From patchwork Mon Dec 25 06:20:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tony Duan X-Patchwork-Id: 1880063 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz78x4f4fz20Rq for ; Mon, 25 Dec 2023 17:21:53 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rHeLM-00070a-B9; Mon, 25 Dec 2023 06:21:41 +0000 Received: from mail-mw2nam12on2071.outbound.protection.outlook.com ([40.107.244.71] helo=NAM12-MW2-obe.outbound.protection.outlook.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rHeKi-0006oN-HI for kernel-team@lists.ubuntu.com; Mon, 25 Dec 2023 06:21:01 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ai/w9H4mBEyo76HprEN+Ve/m9kVlEUOEHT91QwSy90g4RbdiSx0QnQJoJt6W5VnSb1q4dB42nS3+orufoHx2KBh1/XfLfDjNIfMwskgpPwTdPFVQxWW/XI4CewTQ1qtUtS7flMnMrfQlCeW0wRahxtEgKWLj78Q5GxRbZKd3P3CqmiVH5fmAJINUg7WV/iqyrycYg1elZrQmOeNtLVrABCCYosqNFN+sbajX7HaF6H3yN3YAfNO9M+EJzAwGmKM7Rs4i3JVS8fOUcycXgvl3JrlcIKnaT+1qRTpt44vISgiyJvJ4pUmCWWHummZfxyPSlj5Si2A0PL4MTZrj5+vD8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eSEWVHk8y3yU1/MayU5rT7e6KE8mqXDxtxIgJPOg8WY=; b=CjgkNL0SpLV+ofL5/VsdlYFa96KWbLF6zEp8FMateyuto+a53hv/aXNN07jgSMCkhWlWQtcEefLlHF7/uBJDQmaUE11dfQlK6O9FkMkvqNpWMCy9ujBjiJMIb0LmePyxBTUif+InJ8s4sQRcGzk53XlgJwKGeJz3FmvrmZQZiniMPOulIu2Ocuq9GqjSA5jPVA8guN8Fh+VEigiKE0N6T3XHDE8RDtq+LGXtKukX6JGlhE+uMbzu2WXoKu3nAc0Zmnj5R5bYCBJUSlX1WlyIHPP4wKsTtfjbkWikNWIWoYHlcHNT9G8JzGqA5fNtwS8O5dxl1Pk2djzgSWoIZaqV3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) Received: from BL0PR02CA0115.namprd02.prod.outlook.com (2603:10b6:208:35::20) by LV2PR12MB5775.namprd12.prod.outlook.com (2603:10b6:408:179::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26; Mon, 25 Dec 2023 06:20:56 +0000 Received: from BL6PEPF0001AB57.namprd02.prod.outlook.com (2603:10b6:208:35:cafe::13) by BL0PR02CA0115.outlook.office365.com (2603:10b6:208:35::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.24 via Frontend Transport; Mon, 25 Dec 2023 06:20:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by BL6PEPF0001AB57.mail.protection.outlook.com (10.167.241.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.14 via Frontend Transport; Mon, 25 Dec 2023 06:20:56 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:38 -0800 Received: from rnnvmail201.nvidia.com (10.129.68.8) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:38 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend Transport; Sun, 24 Dec 2023 22:20:37 -0800 Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx [10.9.150.35]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 3BP6KW6D031863; Mon, 25 Dec 2023 08:20:34 +0200 From: Tony Duan To: Subject: [SRU][J:linux-bluefield][PATCH v1 1/9] xfrm: generalize xdo_dev_state_update_curlft to allow statistics update Date: Mon, 25 Dec 2023 00:20:23 -0600 Message-ID: <1703485231-27098-2-git-send-email-yifeid@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> References: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB57:EE_|LV2PR12MB5775:EE_ X-MS-Office365-Filtering-Correlation-Id: 12ee5e44-813d-481e-d8b7-08dc0511a7be X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YDd9FTZXRYhAPgcGuTvMR7H/wqs+WiLpX3diqlDliufY5izDbjaPFsskD/Cgp5qPvcKZ6AKvdhiAuriXnKVee956QEu3B18jMe+o4oC8OymNa2lzrFlCmI4+XKgRYSpA5N5XTbkh3a1wGRhrQuefOKYvdiBMSckDbE1M+w0G1ZGMXjuUTfiGa/ODhEn91QCp/TGlIpiUhb5vigPzHt3AaMBt9+qhXyRNeipOawKb2pDLPg711V3O+UlyTacrPiwIy6r3jUthzbR/G0CzL7SMpyMHv/YIoThgRkxPubLbPA8FjBRi5v6i/LxIBrfvaHNqyTQGEV/2eZGOnXuUKvHyzLuE7JdTogLCg9TkJnA2jPmnFc4JdROvLcxsS3jolQSB0iTAl/jowS/OwQ8KzMN2xy3LkvokbrnIZW/dYwoLvM3S9xnzuzikrfqD79Je9nl9KBUVXf92lm0dEO7Jp6Rota1E1ZuLwy6arSAZFSJ5MdIAIxDN/BlUJnVmdwnxD51tuZ7Qj0kRpihWVjTcna2b4hKq9OFxqsEuCIN6m877pE9EU0XCpeL9mIB8IpvcBuLfTK8hNDXYlWg23xC7mrCLBEcb1epwug98hiBpWI+fjDZdEeYwq1YGYdy1YhbdOiAgvgKD+xAyaXdmoStBvItaU0VL8jfvdBtm0vcxL7J6i8wngRcxYOE8cALGb0qn6VoGOBAvqGGUy13xmaXFazAOCjfxjuU9SJtzLEEPaVIxKToUXu8dZzAKIatMGRBSDD3EhQhcCZPS4nRkdIljPi1y6RObph0lZDkwsQYVYJD0/NU= X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(136003)(346002)(376002)(39860400002)(396003)(230922051799003)(82310400011)(451199024)(186009)(1800799012)(64100799003)(36840700001)(46966006)(70586007)(70206006)(5660300002)(40480700001)(36756003)(478600001)(966005)(2906002)(8676002)(8936002)(6916009)(4326008)(316002)(54906003)(6666004)(86362001)(26005)(2616005)(41300700001)(36860700001)(83380400001)(82740400003)(336012)(356005)(47076005)(7636003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Dec 2023 06:20:56.4621 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 12ee5e44-813d-481e-d8b7-08dc0511a7be X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB57.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5775 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Leon Romanovsky BugLink: https://bugs.launchpad.net/bugs/2044427 In order to allow drivers to fill all statistics, change the name of xdo_dev_state_update_curlft to be xdo_dev_state_update_stats. Signed-off-by: Leon Romanovsky (backported from commit 4eb1ca1bad56346d8ae865926aa4a4b896512c54) [Tony: Do not port ipsec.c since BF does not use this driver] Signed-off-by: Tony Duan Conflicts: drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c --- Documentation/networking/xfrm_device.rst | 4 ++-- include/linux/netdevice.h | 2 +- include/net/xfrm.h | 11 ++++------- net/xfrm/xfrm_state.c | 4 ++-- net/xfrm/xfrm_user.c | 2 +- 5 files changed, 10 insertions(+), 13 deletions(-) diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst index 83abdfe..af70192 100644 --- a/Documentation/networking/xfrm_device.rst +++ b/Documentation/networking/xfrm_device.rst @@ -70,9 +70,9 @@ Callbacks to implement bool (*xdo_dev_offload_ok) (struct sk_buff *skb, struct xfrm_state *x); void (*xdo_dev_state_advance_esn) (struct xfrm_state *x); + void (*xdo_dev_state_update_stats) (struct xfrm_state *x); /* Solely packet offload callbacks */ - void (*xdo_dev_state_update_curlft) (struct xfrm_state *x); int (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack); void (*xdo_dev_policy_delete) (struct xfrm_policy *x); void (*xdo_dev_policy_free) (struct xfrm_policy *x); @@ -190,6 +190,6 @@ xdo_dev_policy_free() on any remaining offloaded states. Outcome of HW handling packets, the XFRM core can't count hard, soft limits. The HW/driver are responsible to perform it and provide accurate data when -xdo_dev_state_update_curlft() is called. In case of one of these limits +xdo_dev_state_update_stats() is called. In case of one of these limits occuried, the driver needs to call to xfrm_state_check_expire() to make sure that XFRM performs rekeying sequence. diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index c5a86cf..52e7779 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1014,7 +1014,7 @@ struct xfrmdev_ops { bool (*xdo_dev_offload_ok) (struct sk_buff *skb, struct xfrm_state *x); void (*xdo_dev_state_advance_esn) (struct xfrm_state *x); - void (*xdo_dev_state_update_curlft) (struct xfrm_state *x); + void (*xdo_dev_state_update_stats) (struct xfrm_state *x); int (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack); void (*xdo_dev_policy_delete) (struct xfrm_policy *x); void (*xdo_dev_policy_free) (struct xfrm_policy *x); diff --git a/include/net/xfrm.h b/include/net/xfrm.h index e8d58c6..d3ff1cd 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1543,21 +1543,18 @@ struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi, unsigned short family); int xfrm_state_check_expire(struct xfrm_state *x); #ifdef CONFIG_XFRM_OFFLOAD -static inline void xfrm_dev_state_update_curlft(struct xfrm_state *x) +static inline void xfrm_dev_state_update_stats(struct xfrm_state *x) { struct xfrm_dev_offload *xdo = &x->xso; struct net_device *dev = xdo->dev; - if (x->xso.type != XFRM_DEV_OFFLOAD_PACKET) - return; - if (dev && dev->xfrmdev_ops && - dev->xfrmdev_ops->xdo_dev_state_update_curlft) - dev->xfrmdev_ops->xdo_dev_state_update_curlft(x); + dev->xfrmdev_ops->xdo_dev_state_update_stats) + dev->xfrmdev_ops->xdo_dev_state_update_stats(x); } #else -static inline void xfrm_dev_state_update_curlft(struct xfrm_state *x) {} +static inline void xfrm_dev_state_update_stats(struct xfrm_state *x) {} #endif void xfrm_state_insert(struct xfrm_state *x); int xfrm_state_add(struct xfrm_state *x); diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 2c68cf36..07e4f89 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -570,7 +570,7 @@ static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me) int err = 0; spin_lock(&x->lock); - xfrm_dev_state_update_curlft(x); + xfrm_dev_state_update_stats(x); if (x->km.state == XFRM_STATE_DEAD) goto out; @@ -1933,7 +1933,7 @@ int xfrm_state_update(struct xfrm_state *x) int xfrm_state_check_expire(struct xfrm_state *x) { - xfrm_dev_state_update_curlft(x); + xfrm_dev_state_update_stats(x); if (!x->curlft.use_time) x->curlft.use_time = ktime_get_real_seconds(); diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 58abcdd..a591283 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -802,7 +802,7 @@ static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) memcpy(&p->sel, &x->sel, sizeof(p->sel)); memcpy(&p->lft, &x->lft, sizeof(p->lft)); if (x->xso.dev) - xfrm_dev_state_update_curlft(x); + xfrm_dev_state_update_stats(x); memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); put_unaligned(x->stats.replay_window, &p->stats.replay_window); put_unaligned(x->stats.replay, &p->stats.replay); From patchwork Mon Dec 25 06:20:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tony Duan X-Patchwork-Id: 1880059 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz78K0FW5z20Rq for ; Mon, 25 Dec 2023 17:21:20 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rHeKh-0006oD-DX; Mon, 25 Dec 2023 06:21:00 +0000 Received: from mail-mw2nam12on2086.outbound.protection.outlook.com ([40.107.244.86] helo=NAM12-MW2-obe.outbound.protection.outlook.