{"id":2237919,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2237919/?format=json","web_url":"http://patchwork.ozlabs.org/project/ltp/patch/20260513-fragnesia-v2-1-07a822c66cbd@suse.com/","project":{"id":59,"url":"http://patchwork.ozlabs.org/api/1.1/projects/59/?format=json","name":"Linux Test Project development","link_name":"ltp","list_id":"ltp.lists.linux.it","list_email":"ltp@lists.linux.it","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260513-fragnesia-v2-1-07a822c66cbd@suse.com>","date":"2026-05-13T15:35:03","name":"[v2] sockets/xfrm02: Add ESP-in-TCP page cache corruption test","commit_ref":null,"pull_url":null,"state":"needs-review-ack","archived":false,"hash":"7fd8c756b2e1512c83429c56a7564b3fa237c805","submitter":{"id":83220,"url":"http://patchwork.ozlabs.org/api/1.1/people/83220/?format=json","name":"Andrea Cervesato","email":"andrea.cervesato@suse.de"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ltp/patch/20260513-fragnesia-v2-1-07a822c66cbd@suse.com/mbox/","series":[{"id":504180,"url":"http://patchwork.ozlabs.org/api/1.1/series/504180/?format=json","web_url":"http://patchwork.ozlabs.org/project/ltp/list/?series=504180","date":"2026-05-13T15:35:03","name":"[v2] sockets/xfrm02: Add ESP-in-TCP page cache corruption test","version":2,"mbox":"http://patchwork.ozlabs.org/series/504180/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2237919/comments/","check":"warning","checks":"http://patchwork.ozlabs.org/api/patches/2237919/checks/","tags":{},"headers":{"Return-Path":"<ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>","X-Original-To":["incoming@patchwork.ozlabs.org","ltp@lists.linux.it"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","ltp@picard.linux.it"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=lwemopZj;\n\tdkim=fail reason=\"signature verification failed\" header.d=suse.de\n header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519\n header.b=vPRLt6xn;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key)\n header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa\n header.b=kbJPoDd6;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=vPRLt6xn;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it\n (client-ip=213.254.12.146; helo=picard.linux.it;\n envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;\n receiver=patchwork.ozlabs.org)","smtp-out1.suse.de;\n\tnone"],"Received":["from picard.linux.it (picard.linux.it [213.254.12.146])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gFyFt68bjz1y5L\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 14 May 2026 01:35:14 +1000 (AEST)","from picard.linux.it (localhost [IPv6:::1])\n\tby picard.linux.it (Postfix) with ESMTP id A84F13E5B39\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 13 May 2026 17:35:12 +0200 (CEST)","from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [217.194.8.5])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature ECDSA (secp384r1))\n (No client certificate requested)\n by picard.linux.it (Postfix) with ESMTPS id 0C1163CFC0E\n for <ltp@lists.linux.it>; Wed, 13 May 2026 17:35:06 +0200 (CEST)","from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by in-5.smtp.seeweb.it (Postfix) with ESMTPS id C5E486002C8\n for <ltp@lists.linux.it>; Wed, 13 May 2026 17:35:05 +0200 (CEST)","from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-out1.suse.de (Postfix) with ESMTPS id F30515D5AB;\n Wed, 13 May 2026 15:35:04 +0000 (UTC)","from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n (No client certificate requested)\n by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id CFF38593A9;\n Wed, 13 May 2026 15:35:04 +0000 (UTC)","from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n by imap1.dmz-prg2.suse.org with ESMTPSA id w5BxMCiaBGq3XgAAD6G6ig\n (envelope-from <andrea.cervesato@suse.de>); Wed, 13 May 2026 15:35:04 +0000"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1778686505;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=IjavFgUjnOuQd4XP0jvVr0kHeBtouePJgNcX8AsSA68=;\n b=lwemopZjLOn7s5lnF1zWl96qz+DeFwwM236uD52F2MvVhuswlvf35+QTqKQcSprO2delGo\n 9TSWiXvk9Qb2JUJ5hp2Xp2AsITgBWIqdquoYPc3Pqi8+6NJF+HOEi+4q08HBEZrWD39OHD\n w+KIZT1rL/nl+H+zHDwCUglrLH6WE4w=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1778686505;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=IjavFgUjnOuQd4XP0jvVr0kHeBtouePJgNcX8AsSA68=;\n b=vPRLt6xnRJZY/Q1fupSF3D89noOlzpZP1399W9V5yMRI/Lq8uiocluesL35uV7HI1u0z+C\n IO0NwdvyWBbrEVDw==","v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1778686504;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=IjavFgUjnOuQd4XP0jvVr0kHeBtouePJgNcX8AsSA68=;\n b=kbJPoDd6WhRmSfrDVhfOAHiw1EE0QqhSiyH5S7bI/in7EkXAURPcEZahaD5JSRtoelRD+1\n HBhw6cKwFAXr0fA2/sTyIgHDKw2J9LPDDDEeE+AA7gV4sEB4jWD+LMANLOJOHHfmFb01vZ\n XSTPubTGnwBJ1Y8MVfikB7BryiCegow=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1778686505;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=IjavFgUjnOuQd4XP0jvVr0kHeBtouePJgNcX8AsSA68=;\n b=vPRLt6xnRJZY/Q1fupSF3D89noOlzpZP1399W9V5yMRI/Lq8uiocluesL35uV7HI1u0z+C\n IO0NwdvyWBbrEVDw=="],"From":"Andrea Cervesato <andrea.cervesato@suse.de>","Date":"Wed, 13 May 2026 17:35:03 +0200","MIME-Version":"1.0","Message-Id":"<20260513-fragnesia-v2-1-07a822c66cbd@suse.com>","X-B4-Tracking":"v=1; b=H4sIACeaBGoC/23MQQ7CIBCF4as0sxYDNBjqynuYLoAO7SykhqlE0\n 3B3sWuX/8vLtwNjJmS4djtkLMS0phb61EFYXJpR0NQatNQXaVQvYnZzQiYnBmPtZI3xGCK0/zN\n jpPdh3cfWC/G25s9BF/Vb/ylFCSWsDMb3Xg5Smhu/GM9hfcBYa/0Cz6UwK6EAAAA=","X-Change-ID":"20260513-fragnesia-9588d855becf","To":"Linux Test Project <ltp@lists.linux.it>","X-Mailer":"b4 0.14.2","X-Developer-Signature":"v=1; a=ed25519-sha256; t=1778686504; l=8402;\n i=andrea.cervesato@suse.com; s=20251210; h=from:subject:message-id;\n bh=LYUasJliNPNxfsmyx7nnftCePhBDAAFakS9CDRLR/1I=;\n b=VmLT18VwhxI+f5yMCr1oE5BpiuuaoEWsTRA3jYlYOg1N3ofj0FT+IMnU30lB+eBH5+krpTRHp\n glYpvtMXSTRCvyx18+z5VXRpDiRsdLB7y6ZtmvrnOhvoSp1rmz2Iksi","X-Developer-Key":"i=andrea.cervesato@suse.com; a=ed25519;\n pk=zKY+6GCauOiuHNZ//d8PQ/UL4jFCTKbXrzXAOQSLevI=","X-Spam-Score":"-4.30","X-Spamd-Result":"default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%];\n NEURAL_HAM_LONG(-1.00)[-1.000];\n NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain];\n FUZZY_RATELIMITED(0.00)[rspamd.com];\n RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[];\n RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];\n DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n TO_DN_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+];\n FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];\n RCVD_COUNT_TWO(0.00)[2];\n DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:email, suse.com:mid,\n imap1.dmz-prg2.suse.org:helo]","X-Spam-Level":"","X-Spam-Status":"No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID,\n DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no\n autolearn=disabled version=4.0.1","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on in-5.smtp.seeweb.it","X-Virus-Scanned":"clamav-milter 1.0.9 at in-5.smtp.seeweb.it","X-Virus-Status":"Clean","Subject":"[LTP] [PATCH v2] sockets/xfrm02: Add ESP-in-TCP page cache\n corruption test","X-BeenThere":"ltp@lists.linux.it","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"Linux Test Project <ltp.lists.linux.it>","List-Unsubscribe":"<https://lists.linux.it/options/ltp>,\n <mailto:ltp-request@lists.linux.it?subject=unsubscribe>","List-Archive":"<http://lists.linux.it/pipermail/ltp/>","List-Post":"<mailto:ltp@lists.linux.it>","List-Help":"<mailto:ltp-request@lists.linux.it?subject=help>","List-Subscribe":"<https://lists.linux.it/listinfo/ltp>,\n <mailto:ltp-request@lists.linux.it?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it","Sender":"\"ltp\" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>"},"content":"From: Andrea Cervesato <andrea.cervesato@suse.com>\n\nVerify that ESP-in-TCP (espintcp) does not corrupt the page cache when\nfile data is spliced into a TCP socket. When MSG_SPLICE_PAGES references\npage cache pages directly in the skb and the receiving socket has\nespintcp ULP enabled, the kernel's ESP handler may decrypt the payload\nin-place on those pages, corrupting the cached file contents.\n\nThe test sets up an ESP-in-TCP xfrm state on IPv6 loopback, writes\nknown data to a file, creates a TCP connection where the receiver\nenables espintcp ULP, splices the file data into the TCP socket as\npart of a crafted ESP-in-TCP frame, and then verifies whether the\npage cache was corrupted.\n\nReproducer based on:\nhttps://github.com/v12-security/pocs/tree/main/fragnesia\n\nSigned-off-by: Andrea Cervesato <andrea.cervesato@suse.com>\n---\nChanges in v2:\n- use tst_cmd()\n- evict pages before sending prefix\n- remove checkpoints\n- add usleep() to trigger the bug\n- use tst_reap_children()\n- Link to v1: https://lore.kernel.org/r/20260513-fragnesia-v1-1-80c5b3b09005@suse.com\n---\n runtest/cve                          |   1 +\n testcases/network/sockets/.gitignore |   1 +\n testcases/network/sockets/xfrm02.c   | 227 +++++++++++++++++++++++++++++++++++\n 3 files changed, 229 insertions(+)\n\n\n---\nbase-commit: e1fc50957c98ae4c27064756e063de0e7136cde3\nchange-id: 20260513-fragnesia-9588d855becf\n\nBest regards,","diff":"diff --git a/runtest/cve b/runtest/cve\nindex 530f8751ed3a8e8aa7e9110d89d577df3e8cc6ce..5fe83ec2d1803a5c0f6b4eba05fcf00cc80c8809 100644\n--- a/runtest/cve\n+++ b/runtest/cve\n@@ -95,3 +95,4 @@ cve-2025-38236 cve-2025-38236\n cve-2025-21756 cve-2025-21756\n cve-2026-31431 af_alg08\n cve-2026-43284 xfrm01\n+cve-2026-fragnesia xfrm02\ndiff --git a/testcases/network/sockets/.gitignore b/testcases/network/sockets/.gitignore\nindex 6f3c0ad84c000f0214f371c6a601afb592b15faa..35bc0462b676b041d9a5b52a37fded973d0157a9 100644\n--- a/testcases/network/sockets/.gitignore\n+++ b/testcases/network/sockets/.gitignore\n@@ -1 +1,2 @@\n /xfrm01\n+/xfrm02\ndiff --git a/testcases/network/sockets/xfrm02.c