* [PATCH ipsec-next 0/6] xfrm: remove xfrm replay indirections
@ 2020-06-23 19:48 Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 1/6] xfrm: replay: avoid xfrm replay notify indirection Florian Westphal
` (5 more replies)
0 siblings, 6 replies; 9+ messages in thread
From: Florian Westphal @ 2020-06-23 19:48 UTC (permalink / raw)
To: Steffen Klassert; +Cc: netdev
The xfrm replay logic is implemented via indirect calls.
xfrm_state struct holds a pointer to a
'struct xfrm_replay', which is one of several replay protection
backends.
XFRM then invokes the backend via state->repl->callback().
Due to retpoline all indirect calls have become a lot more
expensive. Fortunately, there are no 'replay modules', all are available
for direct calls.
This series removes the 'struct xfrm_replay' and adds replay
functions that can be called instead of the redirection.
Example:
- err = x->repl->overflow(x, skb);
+ err = xfrm_replay_overflow(x, skb);
Instead of a pointer to a struct with function pointers, xfrm_state
now holds an enum that tells the replay core what kind of replay
test is to be done.
Florian Westphal (6):
xfrm: replay: avoid xfrm replay notify indirection
xfrm: replay: get rid of duplicated notification code
xfrm: replay: remove advance indirection
xfrm: replay: remove recheck indirection
xfrm: replay: avoid replay indirection
xfrm: replay: remove last replay indirection
include/net/xfrm.h | 29 ++++----
net/xfrm/xfrm_input.c | 6 +-
net/xfrm/xfrm_output.c | 2 +-
net/xfrm/xfrm_replay.c | 189 +++++++++++++++++++++++++++----------------------
net/xfrm/xfrm_state.c | 2 +-
5 files changed, 124 insertions(+), 104 deletions(-)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH ipsec-next 1/6] xfrm: replay: avoid xfrm replay notify indirection
2020-06-23 19:48 [PATCH ipsec-next 0/6] xfrm: remove xfrm replay indirections Florian Westphal
@ 2020-06-23 19:48 ` Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 2/6] xfrm: replay: get rid of duplicated notification code Florian Westphal
` (4 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Florian Westphal @ 2020-06-23 19:48 UTC (permalink / raw)
To: Steffen Klassert; +Cc: netdev, Florian Westphal
replay protection is implemented using a callback structure and then
called via
x->repl->notify(), x->repl->recheck(), and so on.
all the differect functions are always built-in, so this could be direct
calls instead.
This first patch prepares for removal of the x->repl structure.
Add an enum with the three available replay modes to the xfrm_state
structure and then replace all x->repl->notify() calls by the new
xfrm_replay_notify() helper.
The helper checks the enum internally to adapt behaviour as needed.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/xfrm.h | 11 ++++++++++-
net/xfrm/xfrm_replay.c | 45 ++++++++++++++++++++++++++----------------
net/xfrm/xfrm_state.c | 2 +-
3 files changed, 39 insertions(+), 19 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index e20b2b27ec48..ed105257c5a8 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -144,6 +144,12 @@ enum {
XFRM_MODE_FLAG_TUNNEL = 1,
};
+enum xfrm_replay_mode {
+ XFRM_REPLAY_MODE_LEGACY,
+ XFRM_REPLAY_MODE_BMP,
+ XFRM_REPLAY_MODE_ESN,
+};
+
/* Full description of state of transformer. */
struct xfrm_state {
possible_net_t xs_net;
@@ -216,6 +222,8 @@ struct xfrm_state {
/* The functions for replay detection. */
const struct xfrm_replay *repl;
+ /* replay detection mode */
+ enum xfrm_replay_mode repl_mode;
/* internal flag that only holds state for delayed aevent at the
* moment
*/
@@ -303,7 +311,6 @@ struct xfrm_replay {
int (*recheck)(struct xfrm_state *x,
struct sk_buff *skb,
__be32 net_seq);
- void (*notify)(struct xfrm_state *x, int event);
int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
};
@@ -1712,6 +1719,8 @@ static inline int xfrm_policy_id2dir(u32 index)
}
#ifdef CONFIG_XFRM
+void xfrm_replay_notify(struct xfrm_state *x, int event);
+
static inline int xfrm_aevent_is_on(struct net *net)
{
struct sock *nlsk;
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 98943f8d01aa..e42a7afb8ee5 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -34,8 +34,11 @@ u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq)
return seq_hi;
}
EXPORT_SYMBOL(xfrm_replay_seqhi);
-;
-static void xfrm_replay_notify(struct xfrm_state *x, int event)
+
+static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event);
+static void xfrm_replay_notify_esn(struct xfrm_state *x, int event);
+
+void xfrm_replay_notify(struct xfrm_state *x, int event)
{
struct km_event c;
/* we send notify messages in case
@@ -48,6 +51,17 @@ static void xfrm_replay_notify(struct xfrm_state *x, int event)
* The state structure must be locked!