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rHeKd-0006ny-4N for kernel-team@lists.ubuntu.com; Mon, 25 Dec 2023 06:20:55 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FR7w4PHFdLre9vkrcsyP84WEcbjJSCUcObqIK5KbD4SRONEHealVdNssdX+QwOX6eAu1RsBJU3lLPWoHI5VsRX0W1W2LL5OzaDixrCbMd8AWjQFTXt4erbLeDXRik9OyLdRqMSl2lGd0iF+jKpI/yZ+FhpyL1GSi9v5DyynX4zg/jqxuiuSyBqVQAeCaXe7I0XENkDBRtSlFAfdrK/pG1w6HK5B2Ct+G0GpHG21APQijAYCbIz7lOxXfChpfpENvS+SIQfSDf7P6U+kgkmSU8zeTDz9IS2/PEKIFTIm/GKBDnjdyykVuwuxDZMwi74HujixfXz9IXKZCVVtIzDATGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iGSyUaZNcAsp5cU5tC1USRwdm3bSa6FNmcYH5AW1dX8=; b=oTOGKwrZKCByW7eO2y+whDXkfUKmhB6Zev2COKIIts7XRp1cHkNpdtDgB49OCTamBhpJ8RdDHNnNTk1dC+VbiKjAc3TBmF7idJhjUtB4V7hp7JdiuRV3wSqvAiuxSpD6EANJyULxeoZjvkXl29GvC9yinooxLaW5eD63Lh8tFyfF476X04HzoZYpkxEDo8nsv/dOwxsVwGPrGYgAWn5UX7pxtOb3qaD0HFUz4VyYy2EoFnF6wCoFY9+/uSJouOea9B+wryJ4FfIvijIYQgdVKqEdFxdZNnzqiBbgOXyj/c/pQe7NMH4NTCBQlw9rqJmv47HPLCcbsJ7RGfZhFc7DcQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) Received: from SJ2PR07CA0014.namprd07.prod.outlook.com (2603:10b6:a03:505::7) by SN7PR12MB7276.namprd12.prod.outlook.com (2603:10b6:806:2af::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26; Mon, 25 Dec 2023 06:20:50 +0000 Received: from SJ5PEPF000001CF.namprd05.prod.outlook.com (2603:10b6:a03:505:cafe::39) by SJ2PR07CA0014.outlook.office365.com (2603:10b6:a03:505::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26 via Frontend Transport; Mon, 25 Dec 2023 06:20:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by SJ5PEPF000001CF.mail.protection.outlook.com (10.167.242.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.14 via Frontend Transport; Mon, 25 Dec 2023 06:20:50 +0000 Received: from drhqmail203.nvidia.com (10.126.190.182) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:40 -0800 Received: from drhqmail201.nvidia.com (10.126.190.180) by drhqmail203.nvidia.com (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:40 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend Transport; Sun, 24 Dec 2023 22:20:39 -0800 Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx [10.9.150.35]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 3BP6KW6E031863; Mon, 25 Dec 2023 08:20:36 +0200 From: Tony Duan To: Subject: [SRU][J:linux-bluefield][PATCH v1 2/9] xfrm: get global statistics from the offloaded device Date: Mon, 25 Dec 2023 00:20:24 -0600 Message-ID: <1703485231-27098-3-git-send-email-yifeid@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> References: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CF:EE_|SN7PR12MB7276:EE_ X-MS-Office365-Filtering-Correlation-Id: fe8846d3-085a-42a9-454e-08dc0511a402 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Txlw8WyaRoDDJVP2+MvH2oTa9m4ctwH6jHRecMp9MOqKZ9Zjn26fjZzS8Z6FukPJddjEQKpAOiXv+K4o+tLv9G44ARrJjbdi8zPTSYOcMA7uZ0XKnG8gh0pmQaX+jea4N2/GSp4oUU8V+VgyWNaDiep+HD0Dx8nwk3xle6B7Twj0UGre7sR2P+ZHfJpVcIfQCMlFjncUMb822ktaOWNEcCXVKDvYqfVlEixxJDc1OAsyixK8uKH9w7yZ0DJ+m2bhztBv+R1Kk+t63qcUVFr/KGgnaGev9+tLzxmapdQEtlaqjzAqcLEXmNfuO1z8oS0xAPLBHBQSUTn0Xi1cICr9YzV8nhU8qrZFIhZgOSZy59vI4y5b3LoTJGOhaxjNk/imhLZx0YzH+l37tai+Hx3U05YrQ8uKPYhg/lKLjqB5j23Tl25Ipn4ejJowXCZ9lNlxAlZBiIvvqhgYc5w+g3rNnFrfkgLOWE8st4htT23xN6EFrdE6pyv7yJzRW5Phie9HEedGR58ofbH/Pnh5HAexCI1K6PHFBcnTZjlEXq4q7gCvgBHW+bbvnyNxEjexnbtQ5VJj9i1+JiKENf9k4yycEdTF3Thh1Cuf3trgDyh0NQDX1ugIaGiYJ5fhsw4eNPnh+WLVlAsjOOFhOEv+0rAAxAQixwX5wHXk/qseKRbFdpDHBhvJZrbYmA0LOj6yLjTsXGBGO/hrUNYAJASh2JB4v63vNxLCc12FMgcM2Lo7+B7SApcjItyGs+FDgiqDXpAqcSfoYCmWLwOsSfkEruuG2zF+orwohh8fXAwJxpt0yIs= X-Forefront-Antispam-Report: CIP:216.228.118.232; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge1.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(396003)(136003)(346002)(376002)(39860400002)(230922051799003)(64100799003)(1800799012)(82310400011)(186009)(451199024)(46966006)(36840700001)(40470700004)(40480700001)(40460700003)(2616005)(336012)(26005)(356005)(86362001)(36756003)(82740400003)(7636003)(83380400001)(4326008)(5660300002)(47076005)(6666004)(36860700001)(316002)(966005)(8936002)(478600001)(54906003)(6916009)(70586007)(70206006)(2906002)(41300700001)(8676002); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Dec 2023 06:20:50.3806 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fe8846d3-085a-42a9-454e-08dc0511a402 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001CF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7276 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Leon Romanovsky BugLink: https://bugs.launchpad.net/bugs/2044427 Iterate over all SAs in order to fill global IPsec statistics. Signed-off-by: Leon Romanovsky (backported from commit 4d13628bcce1e2d7ca095a8d45158548ceb421c5) [Tony: do not port ipsec.c since BF does not use this driver] Signed-off-by: Tony Duan Conflicts: drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c --- include/net/xfrm.h | 3 +++ net/xfrm/xfrm_proc.c | 1 + net/xfrm/xfrm_state.c | 13 +++++++++++++ 3 files changed, 17 insertions(+) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index d3ff1cd..04fa329 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -51,8 +51,10 @@ #ifdef CONFIG_XFRM_STATISTICS #define XFRM_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.xfrm_statistics, field) +#define XFRM_ADD_STATS(net, field, val) SNMP_ADD_STATS((net)->mib.xfrm_statistics, field, val) #else #define XFRM_INC_STATS(net, field) ((void)(net)) +#define XFRM_ADD_STATS(net, field, val) ((void)(net)) #endif @@ -1542,6 +1544,7 @@ struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, u32 if_id, struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi, unsigned short family); int xfrm_state_check_expire(struct xfrm_state *x); +void xfrm_state_update_stats(struct net *net); #ifdef CONFIG_XFRM_OFFLOAD static inline void xfrm_dev_state_update_stats(struct xfrm_state *x) { diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c index fee9b5c..5f9bf8e 100644 --- a/net/xfrm/xfrm_proc.c +++ b/net/xfrm/xfrm_proc.c @@ -52,6 +52,7 @@ static int xfrm_statistics_seq_show(struct seq_file *seq, void *v) memset(buff, 0, sizeof(unsigned long) * LINUX_MIB_XFRMMAX); + xfrm_state_update_stats(net); snmp_get_cpu_field_batch(buff, xfrm_mib_list, net->mib.xfrm_statistics); for (i = 0; xfrm_mib_list[i].name; i++) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 07e4f89..05686ac 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1955,6 +1955,19 @@ int xfrm_state_check_expire(struct xfrm_state *x) } EXPORT_SYMBOL(xfrm_state_check_expire); +void xfrm_state_update_stats(struct net *net) +{ + struct xfrm_state *x; + int i; + + spin_lock_bh(&net->xfrm.xfrm_state_lock); + for (i = 0; i <= net->xfrm.state_hmask; i++) { + hlist_for_each_entry(x, net->xfrm.state_bydst + i, bydst) + xfrm_dev_state_update_stats(x); + } + spin_unlock_bh(&net->xfrm.xfrm_state_lock); +} + struct xfrm_state * xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family) From patchwork Mon Dec 25 06:20:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tony Duan X-Patchwork-Id: 1880060 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz78Q0K3xz20Rq for ; Mon, 25 Dec 2023 17:21:26 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rHeKs-0006q9-W5; Mon, 25 Dec 2023 06:21:11 +0000 Received: from mail-bn8nam11on2041.outbound.protection.outlook.com ([40.107.236.41] helo=NAM11-BN8-obe.outbound.protection.outlook.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rHeKg-0006o6-1V for kernel-team@lists.ubuntu.com; Mon, 25 Dec 2023 06:20:58 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NOyN3C4bArUe9L1erD43HUD8xYrn/8lMqjCQWmWIFg9EmemZ4DE37nFsHVdAGoxE5RN/oupSLL7Y8evKd4G6vXCp/MwaaujiYTj/3A4zIRhqCLxeGWovtcC6JOTIlWjEYnlMmlXQfpAvU0CP2784ES1ZRphgQlBENoesD6saZifHBZ7S5cCXn+9Q1Ew1/if70J9rZHPV0a9v71Sv5IIP1VpaES0hLAsfum3c/0GT0whvdZ3GzH1B4iQ/ebQzx1V9eg/vNJBAJgwBkDUBtc2vGGOqWBK7TSzWu1G1CgRcXngfJLbMZRPAfKNL5kcZUREsmz8/b6+iC4AD8AeTWemE3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jlM+Rq26XfIGFMev518RUZnvFc+Lv2nV4s15f4b7EqQ=; b=dK7d6WbodNKDQabV7yOGtO0oJa9tVXKnJnNCfpk4ZYCuQpNyjfPdu8PXu6hfrqNp5YYZrdUi/HDmRfDI1Fxfo497scTFDzYk6KWXccjOsefJy3S5lWZ5P1XoVSab9JgDcwaOn2vmmYU79zuL+nawC4u4kUqAGZzRt+6zLL9F5nh9UR70EdCxCALrsPJ2e4Hi4qWBA/npqPwRX8phaYlXWdYHbCBFUQCvYq7xGdowMla7sqmH4VghT9u7TRIuwiLbmbLyxsO5Z4toZQo7v8BMFz6lFNR/3cpxiRswKOsxxgIfM3kP3ZUu6CtTDzY0IlxB2QgjMxChDeBW9DtP74Rweg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) Received: from SJ2PR07CA0006.namprd07.prod.outlook.com (2603:10b6:a03:505::18) by SJ0PR12MB5454.namprd12.prod.outlook.com (2603:10b6:a03:304::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26; Mon, 25 Dec 2023 06:20:52 +0000 Received: from SJ5PEPF000001CF.namprd05.prod.outlook.com (2603:10b6:a03:505:cafe::75) by SJ2PR07CA0006.outlook.office365.com (2603:10b6:a03:505::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26 via Frontend Transport; Mon, 25 Dec 2023 06:20:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by SJ5PEPF000001CF.mail.protection.outlook.com (10.167.242.