Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2237919,
    "url": "http://patchwork.ozlabs.org/api/patches/2237919/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/ltp/patch/20260513-fragnesia-v2-1-07a822c66cbd@suse.com/",
    "project": {
        "id": 59,
        "url": "http://patchwork.ozlabs.org/api/projects/59/?format=api",
        "name": "Linux Test Project development",
        "link_name": "ltp",
        "list_id": "ltp.lists.linux.it",
        "list_email": "ltp@lists.linux.it",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260513-fragnesia-v2-1-07a822c66cbd@suse.com>",
    "list_archive_url": null,
    "date": "2026-05-13T15:35:03",
    "name": "[v2] sockets/xfrm02: Add ESP-in-TCP page cache corruption test",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "7fd8c756b2e1512c83429c56a7564b3fa237c805",
    "submitter": {
        "id": 83220,
        "url": "http://patchwork.ozlabs.org/api/people/83220/?format=api",
        "name": "Andrea Cervesato",
        "email": "andrea.cervesato@suse.de"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/ltp/patch/20260513-fragnesia-v2-1-07a822c66cbd@suse.com/mbox/",
    "series": [
        {
            "id": 504180,
            "url": "http://patchwork.ozlabs.org/api/series/504180/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/ltp/list/?series=504180",
            "date": "2026-05-13T15:35:03",
            "name": "[v2] sockets/xfrm02: Add ESP-in-TCP page cache corruption test",
            "version": 2,
            "mbox": "http://patchwork.ozlabs.org/series/504180/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2237919/comments/",
    "check": "warning",
    "checks": "http://patchwork.ozlabs.org/api/patches/2237919/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "ltp@lists.linux.it"
        ],
        "Delivered-To": [
            "patchwork-incoming@legolas.ozlabs.org",
            "ltp@picard.linux.it"
        ],
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=lwemopZj;\n\tdkim=fail reason=\"signature verification failed\" header.d=suse.de\n header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519\n header.b=vPRLt6xn;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key)\n header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa\n header.b=kbJPoDd6;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=vPRLt6xn;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it\n (client-ip=213.254.12.146; helo=picard.linux.it;\n envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;\n receiver=patchwork.ozlabs.org)",
            "smtp-out1.suse.de;\n\tnone"
        ],
        "Received": [
            "from picard.linux.it (picard.linux.it [213.254.12.146])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gFyFt68bjz1y5L\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 14 May 2026 01:35:14 +1000 (AEST)",
            "from picard.linux.it (localhost [IPv6:::1])\n\tby picard.linux.it (Postfix) with ESMTP id A84F13E5B39\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 13 May 2026 17:35:12 +0200 (CEST)",
            "from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [217.194.8.5])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature ECDSA (secp384r1))\n (No client certificate requested)\n by picard.linux.it (Postfix) with ESMTPS id 0C1163CFC0E\n for <ltp@lists.linux.it>; Wed, 13 May 2026 17:35:06 +0200 (CEST)",