*/
+ switch (x->repl_mode) {
+ case XFRM_REPLAY_MODE_LEGACY:
+ break;
+ case XFRM_REPLAY_MODE_BMP:
+ xfrm_replay_notify_bmp(x, event);
+ return;
+ case XFRM_REPLAY_MODE_ESN:
+ xfrm_replay_notify_esn(x, event);
+ return;
+ }
+
switch (event) {
case XFRM_REPLAY_UPDATE:
if (!x->replay_maxdiff ||
@@ -97,7 +111,7 @@ static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
return err;
}
if (xfrm_aevent_is_on(net))
- x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
}
return err;
@@ -156,7 +170,7 @@ static void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
}
if (xfrm_aevent_is_on(xs_net(x)))
- x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
}
static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
@@ -176,7 +190,7 @@ static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
return err;
}
if (xfrm_aevent_is_on(net))
- x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
}
return err;
@@ -271,7 +285,7 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq)
replay_esn->bmp[nr] |= (1U << bitnr);
if (xfrm_aevent_is_on(xs_net(x)))
- x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
}
static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event)
@@ -414,7 +428,7 @@ static int xfrm_replay_overflow_esn(struct xfrm_state *x, struct sk_buff *skb)
}
}
if (xfrm_aevent_is_on(net))
- x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
}
return err;
@@ -546,7 +560,7 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
replay_esn->bmp[nr] |= (1U << bitnr);
if (xfrm_aevent_is_on(xs_net(x)))
- x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
}
#ifdef CONFIG_XFRM_OFFLOAD
@@ -582,7 +596,7 @@ static int xfrm_replay_overflow_offload(struct xfrm_state *x, struct sk_buff *sk
x->replay.oseq = oseq;
if (xfrm_aevent_is_on(net))
- x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
}
return err;
@@ -621,7 +635,7 @@ static int xfrm_replay_overflow_offload_bmp(struct xfrm_state *x, struct sk_buff
}
if (xfrm_aevent_is_on(net))
- x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
}
return err;
@@ -670,7 +684,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
replay_esn->oseq = oseq;
if (xfrm_aevent_is_on(net))
- x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
}
return err;
@@ -680,7 +694,6 @@ static const struct xfrm_replay xfrm_replay_legacy = {
.advance = xfrm_replay_advance,
.check = xfrm_replay_check,
.recheck = xfrm_replay_check,
- .notify = xfrm_replay_notify,
.overflow = xfrm_replay_overflow_offload,
};
@@ -688,7 +701,6 @@ static const struct xfrm_replay xfrm_replay_bmp = {
.advance = xfrm_replay_advance_bmp,
.check = xfrm_replay_check_bmp,
.recheck = xfrm_replay_check_bmp,
- .notify = xfrm_replay_notify_bmp,
.overflow = xfrm_replay_overflow_offload_bmp,
};
@@ -696,7 +708,6 @@ static const struct xfrm_replay xfrm_replay_esn = {
.advance = xfrm_replay_advance_esn,
.check = xfrm_replay_check_esn,
.recheck = xfrm_replay_recheck_esn,
- .notify = xfrm_replay_notify_esn,
.overflow = xfrm_replay_overflow_offload_esn,
};
#else
@@ -704,7 +715,6 @@ static const struct xfrm_replay xfrm_replay_legacy = {
.advance = xfrm_replay_advance,
.check = xfrm_replay_check,
.recheck = xfrm_replay_check,
- .notify = xfrm_replay_notify,
.overflow = xfrm_replay_overflow,
};
@@ -712,7 +722,6 @@ static const struct xfrm_replay xfrm_replay_bmp = {
.advance = xfrm_replay_advance_bmp,
.check = xfrm_replay_check_bmp,
.recheck = xfrm_replay_check_bmp,
- .notify = xfrm_replay_notify_bmp,
.overflow = xfrm_replay_overflow_bmp,
};
@@ -720,7 +729,6 @@ static const struct xfrm_replay xfrm_replay_esn = {
.advance = xfrm_replay_advance_esn,
.check = xfrm_replay_check_esn,
.recheck = xfrm_replay_recheck_esn,
- .notify = xfrm_replay_notify_esn,
.overflow = xfrm_replay_overflow_esn,
};
#endif
@@ -738,11 +746,14 @@ int xfrm_init_replay(struct xfrm_state *x)
if (replay_esn->replay_window == 0)
return -EINVAL;
x->repl = &xfrm_replay_esn;
+ x->repl_mode = XFRM_REPLAY_MODE_ESN;
} else {
x->repl = &xfrm_replay_bmp;
+ x->repl_mode = XFRM_REPLAY_MODE_BMP;
}
} else {
x->repl = &xfrm_replay_legacy;
+ x->repl_mode = XFRM_REPLAY_MODE_LEGACY;
}
return 0;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 8be2d926acc2..c51bbcc263c7 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2110,7 +2110,7 @@ static void xfrm_replay_timer_handler(struct timer_list *t)
if (x->km.state == XFRM_STATE_VALID) {
if (xfrm_aevent_is_on(xs_net(x)))
- x->repl->notify(x, XFRM_REPLAY_TIMEOUT);
+ xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
else
x->xflags |= XFRM_TIME_DEFER;
}
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH ipsec-next 2/6] xfrm: replay: get rid of duplicated notification code
2020-06-23 19:48 [PATCH ipsec-next 0/6] xfrm: remove xfrm replay indirections Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 1/6] xfrm: replay: avoid xfrm replay notify indirection Florian Westphal
@ 2020-06-23 19:48 ` Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 3/6] xfrm: replay: remove advance indirection Florian Westphal
` (3 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Florian Westphal @ 2020-06-23 19:48 UTC (permalink / raw)
To: Steffen Klassert; +Cc: netdev, Florian Westphal
After previous patch, we can consolidate some code:
xfrm_replay_notify, xfrm_replay_notify_bmp and _esn all contain the
same code at the end.
