From patchwork Fri May  4 01:20:09 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Safonov <dima@arista.com>
X-Patchwork-Id: 908401
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none)
	header.from=arista.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=arista.com header.i=@arista.com
	header.b="gj11qih2"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40cZ2d4MWTz9s3G
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri,  4 May 2018 11:20:41 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751361AbeEDBUP (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 3 May 2018 21:20:15 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:34580 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750829AbeEDBUN (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 3 May 2018 21:20:13 -0400
Received: by mail-wm0-f66.google.com with SMTP id a137-v6so5023783wme.1
	for <netdev@vger.kernel.org>; Thu, 03 May 2018 18:20:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=arista.com; s=googlenew;
	h=from:to:cc:subject:date:message-id;
	bh=VyW5zDC1E95JwBDQqziM8HFvwLmjM5duaKpcx7KhcQI=;
	b=gj11qih2051pF6DL0HJG3BjquwMFBwMS4q+7reTAGhZ7Khz3qI8bmq6WxTJV4c8flJ
	UoOMpfKWzL2W4YGS5tiZCOEggHbaSSVaAnxXWI/EEK39QtH1Jq7nd1MmDyI2RdYd2UxH
	2p6NZvDTO0EcfScb2V+G5A2wY2Jzcr7sYVjx33DCykA1iQP9W6Pmt+2hPjPklUCvbjoV
	O1nJzXtEV1NAfCX5Bf2qbvYnq9zTasz82eujaNFTA7InxIUyM8ZLuNRL9Ng6lhujqfD8
	5fP8TaOV2Llj4Zy1OAqPb+Jzwo6FPzFipm+YHDIYW6+d+yPyxRrO04KpCxFn0qIraIST
	bybg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=VyW5zDC1E95JwBDQqziM8HFvwLmjM5duaKpcx7KhcQI=;
	b=KzVcbcqT/cj8RMPvex6I6JQgYCx+vEWkkiaCcOzY9iPawCSzRXHsvBurkcbCGeqbwN
	o43BuGkXDfFJkkcu5tG2aWBayxjXdvZ94iu7btCwysvNkHlsAZWtR7vyOrd2lkykujHc
	Hw1Yc3dLiIcllcz/nNtHJLRC1kWGPvgFfxgVjsrVu+PG+YabQ/JDJ1Hq6vseaKNYbWPg
	cMOyu0CvfYd/OEFadYWx5SxfFaj30GO95R/pxjRUQOuxbVl4ElWnYNg6asw5W9cFeXzI
	OoJ4NeHWIpugXk2NIMaVeqfG0b5tr4ZEJhD9zY4Jd7lR0sczBY3ND7bi6qOzkcXOB3Zh
	6+Nw==
X-Gm-Message-State: ALQs6tAoBQh5cUV5GkSfXH7dXyyS7P8RUGz3ED1rTMwBXrRKFudmisDk
	eGno6m7G/KSgT3TvCXAvC2A0p6Go1s8=
X-Google-Smtp-Source: 
 AB8JxZrMY6kVVxVTqgi1rJ1gzxE3/LihB8PNPFk5ODVa7NcqWVfbuOnDL2h1TXyb8PRtYiELpuad/g==
X-Received: by 2002:a50:c20a:: with SMTP id
	n10-v6mr4942440edf.287.1525396811546;
	Thu, 03 May 2018 18:20:11 -0700 (PDT)
Received: from dhcp.ire.aristanetworks.com ([217.173.96.166])
	by smtp.gmail.com with ESMTPSA id
	u8-v6sm1255276edj.2.2018.05.03.18.20.10
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Thu, 03 May 2018 18:20:10 -0700 (PDT)
From: Dmitry Safonov <dima@arista.com>
To: linux-kernel@vger.kernel.org
Cc: 0x7f454c46@gmail.com, Dmitry Safonov <dima@arista.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Masahide NAKAMURA <nakam@linux-ipv6.org>,
	YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>,
	Steffen Klassert <steffen.klassert@secunet.com>,
	"David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org
Subject: [PATCHv2] net/xfrm: Revert "[XFRM]: Do not add a state whose SPI is
	zero to the SPI hash."
Date: Fri,  4 May 2018 02:20:09 +0100
Message-Id: <20180504012009.643-1-dima@arista.com>
X-Mailer: git-send-email 2.13.6
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This reverts commit 7b4dc3600e48 ("[XFRM]: Do not add a state whose SPI
is zero to the SPI hash.").

