From: Antony Antony <antony@phenome.org>
To: Simon Horman <horms@kernel.org>
Cc: Antony Antony <antony.antony@secunet.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
devel@linux-ipsec.org
Subject: Re: [devel-ipsec] Re: [PATCH ipsec-next 4/6] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration
Date: Wed, 14 Jan 2026 17:09:20 +0100 [thread overview]
Message-ID: <aWe_sIibKYzdWL9C@Antony2201.local> (raw)
In-Reply-To: <aWZdTOXTn_YBKKhv@horms.kernel.org>
Hi Simon,
On Tue, Jan 13, 2026 at 02:57:16PM +0000, Simon Horman via Devel wrote:
> On Fri, Jan 09, 2026 at 02:38:05PM +0100, Antony Antony wrote:
> > Add a new netlink method to migrate a single xfrm_state.
> > Unlike the existing migration mechanism (SA + policy), this
> > supports migrating only the SA and allows changing the reqid.
> >
> > Signed-off-by: Antony Antony <antony.antony@secunet.com>
>
> ...
>
> > diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> > index ef832ce477b6..04c893e42bc1 100644
> > --- a/net/xfrm/xfrm_state.c
> > +++ b/net/xfrm/xfrm_state.c
> > @@ -1967,7 +1967,8 @@ static inline int clone_security(struct xfrm_state *x, struct xfrm_sec_ctx *secu
> >
> > static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig,
> > struct xfrm_encap_tmpl *encap,
> > - struct xfrm_migrate *m)
> > + struct xfrm_migrate *m,
>
> Hi Antony,
>
> Not strictly related to this patch, but FWIIW, it seems that m could be
> const in this call stack. And, moreover, I think there would be some value
> in constifying parameters throughout xfrm.
thanks. It is good advise. I sprinkled a couple of const.
>
> > + struct netlink_ext_ack *extack)
> > {
> > struct net *net = xs_net(orig);
> > struct xfrm_state *x = xfrm_state_alloc(net);
> > @@ -1979,9 +1980,13 @@ static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig,
> > memcpy(&x->lft, &orig->lft, sizeof(x->lft));
> > x->props.mode = orig->props.mode;
> > x->props.replay_window = orig->props.replay_window;
> > - x->props.reqid = orig->props.reqid;
> > x->props.saddr = orig->props.saddr;
> >
> > + if (orig->props.reqid != m->new_reqid)
> > + x->props.reqid = m->new_reqid;
> > + else
> > + x->props.reqid = orig->props.reqid;
> > +
>
> Claude Code with Review Prompts [1] flags that until the next
> patch of this series m->new_reqid is used uninitialised in the following
> call stack:
>
> xfrm_do_migrate -> xfrm_migrate -> xfrm_state_migrate -> xfrm_state_clone_and_setup
>
> Also, while I could have missed something, it seems to me that it is
> also uninitialised in this call stack:
>
> pfkey_migrate -> xfrm_migrate -> xfrm_state_migrate -> xfrm_state_clone_and_setup
thanks. I fxied this by squashing the next patch to this one.
> [1] https://github.com/masoncl/review-prompts/
thanks! that looks interesting.
>
> > if (orig->aalg) {
> > x->aalg = xfrm_algo_auth_clone(orig->aalg);
> > if (!x->aalg)
> > @@ -2059,7 +2064,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig,
> > goto error;
> > }
> >
> > -
>
> nit: this hunk doesn't seem related to the rest of the patch.
fixed.
>
> > x->props.family = m->new_family;
> > memcpy(&x->id.daddr, &m->new_daddr, sizeof(x->id.daddr));
> > memcpy(&x->props.saddr, &m->new_saddr, sizeof(x->props.saddr));
>
> ...
>
> > diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
>
> ...
>
> > +static inline unsigned int xfrm_migrate_state_msgsize(bool with_encap, bool with_xuo)
>
> Please don't use the inline keyword in .c files unless there is a
> demonstrable - usually performance - reason to do so.
> Rather, please let the compiler inline (or not) code as it sees fit.
removed
>
> > +{
> > + return NLMSG_ALIGN(sizeof(struct xfrm_user_migrate_state)) +
> > + (with_encap ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0) +
> > + (with_xuo ? nla_total_size(sizeof(struct xfrm_user_offload)) : 0);
> > +}
> > +
>
> ...
>
> > +static int xfrm_send_migrate_state(const struct xfrm_user_migrate_state *um,
> > + const struct xfrm_encap_tmpl *encap,
> > + const struct xfrm_user_offload *xuo)
> > +{
> > + int err;
> > + struct sk_buff *skb;
> > + struct net *net = &init_net;
> > +
> > + skb = nlmsg_new(xfrm_migrate_state_msgsize(!!encap, !!xuo), GFP_ATOMIC);
> > + if (!skb)
> > + return -ENOMEM;
> > +
> > + err = build_migrate_state(skb, um, encap, xuo);
> > + if (err < 0) {
> > + WARN_ON(1);
> > + return err;
>
> skb seems to be leaked here.
>
> Also flagged by Review Prompts.
I don't see a skb leak. It also looks similar to the functions above.
>
> > + }
> > +
> > + return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE);
> > +}
I will send a new v2.
regards
-antony
next prev parent reply other threads:[~2026-01-14 16:15 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-09 13:29 [PATCH ipsec-next 0/6] xfrm: XFRM_MSG_MIGRATE_STATE new netlink message Antony Antony
2026-01-09 13:37 ` [PATCH ipsec-next 1/6] xfrm: remove redundent assignment Antony Antony
2026-01-13 14:59 ` Simon Horman
2026-01-09 13:37 ` [PATCH ipsec-next 2/6] xfrm: allow migration from UDP encapsulated to non-encapsulated ESP Antony Antony
2026-01-09 13:37 ` [PATCH ipsec-next 3/6] xfrm: rename reqid in xfrm_migrate Antony Antony
2026-01-09 13:38 ` [PATCH ipsec-next 4/6] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration Antony Antony
2026-01-13 14:57 ` Simon Horman
2026-01-14 16:09 ` Antony Antony [this message]
2026-01-15 13:44 ` [devel-ipsec] " Simon Horman
2026-01-16 11:02 ` Antony Antony
2026-01-16 11:26 ` Simon Horman
2026-01-09 13:38 ` [PATCH ipsec-next 5/6] xfrm: reqid is invarient in old migration Antony Antony
2026-01-09 13:38 ` [PATCH ipsec-next 6/6] xfrm: check that SA is in VALID state before use Antony Antony
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aWe_sIibKYzdWL9C@Antony2201.local \
--to=antony@phenome.org \
--cc=antony.antony@secunet.com \
--cc=davem@davemloft.net \
--cc=devel@linux-ipsec.org \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox