[PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap_oa
@ 2023-06-05  8:11 Leon Romanovsky
  2023-06-05  8:30 ` Herbert Xu
  0 siblings, 1 reply; 7+ messages in thread
From: Leon Romanovsky @ 2023-06-05  8:11 UTC (permalink / raw)
  To: Steffen Klassert
  Cc: Leon Romanovsky, David S. Miller, Eric Dumazet, Herbert Xu,
	Jakub Kicinski, netdev, Paolo Abeni

From: Leon Romanovsky <leonro@nvidia.com>

After commit 2f4796518315 ("af_key: Fix heap information leak"), there is
no need to clear encap_oa again as it is already initialized to zero.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 net/key/af_key.c     | 1 -
 net/xfrm/xfrm_user.c | 1 -
 2 files changed, 2 deletions(-)

diff --git a/net/key/af_key.c b/net/key/af_key.c
index 31ab12fd720a..14e891ebde61 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1281,7 +1281,6 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
 				ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
 			natt->encap_dport = n_port->sadb_x_nat_t_port_port;
 		}
-		memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));
 	}
 
 	err = xfrm_init_state(x);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index c34a2a06ca94..ec713db148f3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1077,7 +1077,6 @@ static int copy_to_user_encap(struct xfrm_encap_tmpl *ep, struct sk_buff *skb)
 	uep->encap_type = ep->encap_type;
 	uep->encap_sport = ep->encap_sport;
 	uep->encap_dport = ep->encap_dport;
-	uep->encap_oa = ep->encap_oa;
 
 	return 0;
 }
-- 
2.40.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap_oa
  2023-06-05  8:11 [PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap_oa Leon Romanovsky
@ 2023-06-05  8:30 ` Herbert Xu
  2023-06-05  8:34   ` Leon Romanovsky
  0 siblings, 1 reply; 7+ messages in thread
From: Herbert Xu @ 2023-06-05  8:30 UTC (permalink / raw)
  To: Leon Romanovsky
  Cc: Steffen Klassert, Leon Romanovsky, David S. Miller, Eric Dumazet,
	Jakub Kicinski, netdev, Paolo Abeni

On Mon, Jun 05, 2023 at 11:11:51AM +0300, Leon Romanovsky wrote:
>
> diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
> index c34a2a06ca94..ec713db148f3 100644
> --- a/net/xfrm/xfrm_user.c
> +++ b/net/xfrm/xfrm_user.c
> @@ -1077,7 +1077,6 @@ static int copy_to_user_encap(struct xfrm_encap_tmpl *ep, struct sk_buff *skb)
>  	uep->encap_type = ep->encap_type;
>  	uep->encap_sport = ep->encap_sport;
>  	uep->encap_dport = ep->encap_dport;
> -	uep->encap_oa = ep->encap_oa;

Where is the justification for this?

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap_oa
  2023-06-05  8:30 ` Herbert Xu
@ 2023-06-05  8:34   ` Leon Romanovsky
  2023-06-05  8:36     ` Herbert Xu
  0 siblings, 1 reply; 7+ messages in thread
From: Leon Romanovsky @ 2023-06-05  8:34 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Steffen Klassert, David S. Miller, Eric Dumazet, Jakub Kicinski,
	netdev, Paolo Abeni

On Mon, Jun 05, 2023 at 04:30:47PM +0800, Herbert Xu wrote:
> On Mon, Jun 05, 2023 at 11:11:51AM +0300, Leon Romanovsky wrote:
> >
> > diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
> > index c34a2a06ca94..ec713db148f3 100644
> > --- a/net/xfrm/xfrm_user.c
> > +++ b/net/xfrm/xfrm_user.c
> > @@ -1077,7 +1077,6 @@ static int copy_to_user_encap(struct xfrm_encap_tmpl *ep, struct sk_buff *skb)
> >  	uep->encap_type = ep->encap_type;
> >  	uep->encap_sport = ep->encap_sport;
> >  	uep->encap_dport = ep->encap_dport;
> > -	uep->encap_oa = ep->encap_oa;
> 
> Where is the justification for this?

The line "memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));" deleted
in this patch was the last reference to encap_oa.