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.14 via Frontend Transport; Mon, 25 Dec 2023 06:20:52 +0000 Received: from drhqmail203.nvidia.com (10.126.190.182) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:42 -0800 Received: from drhqmail202.nvidia.com (10.126.190.181) by drhqmail203.nvidia.com (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:41 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend Transport; Sun, 24 Dec 2023 22:20:41 -0800 Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx [10.9.150.35]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 3BP6KW6F031863; Mon, 25 Dec 2023 08:20:38 +0200 From: Tony Duan To: Subject: [SRU][J:linux-bluefield][PATCH v1 3/9] xfrm: Flush xfrm state synchronously on netdev close or unregister Date: Mon, 25 Dec 2023 00:20:25 -0600 Message-ID: <1703485231-27098-4-git-send-email-yifeid@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> References: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CF:EE_|SJ0PR12MB5454:EE_ X-MS-Office365-Filtering-Correlation-Id: f2297baf-646c-47f3-ea53-08dc0511a50a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lK0YMypEpLudgexxz5Vrabd3P9lChm2SRBOs7qSE1zyEUrPpzah3NE7oEk7iCOXc629gfd60JQV164UG8zOHftdeY8uOu0Lt8DXjucFISc+kxP258x6f2Z1oqiwX0ac1UPDRe4lGfDy52MronmAwE4upd1U3HSLLwooqViKYztNBdL2ZTBnlD+qD9jwMyrAs6vBB3S5W1gk+h52n+XOExi6968hPMu+aAEaxGuKQVa102Dl6WP6UPEKQlTfarjo6hUcbRWkJZjj30XFq3RrIxN9AKsp8FHZBzVhVqivwxrTSO4zSV1Mp7GVnvxSWlZJRo7kI0P74mB+NP3oiiumlijxOQ/OdohIPZyvAWNJkWd45gYJMGep/29lBa6/+cA4QIii1jo0c2vTN4qlpedy3I3Xhe4gfiWDml2qAaytjakJsRPdHZdQCjD0nepdTt1dGqTmYDSk8De6+BsHPT9rdwljBGdZYB0FgBv3l548Oa8F4z33FiMKgdaReHbYUV0ME5bltONRNYrddh0KsAKHFk02C2lC6VYFHXGH5SS3ioAj0KbAy0QUWVGOlSSpLkClBqRD9ab3EZ2k+B+l+gSWuGi5BwVBWkge+VYib+J0/V5oGwyu024piNPdixX27ofcskVpdqR921nAer0szrXHG7PB+LpnAy9jhcjgk3kvfxytye2Y3U93r4YS8SDvaB+Xj7EKglj+DdjbOZBH1Dv0D7dqysdvRZbSWw0tbNf/w4AOcMAiMDKQln61VVPFJRKLQNXM5DZqUrKeFRup7vBR6mT50cYUkWtnZUaZbPMXVob8= X-Forefront-Antispam-Report: CIP:216.228.118.232; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge1.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(396003)(39860400002)(376002)(346002)(136003)(230922051799003)(451199024)(1800799012)(82310400011)(186009)(64100799003)(40470700004)(46966006)(36840700001)(47076005)(356005)(7636003)(36860700001)(41300700001)(86362001)(26005)(336012)(36756003)(2616005)(83380400001)(40480700001)(40460700003)(82740400003)(478600001)(316002)(6916009)(966005)(54906003)(70586007)(70206006)(6666004)(8676002)(8936002)(5660300002)(4326008)(2906002); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Dec 2023 06:20:52.1150 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f2297baf-646c-47f3-ea53-08dc0511a50a X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001CF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB5454 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jianbo Liu BugLink: https://bugs.launchpad.net/bugs/2044427 When NETDEV_DOWN or NETDEV_UNREGISTER is received, netdev is being closed or unregistered, and all xfrm_states are being flushed. It's better to bypass GC and destroy them directly, so the hardware resources for those offloaded xfrm_state can be safely freed. Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API") Signed-off-by: Jianbo Liu Signed-off-by: Leon Romanovsky (cherry picked from commit ebf036124a1df1eed16ab752212854495cbb8264) Signed-off-by: Tony Duan --- net/xfrm/xfrm_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 05686ac..950761a 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -870,7 +870,7 @@ int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_vali err = xfrm_state_delete(x); xfrm_audit_state_delete(x, err ? 0 : 1, task_valid); - xfrm_state_put(x); + xfrm_state_put_sync(x); if (!err) cnt++; From patchwork Mon Dec 25 06:20:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tony Duan X-Patchwork-Id: 1880066 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz79J1Txrz20Rq for ; Mon, 25 Dec 2023 17:22:11 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rHeLl-0007JT-8o; Mon, 25 Dec 2023 06:22:05 +0000 Received: from mail-dm6nam12on2042.outbound.protection.outlook.com ([40.107.243.42] helo=NAM12-DM6-obe.outbound.protection.outlook.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rHeKo-0006po-7S for kernel-team@lists.ubuntu.com; Mon, 25 Dec 2023 06:21:06 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fFF7U4Pu3UrnJAwrVoJIxLk4/4nH4w/0SVNnxzfee9b+9DxIOibVgFncrVtxYxsEQbVrYD4/+jg3iAAy4UyJTfXA7oUL8In6DgKlch+gJfO6wgQPAjvDNFFHATHO+0kGPOTMoGKm4mtSLOA3Z+zTwFl4swTCg32CxFwEtUw+gihSZ5qYT3GQYlb2v1izTj1FgNq9ERAsO7jdw0nP4uh9NGiVcx8nJeMuNCvyFiG2zoKWY4IhRY1s6uuegIZCEmyyZ+ZsyOuoEhVztqltncDrI/6RjWt+U6onvWTQR9PPBgclhBD+MPFPJgSbaa30uoWVJFGB7k233GT7pQMF+6BFug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RX8fnPk/VMakhgZlbWHoAUXaqx1tkyC4JoeI+L/YzXk=; b=gJbP6/GyqbzkPsZnWk9L5a5aIGuF6fbvlIgev0OV3N2KTShbyDWQeA31MC/GrssHrvzfJxiK4XF7zcPPrT4V/qzwbWtJ3NKUwPL7H6e4FWgjk2AJGIfhqhlpzNV1uioIGtDpCagm1RD0tEaEW8b4sY3uRCzcpPjl3wrdJTV2xjDQgRqtWMWaHWBkJViU47+F2FcxZ/zBwWUOgAD8zC0ZjYRzEr8Ztdn16SAVLCRJfmTyQOl/UGE5Ip2498ZD6QMcKOWZZNJmQ9+bHQfeLy797pai5glUKuuGQJ8gJerff50HLzNrCYCNDlNKN6qY8OeiUQDfydcYE+Dz4is6YeZtrg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) Received: from SA9PR13CA0151.namprd13.prod.outlook.com (2603:10b6:806:28::6) by DM6PR12MB4107.namprd12.prod.outlook.com (2603:10b6:5:218::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26; Mon, 25 Dec 2023 06:21:01 +0000 Received: from SN1PEPF0002BA4C.namprd03.prod.outlook.com (2603:10b6:806:28:cafe::7a) by SA9PR13CA0151.outlook.office365.com (2603:10b6:806:28::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.16 via Frontend Transport; Mon, 25 Dec 2023 06:21:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by SN1PEPF0002BA4C.mail.protection.outlook.com (10.167.242.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.14 via Frontend Transport; Mon, 25 Dec 2023 06:20:59 +0000 Received: from rnnvmail203.nvidia.com (10.129.68.9) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:44 -0800 Received: from rnnvmail203.nvidia.com (10.129.68.9) by rnnvmail203.nvidia.com (10.129.68.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:43 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend Transport; Sun, 24 Dec 2023 22:20:43 -0800 Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx [10.9.150.35]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 3BP6KW6G031863; Mon, 25 Dec 2023 08:20:40 +0200 From: Tony Duan To: Subject: [SRU][J:linux-bluefield][PATCH v1 4/9] net: af_key: fix sadb_x_filter validation Date: Mon, 25 Dec 2023 00:20:26 -0600 Message-ID: <1703485231-27098-5-git-send-email-yifeid@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> References: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA4C:EE_|DM6PR12MB4107:EE_ X-MS-Office365-Filtering-Correlation-Id: 8ea92ce4-98ce-489c-7fba-08dc0511a9c1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: R/O+RipWdEskPfkUsqrrjuAc++syn4Esj231AiyhG/AFG3VcUe9RP2365DZl1q0XaGD1uE5h0Vfir0+VbyL20mH6VlrdA7pqdw/MExIiHsuIGJHaaWRxz8Hk5Z3iN90dM9ASILvbLrStGHz3yDnO2XiyAaV+vPRxEIJzPyOmj0Cr/dxPqlVn26vYD7UbyUWuFUk9vxvuJTeXC80FVfNNHPFQLfpCT0YbhQktBEumdFRxetYIONChsby8a5s69Wle+2/gauyaLYc2iWZs4jYjNfUWlUR6LJ5LVBs7dIhd53KFNsKdQhXsfmvOSGNwOn1POvIqLXxSJV5mVaeieV4hg1lrmeNRT2euAkVrjNWra3E6ogGztCFqhsTAgYHWfKIRwgWkyIO4S8DPlf8oxTTF2AFa0OHpyVNZYhFBMrvzbHeTIVFjbZuPOMcXiSl3ln4UPr6K5YH/lHssyy71X41HpCQwYajyF3wIxc4HNEc+oeUMj2vOf061Dg+/Rtw8jb+HpRvhAGco8g/fWxebQQV1UJnJxjyeaUAjfC6FAEwnA+T1mBIupWNmSAA8w4polabXLTJVhppV55AaIQyNdUxu/KmAcFVAIZeNWAccOqISLvGu04kQ3yF91vxRpnjWa3/Xg9gSMBT5hTskjaKaAdYh/qQrKfPdw2I6Uda5rCGfJxy2OxZdudkLKcyjyrhp+Nsih1Md+I6ivxPB30+D7m0v9incTkd7co3ZKTqu0lKLEEUsJmqr+kth6wtSZll6mBpLJQvFGyGnoMKv4N3qc3/ATg== X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(376002)(396003)(136003)(346002)(39860400002)(230922051799003)(186009)(82310400011)(451199024)(1800799012)(64100799003)(40470700004)(36840700001)(46966006)(6666004)(478600001)(2906002)(966005)(8936002)(8676002)(5660300002)(40480700001)(36756003)(6916009)(70206006)(4326008)(54906003)(40460700003)(316002)(70586007)(2616005)(336012)(83380400001)(47076005)(86362001)(26005)(36860700001)(41300700001)(356005)(7636003)(82740400003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Dec 2023 06:20:59.8975 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8ea92ce4-98ce-489c-7fba-08dc0511a9c1 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002BA4C.