, tmp, seqhilen);
 	req = esp_tmp_req(aead, iv);
 	asg = esp_req_sg(aead, req);
-	sg = asg + 1;
+	sg = asg + sglists;
 
 	skb->ip_summed = CHECKSUM_NONE;
 
-- 
1.7.0.4

Re: [PATCH net-2.6 1/4] xfrm: Fix replay window size calculation on initialization

[Herbert Xu]

On Tue, Apr 26, 2011 at 07:39:24AM +0200, Steffen Klassert wrote:
> On replay initialization, we compute the size of the replay
> buffer to see if the replay window fits into the buffer.
> This computation lacks a mutliplication by 8 because we need
> the size in bit, not in byte. So we might return an error
> even though the replay window would fit into the buffer.
> This patch fixes this issue.
> 
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH net-2.6 3/4] xfrm: Check for the new replay implementation if an esn state is inserted

[Steffen Klassert]

IPsec extended sequence numbers can be used only with the new
anti-replay window implementation. So check if the new implementation
is used if an esn state is inserted and return an error if it is not.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/xfrm/xfrm_user.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5d1d60d..c658cb3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -124,6 +124,9 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
 {
 	struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
 
+	if ((p->flags & XFRM_STATE_ESN) && !rt)
+		return -EINVAL;
+
 	if (!rt)
 		return 0;
 
-- 
1.7.0.4

Re: [PATCH net-2.6 2/4] esp6: Fix scatterlist initialization

[Herbert Xu]

On Tue, Apr 26, 2011 at 07:40:23AM +0200, Steffen Klassert wrote:
> When we use IPsec extended sequence numbers, we may overwrite
> the last scatterlist of the associated data by the scatterlist
> for the skb. This patch fixes this by placing the scatterlist
> for the skb right behind the last scatterlist of the associated
> data. esp4 does it already like that.
> 
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH net-2.6 4/4] xfrm: Fix integer underrun on zero sized replay windows

[Steffen Klassert]

The check if the replay window is contained within one subspace or
spans over two subspaces causes an unwanted integer underrun on
zero sized replay windows when we subtract minus one. We fix this by
changeing this check to avoid the subtraction.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/xfrm/xfrm_replay.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index e8a7814..19f94bb 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -32,7 +32,7 @@ u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq)
 	seq_hi = replay_esn->seq_hi;
 	bottom = replay_esn->seq - replay_esn->replay_window + 1;
 
-	if (likely(replay_esn->seq >= replay_esn->replay_window - 1)) {
+	if (likely(replay_esn->seq > replay_esn->replay_window)) {
 		/* A. same subspace */
 		if (unlikely(seq < bottom))
 			seq_hi++;
-- 
1.7.0.4

Re: [PATCH net-2.6 3/4] xfrm: Check for the new replay implementation if an esn state is inserted

[Herbert Xu]

On Tue, Apr 26, 2011 at 07:41:21AM +0200, Steffen Klassert wrote:
> IPsec extended sequence numbers can be used only with the new
> anti-replay window implementation. So check if the new implementation
> is used if an esn state is inserted and return an error if it is not.
> 
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH net-2.6 4/4] xfrm: Fix integer underrun on zero sized replay windows

[Herbert Xu]

On Tue, Apr 26, 2011 at 07:42:32AM +0200, Steffen Klassert wrote:
> The check if the replay window is contained within one subspace or
> spans over two subspaces causes an unwanted integer underrun on
> zero sized replay windows when we subtract minus one. We fix this by
> changeing this check to avoid the subtraction.
> 
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH net-2.6 4/4] xfrm: Fix integer underrun on zero sized replay windows

[Steffen Klassert]

On Tue, Apr 26, 2011 at 07:42:32AM +0200, Steffen Klassert wrote:
> The check if the replay window is contained within one subspace or
> spans over two subspaces causes an unwanted integer underrun on
> zero sized replay windows when we subtract minus one. We fix this by
> changeing this check to avoid the subtraction.
> 

Don't apply this one, it does not fix the issue completely.
I'll send a better one, sorry.

Re: [PATCH net-2.6 1/4] xfrm: Fix replay window size calculation on initialization

[David Miller]

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue, 26 Apr 2011 15:41:07 +1000

> On Tue, Apr 26, 2011 at 07:39:24AM +0200, Steffen Klassert wrote:
>> On replay initialization, we compute the size of the replay
>> buffer to see if the replay window fits into the buffer.
>> This computation lacks a mutliplication by 8 because we need
>> the size in bit, not in byte. So we might return an error
>> even though the replay window would fit into the buffer.
>> This patch fixes this issue.
>> 
>> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
> 
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied.

Re: [PATCH net-2.6 2/4] esp6: Fix scatterlist initialization

[David Miller]

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue, 26 Apr 2011 15:41:58 +1000

> On Tue, Apr 26, 2011 at 07:40:23AM +0200, Steffen Klassert wrote:
>> When we use IPsec extended sequence numbers, we may overwrite
>> the last scatterlist of the associated data by the scatterlist
>> for the skb. This patch fixes this by placing the scatterlist
>> for the skb right behind the last scatterlist of the associated
>> data. esp4 does it already like that.
>> 
>> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
> 
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied.

Re: [PATCH net-2.6 3/4] xfrm: Check for the new replay implementation if an esn state is inserted

[David Miller]

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue, 26 Apr 2011 15:43:04 +1000

> On Tue, Apr 26, 2011 at 07:41:21AM +0200, Steffen Klassert wrote:
>> IPsec extended sequence numbers can be used only with the new
>> anti-replay window implementation. So check if the new implementation
>> is used if an esn state is inserted and return an error if it is not.
>> 
>> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
> 
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied.

Re: [PATCH net-2.6 4/4] xfrm: Fix integer underrun on zero sized replay windows

[David Miller]

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Tue, 26 Apr 2011 12:58:40 +0200

> On Tue, Apr 26, 2011 at 07:42:32AM +0200, Steffen Klassert wrote:
>> The check if the replay window is contained within one subspace or
>> spans over two subspaces causes an unwanted integer underrun on
>> zero sized replay windows when we subtract minus one. We fix this by
>> changeing this check to avoid the subtraction.
>> 
> 
> Don't apply this one, it does not fix the issue completely.
> I'll send a better one, sorry.

Ok.