Zero SPI is legal and defined for IPcomp.
We shouldn't omit adding the state to SPI hash because it'll not be
possible to delete or lookup for it afterward:
__xfrm_state_insert() obviously doesn't add hash for zero
SPI in xfrm.state_byspi, and xfrm_user_state_lookup() will fail as
xfrm_state_lookup() does lookups by hash.

It also isn't possible to workaround from userspace as
xfrm_id_proto_match() will be always true for ah/esp/comp protos.

v1 link: https://lkml.kernel.org/r/<20180502020220.2027-1-dima@arista.com>

Cc: Masahide NAKAMURA <nakam@linux-ipv6.org>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Dmitry Safonov <dima@arista.com>
---
 net/xfrm/xfrm_state.c | 39 +++++++++++++++------------------------
 1 file changed, 15 insertions(+), 24 deletions(-)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index f9d2f2233f09..03afe5423448 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -97,12 +97,9 @@ static void xfrm_hash_transfer(struct hlist_head *list,
 				    nhashmask);
 		hlist_add_head_rcu(&x->bysrc, nsrctable + h);
 
-		if (x->id.spi) {
-			h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
-					    x->id.proto, x->props.family,
-					    nhashmask);
-			hlist_add_head_rcu(&x->byspi, nspitable + h);
-		}
+		h = __xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
+				    x->props.family, nhashmask);
+		hlist_add_head_rcu(&x->byspi, nspitable + h);
 	}
 }
 
@@ -613,8 +610,7 @@ int __xfrm_state_delete(struct xfrm_state *x)
 		list_del(&x->km.all);
 		hlist_del_rcu(&x->bydst);
 		hlist_del_rcu(&x->bysrc);
-		if (x->id.spi)
-			hlist_del_rcu(&x->byspi);
+		hlist_del_rcu(&x->byspi);
 		net->xfrm.state_num--;
 		spin_unlock(&net->xfrm.xfrm_state_lock);
 
@@ -958,7 +954,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
 		    xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
 		    tmpl->mode == x->props.mode &&
 		    tmpl->id.proto == x->id.proto &&
-		    (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
+		    tmpl->id.spi == x->id.spi)
 			xfrm_state_look_at(pol, x, fl, encap_family,
 					   &best, &acquire_in_progress, &error);
 	}
@@ -974,7 +970,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
 		    xfrm_addr_equal(&x->id.daddr, daddr, encap_family) &&
 		    tmpl->mode == x->props.mode &&
 		    tmpl->id.proto == x->id.proto &&
-		    (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
+		    tmpl->id.spi == x->id.spi)
 			xfrm_state_look_at(pol, x, fl, encap_family,
 					   &best, &acquire_in_progress, &error);
 	}
@@ -982,8 +978,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
 found:
 	x = best;
 	if (!x && !error && !acquire_in_progress) {
-		if (tmpl->id.spi &&
-		    (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi,
+		if ((x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi,
 					      tmpl->id.proto, encap_family)) != NULL) {
 			to_put = x0;
 			error = -EEXIST;
@@ -1025,10 +1020,8 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
 			hlist_add_head_rcu(&x->bydst, net->xfrm.state_bydst + h);
 			h = xfrm_src_hash(net, daddr, saddr, encap_family);
 			hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h);
-			if (x->id.spi) {
-				h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family);
-				hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h);
-			}
+			h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family);
+			hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h);
 			x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
 			tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
 			net->xfrm.state_num++;
@@ -1134,7 +1127,7 @@ static void __xfrm_state_insert(struct xfrm_state *x)
 	h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
 	hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h);
 
-	if (x->id.spi) {
+	if (xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY)) {
 		h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
 				  x->props.family);
 
@@ -1787,14 +1780,12 @@ int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
 			xfrm_state_put(x0);
 		}
 	}
-	if (x->id.spi) {
-		spin_lock_bh(&net->xfrm.xfrm_state_lock);
-		h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
-		hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h);
-		spin_unlock_bh(&net->xfrm.xfrm_state_lock);
+	spin_lock_bh(&net->xfrm.xfrm_state_lock);
+	h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
+	hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h);
+	spin_unlock_bh(&net->xfrm.xfrm_state_lock);
 
-		err = 0;
-	}
+	err = 0;
 
 unlock:
 	spin_unlock_bh(&x->lock);