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4107 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Lin Ma BugLink: https://bugs.launchpad.net/bugs/2044427 When running xfrm_state_walk_init(), the xfrm_address_filter being used is okay to have a splen/dplen that equals to sizeof(xfrm_address_t)<<3. This commit replaces >= to > to make sure the boundary checking is correct. Fixes: 37bd22420f85 ("af_key: pfkey_dump needs parameter validation") Signed-off-by: Lin Ma Signed-off-by: Steffen Klassert (cherry picked from commit 75065a8929069bc93181848818e23f147a73f83a) Signed-off-by: Tony Duan --- net/key/af_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/key/af_key.c b/net/key/af_key.c index 7e45d7e..e62f1b9 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -1848,9 +1848,9 @@ static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_ms if (ext_hdrs[SADB_X_EXT_FILTER - 1]) { struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1]; - if ((xfilter->sadb_x_filter_splen >= + if ((xfilter->sadb_x_filter_splen > (sizeof(xfrm_address_t) << 3)) || - (xfilter->sadb_x_filter_dplen >= + (xfilter->sadb_x_filter_dplen > (sizeof(xfrm_address_t) << 3))) { mutex_unlock(&pfk->dump_lock); return -EINVAL; From patchwork Mon Dec 25 06:20:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tony Duan X-Patchwork-Id: 1880061 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz78b1dJnz20Rq for ; Mon, 25 Dec 2023 17:21:35 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rHeL6-0006t6-Vc; Mon, 25 Dec 2023 06:21:25 +0000 Received: from mail-bn8nam12on2076.outbound.protection.outlook.com ([40.107.237.76] helo=NAM12-BN8-obe.outbound.protection.outlook.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rHeKg-0006o7-BZ for kernel-team@lists.ubuntu.com; Mon, 25 Dec 2023 06:20:58 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IZ+lXnB/DzIEdtN6mJXQZBEHetCXSjzN8t9EfhsYIk5F9AcK2FHZrLfM0UWHabdj5v9HdjvIRtLEezjgMSu61IiLksPTgFv9uxiNDXTlqBqK4H1SpwmkKFKK8kuFrnkppYFlavl8s5D+9KaxeEy9KUshCo4xE1r8FI2OkJbxpfbqzIzX44vDjv94zsYAoQrJ7JEHPJyvRum2jApBiVhYeyJDJTWb3Zhup+SJZhoaOA2INT2V3bxhThPz6s8AFBdBOpEgcI8ajD15mBPdyV5n/OB/26ykndsfkOIrxPsN5+dwEpQZrOGhFVQmuAU2yoIiGkLluAEv4X/XEnrIcfsSOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wlX5ojZKkwTFJoAMS5cGMN8LFUg3jIdwdS8agRNJyxg=; b=HefYlU498l0tB9OiSkp0w7xFUKma4j9Yg0iw8CI0htHc/5lZ4ZFSchpumIefTaJ2csYgNh80XlmBbPXbDiHdLLhNXR7FbiuvEDnjWy3Kzv8PGthx9Wm08wT04mYLEaoOUg7szhzC59ZGzMExh3PXoP0X+t5gA3I1xkfEqIm0ZX9EX60YJ7EjZ6E9rbK91JkTsRS5XUaRrkAXVJhVPx4FX3+IlIdG6gqk/oW86QD07qLV8KXMS6qAhs2MKpT4J4ZfRHOO5LToKTR1ELe2hq+QYxFpjClD10wvs2L6eksnPkNjgpeXdo4iRH2mxBE/TRR583orX0x6FXfv/5EoOOBbYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) Received: from SJ2PR07CA0001.namprd07.prod.outlook.com (2603:10b6:a03:505::11) by IA0PR12MB7674.namprd12.prod.outlook.com (2603:10b6:208:434::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26; Mon, 25 Dec 2023 06:20:54 +0000 Received: from SJ5PEPF000001CF.namprd05.prod.outlook.com (2603:10b6:a03:505:cafe::eb) by SJ2PR07CA0001.outlook.office365.com (2603:10b6:a03:505::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26 via Frontend Transport; Mon, 25 Dec 2023 06:20:54 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by SJ5PEPF000001CF.mail.protection.outlook.com (10.167.242.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.14 via Frontend Transport; Mon, 25 Dec 2023 06:20:54 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:45 -0800 Received: from drhqmail202.nvidia.com (10.126.190.181) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:45 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend Transport; Sun, 24 Dec 2023 22:20:45 -0800 Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx [10.9.150.35]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 3BP6KW6H031863; Mon, 25 Dec 2023 08:20:42 +0200 From: Tony Duan To: Subject: [SRU][J:linux-bluefield][PATCH v1 5/9] net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure Date: Mon, 25 Dec 2023 00:20:27 -0600 Message-ID: <1703485231-27098-6-git-send-email-yifeid@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> References: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CF:EE_|IA0PR12MB7674:EE_ X-MS-Office365-Filtering-Correlation-Id: d1b34d3f-11a1-43cb-031a-08dc0511a648 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4ek8o14nCxUbuZk12AEYTyMeFDY3NlvzicugyQdm+TUJV7Gsyl+B5SYLO+TSjpJ9pWuh/NHYeataQpQdtXvmc+YgZ2ZfP5AblYJ7lfSCs9RfoZBLvuNxYBqL4ss6i34ISrwUrG1U/Z628i9EVejH9ETNG3h28SO2L7DxrzetrXALEg81bU2bko+xMTt6T8qDy4xMLtH8bOET6WiLLXAYLerDw9yBPgtkBji5AJXc0nWZCKHq7bNNjuF54InUM3vHNsUcXPoIVMRGX8nRDvCiMswASJGhn9LmYMFi0K+ppK6B3cz1eP5HUK7+id3gvKssiPK/ysraVk43igmtEjWxkRiLnMNEKhh+EQi3t1ozbzTKyq5SxGCk252qUiYxcfl6W+W3AoymTOwWSKyza4iTUztNo0ic3Nmy72VtLvs2nXr98ktI5ZPtUNTFxCQV80IMIO7hNiReDwxYftxOLbSxVpcJ8mB8jbHAzdF8+buJBXidXHpaINGE3O5loqUN+OUuSMRWnomH2VtnDlBtZyxhpvPRbi89LPCG2eGuvQVYTYfFdVYa8yP0KUBmC4jnX2UQ9L6NQrR7y9xoK7NqkB6hwXX/24PeTmx4idXet6ZXaGahHi4xhQG0Sv/yTcQ5ELnHSZ1x+DoLTkUkhOL7BGX3Fhhaxvvu8NGCmcx0Q38p+tZ3hdqXbMNuxeL8LJlSl7ojXFtnLwt381lgt6Kgp24rNBEpULhTBZsl5XPapEGyvGoq+bnXVSNpTSCAUGFBCLP0L4geQwbuyMLotKszxmjDYtdq/YkGs4SRs8SqzqPBQIY= X-Forefront-Antispam-Report: CIP:216.228.118.232; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge1.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(346002)(39860400002)(136003)(396003)(376002)(230922051799003)(1800799012)(64100799003)(186009)(451199024)(82310400011)(36840700001)(46966006)(40470700004)(47076005)(86362001)(26005)(83380400001)(336012)(7636003)(82740400003)(356005)(36860700001)(41300700001)(36756003)(40480700001)(5660300002)(478600001)(966005)(2906002)(6666004)(2616005)(8936002)(8676002)(6916009)(70206006)(70586007)(316002)(4326008)(40460700003)(54906003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Dec 2023 06:20:54.1931 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d1b34d3f-11a1-43cb-031a-08dc0511a648 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001CF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB7674 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Lin Ma BugLink: https://bugs.launchpad.net/bugs/2044427 According to all consumers code of attrs[XFRMA_SEC_CTX], like * verify_sec_ctx_len(), convert to xfrm_user_sec_ctx* * xfrm_state_construct(), call security_xfrm_state_alloc whose prototype is int security_xfrm_state_alloc(.., struct xfrm_user_sec_ctx *sec_ctx); * copy_from_user_sec_ctx(), convert to xfrm_user_sec_ctx * ... It seems that the expected parsing result for XFRMA_SEC_CTX should be structure xfrm_user_sec_ctx, and the current xfrm_sec_ctx is confusing and misleading (Luckily, they happen to have same size 8 bytes). This commit amend the policy structure to xfrm_user_sec_ctx to avoid ambiguity. Fixes: cf5cb79f6946 ("[XFRM] netlink: Establish an attribute policy") Signed-off-by: Lin Ma Signed-off-by: Steffen Klassert (cherry picked from commit d1e0e61d617ba17aa516db707aa871387566bbf7) Signed-off-by: Tony Duan --- net/xfrm/xfrm_compat.c | 2 +- net/xfrm/xfrm_user.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_compat.c b/net/xfrm/xfrm_compat.c index 8cbf45a..655fe4f 100644 --- a/net/xfrm/xfrm_compat.c +++ b/net/xfrm/xfrm_compat.c @@ -108,7 +108,7 @@ struct compat_xfrm_user_polexpire { [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, - [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, + [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_user_sec_ctx) }, [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index a591283..1eb2592 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -2864,7 +2864,7 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, - [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, + [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_user_sec_ctx) }, [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, From patchwork Mon Dec 25 06:20:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tony Duan X-Patchwork-Id: 1880068 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz79q2gG8z20Rq for ; Mon, 25 Dec 2023 17:22:39 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rHeMB-0007rJ-7u; Mon, 25 Dec 2023 06:22:31 +0000 Received: from mail-mw2nam10on2079.outbound.protection.outlook.com ([40.107.94.79] helo=NAM10-MW2-obe.outbound.protection.outlook.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rHeKu-0006qf-4B for kernel-team@lists.ubuntu.com; Mon, 25 Dec 2023 06:21:15 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i2NF6JQkMYU7Mx3Qp8Acuj/yUXMhqKWbcDMa4UwZD6E/zv/uf4eG1it6HCbTty6QpXgBMeT9QhxFZTMdIQmoeAukB2T80RGIJQvMDmFDzEkVPadHaKnhORelrRjukYGNeFGuRlpC4TycM1ALnVjLDs8sVJYWZKA4selghPx+dVKYI41bzy2PefPKgJZKd+7ms9DcTwDWBmK/jOPRokjjwpPk3h1kmHMGQtk76oZa+Sqzx2oduY2MhF9tuy/fjRLXu5ktsmiR46Fa6VdJ364Y1BAK4QDgfoCABi1G1EYhWWFIAEL/+gMlWaKOWymVnjdnmI5vx40fAdbBfSXrp0m7Vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EG0LTe7ldAs/L8u387f+Km3lbT1byOYRav/KWfZSZ3Y=; b=RUarD3MMzfcCeEnPkFnxY7yGQADKRGaHwXRfxsWV6eIpTuwn7IwkMvGc9N8Rnpb77NGrE9l35pFQO3T3IjuL1E1C6uC4Sg4CXEv+96Qd/v2sjL+ype4fwcGdTCv5syZpbXsqxH2LNbhNA4l5LCYK8J6RROSgPL7XExCWhUNqUG+vr0w56Cz2itNDi/T0HJWmAK8UdjMJGaERidn56iOWs6VnEC0PvOvmaKqaAmauy1gh6DE05Ns1mOOFh598sbgy3XY7121OOrdAePzthOChb+nonv3FFtAbMSkvBalshjnktXTzi0d04yMQB1Tixj3zEhYfxPKmneJho3mSyyvn+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) Received: from BL0PR02CA0064.namprd02.prod.outlook.com (2603:10b6:207:3d::41) by PH7PR12MB7260.namprd12.prod.outlook.com (2603:10b6:510:208::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26; Mon, 25 Dec 2023 06:21:04 +0000 Received: from BL6PEPF0001AB56.namprd02.prod.outlook.com (2603:10b6:207:3d:cafe::c9) by BL0PR02CA0064.outlook.office365.com (2603:10b6:207:3d::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26 via Frontend Transport; Mon, 25 Dec 2023 06:21:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by BL6PEPF0001AB56.mail.protection.outlook.com (10.167.241.