Remove it from xfrm_replay_notify_bmp/esn and reuse the one
in xfrm_replay_notify.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
net/xfrm/xfrm_replay.c | 22 ++++------------------
1 file changed, 4 insertions(+), 18 deletions(-)
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index e42a7afb8ee5..fac2f3af4c1a 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -56,10 +56,10 @@ void xfrm_replay_notify(struct xfrm_state *x, int event)
break;
case XFRM_REPLAY_MODE_BMP:
xfrm_replay_notify_bmp(x, event);
- return;
+ goto notify;
case XFRM_REPLAY_MODE_ESN:
xfrm_replay_notify_esn(x, event);
- return;
+ goto notify;
}
switch (event) {
@@ -86,6 +86,8 @@ void xfrm_replay_notify(struct xfrm_state *x, int event)
}
memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
+
+notify:
c.event = XFRM_MSG_NEWAE;
c.data.aevent = event;
km_state_notify(x, &c);
@@ -290,7 +292,6 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq)
static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event)
{
- struct km_event c;
struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
struct xfrm_replay_state_esn *preplay_esn = x->preplay_esn;
@@ -330,19 +331,11 @@ static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event)
memcpy(x->preplay_esn, x->replay_esn,
xfrm_replay_state_esn_len(replay_esn));
- c.event = XFRM_MSG_NEWAE;
- c.data.aevent = event;
- km_state_notify(x, &c);
-
- if (x->replay_maxage &&
- !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
- x->xflags &= ~XFRM_TIME_DEFER;
}
static void xfrm_replay_notify_esn(struct xfrm_state *x, int event)
{
u32 seq_diff, oseq_diff;
- struct km_event c;
struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
struct xfrm_replay_state_esn *preplay_esn = x->preplay_esn;
@@ -396,13 +389,6 @@ static void xfrm_replay_notify_esn(struct xfrm_state *x, int event)
memcpy(x->preplay_esn, x->replay_esn,
xfrm_replay_state_esn_len(replay_esn));
- c.event = XFRM_MSG_NEWAE;
- c.data.aevent = event;
- km_state_notify(x, &c);
-
- if (x->replay_maxage &&
- !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
- x->xflags &= ~XFRM_TIME_DEFER;
}
static int xfrm_replay_overflow_esn(struct xfrm_state *x, struct sk_buff *skb)
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH ipsec-next 3/6] xfrm: replay: remove advance indirection
2020-06-23 19:48 [PATCH ipsec-next 0/6] xfrm: remove xfrm replay indirections Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 1/6] xfrm: replay: avoid xfrm replay notify indirection Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 2/6] xfrm: replay: get rid of duplicated notification code Florian Westphal
@ 2020-06-23 19:48 ` Florian Westphal
2020-06-23 23:51 ` kernel test robot
2020-06-24 1:35 ` kernel test robot
2020-06-23 19:48 ` [PATCH ipsec-next 4/6] xfrm: replay: remove recheck indirection Florian Westphal
` (2 subsequent siblings)
5 siblings, 2 replies; 9+ messages in thread
From: Florian Westphal @ 2020-06-23 19:48 UTC (permalink / raw)
To: Steffen Klassert; +Cc: netdev, Florian Westphal
Similar to other patches: add a new helper to avoid
an indirection.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/xfrm.h | 2 +-
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_replay.c | 24 ++++++++++++++----------
3 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index ed105257c5a8..78bbfd370e34 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -304,7 +304,6 @@ struct km_event {
};
struct xfrm_replay {
- void (*advance)(struct xfrm_state *x, __be32 net_seq);
int (*check)(struct xfrm_state *x,
struct sk_buff *skb,
__be32 net_seq);
@@ -1719,6 +1718,7 @@ static inline int xfrm_policy_id2dir(u32 index)
}
#ifdef CONFIG_XFRM
+void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq);
void xfrm_replay_notify(struct xfrm_state *x, int event);
static inline int xfrm_aevent_is_on(struct net *net)
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index bd984ff17c2d..b4b559b35cf1 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -663,7 +663,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
goto drop_unlock;
}
- x->repl->advance(x, seq);
+ xfrm_replay_advance(x, seq);
x->curlft.bytes += skb->len;
x->curlft.packets++;
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index fac2f3af4c1a..8a99316d8d7d 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -151,11 +151,23 @@ static int xfrm_replay_check(struct xfrm_state *x,
return -EINVAL;
}
-static void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
+static void xfrm_replay_advance_bmp(struct xfrm_state *x, u32 seq);
+static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq);
+
+void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
{
u32 diff;
u32 seq = ntohl(net_seq);
+ switch (x->repl_mode) {
+ case XFRM_REPLAY_MODE_LEGACY:
+ break;
+ case XFRM_REPLAY_MODE_BMP:
+ return xfrm_replay_advance_bmp(x, seq);
+ case XFRM_REPLAY_MODE_ESN:
+ return xfrm_replay_advance_esn(x, net_seq);
+ }
+
if (!x->props.replay_window)
return;
@@ -242,12 +254,11 @@ static int xfrm_replay_check_bmp(struct xfrm_state *x,
return -EINVAL;
}
-static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq)
+static void xfrm_replay_advance_bmp(struct xfrm_state *x, u32 seq)
{
unsigned int bitnr, nr, i;
u32 diff;
struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
- u32 seq = ntohl(net_seq);
u32 pos;
if (!replay_esn->replay_window)
@@ -501,7 +512,6 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
if (!replay_esn->replay_window)
return;
- seq = ntohl(net_seq);
pos = (replay_esn->seq - 1) % replay_esn->replay_window;
seq_hi = xfrm_replay_seqhi(x, net_seq);
wrap = seq_hi - replay_esn->seq_hi;
@@ -677,42 +687,36 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
}
static const struct xfrm_replay xfrm_replay_legacy = {
- .advance = xfrm_replay_advance,
.check = xfrm_replay_check,
.recheck = xfrm_replay_check,
.overflow = xfrm_replay_overflow_offload,
};
static const struct xfrm_replay xfrm_replay_bmp = {
- .advance = xfrm_replay_advance_bmp,
.check = xfrm_replay_check_bmp,
.recheck = xfrm_replay_check_bmp,
.overflow = xfrm_replay_overflow_offload_bmp,
};
static const struct xfrm_replay xfrm_replay_esn = {
- .advance = xfrm_replay_advance_esn,
.check = xfrm_replay_check_esn,
.recheck = xfrm_replay_recheck_esn,
.overflow = xfrm_replay_overflow_offload_esn,
};
#else
static const struct xfrm_replay xfrm_replay_legacy = {
- .advance = xfrm_replay_advance,
.check = xfrm_replay_check,
.recheck = xfrm_replay_check,
.overflow = xfrm_replay_overflow,
};
static const struct xfrm_replay xfrm_replay_bmp = {
- .advance = xfrm_replay_advance_bmp,
.check = xfrm_replay_check_bmp,
.recheck = xfrm_replay_check_bmp,
.overflow = xfrm_replay_overflow_bmp,
};
static const struct xfrm_replay xfrm_replay_esn = {
- .advance = xfrm_replay_advance_esn,
.check = xfrm_replay_check_esn,
.recheck = xfrm_replay_recheck_esn,
.overflow = xfrm_replay_overflow_esn,
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH ipsec-next 4/6] xfrm: replay: remove recheck indirection
2020-06-23 19:48 [PATCH ipsec-next 0/6] xfrm: remove xfrm replay indirections Florian Westphal
` (2 preceding siblings ...)