Thanks

> 
> Cheers,
> -- 
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap_oa
  2023-06-05  8:34   ` Leon Romanovsky
@ 2023-06-05  8:36     ` Herbert Xu
  2023-06-05  8:48       ` Leon Romanovsky
  0 siblings, 1 reply; 7+ messages in thread
From: Herbert Xu @ 2023-06-05  8:36 UTC (permalink / raw)
  To: Leon Romanovsky
  Cc: Steffen Klassert, David S. Miller, Eric Dumazet, Jakub Kicinski,
	netdev, Paolo Abeni

On Mon, Jun 05, 2023 at 11:34:56AM +0300, Leon Romanovsky wrote:
>
> The line "memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));" deleted
> in this patch was the last reference to encap_oa.

I don't see the point since you're not removing the actual encap_oa
field.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap_oa
  2023-06-05  8:36     ` Herbert Xu
@ 2023-06-05  8:48       ` Leon Romanovsky
  2023-06-05  8:50         ` Herbert Xu
  0 siblings, 1 reply; 7+ messages in thread
From: Leon Romanovsky @ 2023-06-05  8:48 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Steffen Klassert, David S. Miller, Eric Dumazet, Jakub Kicinski,
	netdev, Paolo Abeni

On Mon, Jun 05, 2023 at 04:36:31PM +0800, Herbert Xu wrote:
> On Mon, Jun 05, 2023 at 11:34:56AM +0300, Leon Romanovsky wrote:
> >
> > The line "memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));" deleted
> > in this patch was the last reference to encap_oa.
> 
> I don't see the point since you're not removing the actual encap_oa
> field.

It is impossible to remove encap_oa because it is declared as UAPI.

Unless you want to support some out-of-tree code, uep->encap_oa will
be always zero.

Thanks

> 
> Cheers,
> -- 
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap_oa
  2023-06-05  8:48       ` Leon Romanovsky
@ 2023-06-05  8:50         ` Herbert Xu
  2023-06-05 10:05           ` Leon Romanovsky
  0 siblings, 1 reply; 7+ messages in thread
From: Herbert Xu @ 2023-06-05  8:50 UTC (permalink / raw)
  To: Leon Romanovsky
  Cc: Steffen Klassert, David S. Miller, Eric Dumazet, Jakub Kicinski,
	netdev, Paolo Abeni

On Mon, Jun 05, 2023 at 11:48:29AM +0300, Leon Romanovsky wrote:
>
> It is impossible to remove encap_oa because it is declared as UAPI.
> 
> Unless you want to support some out-of-tree code, uep->encap_oa will
> be always zero.

No we should keep it.  This has been a wart on our stack as it
basically breaks down when the peer shifts addresses.  We should
start using encap_oa in some way and fix this.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap_oa
  2023-06-05  8:50         ` Herbert Xu
@ 2023-06-05 10:05           ` Leon Romanovsky
  0 siblings, 0 replies; 7+ messages in thread
From: Leon Romanovsky @ 2023-06-05 10:05 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Steffen Klassert, David S. Miller, Eric Dumazet, Jakub Kicinski,
	netdev, Paolo Abeni

On Mon, Jun 05, 2023 at 04:50:55PM +0800, Herbert Xu wrote:
> On Mon, Jun 05, 2023 at 11:48:29AM +0300, Leon Romanovsky wrote:
> >
> > It is impossible to remove encap_oa because it is declared as UAPI.
> > 
> > Unless you want to support some out-of-tree code, uep->encap_oa will
> > be always zero.
> 
> No we should keep it.  This has been a wart on our stack as it
> basically breaks down when the peer shifts addresses.  We should
> start using encap_oa in some way and fix this.

ok, I'll drop the disputed line from commit and resubmit.

Thanks

> 
> Cheers,
> -- 
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2023-06-05 10:05 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-05  8:11 [PATCH ipsec-next] xfrm: delete not-needed clear to zero of encap_oa Leon Romanovsky
2023-06-05  8:30 ` Herbert Xu
2023-06-05  8:34   ` Leon Romanovsky
2023-06-05  8:36     ` Herbert Xu
2023-06-05  8:48       ` Leon Romanovsky
2023-06-05  8:50         ` Herbert Xu
2023-06-05 10:05           ` Leon Romanovsky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).