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.14 via Frontend Transport; Mon, 25 Dec 2023 06:21:03 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:47 -0800 Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:47 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend Transport; Sun, 24 Dec 2023 22:20:46 -0800 Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx [10.9.150.35]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 3BP6KW6I031863; Mon, 25 Dec 2023 08:20:43 +0200 From: Tony Duan To: Subject: [SRU][J:linux-bluefield][PATCH v1 6/9] xfrm: Remove inner/outer modes from input path Date: Mon, 25 Dec 2023 00:20:28 -0600 Message-ID: <1703485231-27098-7-git-send-email-yifeid@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> References: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB56:EE_|PH7PR12MB7260:EE_ X-MS-Office365-Filtering-Correlation-Id: d79ca7c2-ee89-48a9-29ee-08dc0511ac31 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: leZmZNUrhOlsvJx/DbW17mS7hZrEivqfmVIFnZ44t7u2jtCAfm6DLwfYrBEGGoQosnlw+UtREniJxs47hZixkP1qNIGVdkt/E8JRVN6wGNtYP+tX5kX5VZFQN4N0h86+xIZP7GHA+xoFgVOROCqgTPBmX3Ac+h9vDSQzIYyNMxOCftPbipXHp6rtTEzpYhR54EnCm9ghynY75UrsIbAWs7t6aZBkqf1coym1RLVV3M6eZju3cytq7QiOQIhyY5xQAfEYmXn3jS6NjCLohzUWZrrcWUXpEI9wvKZOMBkD+Q2MsbIA+seWQl6THTTKRhZNFqzWMhs2cFXDB9lp9FIPy5RsLt3NllGutFKX5FjAdqMp7MN62A83lvkPEQ/goVYHuo0dX03CjKxXh87WbepAQP1L3hEyZ14LHbnKtO23JboqpchamJ2EaFPs58xlYU9X/eSDLmvWzCeDgmUFACw0HHTpLetnwb7k72uAZvDjx1Vuf3gfqLO4iWzQXa5bDZQ3dq/AYfr8zVJ8ny1XxUW6vUGCaUPBxnTLxDc/ZQtRpUoqgkzcLS5F9D5HlyhQ9HUrIsQK5cj/SbJTopRgmQOj0LGEHnjpVyzbGQOysfpO8MX3u16oGP5gImZwf5aXuNabjlJggvVQcIuK/5zwj043qLjZh1bxrkeNCfvYpJ950kthC/Xg5MffN/ZWWtMToNcfgbUfWDp9b2IwaiqUmjKXhNLWUfcIpnkwdatntNxuJm8Xfxd7b0DY3uPTrZfRE4KgztmGoo+rV++Tcew5XdJklDFGw50SURv0FxG0girkHdg= X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(82310400011)(64100799003)(1800799012)(186009)(451199024)(36840700001)(46966006)(40470700004)(40480700001)(40460700003)(26005)(4326008)(8676002)(8936002)(478600001)(5660300002)(70586007)(70206006)(2616005)(54906003)(6916009)(316002)(336012)(2906002)(6666004)(47076005)(36860700001)(41300700001)(966005)(356005)(83380400001)(7636003)(36756003)(86362001)(82740400003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Dec 2023 06:21:03.9222 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d79ca7c2-ee89-48a9-29ee-08dc0511ac31 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB56.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7260 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Herbert Xu BugLink: https://bugs.launchpad.net/bugs/2044427 The inner/outer modes were added to abstract out common code that were once duplicated between IPv4 and IPv6. As time went on the abstractions have been removed and we are now left with empty shells that only contain duplicate information. These can be removed one-by-one as the same information is already present elsewhere in the xfrm_state object. Removing them from the input path actually allows certain valid combinations that are currently disallowed. In particular, when a transport mode SA sits beneath a tunnel mode SA that changes address families, at present the transport mode SA cannot have AF_UNSPEC as its selector because it will be erroneously be treated as inter-family itself even though it simply sits beneath one. This is a serious problem because you can't set the selector to non-AF_UNSPEC either as that will cause the selector match to fail as we always match selectors to the inner-most traffic. Signed-off-by: Herbert Xu Signed-off-by: Steffen Klassert (cherry picked from commit 5f24f41e8ea62a6a9095f9bbafb8b3aebe265c68) Signed-off-by: Tony Duan --- net/xfrm/xfrm_input.c | 66 ++++++++++++++++++--------------------------------- 1 file changed, 23 insertions(+), 43 deletions(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index a686183..33c15fb2 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -231,9 +231,6 @@ static int xfrm4_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb) { int err = -EINVAL; - if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP) - goto out; - if (!pskb_may_pull(skb, sizeof(struct iphdr))) goto out; @@ -269,8 +266,6 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb) { int err = -EINVAL; - if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPV6) - goto out; if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) goto out; @@ -331,22 +326,26 @@ static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb) */ static int xfrm_inner_mode_encap_remove(struct xfrm_state *x, - const struct xfrm_mode *inner_mode, struct sk_buff *skb) { - switch (inner_mode->encap) { + switch (x->props.mode) { case XFRM_MODE_BEET: - if (inner_mode->family == AF_INET) + switch (XFRM_MODE_SKB_CB(skb)->protocol) { + case IPPROTO_IPIP: + case IPPROTO_BEETPH: return xfrm4_remove_beet_encap(x, skb); - if (inner_mode->family == AF_INET6) + case IPPROTO_IPV6: return xfrm6_remove_beet_encap(x, skb); + } break; case XFRM_MODE_TUNNEL: - if (inner_mode->family == AF_INET) + switch (XFRM_MODE_SKB_CB(skb)->protocol) { + case IPPROTO_IPIP: return xfrm4_remove_tunnel_encap(x, skb); - if (inner_mode->family == AF_INET6) + case IPPROTO_IPV6: return xfrm6_remove_tunnel_encap(x, skb); break; + } } WARN_ON_ONCE(1); @@ -355,9 +354,7 @@ static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb) static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) { - const struct xfrm_mode *inner_mode = &x->inner_mode; - - switch (x->outer_mode.family) { + switch (x->props.family) { case AF_INET: xfrm4_extract_header(skb); break; @@ -369,17 +366,12 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) return -EAFNOSUPPORT; } - if (x->sel.family == AF_UNSPEC) { - inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol); - if (!inner_mode) - return -EAFNOSUPPORT; - } - - switch (inner_mode->family) { - case AF_INET: + switch (XFRM_MODE_SKB_CB(skb)->protocol) { + case IPPROTO_IPIP: + case IPPROTO_BEETPH: skb->protocol = htons(ETH_P_IP); break; - case AF_INET6: + case IPPROTO_IPV6: skb->protocol = htons(ETH_P_IPV6); break; default: @@ -387,7 +379,7 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) break; } - return xfrm_inner_mode_encap_remove(x, inner_mode, skb); + return xfrm_inner_mode_encap_remove(x, skb); } /* Remove encapsulation header. @@ -433,17 +425,16 @@ static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb) } static int xfrm_inner_mode_input(struct xfrm_state *x, - const struct xfrm_mode *inner_mode, struct sk_buff *skb) { - switch (inner_mode->encap) { + switch (x->props.mode) { case XFRM_MODE_BEET: case XFRM_MODE_TUNNEL: return xfrm_prepare_input(x, skb); case XFRM_MODE_TRANSPORT: - if (inner_mode->family == AF_INET) + if (x->props.family == AF_INET) return xfrm4_transport_input(x, skb); - if (inner_mode->family == AF_INET6) + if (x->props.family == AF_INET6) return xfrm6_transport_input(x, skb); break; case XFRM_MODE_ROUTEOPTIMIZATION: @@ -461,7 +452,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) { const struct xfrm_state_afinfo *afinfo; struct net *net = dev_net(skb->dev); - const struct xfrm_mode *inner_mode; int err; __be32 seq; __be32 seq_hi; @@ -491,7 +481,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) goto drop; } - family = x->outer_mode.family; + family = x->props.family; /* An encap_type of -1 indicates async resumption. */ if (encap_type == -1) { @@ -675,17 +665,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) XFRM_MODE_SKB_CB(skb)->protocol = nexthdr; - inner_mode = &x->inner_mode; - - if (x->sel.family == AF_UNSPEC) { - inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol); - if (inner_mode == NULL) { - XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR); - goto drop; - } - } - - if (xfrm_inner_mode_input(x, inner_mode, skb)) { + if (xfrm_inner_mode_input(x, skb)) { XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR); goto drop; } @@ -700,7 +680,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) * transport mode so the outer address is identical. */ daddr = &x->id.daddr; - family = x->outer_mode.family; + family = x->props.family; err = xfrm_parse_spi(skb, nexthdr, &spi, &seq); if (err < 0) { @@ -730,7 +710,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) err = -EAFNOSUPPORT; rcu_read_lock(); - afinfo = xfrm_state_afinfo_get_rcu(x->inner_mode.family); + afinfo = xfrm_state_afinfo_get_rcu(x->props.family); if (likely(afinfo)) err = afinfo->transport_finish(skb, xfrm_gro || async); rcu_read_unlock(); From patchwork Mon Dec 25 06:20:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tony Duan X-Patchwork-Id: 1880065 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz79C10kLz23dC for ; Mon, 25 Dec 2023 17:22:07 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rHeLf-0007FN-0P; Mon, 25 Dec 2023 06:21:59 +0000 Received: from mail-bn8nam11on2041.outbound.protection.outlook.com ([40.107.236.41] helo=NAM11-BN8-obe.outbound.protection.outlook.