            "from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by in-5.smtp.seeweb.it (Postfix) with ESMTPS id C5E486002C8\n for <ltp@lists.linux.it>; Wed, 13 May 2026 17:35:05 +0200 (CEST)",
            "from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-out1.suse.de (Postfix) with ESMTPS id F30515D5AB;\n Wed, 13 May 2026 15:35:04 +0000 (UTC)",
            "from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n (No client certificate requested)\n by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id CFF38593A9;\n Wed, 13 May 2026 15:35:04 +0000 (UTC)",
            "from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n by imap1.dmz-prg2.suse.org with ESMTPSA id w5BxMCiaBGq3XgAAD6G6ig\n (envelope-from <andrea.cervesato@suse.de>); Wed, 13 May 2026 15:35:04 +0000"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1778686505;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=IjavFgUjnOuQd4XP0jvVr0kHeBtouePJgNcX8AsSA68=;\n b=lwemopZjLOn7s5lnF1zWl96qz+DeFwwM236uD52F2MvVhuswlvf35+QTqKQcSprO2delGo\n 9TSWiXvk9Qb2JUJ5hp2Xp2AsITgBWIqdquoYPc3Pqi8+6NJF+HOEi+4q08HBEZrWD39OHD\n w+KIZT1rL/nl+H+zHDwCUglrLH6WE4w=",
            "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1778686505;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=IjavFgUjnOuQd4XP0jvVr0kHeBtouePJgNcX8AsSA68=;\n b=vPRLt6xnRJZY/Q1fupSF3D89noOlzpZP1399W9V5yMRI/Lq8uiocluesL35uV7HI1u0z+C\n IO0NwdvyWBbrEVDw==",
            "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1778686504;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=IjavFgUjnOuQd4XP0jvVr0kHeBtouePJgNcX8AsSA68=;\n b=kbJPoDd6WhRmSfrDVhfOAHiw1EE0QqhSiyH5S7bI/in7EkXAURPcEZahaD5JSRtoelRD+1\n HBhw6cKwFAXr0fA2/sTyIgHDKw2J9LPDDDEeE+AA7gV4sEB4jWD+LMANLOJOHHfmFb01vZ\n XSTPubTGnwBJ1Y8MVfikB7BryiCegow=",
            "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1778686505;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=IjavFgUjnOuQd4XP0jvVr0kHeBtouePJgNcX8AsSA68=;\n b=vPRLt6xnRJZY/Q1fupSF3D89noOlzpZP1399W9V5yMRI/Lq8uiocluesL35uV7HI1u0z+C\n IO0NwdvyWBbrEVDw=="
        ],
        "From": "Andrea Cervesato <andrea.cervesato@suse.de>",
        "Date": "Wed, 13 May 2026 17:35:03 +0200",
        "MIME-Version": "1.0",
        "Message-Id": "<20260513-fragnesia-v2-1-07a822c66cbd@suse.com>",
        "X-B4-Tracking": "v=1; b=H4sIACeaBGoC/23MQQ7CIBCF4as0sxYDNBjqynuYLoAO7SykhqlE0\n 3B3sWuX/8vLtwNjJmS4djtkLMS0phb61EFYXJpR0NQatNQXaVQvYnZzQiYnBmPtZI3xGCK0/zN\n jpPdh3cfWC/G25s9BF/Vb/ylFCSWsDMb3Xg5Smhu/GM9hfcBYa/0Cz6UwK6EAAAA=",
        "X-Change-ID": "20260513-fragnesia-9588d855becf",
        "To": "Linux Test Project <ltp@lists.linux.it>",
        "X-Mailer": "b4 0.14.2",
        "X-Developer-Signature": "v=1; a=ed25519-sha256; t=1778686504; l=8402;\n i=andrea.cervesato@suse.com; s=20251210; h=from:subject:message-id;\n bh=LYUasJliNPNxfsmyx7nnftCePhBDAAFakS9CDRLR/1I=;\n b=VmLT18VwhxI+f5yMCr1oE5BpiuuaoEWsTRA3jYlYOg1N3ofj0FT+IMnU30lB+eBH5+krpTRHp\n glYpvtMXSTRCvyx18+z5VXRpDiRsdLB7y6ZtmvrnOhvoSp1rmz2Iksi",
        "X-Developer-Key": "i=andrea.cervesato@suse.com; a=ed25519;\n pk=zKY+6GCauOiuHNZ//d8PQ/UL4jFCTKbXrzXAOQSLevI=",
        "X-Spam-Score": "-4.30",
