Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 804334,
    "url": "http://patchwork.ozlabs.org/api/patches/804334/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/hostap/patch/20170822083419.GA11932@bistromath.localdomain/",
    "project": {
        "id": 22,
        "url": "http://patchwork.ozlabs.org/api/projects/22/?format=api",
        "name": "HostAP Development",
        "link_name": "hostap",
        "list_id": "hostap.lists.infradead.org",
        "list_email": "hostap@lists.infradead.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20170822083419.GA11932@bistromath.localdomain>",
    "list_archive_url": null,
    "date": "2017-08-22T08:34:19",
    "name": "[1/1] macsec: handle missing macsec kernel module",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": false,
    "hash": "cd5133778b77070bf9a59911bc1f1eeeb48495bd",
    "submitter": {
        "id": 47767,
        "url": "http://patchwork.ozlabs.org/api/people/47767/?format=api",
        "name": "Sabrina Dubroca",
        "email": "sd@queasysnail.net"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/20170822083419.GA11932@bistromath.localdomain/mbox/",
    "series": [],
    "comments": "http://patchwork.ozlabs.org/api/patches/804334/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/804334/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org; spf=none (mailfrom)\n\tsmtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;\n\thelo=bombadil.infradead.org;\n\tenvelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)",
            "ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"J79NBql5\"; \n\tdkim-atps=neutral",
            "ext-mx04.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none)\n\theader.from=queasysnail.net",
            "ext-mx04.extmail.prod.ext.phx2.redhat.com;\n\tspf=none smtp.mailfrom=sd@queasysnail.net"
        ],
        "Received": [
            "from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xc3lq1kWnz9sNd\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 22 Aug 2017 18:35:19 +1000 (AEST)",
            "from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dk4eC-0000KH-KM; Tue, 22 Aug 2017 08:34:52 +0000",
            "from mx1.redhat.com ([209.132.183.28])\n\tby bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dk4e8-0000IO-KB\n\tfor hostap@lists.infradead.org; Tue, 22 Aug 2017 08:34:50 +0000",
            "from smtp.corp.redhat.com\n\t(int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 3D75F7EA94;\n\tTue, 22 Aug 2017 08:34:23 +0000 (UTC)",
            "from bistromath.localdomain (ovpn-116-179.ams2.redhat.com\n\t[10.36.116.179])\n\tby smtp.corp.redhat.com (Postfix) with ESMTPS id B21271797D;\n\tTue, 22 Aug 2017 08:34:21 +0000 (UTC)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:\n\tMessage-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=3vZV8S5s1xbyyNO3cJ1/bvDwaFrFeoTqItdISv3TALs=;\n\tb=J79NBql5gNydeC\n\tkkC5SnkPqKDPj97G+Gw4uMJuxQnc88pjPbiuAsxQCjSo1QPs+cPg3osn4zKa8xag6YZgFGbY5AhCE\n\ttmO138v1dp0fVNy7xlt8u58l91VPAvLPphiyxNTFilrEY6CpCW5VYo6dn0DRAAymVnq7Li8oxcfVh\n\tujto47szU3DI4DpihmBb0uaw2wLRSH0R3eYdGyclJysO4VXUyXOxK0d8gcmiAI/VyCUcLciqrfU+J\n\t79ld7YzlY7at6AFhwt2oqU2dit4KwyGAknYbjnpfaaCCjdZzUkgjL83OIExfPxrpaNWn2AhFNzZxE\n\tkWxUWWz2YGdnz0B5eywQ==;",
        "DMARC-Filter": "OpenDMARC Filter v1.3.2 mx1.redhat.com 3D75F7EA94",
        "DKIM-Filter": "OpenDKIM Filter v2.11.0 mx1.redhat.com 3D75F7EA94",
        "Date": "Tue, 22 Aug 2017 10:34:19 +0200",
        "From": "Sabrina Dubroca <sd@queasysnail.net>",
        "To": "Michael Braun <michael-dev@fami-braun.de>",
        "Subject": "Re: [PATCH 1/1] macsec: handle missing macsec kernel module",
        "Message-ID": "<20170822083419.GA11932@bistromath.localdomain>",
        "References": "<1503077440-3182-1-git-send-email-michael-dev@fami-braun.de>",
        "MIME-Version": "1.0",
        "Content-Disposition": "inline",
        "In-Reply-To": "<1503077440-3182-1-git-send-email-michael-dev@fami-braun.de>",
        "User-Agent": "Mutt/1.8.3 (2017-05-23)",
        "X-Scanned-By": "MIMEDefang 2.79 on 10.5.11.13",
        "X-Greylist": "Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.28]); Tue, 22 Aug 2017 08:34:23 +0000 (UTC)",
        "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ",
        "X-CRM114-CacheID": "sfid-20170822_013448_713854_D6DB3AB9 ",
        "X-CRM114-Status": "GOOD (  17.70  )",
        "X-Spam-Score": "-6.9 (------)",
        "X-Spam-Report": "SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details:   (-6.9 points)\n\tpts rule name              description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/,\n\thigh trust [209.132.183.28 listed in list.dnswl.org]\n\t-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record\n\t-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]",
        "X-BeenThere": "hostap@lists.infradead.org",
        "X-Mailman-Version": "2.1.21",