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rHeKm-0006pe-6a for kernel-team@lists.ubuntu.com; Mon, 25 Dec 2023 06:21:05 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XOHTVQE/OAxfuzrJnHwuF1IvynpND0PlQyENC2N3cvwhYPK0U+VED//21krEkXPQGxND5qMl1lYjtsZwNbpP7p5jI2p3RfVp2H2NKvnk/Sn6i75YoLBIxgb0F1BtnF9OWJxJGg418FnRgP9243rfctFDXryuX92uHEPZ2gZ8Cenb0SvOx7VEb0meze5McM3h34td5A03JWFLnlu1+9oAIt7AmKMBYj86j9PuUMMCatJhn7s4JTbgEdUY1ktg8521LfNwDmn5ZNfM/3cIUInj88cPKbrnb6+UjGzLeJqPpyggD3rXtIX3xHu6LQ0EapKss7ZIjx8DROtpxyG475oRXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+No7uJsUW1N+cHRA9Nk4E7QwMoZOtgskn+68XYuDyok=; b=GYjy2JNGsClRCXEK3sWlPx8SSSMPXS7RC0B4aBxcs3K+iO8Wzmz085KDATJxqyWzM/yg7n62JFxyT6On9lUyBu7kdHyZft5Gzac3hQA6ilX3TPBw4g2EImT/6qdFxLyfMID7U8sDMSlL0hDoYvVdc6slZDBC7t37NopDBYgPHs09zyU/7GblcL4BsQ05DUmBFNGrfRGG8d3Cf/ZMhDVkbHHuxyfUIYz3uxZiQUSK5GE51MHNZbBdL1ma45iRRnaYqOckaAuhLoraAngZFYUN7E1aMwJM01CrCqTi1MznamcerSc/CCMDsvQPr0w938rgwkK2UZDxDx4Xx4/jog80GA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) Received: from SJ2PR07CA0009.namprd07.prod.outlook.com (2603:10b6:a03:505::6) by CH0PR12MB5203.namprd12.prod.outlook.com (2603:10b6:610:ba::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26; Mon, 25 Dec 2023 06:20:58 +0000 Received: from SJ5PEPF000001CF.namprd05.prod.outlook.com (2603:10b6:a03:505:cafe::7b) by SJ2PR07CA0009.outlook.office365.com (2603:10b6:a03:505::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26 via Frontend Transport; Mon, 25 Dec 2023 06:20:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by SJ5PEPF000001CF.mail.protection.outlook.com (10.167.242.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.14 via Frontend Transport; Mon, 25 Dec 2023 06:20:58 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:49 -0800 Received: from drhqmail203.nvidia.com (10.126.190.182) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:49 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend Transport; Sun, 24 Dec 2023 22:20:48 -0800 Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx [10.9.150.35]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 3BP6KW6J031863; Mon, 25 Dec 2023 08:20:45 +0200 From: Tony Duan To: Subject: [SRU][J:linux-bluefield][PATCH v1 7/9] xfrm: Silence warnings triggerable by bad packets Date: Mon, 25 Dec 2023 00:20:29 -0600 Message-ID: <1703485231-27098-8-git-send-email-yifeid@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> References: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001CF:EE_|CH0PR12MB5203:EE_ X-MS-Office365-Filtering-Correlation-Id: f6e23fa5-00c5-4f66-2067-08dc0511a8ce X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TJfJHMoAlxxDp9t01L+GGmMM/LIYN9KTdvLaxw4anYJTRyahvpqaHPu0Y4KjDDsRUXQ073sWkHGh64lEtiC4BAam/nqgwXq4eFTWLWqXjxw+bIFakxTmie4fdo2kYl4BEYf7LcTLc6jlZ6w6nOTnE8ioFlbknd1TOKVu6vovPyHiscyYoVIXcRxbfoQX4vwPOkiVG2WEmJX3gR22bsiA0v16MOeGQl7lnsoFVoEc4cD7isZy4PhXa1gqH37mJhB0Od3AjYR4L1jbLi3Rfd/x4p4F0dNQh2e5Ubwm0GVX84PSCX4L86mNbHk4+SuM2lBHwFHG5flF8QXOyjh1lrzxKEZ+ykNHRdj0RTHGCL6C+aeouiNaZiMr0EcWpRvF53KlLK8khyaSoqe2Iy/JaLNk08JyVgkoCaYyjwaNDzRip4aoiIFiZWA58kcn8l1wMzw3VWDEyY60RvACDAM/Uq7J7necFVK4eA03Wc2Kb7cw+C/lntEUEOZHew4CJShXXHxY/QBIvv6XaaCIWXgrGChvzMtAzfKzWll8c+y2j4dO6wfjJv5RPc3sK/mOdNQpBA+QnaXTj0L7qkgjME18oJfvVztPt4kNKI6eOd2hz2xsEtazlmyK+DYSUjOqa+1S0Zp7DQeTnmXJJLE+VcH/zGldh/CjlfrrjJFuXSxP+xJuZFdjnYsCzWSOTs7A5s4EDohi/gd9n/21VaKyuROvJEHtXIgeMR2n+KRWbZyPLZIBQbUVo/NCOE4oQ/NBbxHIpTvgefoS1uBE7EIlLAfIVjIeAbKypYXHmdLopjA2nLicoyvyEl+ZD51OZgxel47K5S5F7GAoK/w4bWOgxc5WYTk/Wg== X-Forefront-Antispam-Report: CIP:216.228.118.232; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge1.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(396003)(136003)(376002)(346002)(39860400002)(230922051799003)(230273577357003)(230173577357003)(451199024)(1800799012)(82310400011)(186009)(64100799003)(36840700001)(46966006)(40470700004)(478600001)(966005)(7636003)(70586007)(4326008)(6666004)(47076005)(82740400003)(2616005)(26005)(86362001)(8936002)(40480700001)(8676002)(316002)(54906003)(6916009)(70206006)(336012)(83380400001)(40460700003)(41300700001)(36756003)(2906002)(5660300002)(36860700001)(356005); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Dec 2023 06:20:58.4275 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f6e23fa5-00c5-4f66-2067-08dc0511a8ce X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001CF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB5203 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Herbert Xu BugLink: https://bugs.launchpad.net/bugs/2044427 After the elimination of inner modes, a couple of warnings that were previously unreachable can now be triggered by malformed inbound packets. Fix this by: 1. Moving the setting of skb->protocol into the decap functions. 2. Returning -EINVAL when unexpected protocol is seen. Reported-by: Maciej Żenczykowski Fixes: 5f24f41e8ea6 ("xfrm: Remove inner/outer modes from input path") Signed-off-by: Herbert Xu Reviewed-by: Maciej Żenczykowski Signed-off-by: Steffen Klassert (cherry picked from commit 57010b8ece2821a1fdfdba2197d14a022f3769db) Signed-off-by: Tony Duan --- net/xfrm/xfrm_input.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 33c15fb2..eda890d 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -179,6 +179,8 @@ static int xfrm4_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb) int optlen = 0; int err = -EINVAL; + skb->protocol = htons(ETH_P_IP); + if (unlikely(XFRM_MODE_SKB_CB(skb)->protocol == IPPROTO_BEETPH)) { struct ip_beet_phdr *ph; int phlen; @@ -231,6 +233,8 @@ static int xfrm4_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb) { int err = -EINVAL; + skb->protocol = htons(ETH_P_IP); + if (!pskb_may_pull(skb, sizeof(struct iphdr))) goto out; @@ -266,6 +270,8 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb) { int err = -EINVAL; + skb->protocol = htons(ETH_P_IPV6); + if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) goto out; @@ -295,6 +301,8 @@ static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb) int size = sizeof(struct ipv6hdr); int err; + skb->protocol = htons(ETH_P_IPV6); + err = skb_cow_head(skb, size + skb->mac_len); if (err) goto out; @@ -346,6 +354,7 @@ static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb) return xfrm6_remove_tunnel_encap(x, skb); break; } + return -EINVAL; } WARN_ON_ONCE(1); @@ -366,19 +375,6 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) return -EAFNOSUPPORT; } - switch (XFRM_MODE_SKB_CB(skb)->protocol) { - case IPPROTO_IPIP: - case IPPROTO_BEETPH: - skb->protocol = htons(ETH_P_IP); - break; - case IPPROTO_IPV6: - skb->protocol = htons(ETH_P_IPV6); - break; - default: - WARN_ON_ONCE(1); - break; - } - return xfrm_inner_mode_encap_remove(x, skb); } From patchwork Mon Dec 25 06:20:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tony Duan X-Patchwork-Id: 1880067 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz79M3ssRz23dC for ; Mon, 25 Dec 2023 17:22:15 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rHeLm-0007MO-Nx; Mon, 25 Dec 2023 06:22:06 +0000 Received: from mail-mw2nam12on2055.outbound.protection.outlook.com ([40.107.244.55] helo=NAM12-MW2-obe.outbound.protection.outlook.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rHeKs-0006qP-PM for kernel-team@lists.ubuntu.com; Mon, 25 Dec 2023 06:21:12 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BEx6fM0aeIvqD+JrHoVeSpPXXuFr1HvWxWcHua8MkuQCZ2F1WyxMLo7SGEYLbhH1w3lUHJDj46GV04rD9ohycVeelACwVmGOODpYTKIkXXFSh/isxLlxiYQ2Q4IgesQsU1pJpoBl0iIJ3ODiMTbzFCTykkR8f5RtT4LbjHCXUCxg+lZZZEUQB9gC4rh2xwXwHzaQKWSLi7BD9c9FnN0pGJLmNpNXrkVauAVKkCOLECttHV1SfBSD4gIMKJcHYyBpIjV0wYtkT9U9AVvA5TUu1zwbEvKTt2BBRkHqo+d0a96t2AtmLnVwhhNqOCmTfEKiZwJXyPgzrC318OOBI6FUxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/4NKlOHPe8g8eVOINgSSmpwAYvZ8U5YBi0eIKEzZawk=; b=fguN4zZlyU0VC1c80aYgFj1FflwaYjA0kdFRlp3r6qzOA/cI+n+DeWzCzRzbNVyoCmK7XvRNns14O0INChkTcAlISraGrJ1TS08DlFEoI9YH1hFkYY3z26qslO3wM73pROpDBtxj8bGGuN0vR//nnppckr3j/ecFyVJR7qBdkFfCXfeWEW+FMa0ibZmY3wLN5jpsRPNX0BxWWyR0NqzclL1zDBetKyirnkzlwAhr22qatDr095VOVeLIUGjiccuYgOgOC0lZyQBJOlZFaBY3ztMfMCs4Hb114RD/V8D6gse8VYlL2TO+Wrb3/06e7b7qdmRwoPt+f7x3w5QleY7B0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) Received: from BLAP220CA0023.NAMP220.PROD.OUTLOOK.COM (2603:10b6:208:32c::28) by DS0PR12MB7993.namprd12.prod.outlook.com (2603:10b6:8:14b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26; Mon, 25 Dec 2023 06:21:07 +0000 Received: from BL6PEPF0001AB59.namprd02.prod.outlook.com (2603:10b6:208:32c:cafe::40) by BLAP220CA0023.outlook.office365.com (2603:10b6:208:32c::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26 via Frontend Transport; Mon, 25 Dec 2023 06:21:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by BL6PEPF0001AB59.mail.protection.outlook.com (10.167.241.