        "X-Spamd-Result": "default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%];\n NEURAL_HAM_LONG(-1.00)[-1.000];\n NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain];\n FUZZY_RATELIMITED(0.00)[rspamd.com];\n RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[];\n RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];\n DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n TO_DN_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+];\n FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];\n RCVD_COUNT_TWO(0.00)[2];\n DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:email, suse.com:mid,\n imap1.dmz-prg2.suse.org:helo]",
        "X-Spam-Level": "",
        "X-Spam-Status": "No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID,\n DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no\n autolearn=disabled version=4.0.1",
        "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on in-5.smtp.seeweb.it",
        "X-Virus-Scanned": "clamav-milter 1.0.9 at in-5.smtp.seeweb.it",
        "X-Virus-Status": "Clean",
        "Subject": "[LTP] [PATCH v2] sockets/xfrm02: Add ESP-in-TCP page cache\n corruption test",
        "X-BeenThere": "ltp@lists.linux.it",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "Linux Test Project <ltp.lists.linux.it>",
        "List-Unsubscribe": "<https://lists.linux.it/options/ltp>,\n <mailto:ltp-request@lists.linux.it?subject=unsubscribe>",
        "List-Archive": "<http://lists.linux.it/pipermail/ltp/>",
        "List-Post": "<mailto:ltp@lists.linux.it>",
        "List-Help": "<mailto:ltp-request@lists.linux.it?subject=help>",
        "List-Subscribe": "<https://lists.linux.it/listinfo/ltp>,\n <mailto:ltp-request@lists.linux.it?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it",
        "Sender": "\"ltp\" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>"
    },
    "content": "From: Andrea Cervesato <andrea.cervesato@suse.com>\n\nVerify that ESP-in-TCP (espintcp) does not corrupt the page cache when\nfile data is spliced into a TCP socket. When MSG_SPLICE_PAGES references\npage cache pages directly in the skb and the receiving socket has\nespintcp ULP enabled, the kernel's ESP handler may decrypt the payload\nin-place on those pages, corrupting the cached file contents.\n\nThe test sets up an ESP-in-TCP xfrm state on IPv6 loopback, writes\nknown data to a file, creates a TCP connection where the receiver\nenables espintcp ULP, splices the file data into the TCP socket as\npart of a crafted ESP-in-TCP frame, and then verifies whether the\npage cache was corrupted.\n\nReproducer based on:\nhttps://github.com/v12-security/pocs/tree/main/fragnesia\n\nSigned-off-by: Andrea Cervesato <andrea.cervesato@suse.com>\n---\nChanges in v2:\n- use tst_cmd()\n- evict pages before sending prefix\n- remove checkpoints\n- add usleep() to trigger the bug\n- use tst_reap_children()\n- Link to v1: https://lore.kernel.org/r/20260513-fragnesia-v1-1-80c5b3b09005@suse.com\n---\n runtest/cve                          |   1 +\n testcases/network/sockets/.gitignore |   1 +\n testcases/network/sockets/xfrm02.c   | 227 +++++++++++++++++++++++++++++++++++\n 3 files changed, 229 insertions(+)\n\n\n---\nbase-commit: e1fc50957c98ae4c27064756e063de0e7136cde3\nchange-id: 20260513-fragnesia-9588d855becf\n\nBest regards,",