2020-06-23 19:48 ` [PATCH ipsec-next 3/6] xfrm: replay: remove advance indirection Florian Westphal
@ 2020-06-23 19:48 ` Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 5/6] xfrm: replay: avoid replay indirection Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 6/6] xfrm: replay: remove last " Florian Westphal
5 siblings, 0 replies; 9+ messages in thread
From: Florian Westphal @ 2020-06-23 19:48 UTC (permalink / raw)
To: Steffen Klassert; +Cc: netdev, Florian Westphal
Adds new xfrm_replay_recheck() helper and calls it from
xfrm input path instead of the indirection.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/xfrm.h | 4 +---
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_replay.c | 22 ++++++++++++++++------
3 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 78bbfd370e34..7c0b69e00128 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -307,9 +307,6 @@ struct xfrm_replay {
int (*check)(struct xfrm_state *x,
struct sk_buff *skb,
__be32 net_seq);
- int (*recheck)(struct xfrm_state *x,
- struct sk_buff *skb,
- __be32 net_seq);
int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
};
@@ -1720,6 +1717,7 @@ static inline int xfrm_policy_id2dir(u32 index)
#ifdef CONFIG_XFRM
void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq);
void xfrm_replay_notify(struct xfrm_state *x, int event);
+int xfrm_replay_recheck(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq);
static inline int xfrm_aevent_is_on(struct net *net)
{
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index b4b559b35cf1..005d8e9c5df4 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -658,7 +658,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
/* only the first xfrm gets the encap type */
encap_type = 0;
- if (async && x->repl->recheck(x, skb, seq)) {
+ if (async && xfrm_replay_recheck(x, skb, seq)) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
goto drop_unlock;
}
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 8a99316d8d7d..8917b2ede3cd 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -502,6 +502,22 @@ static int xfrm_replay_recheck_esn(struct xfrm_state *x,
return xfrm_replay_check_esn(x, skb, net_seq);
}
+int xfrm_replay_recheck(struct xfrm_state *x,
+ struct sk_buff *skb, __be32 net_seq)
+{
+ switch (x->repl_mode) {
+ case XFRM_REPLAY_MODE_LEGACY:
+ break;
+ case XFRM_REPLAY_MODE_BMP:
+ /* no special recheck treatment */
+ return xfrm_replay_check_bmp(x, skb, net_seq);
+ case XFRM_REPLAY_MODE_ESN:
+ return xfrm_replay_recheck_esn(x, skb, net_seq);
+ }
+
+ return xfrm_replay_check(x, skb, net_seq);
+}
+
static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
{
unsigned int bitnr, nr, i;
@@ -688,37 +704,31 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
static const struct xfrm_replay xfrm_replay_legacy = {
.check = xfrm_replay_check,
- .recheck = xfrm_replay_check,
.overflow = xfrm_replay_overflow_offload,
};
static const struct xfrm_replay xfrm_replay_bmp = {
.check = xfrm_replay_check_bmp,
- .recheck = xfrm_replay_check_bmp,
.overflow = xfrm_replay_overflow_offload_bmp,
};
static const struct xfrm_replay xfrm_replay_esn = {
.check = xfrm_replay_check_esn,
- .recheck = xfrm_replay_recheck_esn,
.overflow = xfrm_replay_overflow_offload_esn,
};
#else
static const struct xfrm_replay xfrm_replay_legacy = {
.check = xfrm_replay_check,
- .recheck = xfrm_replay_check,
.overflow = xfrm_replay_overflow,
};
static const struct xfrm_replay xfrm_replay_bmp = {
.check = xfrm_replay_check_bmp,
- .recheck = xfrm_replay_check_bmp,
.overflow = xfrm_replay_overflow_bmp,
};
static const struct xfrm_replay xfrm_replay_esn = {
.check = xfrm_replay_check_esn,
- .recheck = xfrm_replay_recheck_esn,
.overflow = xfrm_replay_overflow_esn,
};
#endif
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH ipsec-next 5/6] xfrm: replay: avoid replay indirection
2020-06-23 19:48 [PATCH ipsec-next 0/6] xfrm: remove xfrm replay indirections Florian Westphal
` (3 preceding siblings ...)