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.14 via Frontend Transport; Mon, 25 Dec 2023 06:21:06 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:51 -0800 Received: from rnnvmail205.nvidia.com (10.129.68.10) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:51 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend Transport; Sun, 24 Dec 2023 22:20:50 -0800 Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx [10.9.150.35]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 3BP6KW6K031863; Mon, 25 Dec 2023 08:20:47 +0200 From: Tony Duan To: Subject: [SRU][J:linux-bluefield][PATCH v1 8/9] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH Date: Mon, 25 Dec 2023 00:20:30 -0600 Message-ID: <1703485231-27098-9-git-send-email-yifeid@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> References: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB59:EE_|DS0PR12MB7993:EE_ X-MS-Office365-Filtering-Correlation-Id: c49dfc39-0ca5-4fdd-b99b-08dc0511ad94 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: isbFWkOznUNcqkN5Se0KKeG0YTiErGxBXOi5505838FmOSEvXIe5z2kltZaoNdo1ox8PG7uLLFY0yhwxhpeI3wEP11xhpq0Rl+wAuRxNY5Z0d2JwrpCkzWdi2HqEJjyN+20sNyXceN/YQi/BvVDaH70WHC2LP/8KjLY2ri4Xv6PIdT9LgH5Z0jBGGI0+JgLZIiZOV7rkv9fp3rLGqFER0MK6XzgkgqAc9YqEvoY+5qQytcC6WZ6XQsKFs8GdR/ekPGWkjYwRa3YnqkPIeWZd8k3+KRI4K8x4AbZHUbH/b+3gbV562Y/fminwl7gfBAuYhFNspn3ROp8FgychrHJHn64XZzD0TuOgsA4O1wYqB9PihYYU2cawL+j39y7knXd4xzpkoPEfEPHVwS2YrRbBVjz7ULTAenBmgJIZZHquG6boeFiy2VdNRFYplbS/6T0vXcw3rgoJB1PrC+MZ0i6X78eWeGk5DcilYFoTMu7KjqR1+SUftObuSyxhBBXkYt2CBozPWkaotQQ9urEF9j0UVUfKxCuwiKFOpeR7yBNkzzoOGdryLmgfBgNlzPRMR3YLweV2S59oXn+f3n+hOGCl5lLdY5l8nqczlg8jZr96rD1wRfmMYGBQvw2kqGliE9WP292g7RyDvMFk/T2YFVGiYW+OG3KNiw4lfsTiraqbzutt1nUAKJ76MjTfa7AriHrO10K4PPeKTX57vKhsYQsouyTvPC2LvRAuv1mWsPgNxGTnzSMNuKwpeT+2LIqLa3VgxATZBc2trTZUJJWuGZQQaZtqCZ8S/CYo+Ceg/NCR06A= X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(82310400011)(64100799003)(1800799012)(186009)(451199024)(36840700001)(46966006)(40470700004)(40480700001)(40460700003)(26005)(4326008)(8676002)(8936002)(478600001)(5660300002)(70586007)(70206006)(2616005)(54906003)(6916009)(316002)(336012)(2906002)(6666004)(47076005)(36860700001)(41300700001)(966005)(356005)(83380400001)(7636003)(36756003)(86362001)(82740400003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Dec 2023 06:21:06.2368 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c49dfc39-0ca5-4fdd-b99b-08dc0511ad94 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB59.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7993 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Lin Ma BugLink: https://bugs.launchpad.net/bugs/2044427 The previous commit 4e484b3e969b ("xfrm: rate limit SA mapping change message to user space") added one additional attribute named XFRMA_MTIMER_THRESH and described its type at compat_policy (net/xfrm/xfrm_compat.c). However, the author forgot to also describe the nla_policy at xfrma_policy (net/xfrm/xfrm_user.c). Hence, this suppose NLA_U32 (4 bytes) value can be faked as empty (0 bytes) by a malicious user, which leads to 4 bytes overflow read and heap information leak when parsing nlattrs. To exploit this, one malicious user can spray the SLUB objects and then leverage this 4 bytes OOB read to leak the heap data into x->mapping_maxage (see xfrm_update_ae_params(...)), and leak it to userspace via copy_to_user_state_extra(...). The above bug is assigned CVE-2023-3773. To fix it, this commit just completes the nla_policy description for XFRMA_MTIMER_THRESH, which enforces the length check and avoids such OOB read. Fixes: 4e484b3e969b ("xfrm: rate limit SA mapping change message to user space") Signed-off-by: Lin Ma Reviewed-by: Simon Horman Reviewed-by: Leon Romanovsky Signed-off-by: Steffen Klassert (cherry picked from commit 5e2424708da7207087934c5c75211e8584d553a0) Signed-off-by: Tony Duan --- net/xfrm/xfrm_user.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 1eb2592..b17dcc5 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -2884,6 +2884,7 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, [XFRMA_SET_MARK] = { .type = NLA_U32 }, [XFRMA_SET_MARK_MASK] = { .type = NLA_U32 }, [XFRMA_IF_ID] = { .type = NLA_U32 }, + [XFRMA_MTIMER_THRESH] = { .type = NLA_U32 }, }; EXPORT_SYMBOL_GPL(xfrma_policy); From patchwork Mon Dec 25 06:20:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tony Duan X-Patchwork-Id: 1880064 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz79732XTz20Rq for ; Mon, 25 Dec 2023 17:22:03 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rHeLZ-000788-G4; Mon, 25 Dec 2023 06:21:56 +0000 Received: from mail-mw2nam04on2085.outbound.protection.outlook.com ([40.107.101.85] helo=NAM04-MW2-obe.outbound.protection.outlook.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rHeKk-0006ou-JZ for kernel-team@lists.ubuntu.com; Mon, 25 Dec 2023 06:21:03 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M8p3Yu9GI9fFy3DeizW+QuZJykKAeJNJ1vXkUj+JPlq/SxzcQN8UJgeuglFQoo1aMBbGSBNhDL746hD9/5cJb5dwj2kSfC3kzYbuaJoGZPSrQ939r1yOsttupeGp4QIItLaCZj3jWXEuUn4b8I/eD+Yqjw/AoigA3HhMWpMdn1CcKM0a93hHqZZAD3EnB/7xxijbC4oGFuKtcazPIULH6FYEOnaill5Ft5Fizgs1EL41DAsB3DhUjRLWyKLQR3rqXy/S+UccS/wuvjzqJYpq3EB2NbmXjACH7vN4L7JiO5ZVbMczYvC9rJ2KsAAclo/hvXb/ny0FAzLB6CKSLOtMwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e0wbWYdCtUFomdgKh6OxkzwxpLMIXvrZAvmJhxoDl/E=; b=HgD0DIb7XMXhzXvGJVrrbb7JYl5aNOYBgEZduwbBf5MPMG7iPE/i1GJ7pUDT5oT1fBahOKV0S1pe0Rq32L6qrGiGGr40n+dEncrZ1BiO1iUoKLKWwTzRZ3Wp+jzaOi9fgNTsVqrxqZlWxWKBpBXpdTRIQ2td/8mfMt7TluogAr/uh6qt9xyJJBUczBj8tTKFCJRUA2dqSfWKnYJHJ7b//uFLzLChMn8tbN4Nwjotd43jG4rJSRXcwoBpUkMoENSQ+YYWxaQs90Qwyq5OKQ5EAqAJa6rj8BVermSuT2kmMVphSu5LnBBQIDUdaXVKsL+53Toy93IMPN049fl/EgDMtw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.233) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) Received: from DM6PR07CA0098.namprd07.prod.outlook.com (2603:10b6:5:337::31) by MN2PR12MB4486.namprd12.prod.outlook.com (2603:10b6:208:263::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26; Mon, 25 Dec 2023 06:20:58 +0000 Received: from DS1PEPF0001709B.namprd05.prod.outlook.com (2603:10b6:5:337:cafe::54) by DM6PR07CA0098.outlook.office365.com (2603:10b6:5:337::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.26 via Frontend Transport; Mon, 25 Dec 2023 06:20:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.233) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.233 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.233; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.233) by DS1PEPF0001709B.mail.protection.outlook.com (10.167.18.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.14 via Frontend Transport; Mon, 25 Dec 2023 06:20:57 +0000 Received: from drhqmail202.nvidia.com (10.126.190.181) by mail.nvidia.com (10.127.129.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:53 -0800 Received: from drhqmail203.nvidia.com (10.126.190.182) by drhqmail202.nvidia.com (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 24 Dec 2023 22:20:52 -0800 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend Transport; Sun, 24 Dec 2023 22:20:52 -0800 Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx [10.9.150.35]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 3BP6KW6L031863; Mon, 25 Dec 2023 08:20:49 +0200 From: Tony Duan To: Subject: [SRU][J:linux-bluefield][PATCH v1 9/9] net: xfrm: Fix xfrm_address_filter OOB read Date: Mon, 25 Dec 2023 00:20:31 -0600 Message-ID: <1703485231-27098-10-git-send-email-yifeid@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> References: <1703485231-27098-1-git-send-email-yifeid@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS1PEPF0001709B:EE_|MN2PR12MB4486:EE_ X-MS-Office365-Filtering-Correlation-Id: ed882fc4-517d-4351-4dca-08dc0511a873 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PLUzgLLoNqqhl1/GSqrJyQwd2wWHoLWyt+S8de4SkSzaioRyx5OUuzAESgkX+qJYTeFkhpcCrk9ogikhsnrpNg5tIs0rtsfdZmEGMw0OIa3qfzf7OMOpJeG45bkjff5LIjCbq6eN9zM4tKsP0xubF/oSxKTfTXpZNkyDQ9ZE8W/9EiE51ln9napRzdLKYZLJ0djR62UIXeC/QwX11bhBJ/zQkT16+olSB8Q19oeGsNBIBqAc4AIC7LOjCxUE1c+7UuwTRmF4KyBISxeb7RpYF4R8Y+fYFC/gG5YvAYn4JHVOkXsHiR8hzCmPwgVgVb0qWEu4WK6S8nn2ON3E19mOJPoY7Tpd/3bpr7bsNYKEpx76FEZ08DD8DIZbF311lXqb9t2pej53l2BHX0mFWXn0FJGV0wYgpdjGgu59s02XSRzQsk1oIQXenNCSICqgR9UKpu9+yeqNlV6tw0xlBYqkBmJWIOnmVPl4yoUk3A5xnz8FXjvv7WvJJGBhN/z2i8fQx7RU9rQqxjX/GJGPothVcYII+epOE914t4CjXtuWVcD/yRCKBE7jlxryNWFpk92OypsP7sRLA2C3L99qVJwMtkfgJTxel/aMcT0g+D3QKJBip3UI4POwNZFh7pgKMnj/WOGEjwMVkC1ej1kZoySnaId74kowi50RKLuVWjDx8TyHxnIJt5LBnrN6ryuA5BuFiYrJLMmo4eog5vU29wkH7Ot4rxoQkKDpP4vfbpmxcQfCocO4nuHrIcazq2tvDyZvFo4vKooMVVAKiZ+f3wxLlQ== X-Forefront-Antispam-Report: CIP:216.228.118.233; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge2.