    "diff": "diff --git a/runtest/cve b/runtest/cve\nindex 530f8751ed3a8e8aa7e9110d89d577df3e8cc6ce..5fe83ec2d1803a5c0f6b4eba05fcf00cc80c8809 100644\n--- a/runtest/cve\n+++ b/runtest/cve\n@@ -95,3 +95,4 @@ cve-2025-38236 cve-2025-38236\n cve-2025-21756 cve-2025-21756\n cve-2026-31431 af_alg08\n cve-2026-43284 xfrm01\n+cve-2026-fragnesia xfrm02\ndiff --git a/testcases/network/sockets/.gitignore b/testcases/network/sockets/.gitignore\nindex 6f3c0ad84c000f0214f371c6a601afb592b15faa..35bc0462b676b041d9a5b52a37fded973d0157a9 100644\n--- a/testcases/network/sockets/.gitignore\n+++ b/testcases/network/sockets/.gitignore\n@@ -1 +1,2 @@\n /xfrm01\n+/xfrm02\ndiff --git a/testcases/network/sockets/xfrm02.c b/testcases/network/sockets/xfrm02.c\nnew file mode 100644\nindex 0000000000000000000000000000000000000000..d7fe70e3d242227c374b5c9b876c8efeeb0e1f5d\n--- /dev/null\n+++ b/testcases/network/sockets/xfrm02.c\n@@ -0,0 +1,227 @@\n+// SPDX-License-Identifier: GPL-2.0-or-later\n+/*\n+ * Copyright (C) 2026 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>\n+ */\n+\n+/*\\\n+ * Verify that ESP-in-TCP (espintcp) does not corrupt the page cache\n+ * when file data is spliced into a TCP socket.\n+ *\n+ * When file data is spliced into a TCP socket, the kernel uses\n+ * MSG_SPLICE_PAGES to reference page cache pages directly in the skb.\n+ * If the receiving socket has TCP_ULP \"espintcp\" enabled and a matching\n+ * xfrm SA exists, the kernel's ESP handler decrypts the payload\n+ * in-place on those page cache pages, corrupting the cached file\n+ * contents.\n+ *\n+ * The test sets up an ESP-in-TCP xfrm state on IPv6 loopback, writes\n+ * known data to a file, creates a TCP connection where the receiver\n+ * enables espintcp ULP, splices the file data into the TCP socket as\n+ * part of a crafted ESP-in-TCP frame, and then verifies whether the\n+ * page cache was corrupted.\n+ *\n+ * Reproducer based on:\n+ * https://github.com/v12-security/pocs/tree/main/fragnesia\n+ */\n+\n+#define _GNU_SOURCE\n+\n+#include \"tst_test.h\"\n+#include \"tst_net.h\"\n+#include \"tst_netdevice.h\"\n+#include \"lapi/tcp.h\"\n+#include \"lapi/splice.h\"\n+\n+#define TESTFILE \"pagecache_test\"\n+#define DATA_SIZE 4096\n+\n+#define SPI 0x100\n+#define TCP_PORT 5556\n+#define IV_LEN 8\n+#define ESP_HDR_SIZE 16\n+#define AES_KEYLEN 16\n+#define SALT_LEN 4\n+#define KEYTOTAL (AES_KEYLEN + SALT_LEN)\n+\n+/* ESP-in-TCP frame prefix: 2-byte length + ESP header */\n+#define PREFIX_SIZE (2 + ESP_HDR_SIZE)\n+\n+static const uint8_t aead_key[KEYTOTAL] = {\n+\t0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,\n+\t0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,\n+\t0x01, 0x02, 0x03, 0x04\n+};\n+\n+static uint8_t original[DATA_SIZE];\n+static int file_fd = -1;\n+static int srv_fd = -1;\n+\n+static void setup(void)\n+{\n+\tchar keyhex[KEYTOTAL * 2 + 3];\n+\tchar spihex[16];\n+\tchar port_str[8];\n+\tint i, ret;\n+\n+\ttst_setup_netns();\n+\tNETDEV_SET_STATE(\"lo\", 1);\n+\n+\tkeyhex[0] = '0';\n+\tkeyhex[1] = 'x';\n+\tfor (i = 0; i < KEYTOTAL; i++)\n+\t\tsprintf(keyhex + 2 + i * 2, \"%02x\", aead_key[i]);\n+\n+\tsnprintf(spihex, sizeof(spihex), \"0x%08x\", SPI);\n+\tsnprintf(port_str, sizeof(port_str), \"%d\", TCP_PORT);\n+\n+\tconst char *const xfrm_cmd[] = {\n+\t\t\"ip\", \"xfrm\", \"state\", \"add\",\n+\t\t\"src\", \"::1\", \"dst\", \"::1\",\n+\t\t\"proto\", \"esp\", \"spi\", spihex,\n+\t\t\"encap\", \"espintcp\", port_str, port_str, \"::\",\n+\t\t\"aead\", \"rfc4106(gcm(aes))\", keyhex, \"128\",\n+\t\t\"mode\", \"transport\",\n+\t\tNULL\n+\t};\n+\n+\tret = tst_cmd(xfrm_cmd, NULL, NULL, TST_CMD_PASS_RETVAL);\n+\tif (ret)\n+\t\ttst_brk(TBROK, \"Failed to install xfrm ESP-in-TCP state\");\n+\n+\tfor (i = 0; i < DATA_SIZE; i++)\n+\t\toriginal[i] = (uint8_t)(i & 0xff);\n+}\n+\n+static void try_corrupt(void)\n+{\n+\tstruct sockaddr_in6 