2020-06-23 19:48 ` [PATCH ipsec-next 4/6] xfrm: replay: remove recheck indirection Florian Westphal
@ 2020-06-23 19:48 ` Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 6/6] xfrm: replay: remove last " Florian Westphal
5 siblings, 0 replies; 9+ messages in thread
From: Florian Westphal @ 2020-06-23 19:48 UTC (permalink / raw)
To: Steffen Klassert; +Cc: netdev, Florian Westphal
Add and use xfrm_replay_check helper instead of indirection.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/xfrm.h | 4 +---
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_replay.c | 27 ++++++++++++++++++---------
3 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 7c0b69e00128..008b564cb126 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -304,9 +304,6 @@ struct km_event {
};
struct xfrm_replay {
- int (*check)(struct xfrm_state *x,
- struct sk_buff *skb,
- __be32 net_seq);
int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
};
@@ -1716,6 +1713,7 @@ static inline int xfrm_policy_id2dir(u32 index)
#ifdef CONFIG_XFRM
void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq);
+int xfrm_replay_check(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq);
void xfrm_replay_notify(struct xfrm_state *x, int event);
int xfrm_replay_recheck(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq);
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 005d8e9c5df4..694adc6e9286 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -610,7 +610,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
goto drop_unlock;
}
- if (x->repl->check(x, skb, seq)) {
+ if (xfrm_replay_check(x, skb, seq)) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
goto drop_unlock;
}
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 8917b2ede3cd..3cbe478d86e7 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -119,8 +119,8 @@ static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
return err;
}
-static int xfrm_replay_check(struct xfrm_state *x,
- struct sk_buff *skb, __be32 net_seq)
+static int xfrm_replay_check_legacy(struct xfrm_state *x,
+ struct sk_buff *skb, __be32 net_seq)
{
u32 diff;
u32 seq = ntohl(net_seq);
@@ -490,6 +490,21 @@ static int xfrm_replay_check_esn(struct xfrm_state *x,
return -EINVAL;
}
+int xfrm_replay_check(struct xfrm_state *x,
+ struct sk_buff *skb, __be32 net_seq)
+{
+ switch (x->repl_mode) {
+ case XFRM_REPLAY_MODE_LEGACY:
+ break;
+ case XFRM_REPLAY_MODE_BMP:
+ return xfrm_replay_check_bmp(x, skb, net_seq);
+ case XFRM_REPLAY_MODE_ESN:
+ return xfrm_replay_check_esn(x, skb, net_seq);
+ }
+
+ return xfrm_replay_check_legacy(x, skb, net_seq);
+}
+
static int xfrm_replay_recheck_esn(struct xfrm_state *x,
struct sk_buff *skb, __be32 net_seq)
{
@@ -515,7 +530,7 @@ int xfrm_replay_recheck(struct xfrm_state *x,
return xfrm_replay_recheck_esn(x, skb, net_seq);
}
- return xfrm_replay_check(x, skb, net_seq);
+ return xfrm_replay_check_legacy(x, skb, net_seq);
}
static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
@@ -703,32 +718,26 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
}
static const struct xfrm_replay xfrm_replay_legacy = {
- .check = xfrm_replay_check,
.overflow = xfrm_replay_overflow_offload,
};
static const struct xfrm_replay xfrm_replay_bmp = {
- .check = xfrm_replay_check_bmp,
.overflow = xfrm_replay_overflow_offload_bmp,
};
static const struct xfrm_replay xfrm_replay_esn = {
- .check = xfrm_replay_check_esn,
.overflow = xfrm_replay_overflow_offload_esn,
};
#else
static const struct xfrm_replay xfrm_replay_legacy = {
- .check = xfrm_replay_check,
.overflow = xfrm_replay_overflow,
};
static const struct xfrm_replay xfrm_replay_bmp = {
- .check = xfrm_replay_check_bmp,
.overflow = xfrm_replay_overflow_bmp,
};
static const struct xfrm_replay xfrm_replay_esn = {
- .check = xfrm_replay_check_esn,
.overflow = xfrm_replay_overflow_esn,
};
#endif
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH ipsec-next 6/6] xfrm: replay: remove last replay indirection
2020-06-23 19:48 [PATCH ipsec-next 0/6] xfrm: remove xfrm replay indirections Florian Westphal
` (4 preceding siblings ...)
2020-06-23 19:48 ` [PATCH ipsec-next 5/6] xfrm: replay: avoid replay indirection Florian Westphal
@ 2020-06-23 19:48 ` Florian Westphal
5 siblings, 0 replies; 9+ messages in thread
From: Florian Westphal @ 2020-06-23 19:48 UTC (permalink / raw)
To: Steffen Klassert; +Cc: netdev, Florian Westphal
This replaces the overflow indirection with the new xfrm_replay_overflow
helper. After this, the 'repl' pointer in xfrm_state is no longer
needed and can be removed as well.
xfrm_replay_overflow() is added in two incarnations, one is used
when the kernel is configured with xfrm offload enabled, the other
when its disabled.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/xfrm.h | 8 +------
net/xfrm/xfrm_output.c | 2 +-
net/xfrm/xfrm_replay.c | 51 +++++++++++++++++++++---------------------
3 files changed, 28 insertions(+), 33 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 008b564cb126..c0f3e8a3fdd0 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -219,9 +219,6 @@ struct xfrm_state {
struct xfrm_replay_state preplay;
struct xfrm_replay_state_esn *preplay_esn;
- /* The functions for replay detection. */
- const struct xfrm_replay *repl;
-
/* replay detection mode */
enum xfrm_replay_mode repl_mode;
/* internal flag that only holds state for delayed aevent at the
@@ -303,10 +300,6 @@ struct km_event {
struct net *net;
};
-struct xfrm_replay {
- int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
-};
-
struct xfrm_if_cb {
struct xfrm_if *(*decode_session)(struct sk_buff *skb,
unsigned short family);
@@ -1715,6 +1708,7 @@ static inline int xfrm_policy_id2dir(u32 index)
void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq);
int xfrm_replay_check(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq);
void xfrm_replay_notify(struct xfrm_state *x, int event);
+int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb);
int xfrm_replay_recheck(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq);
static inline int xfrm_aevent_is_on(struct net *net)
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index e4c23f69f69f..8893a37690ad 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -448,7 +448,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
goto error;
}
- err = x->repl->overflow(x, skb);
+ err = xfrm_replay_overflow(x, skb);
if (err) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATESEQERROR);
goto error;
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 3cbe478d86e7..2715fda44697 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -97,7 +97,7 @@ void xfrm_replay_notify(struct xfrm_state *x, int event)
x->xflags &= ~XFRM_TIME_DEFER;
}
-static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
+static int __xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
{
int err = 0;
struct net *net = xs_net(x);
@@ -599,7 +599,7 @@ static int xfrm_replay_overflow_offload(struct xfrm_state *x, struct sk_buff *sk
__u32 oseq = x->replay.oseq;
if (!xo)
- return xfrm_replay_overflow(x, skb);
+ return __xfrm_replay_overflow(x, skb);
if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
if (!skb_is_gso(skb)) {
@@ -717,29 +717,33 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
return err;
}
-static const struct xfrm_replay xfrm_replay_legacy = {
- .overflow = xfrm_replay_overflow_offload,
-};
-
-static const struct xfrm_replay xfrm_replay_bmp = {
- .overflow = xfrm_replay_overflow_offload_bmp,
-};
+int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
+{
+ switch (x->repl_mode) {
+ case XFRM_REPLAY_MODE_LEGACY:
+ break;
+ case XFRM_REPLAY_MODE_BMP:
+ return xfrm_replay_overflow_offload_bmp(x, skb);
+ case XFRM_REPLAY_MODE_ESN:
+ return xfrm_replay_overflow_offload_esn(x, skb);
+ }
-static const struct xfrm_replay xfrm_replay_esn = {
- .overflow = xfrm_replay_overflow_offload_esn,
-};
+ return xfrm_replay_overflow_offload(x, skb);
+}
#else
-static const struct xfrm_replay xfrm_replay_legacy = {
- .overflow = xfrm_replay_overflow,
-};
-
-static const struct xfrm_replay xfrm_replay_bmp = {
- .overflow = xfrm_replay_overflow_bmp,
-};
+int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
+{
+ switch (x->repl_mode) {
+ case XFRM_REPLAY_MODE_LEGACY:
+ break;
+ case XFRM_REPLAY_MODE_BMP:
+ return xfrm_replay_overflow_bmp(x, skb);
+ case XFRM_REPLAY_MODE_ESN:
+ return xfrm_replay_overflow_esn(x, skb);
+ }
-static const struct xfrm_replay xfrm_replay_esn = {
- .overflow = xfrm_replay_overflow_esn,
-};
+ return __xfrm_replay_overflow(x, skb);
+}
#endif
int xfrm_init_replay(struct xfrm_state *x)
@@ -754,14 +758,11 @@ int xfrm_init_replay(struct xfrm_state *x)
if (x->props.flags & XFRM_STATE_ESN) {
if (replay_esn->replay_window == 0)
return -EINVAL;
- x->repl = &xfrm_replay_esn;
x->repl_mode = XFRM_REPLAY_MODE_ESN;
} else {
- x->repl = &xfrm_replay_bmp;
x->repl_mode = XFRM_REPLAY_MODE_BMP;
}
} else {
- x->repl = &xfrm_replay_legacy;
x->repl_mode = XFRM_REPLAY_MODE_LEGACY;
}
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH ipsec-next 3/6] xfrm: replay: remove advance indirection
2020-06-23 19:48 ` [PATCH ipsec-next 3/6] xfrm: replay: remove advance indirection Florian Westphal
@ 2020-06-23 23:51 ` kernel test robot
2020-06-24 1:35 ` kernel test robot
1 sibling, 0 replies; 9+ messages in thread
From: kernel test robot @ 2020-06-23 23:51 UTC (permalink / raw)
To: Florian Westphal, Steffen Klassert; +Cc: kbuild-all, netdev, Florian Westphal
[-- Attachment #1: Type: text/plain, Size: 5866 bytes --]
Hi Florian,
I love your patch! Perhaps something to improve:
[auto build test WARNING on ipsec-next/master]
url: https://github.com/0day-ci/linux/commits/Florian-Westphal/xfrm-remove-xfrm-replay-indirections/20200624-035102
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
config: mips-malta_defconfig (attached as .config)
compiler: mipsel-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=mips
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings
All warnings (new ones prefixed by >>):
net/xfrm/xfrm_replay.c: In function 'xfrm_replay_advance':
>> net/xfrm/xfrm_replay.c:519:13: warning: 'seq' may be used uninitialized in this function [-Wmaybe-uninitialized]
519 | if ((!wrap && seq > replay_esn->seq) || wrap > 0) {
| ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
net/xfrm/xfrm_replay.c:509:17: note: 'seq' was declared here
509 | u32 diff, pos, seq, seq_hi;
| ^~~
vim +/seq +519 net/xfrm/xfrm_replay.c
3b59df46a449ec9 Steffen Klassert 2012-09-04 504
2cd084678fc1eb7 Steffen Klassert 2011-03-08 505 static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
2cd084678fc1eb7 Steffen Klassert 2011-03-08 506 {
2cd084678fc1eb7 Steffen Klassert 2011-03-08 507 unsigned int bitnr, nr, i;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 508 int wrap;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 509 u32 diff, pos, seq, seq_hi;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 510 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 511
2cd084678fc1eb7 Steffen Klassert 2011-03-08 512 if (!replay_esn->replay_window)
2cd084678fc1eb7 Steffen Klassert 2011-03-08 513 return;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 514
2cd084678fc1eb7 Steffen Klassert 2011-03-08 515 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 516 seq_hi = xfrm_replay_seqhi(x, net_seq);
2cd084678fc1eb7 Steffen Klassert 2011-03-08 517 wrap = seq_hi - replay_esn->seq_hi;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 518
2cd084678fc1eb7 Steffen Klassert 2011-03-08 @519 if ((!wrap && seq > replay_esn->seq) || wrap > 0) {
2cd084678fc1eb7 Steffen Klassert 2011-03-08 520 if (likely(!wrap))
2cd084678fc1eb7 Steffen Klassert 2011-03-08 521 diff = seq - replay_esn->seq;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 522 else
2cd084678fc1eb7 Steffen Klassert 2011-03-08 523 diff = ~replay_esn->seq + seq + 1;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 524
2cd084678fc1eb7 Steffen Klassert 2011-03-08 525 if (diff < replay_esn->replay_window) {
2cd084678fc1eb7 Steffen Klassert 2011-03-08 526 for (i = 1; i < diff; i++) {
2cd084678fc1eb7 Steffen Klassert 2011-03-08 527 bitnr = (pos + i) % replay_esn->replay_window;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 528 nr = bitnr >> 5;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 529 bitnr = bitnr & 0x1F;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 530 replay_esn->bmp[nr] &= ~(1U << bitnr);
2cd084678fc1eb7 Steffen Klassert 2011-03-08 531 }
2cd084678fc1eb7 Steffen Klassert 2011-03-08 532 } else {
e756682c8baa47d Steffen Klassert 2011-06-05 533 nr = (replay_esn->replay_window - 1) >> 5;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 534 for (i = 0; i <= nr; i++)
2cd084678fc1eb7 Steffen Klassert 2011-03-08 535 replay_esn->bmp[i] = 0;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 536 }
2cd084678fc1eb7 Steffen Klassert 2011-03-08 537
1d9743745bf5ba3 Steffen Klassert 2011-10-11 538 bitnr = (pos + diff) % replay_esn->replay_window;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 539 replay_esn->seq = seq;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 540
2cd084678fc1eb7 Steffen Klassert 2011-03-08 541 if (unlikely(wrap > 0))
2cd084678fc1eb7 Steffen Klassert 2011-03-08 542 replay_esn->seq_hi++;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 543 } else {
2cd084678fc1eb7 Steffen Klassert 2011-03-08 544 diff = replay_esn->seq - seq;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 545
1d9743745bf5ba3 Steffen Klassert 2011-10-11 546 if (pos >= diff)
2cd084678fc1eb7 Steffen Klassert 2011-03-08 547 bitnr = (pos - diff) % replay_esn->replay_window;
1d9743745bf5ba3 Steffen Klassert 2011-10-11 548 else
2cd084678fc1eb7 Steffen Klassert 2011-03-08 549 bitnr = replay_esn->replay_window - (diff - pos);
1d9743745bf5ba3 Steffen Klassert 2011-10-11 550 }
1d9743745bf5ba3 Steffen Klassert 2011-10-11 551
50bd870a9e5cca9 Yossef Efraim 2018-01-14 552 xfrm_dev_state_advance_esn(x);
50bd870a9e5cca9 Yossef Efraim 2018-01-14 553
2cd084678fc1eb7 Steffen Klassert 2011-03-08 554 nr = bitnr >> 5;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 555 bitnr = bitnr & 0x1F;
2cd084678fc1eb7 Steffen Klassert 2011-03-08 556 replay_esn->bmp[nr] |= (1U << bitnr);
2cd084678fc1eb7 Steffen Klassert 2011-03-08 557
2cd084678fc1eb7 Steffen Klassert 2011-03-08 558 if (xfrm_aevent_is_on(xs_net(x)))
f7d9410c27544ca Florian Westphal 2020-06-23 559 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
2cd084678fc1eb7 Steffen Klassert 2011-03-08 560 }
2cd084678fc1eb7 Steffen Klassert 2011-03-08 561
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 20401 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH ipsec-next 3/6] xfrm: replay: remove advance indirection
2020-06-23 19:48 ` [PATCH ipsec-next 3/6] xfrm: replay: remove advance indirection Florian Westphal
2020-06-23 23:51 ` kernel test robot
@ 2020-06-24 1:35 ` kernel test robot
1 sibling, 0 replies; 9+ messages in thread
From: kernel test robot @ 2020-06-24 1:35 UTC (permalink / raw)
To: Florian Westphal, Steffen Klassert
Cc: kbuild-all, clang-built-linux, netdev, Florian Westphal
[-- Attachment #1: Type: text/plain, Size: 5855 bytes --]
Hi Florian,
I love your patch! Perhaps something to improve:
[auto build test WARNING on ipsec-next/master]
url: https://github.com/0day-ci/linux/commits/Florian-Westphal/xfrm-remove-xfrm-replay-indirections/20200624-035102
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
config: x86_64-allyesconfig (attached as .config)
compiler: clang version 11.0.0 (https://github.com/llvm/llvm-project 1d4c87335d5236ea1f35937e1014980ba961ae34)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> net/xfrm/xfrm_replay.c:519:16: warning: variable 'seq' is uninitialized when used here [-Wuninitialized]
if ((!wrap && seq > replay_esn->seq) || wrap > 0) {
^~~
net/xfrm/xfrm_replay.c:509:20: note: initialize the variable 'seq' to silence this warning
u32 diff, pos, seq, seq_hi;
^
= 0
1 warning generated.