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(396003)(39860400002)(376002)(346002)(136003)(230922051799003)(451199024)(1800799012)(82310400011)(186009)(64100799003)(40470700004)(46966006)(36840700001)(47076005)(356005)(7636003)(84970400001)(36860700001)(41300700001)(86362001)(26005)(336012)(36756003)(2616005)(83380400001)(40480700001)(40460700003)(82740400003)(478600001)(316002)(6916009)(966005)(54906003)(70586007)(70206006)(6666004)(8676002)(8936002)(5660300002)(4326008)(2906002); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Dec 2023 06:20:57.7229 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ed882fc4-517d-4351-4dca-08dc0511a873 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.233]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DS1PEPF0001709B.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4486 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Lin Ma BugLink: https://bugs.launchpad.net/bugs/2044427 We found below OOB crash: [ 44.211730] ================================================================== [ 44.212045] BUG: KASAN: slab-out-of-bounds in memcmp+0x8b/0xb0 [ 44.212045] Read of size 8 at addr ffff88800870f320 by task poc.xfrm/97 [ 44.212045] [ 44.212045] CPU: 0 PID: 97 Comm: poc.xfrm Not tainted 6.4.0-rc7-00072-gdad9774deaf1-dirty #4 [ 44.212045] Call Trace: [ 44.212045] [ 44.212045] dump_stack_lvl+0x37/0x50 [ 44.212045] print_report+0xcc/0x620 [ 44.212045] ? __virt_addr_valid+0xf3/0x170 [ 44.212045] ? memcmp+0x8b/0xb0 [ 44.212045] kasan_report+0xb2/0xe0 [ 44.212045] ? memcmp+0x8b/0xb0 [ 44.212045] kasan_check_range+0x39/0x1c0 [ 44.212045] memcmp+0x8b/0xb0 [ 44.212045] xfrm_state_walk+0x21c/0x420 [ 44.212045] ? __pfx_dump_one_state+0x10/0x10 [ 44.212045] xfrm_dump_sa+0x1e2/0x290 [ 44.212045] ? __pfx_xfrm_dump_sa+0x10/0x10 [ 44.212045] ? __kernel_text_address+0xd/0x40 [ 44.212045] ? kasan_unpoison+0x27/0x60 [ 44.212045] ? mutex_lock+0x60/0xe0 [ 44.212045] ? __pfx_mutex_lock+0x10/0x10 [ 44.212045] ? kasan_save_stack+0x22/0x50 [ 44.212045] netlink_dump+0x322/0x6c0 [ 44.212045] ? __pfx_netlink_dump+0x10/0x10 [ 44.212045] ? mutex_unlock+0x7f/0xd0 [ 44.212045] ? __pfx_mutex_unlock+0x10/0x10 [ 44.212045] __netlink_dump_start+0x353/0x430 [ 44.212045] xfrm_user_rcv_msg+0x3a4/0x410 [ 44.212045] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 44.212045] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 44.212045] ? __pfx_xfrm_dump_sa+0x10/0x10 [ 44.212045] ? __pfx_xfrm_dump_sa_done+0x10/0x10 [ 44.212045] ? __stack_depot_save+0x382/0x4e0 [ 44.212045] ? filter_irq_stacks+0x1c/0x70 [ 44.212045] ? kasan_save_stack+0x32/0x50 [ 44.212045] ? kasan_save_stack+0x22/0x50 [ 44.212045] ? kasan_set_track+0x25/0x30 [ 44.212045] ? __kasan_slab_alloc+0x59/0x70 [ 44.212045] ? kmem_cache_alloc_node+0xf7/0x260 [ 44.212045] ? kmalloc_reserve+0xab/0x120 [ 44.212045] ? __alloc_skb+0xcf/0x210 [ 44.212045] ? netlink_sendmsg+0x509/0x700 [ 44.212045] ? sock_sendmsg+0xde/0xe0 [ 44.212045] ? __sys_sendto+0x18d/0x230 [ 44.212045] ? __x64_sys_sendto+0x71/0x90 [ 44.212045] ? do_syscall_64+0x3f/0x90 [ 44.212045] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 44.212045] ? netlink_sendmsg+0x509/0x700 [ 44.212045] ? sock_sendmsg+0xde/0xe0 [ 44.212045] ? __sys_sendto+0x18d/0x230 [ 44.212045] ? __x64_sys_sendto+0x71/0x90 [ 44.212045] ? do_syscall_64+0x3f/0x90 [ 44.212045] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 44.212045] ? kasan_save_stack+0x22/0x50 [ 44.212045] ? kasan_set_track+0x25/0x30 [ 44.212045] ? kasan_save_free_info+0x2e/0x50 [ 44.212045] ? __kasan_slab_free+0x10a/0x190 [ 44.212045] ? kmem_cache_free+0x9c/0x340 [ 44.212045] ? netlink_recvmsg+0x23c/0x660 [ 44.212045] ? sock_recvmsg+0xeb/0xf0 [ 44.212045] ? __sys_recvfrom+0x13c/0x1f0 [ 44.212045] ? __x64_sys_recvfrom+0x71/0x90 [ 44.212045] ? do_syscall_64+0x3f/0x90 [ 44.212045] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 44.212045] ? copyout+0x3e/0x50 [ 44.212045] netlink_rcv_skb+0xd6/0x210 [ 44.212045] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 44.212045] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 44.212045] ? __pfx_sock_has_perm+0x10/0x10 [ 44.212045] ? mutex_lock+0x8d/0xe0 [ 44.212045] ? __pfx_mutex_lock+0x10/0x10 [ 44.212045] xfrm_netlink_rcv+0x44/0x50 [ 44.212045] netlink_unicast+0x36f/0x4c0 [ 44.212045] ? __pfx_netlink_unicast+0x10/0x10 [ 44.212045] ? netlink_recvmsg+0x500/0x660 [ 44.212045] netlink_sendmsg+0x3b7/0x700 [ 44.212045] ? __pfx_netlink_sendmsg+0x10/0x10 [ 44.212045] ? __pfx_netlink_sendmsg+0x10/0x10 [ 44.212045] sock_sendmsg+0xde/0xe0 [ 44.212045] __sys_sendto+0x18d/0x230 [ 44.212045] ? __pfx___sys_sendto+0x10/0x10 [ 44.212045] ? rcu_core+0x44a/0xe10 [ 44.212045] ? __rseq_handle_notify_resume+0x45b/0x740 [ 44.212045] ? _raw_spin_lock_irq+0x81/0xe0 [ 44.212045] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 44.212045] ? __pfx_restore_fpregs_from_fpstate+0x10/0x10 [ 44.212045] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 44.212045] ? __pfx_task_work_run+0x10/0x10 [ 44.212045] __x64_sys_sendto+0x71/0x90 [ 44.212045] do_syscall_64+0x3f/0x90 [ 44.212045] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 44.212045] RIP: 0033:0x44b7da [ 44.212045] RSP: 002b:00007ffdc8838548 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 44.212045] RAX: ffffffffffffffda RBX: 00007ffdc8839978 RCX: 000000000044b7da [ 44.212045] RDX: 0000000000000038 RSI: 00007ffdc8838770 RDI: 0000000000000003 [ 44.212045] RBP: 00007ffdc88385b0 R08: 00007ffdc883858c R09: 000000000000000c [ 44.212045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 44.212045] R13: 00007ffdc8839968 R14: 00000000004c37d0 R15: 0000000000000001 [ 44.212045] [ 44.212045] [ 44.212045] Allocated by task 97: [ 44.212045] kasan_save_stack+0x22/0x50 [ 44.212045] kasan_set_track+0x25/0x30 [ 44.212045] __kasan_kmalloc+0x7f/0x90 [ 44.212045] __kmalloc_node_track_caller+0x5b/0x140 [ 44.212045] kmemdup+0x21/0x50 [ 44.212045] xfrm_dump_sa+0x17d/0x290 [ 44.212045] netlink_dump+0x322/0x6c0 [ 44.212045] __netlink_dump_start+0x353/0x430 [ 44.212045] xfrm_user_rcv_msg+0x3a4/0x410 [ 44.212045] netlink_rcv_skb+0xd6/0x210 [ 44.212045] xfrm_netlink_rcv+0x44/0x50 [ 44.212045] netlink_unicast+0x36f/0x4c0 [ 44.212045] netlink_sendmsg+0x3b7/0x700 [ 44.212045] sock_sendmsg+0xde/0xe0 [ 44.212045] __sys_sendto+0x18d/0x230 [ 44.212045] __x64_sys_sendto+0x71/0x90 [ 44.212045] do_syscall_64+0x3f/0x90 [ 44.212045] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 44.212045] [ 44.212045] The buggy address belongs to the object at ffff88800870f300 [ 44.212045] which belongs to the cache kmalloc-64 of size 64 [ 44.212045] The buggy address is located 32 bytes inside of [ 44.212045] allocated 36-byte region [ffff88800870f300, ffff88800870f324) [ 44.212045] [ 44.212045] The buggy address belongs to the physical page: [ 44.212045] page:00000000e4de16ee refcount:1 mapcount:0 mapping:000000000 ... [ 44.212045] flags: 0x100000000000200(slab|node=0|zone=1) [ 44.212045] page_type: 0xffffffff() [ 44.212045] raw: 0100000000000200 ffff888004c41640 dead000000000122 0000000000000000 [ 44.212045] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 44.212045] page dumped because: kasan: bad access detected [ 44.212045] [ 44.212045] Memory state around the buggy address: [ 44.212045] ffff88800870f200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.212045] ffff88800870f280: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 44.212045] >ffff88800870f300: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc [ 44.212045] ^ [ 44.212045] ffff88800870f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.212045] ffff88800870f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.212045] ================================================================== By investigating the code, we find the root cause of this OOB is the lack of checks in xfrm_dump_sa(). The buggy code allows a malicious user to pass arbitrary value of filter->splen/dplen. Hence, with crafted xfrm states, the attacker can achieve 8 bytes heap OOB read, which causes info leak. if (attrs[XFRMA_ADDRESS_FILTER]) { filter = kmemdup(nla_data(attrs[XFRMA_ADDRESS_FILTER]), sizeof(*filter), GFP_KERNEL); if (filter == NULL) return -ENOMEM; // NO MORE CHECKS HERE !!! } This patch fixes the OOB by adding necessary boundary checks, just like the code in pfkey_dump() function. Fixes: d3623099d350 ("ipsec: add support of limited SA dump") Signed-off-by: Lin Ma Signed-off-by: Steffen Klassert (cherry picked from commit dfa73c17d55b921e1d4e154976de35317e43a93a) Signed-off-by: Tony Duan --- net/xfrm/xfrm_user.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index b17dcc5..f0b07cb 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1167,6 +1167,15 @@ static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) sizeof(*filter), GFP_KERNEL); if (filter == NULL) return -ENOMEM; + + /* see addr_match(), (prefix length >> 5) << 2 + * will be used to compare xfrm_address_t + */ + if (filter->splen > (sizeof(xfrm_address_t) << 3) || + filter->dplen > (sizeof(xfrm_address_t) << 3)) { + kfree(filter); + return -EINVAL; + } } if (attrs[XFRMA_PROTO])