addr = {\n+\t\t.sin6_family = AF_INET6,\n+\t\t.sin6_addr = IN6ADDR_LOOPBACK_INIT,\n+\t\t.sin6_port = htons(TCP_PORT),\n+\t};\n+\tuint8_t prefix[PREFIX_SIZE];\n+\tuint16_t frame_len;\n+\tuint32_t spi_net, seq_net;\n+\tchar ulp[] = \"espintcp\";\n+\tint acc_fd;\n+\tloff_t off;\n+\n+\tframe_len = htons(PREFIX_SIZE + DATA_SIZE);\n+\tmemcpy(prefix, &frame_len, 2);\n+\n+\tspi_net = htonl(SPI);\n+\tmemcpy(prefix + 2, &spi_net, 4);\n+\n+\tseq_net = htonl(1);\n+\tmemcpy(prefix + 6, &seq_net, 4);\n+\n+\tmemset(prefix + 10, 0xcc, IV_LEN);\n+\n+\tsrv_fd = SAFE_SOCKET(AF_INET6, SOCK_STREAM, 0);\n+\tSAFE_SETSOCKOPT_INT(srv_fd, SOL_SOCKET, SO_REUSEADDR, 1);\n+\tSAFE_BIND(srv_fd, (struct sockaddr *)&addr, sizeof(addr));\n+\tSAFE_LISTEN(srv_fd, 1);\n+\n+\tif (!SAFE_FORK()) {\n+\t\tint cli_fd, pipefd[2];\n+\n+\t\tSAFE_CLOSE(srv_fd);\n+\n+\t\tcli_fd = SAFE_SOCKET(AF_INET6, SOCK_STREAM, 0);\n+\t\tSAFE_SETSOCKOPT_INT(cli_fd, IPPROTO_TCP, TCP_NODELAY, 1);\n+\t\tSAFE_CONNECT(cli_fd, (struct sockaddr *)&addr, sizeof(addr));\n+\n+\t\tSAFE_POSIX_FADVISE(cli_fd, 0, 0, POSIX_FADV_DONTNEED);\n+\n+\t\tSAFE_SEND(1, cli_fd, prefix, sizeof(prefix), 0);\n+\t\tSAFE_PIPE(pipefd);\n+\n+\t\toff = 0;\n+\t\tSAFE_SPLICE(file_fd, &off, pipefd[1], NULL, DATA_SIZE, 0);\n+\n+\t\t/*\n+\t\t * Splice pipe into TCP socket. The kernel uses\n+\t\t * MSG_SPLICE_PAGES to keep page cache references in\n+\t\t * the skb. On loopback the receiver's ESP handler may\n+\t\t * decrypt in-place, corrupting the page cache. May\n+\t\t * fail on patched kernels.\n+\t\t */\n+\t\tsplice(pipefd[0], NULL, cli_fd, NULL, DATA_SIZE, 0);\n+\n+\t\tSAFE_CLOSE(pipefd[0]);\n+\t\tSAFE_CLOSE(pipefd[1]);\n+\t\tSAFE_CLOSE(cli_fd);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\n+\tacc_fd = SAFE_ACCEPT(srv_fd, NULL, NULL);\n+\tSAFE_CLOSE(srv_fd);\n+\n+\tSAFE_SETSOCKOPT(acc_fd, IPPROTO_TCP, TCP_ULP, ulp, sizeof(ulp));\n+\n+\t/* Let the espintcp strparser process buffered ESP data */\n+\tusleep(30000);\n+\n+\tSAFE_CLOSE(acc_fd);\n+}\n+\n+static void run(void)\n+{\n+\tuint8_t readback[DATA_SIZE];\n+\n+\tfile_fd = SAFE_OPEN(TESTFILE, O_WRONLY | O_CREAT, 0444);\n+\tSAFE_WRITE(SAFE_WRITE_ALL, file_fd, original, DATA_SIZE);\n+\tSAFE_CLOSE(file_fd);\n+\n+\tfile_fd = SAFE_OPEN(TESTFILE, O_RDONLY);\n+\ttry_corrupt();\n+\tSAFE_CLOSE(file_fd);\n+\n+\tfile_fd = SAFE_OPEN(TESTFILE, O_RDONLY);\n+\tSAFE_READ(1, file_fd, readback, sizeof(readback));\n+\tSAFE_CLOSE(file_fd);\n+\n+\tif (memcmp(readback, original, DATA_SIZE) != 0)\n+\t\ttst_res(TFAIL, \"Page cache corrupted via xfrm ESP-in-TCP splice\");\n+\telse\n+\t\ttst_res(TPASS, \"Page cache was not corrupted\");\n+\n+\tSAFE_UNLINK(TESTFILE);\n+}\n+\n+static void cleanup(void)\n+{\n+\tif (srv_fd != -1)\n+\t\tSAFE_CLOSE(srv_fd);\n+\n+\tif (file_fd != -1)\n+\t\tSAFE_CLOSE(file_fd);\n+}\n+\n+static struct tst_test test = {\n+\t.test_all = run,\n+\t.setup = setup,\n+\t.cleanup = cleanup,\n+\t.needs_tmpdir = 1,\n+\t.forks_child = 1,\n+\t.needs_kconfigs = (const char *[]) {\n+\t\t\"CONFIG_USER_NS=y\",\n+\t\t\"CONFIG_NET_NS=y\",\n+\t\t\"CONFIG_XFRM\",\n+\t\t\"CONFIG_INET6_ESP\",\n+\t\t\"CONFIG_INET6_ESPINTCP\",\n+\t\t\"CONFIG_CRYPTO_GCM\",\n+\t\tNULL\n+\t},\n+\t.save_restore = (const struct tst_path_val[]) {\n+\t\t{\"/proc/sys/user/max_user_namespaces\", \"1024\", TST_SR_SKIP},\n+\t\t{}\n+\t},\n+\t.needs_cmds = (struct tst_cmd[]) {\n+\t\t{.cmd = \"ip\"},\n+\t\t{}\n+\t},\n+};\n",
    "prefixes": [
        "v2"
    ]
}