        "Precedence": "list",
        "List-Id": "<hostap.lists.infradead.org>",
        "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n\t<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>",
        "List-Post": "<mailto:hostap@lists.infradead.org>",
        "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>",
        "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n\t<mailto:hostap-request@lists.infradead.org?subject=subscribe>",
        "Cc": "projekt-wlan@fem.tu-ilmenau.de, hostap@lists.infradead.org,\n\tDavide Caratti <davide.caratti@gmail.com>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>",
        "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"
    },
    "content": "2017-08-18, 19:30:40 +0200, Michael Braun wrote:\n> This fixes the following crash:\n> \n> 0. do not modprobe macsec\n> 1. create veth pair\n> 2. run two wpa_supplicant linux_macsec instances on both ends\n> 3. see one instance crash\n\nWasn't that fixed by commit 5db86df6a849? (cc'ing Davide)\n\nEither way, this is a cleaner fix and I had a similar patch lying\naround (see below). There's still one problem after your patch:\nieee802_1x_kay_init isn't consistent wrt freeing ctx. Some error paths\nwill return NULL and leave ctx untouched, while some (after trying to\ninit CP) will call ieee802_1x_kay_deinit, which frees both kay and\nkay->ctx.\n(Arguably this could be split into two patches: first make\nieee802_1x_kay_init consistent, then add error handling for\nsecy_init_macsec)\n\n\n-------- 8< --------\nFrom: Sabrina Dubroca <sd@queasysnail.net>\nDate: Tue, 22 Aug 2017 10:25:26 +0200\nSubject: [PATCH] mka: add error handling for secy_init_macsec calls\n\nsecy_init_macsec() can fail (if ->macsec_init fails), and\nieee802_1x_kay_init() should handle this and not let MKA run any\nfurther, because nothing is going to work anyway.\n\nOn failure, ieee802_1x_kay_init() must deinit its kay, which will free\nkay->ctx, so ieee802_1x_kay_init callers (only ieee802_1x_alloc_kay_sm)\nmust not do it. Before this patch there is a double-free of the ctx\nargument when ieee802_1x_kay_deinit() was called.\n\nSigned-off-by: Sabrina Dubroca <sd@queasysnail.net>\n---\n src/pae/ieee802_1x_kay.c  | 25 ++++++++++++++-----------\n wpa_supplicant/wpas_kay.c |  5 ++---\n 2 files changed, 16 insertions(+), 14 deletions(-)",
    "diff": "diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c\nindex ff55f88b89bc..4e0f452cc557 100644\n--- a/src/pae/ieee802_1x_kay.c\n+++ b/src/pae/ieee802_1x_kay.c\n@@ -3100,6 +3100,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,\n \tkay = os_zalloc(sizeof(*kay));\n \tif (!kay) {\n \t\twpa_printf(MSG_ERROR, \"KaY-%s: out of memory\", __func__);\n+\t\tos_free(ctx);\n \t\treturn NULL;\n \t}\n \n@@ -3134,10 +3135,8 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,\n \tdl_list_init(&kay->participant_list);\n \n \tif (policy != DO_NOT_SECURE &&\n-\t    secy_get_capability(kay, &kay->macsec_capable) < 0) {\n-\t\tos_free(kay);\n-\t\treturn NULL;\n-\t}\n+\t    secy_get_capability(kay, &kay->macsec_capable) < 0)\n+\t\tgoto error;\n \n \tif (policy == DO_NOT_SECURE ||\n \t    kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {\n@@ -3164,16 +3163,17 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,\n \twpa_printf(MSG_DEBUG, \"KaY: state machine created\");\n \n \t/* Initialize the SecY must be prio to CP, as CP will control SecY */\n-\tsecy_init_macsec(kay);\n+\tif (secy_init_macsec(kay) < 0) {\n+\t\twpa_printf(MSG_DEBUG, \"KaY: couldn't initialize MACsec\\n\");\n+\t\tgoto error;\n+\t}\n \n \twpa_printf(MSG_DEBUG, \"KaY: secy init macsec done\");\n \n \t/* init CP */\n \tkay->cp = ieee802_1x_cp_sm_init(kay);\n-\tif (kay->cp == NULL) {\n-\t\tieee802_1x_kay_deinit(kay);\n-\t\treturn NULL;\n-\t}\n+\tif (kay->cp == NULL)\n+\t\tgoto error;\n \n \tif (policy == DO_NOT_SECURE) {\n \t\tieee802_1x_cp_connect_authenticated(kay->cp);\n@@ -3184,12 +3184,15 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,\n \t\tif (kay->l2_mka == NULL) {\n \t\t\twpa_printf(MSG_WARNING,\n \t\t\t\t   \"KaY: Failed to initialize L2 packet processing for MKA packet\");\n-\t\t\tieee802_1x_kay_deinit(kay);\n-\t\t\treturn NULL;\n+\t\t\tgoto error;\n \t\t}\n \t}\n \n \treturn kay;\n+\n+error:\n+\tieee802_1x_kay_deinit(kay);\n+\treturn NULL;\n }\n \n \ndiff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c\nindex d087e00ad71f..ae2c56328208 100644\n--- a/wpa_supplicant/wpas_kay.c\n+++ b/wpa_supplicant/wpas_kay.c\n@@ -235,10 +235,9 @@ int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)\n \tres = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_port,\n \t\t\t\t  ssid->mka_priority, wpa_s->ifname,\n \t\t\t\t  wpa_s->own_addr);\n-\tif (res == NULL) {\n-\t\tos_free(kay_ctx);\n+\t/* ieee802_1x_kay_init frees kay_ctx on failure */\n+\tif (res == NULL)\n \t\treturn -1;\n-\t}\n \n \twpa_s->kay = res;\n \n",
    "prefixes": [
        "1/1"
    ]
}