[PATCH] XFRM policy expire

[PATCH] XFRM policy expire

[Michal Ludvig]

[-- Attachment #1: Type: text/plain, Size: 804 bytes --]

Hi,

the attached patch fixes a bug in xfrm_send_policy_notify(). The space 
allocated in skb must include 'sizeof(struct xfrm_user_polexpire)', not 
'sizeof(struct xfrm_userpolicy_info)' which is shorter. On ia32 it 
worked, probably because of some space gained from aligning. 
Unfortunately on amd64 it didn't and finally led to BUG() & kernel hangup.

Please apply.

BTW The second patch attached does some obvious cleanup: replaces 
RTA_ALIGN(RTA_LENGTH(x)) with RTA_SPACE(x) and ditto for NLMSG_*() 
macros. Apply on top of the first one or drop it. It's up to you.

Michal Ludvig
-- 
SUSE Labs                    mludvig@suse.cz | Cray is the only computer
(+420) 296.545.373        http://www.suse.cz | that runs an endless loop
Personal homepage http://www.logix.cz/michal | in just four hours.

[-- Attachment #2: kernel-xfrm-polexpire.diff --]
[-- Type: text/plain, Size: 611 bytes --]

diff -rup linux-2.6.2.vanilla/net/xfrm/xfrm_user.c linux-2.6.2/net/xfrm/xfrm_user.c
--- linux-2.6.2.vanilla/net/xfrm/xfrm_user.c	2004-02-04 04:43:56.000000000 +0100
+++ linux-2.6.2/net/xfrm/xfrm_user.c	2004-02-24 09:47:42.325888560 +0100
@@ -1153,7 +1153,7 @@ static int xfrm_send_policy_notify(struc
 
 	len = sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr;
 	len = RTA_ALIGN(RTA_LENGTH(len));
-	len += NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info)));
+	len += NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_user_polexpire)));
 	skb = alloc_skb(len, GFP_ATOMIC);
 	if (skb == NULL)
 		return -ENOMEM;

[-- Attachment #3: kernel-xfrm-cleanup.diff --]
[-- Type: text/plain, Size: 1152 bytes --]

diff -rup linux-2.6.2.vanilla/net/xfrm/xfrm_user.c linux-2.6.2/net/xfrm/xfrm_user.c
--- linux-2.6.2.vanilla/net/xfrm/xfrm_user.c	2004-02-04 04:43:56.000000000 +0100
+++ linux-2.6.2/net/xfrm/xfrm_user.c	2004-02-24 10:09:37.839560352 +0100
@@ -1052,9 +1052,8 @@ static int xfrm_send_acquire(struct xfrm
 	struct sk_buff *skb;
 	size_t len;
 
-	len = RTA_LENGTH(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
-	len = RTA_ALIGN(len);
-	len += NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_user_acquire)));
+	len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
+	len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire));
 	skb = alloc_skb(len, GFP_ATOMIC);
 	if (skb == NULL)
 		return -ENOMEM;
@@ -1151,9 +1150,8 @@ static int xfrm_send_policy_notify(struc
 	struct sk_buff *skb;
 	size_t len;
 
-	len = sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr;
-	len = RTA_ALIGN(RTA_LENGTH(len));
-	len += NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_user_polexpire)));
+	len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
+	len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire));
 	skb = alloc_skb(len, GFP_ATOMIC);
 	if (skb == NULL)
 		return -ENOMEM;

Re: [PATCH] XFRM policy expire

[David S. Miller]

On Tue, 24 Feb 2004 10:09:46 +0100
Michal Ludvig <mludvig@suse.cz> wrote:

> the attached patch fixes a bug in xfrm_send_policy_notify(). The space 
> allocated in skb must include 'sizeof(struct xfrm_user_polexpire)', not 
> 'sizeof(struct xfrm_userpolicy_info)' which is shorter. On ia32 it 
> worked, probably because of some space gained from aligning. 
> Unfortunately on amd64 it didn't and finally led to BUG() & kernel hangup.

Applied, thanks Michal.

> BTW The second patch attached does some obvious cleanup: replaces 
> RTA_ALIGN(RTA_LENGTH(x)) with RTA_SPACE(x) and ditto for NLMSG_*() 
> macros. Apply on top of the first one or drop it. It's up to you.

This is fine too, also applied.

Thanks again.