vim +/seq +519 net/xfrm/xfrm_replay.c
3b59df46a449ec Steffen Klassert 2012-09-04 504
2cd084678fc1eb Steffen Klassert 2011-03-08 505 static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
2cd084678fc1eb Steffen Klassert 2011-03-08 506 {
2cd084678fc1eb Steffen Klassert 2011-03-08 507 unsigned int bitnr, nr, i;
2cd084678fc1eb Steffen Klassert 2011-03-08 508 int wrap;
2cd084678fc1eb Steffen Klassert 2011-03-08 509 u32 diff, pos, seq, seq_hi;
2cd084678fc1eb Steffen Klassert 2011-03-08 510 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
2cd084678fc1eb Steffen Klassert 2011-03-08 511
2cd084678fc1eb Steffen Klassert 2011-03-08 512 if (!replay_esn->replay_window)
2cd084678fc1eb Steffen Klassert 2011-03-08 513 return;
2cd084678fc1eb Steffen Klassert 2011-03-08 514
2cd084678fc1eb Steffen Klassert 2011-03-08 515 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
2cd084678fc1eb Steffen Klassert 2011-03-08 516 seq_hi = xfrm_replay_seqhi(x, net_seq);
2cd084678fc1eb Steffen Klassert 2011-03-08 517 wrap = seq_hi - replay_esn->seq_hi;
2cd084678fc1eb Steffen Klassert 2011-03-08 518
2cd084678fc1eb Steffen Klassert 2011-03-08 @519 if ((!wrap && seq > replay_esn->seq) || wrap > 0) {
2cd084678fc1eb Steffen Klassert 2011-03-08 520 if (likely(!wrap))
2cd084678fc1eb Steffen Klassert 2011-03-08 521 diff = seq - replay_esn->seq;
2cd084678fc1eb Steffen Klassert 2011-03-08 522 else
2cd084678fc1eb Steffen Klassert 2011-03-08 523 diff = ~replay_esn->seq + seq + 1;
2cd084678fc1eb Steffen Klassert 2011-03-08 524
2cd084678fc1eb Steffen Klassert 2011-03-08 525 if (diff < replay_esn->replay_window) {
2cd084678fc1eb Steffen Klassert 2011-03-08 526 for (i = 1; i < diff; i++) {
2cd084678fc1eb Steffen Klassert 2011-03-08 527 bitnr = (pos + i) % replay_esn->replay_window;
2cd084678fc1eb Steffen Klassert 2011-03-08 528 nr = bitnr >> 5;
2cd084678fc1eb Steffen Klassert 2011-03-08 529 bitnr = bitnr & 0x1F;
2cd084678fc1eb Steffen Klassert 2011-03-08 530 replay_esn->bmp[nr] &= ~(1U << bitnr);
2cd084678fc1eb Steffen Klassert 2011-03-08 531 }
2cd084678fc1eb Steffen Klassert 2011-03-08 532 } else {
e756682c8baa47 Steffen Klassert 2011-06-05 533 nr = (replay_esn->replay_window - 1) >> 5;
2cd084678fc1eb Steffen Klassert 2011-03-08 534 for (i = 0; i <= nr; i++)
2cd084678fc1eb Steffen Klassert 2011-03-08 535 replay_esn->bmp[i] = 0;
2cd084678fc1eb Steffen Klassert 2011-03-08 536 }
2cd084678fc1eb Steffen Klassert 2011-03-08 537
1d9743745bf5ba Steffen Klassert 2011-10-11 538 bitnr = (pos + diff) % replay_esn->replay_window;
2cd084678fc1eb Steffen Klassert 2011-03-08 539 replay_esn->seq = seq;
2cd084678fc1eb Steffen Klassert 2011-03-08 540
2cd084678fc1eb Steffen Klassert 2011-03-08 541 if (unlikely(wrap > 0))
2cd084678fc1eb Steffen Klassert 2011-03-08 542 replay_esn->seq_hi++;
2cd084678fc1eb Steffen Klassert 2011-03-08 543 } else {
2cd084678fc1eb Steffen Klassert 2011-03-08 544 diff = replay_esn->seq - seq;
2cd084678fc1eb Steffen Klassert 2011-03-08 545
1d9743745bf5ba Steffen Klassert 2011-10-11 546 if (pos >= diff)
2cd084678fc1eb Steffen Klassert 2011-03-08 547 bitnr = (pos - diff) % replay_esn->replay_window;
1d9743745bf5ba Steffen Klassert 2011-10-11 548 else
2cd084678fc1eb Steffen Klassert 2011-03-08 549 bitnr = replay_esn->replay_window - (diff - pos);
1d9743745bf5ba Steffen Klassert 2011-10-11 550 }
1d9743745bf5ba Steffen Klassert 2011-10-11 551
50bd870a9e5cca Yossef Efraim 2018-01-14 552 xfrm_dev_state_advance_esn(x);
50bd870a9e5cca Yossef Efraim 2018-01-14 553
2cd084678fc1eb Steffen Klassert 2011-03-08 554 nr = bitnr >> 5;
2cd084678fc1eb Steffen Klassert 2011-03-08 555 bitnr = bitnr & 0x1F;
2cd084678fc1eb Steffen Klassert 2011-03-08 556 replay_esn->bmp[nr] |= (1U << bitnr);
2cd084678fc1eb Steffen Klassert 2011-03-08 557
2cd084678fc1eb Steffen Klassert 2011-03-08 558 if (xfrm_aevent_is_on(xs_net(x)))
f7d9410c27544c Florian Westphal 2020-06-23 559 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
2cd084678fc1eb Steffen Klassert 2011-03-08 560 }
2cd084678fc1eb Steffen Klassert 2011-03-08 561
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 73984 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-06-24 2:29 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-06-23 19:48 [PATCH ipsec-next 0/6] xfrm: remove xfrm replay indirections Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 1/6] xfrm: replay: avoid xfrm replay notify indirection Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 2/6] xfrm: replay: get rid of duplicated notification code Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 3/6] xfrm: replay: remove advance indirection Florian Westphal
2020-06-23 23:51 ` kernel test robot
2020-06-24 1:35 ` kernel test robot
2020-06-23 19:48 ` [PATCH ipsec-next 4/6] xfrm: replay: remove recheck indirection Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 5/6] xfrm: replay: avoid replay indirection Florian Westphal
2020-06-23 19:48 ` [PATCH ipsec-next 6/6] xfrm: replay: remove last " Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).