b/testcases/network/sockets/xfrm02.c\nnew file mode 100644\nindex 0000000000000000000000000000000000000000..d7fe70e3d242227c374b5c9b876c8efeeb0e1f5d\n--- /dev/null\n+++ b/testcases/network/sockets/xfrm02.c\n@@ -0,0 +1,227 @@\n+// SPDX-License-Identifier: GPL-2.0-or-later\n+/*\n+ * Copyright (C) 2026 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>\n+ */\n+\n+/*\\\n+ * Verify that ESP-in-TCP (espintcp) does not corrupt the page cache\n+ * when file data is spliced into a TCP socket.\n+ *\n+ * When file data is spliced into a TCP socket, the kernel uses\n+ * MSG_SPLICE_PAGES to reference page cache pages directly in the skb.\n+ * If the receiving socket has TCP_ULP \"espintcp\" enabled and a matching\n+ * xfrm SA exists, the kernel's ESP handler decrypts the payload\n+ * in-place on those page cache pages, corrupting the cached file\n+ * contents.\n+ *\n+ * The test sets up an ESP-in-TCP xfrm state on IPv6 loopback, writes\n+ * known data to a file, creates a TCP connection where the receiver\n+ * enables espintcp ULP, splices the file data into the TCP socket as\n+ * part of a crafted ESP-in-TCP frame, and then verifies whether the\n+ * page cache was corrupted.\n+ *\n+ * Reproducer based on:\n+ * https://github.com/v12-security/pocs/tree/main/fragnesia\n+ */\n+\n+#define _GNU_SOURCE\n+\n+#include \"tst_test.h\"\n+#include \"tst_net.h\"\n+#include \"tst_netdevice.h\"\n+#include \"lapi/tcp.h\"\n+#include \"lapi/splice.h\"\n+\n+#define TESTFILE \"pagecache_test\"\n+#define DATA_SIZE 4096\n+\n+#define SPI 0x100\n+#define TCP_PORT 5556\n+#define IV_LEN 8\n+#define ESP_HDR_SIZE 16\n+#define AES_KEYLEN 16\n+#define SALT_LEN 4\n+#define KEYTOTAL (AES_KEYLEN + SALT_LEN)\n+\n+/* ESP-in-TCP frame prefix: 2-byte length + ESP header */\n+#define PREFIX_SIZE (2 + ESP_HDR_SIZE)\n+\n+static const uint8_t aead_key[KEYTOTAL] = {\n+\t0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,\n+\t0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,\n+\t0x01, 0x02, 0x03, 0x04\n+};\n+\n+static uint8_t original[DATA_SIZE];\n+static int file_fd = -1;\n+static int srv_fd = -1;\n+\n+static void setup(void)\n+{\n+\tchar keyhex[KEYTOTAL * 2 + 3];\n+\tchar spihex[16];\n+\tchar port_str[8];\n+\tint i, ret;\n+\n+\ttst_setup_netns();\n+\tNETDEV_SET_STATE(\"lo\", 1);\n+\n+\tkeyhex[0] = '0';\n+\tkeyhex[1] = 'x';\n+\tfor (i = 0; i < KEYTOTAL; i++)\n+\t\tsprintf(keyhex + 2 + i * 2, \"%02x\", aead_key[i]);\n+\n+\tsnprintf(spihex, sizeof(spihex), \"0x%08x\", SPI);\n+\tsnprintf(port_str, sizeof(port_str), \"%d\", TCP_PORT);\n+\n+\tconst char *const xfrm_cmd[] = {\n+\t\t\"ip\", \"xfrm\", \"state\", \"add\",\n+\t\t\"src\", \"::1\", \"dst\", \"::1\",\n+\t\t\"proto\", \"esp\", \"spi\", spihex,\n+\t\t\"encap\", \"espintcp\", port_str, port_str, \"::\",\n+\t\t\"aead\", \"rfc4106(gcm(aes))\", keyhex, \"128\",\n+\t\t\"mode\", \"transport\",\n+\t\tNULL\n+\t};\n+\n+\tret = tst_cmd(xfrm_cmd, NULL, NULL, TST_CMD_PASS_RETVAL);\n+\tif (ret)\n+\t\ttst_brk(TBROK, \"Failed to install xfrm ESP-in-TCP state\");\n+\n+\tfor (i = 0; i < DATA_SIZE; i++)\n+\t\toriginal[i] = (uint8_t)(i & 0xff);\n+}\n+\n+static void try_corrupt(void)\n+{\n+\tstruct sockaddr_in6 addr = {\n+\t\t.sin6_family = AF_INET6,\n+\t\t.sin6_addr = IN6ADDR_LOOPBACK_INIT,\n+\t\t.sin6_port = htons(TCP_PORT),\n+\t};\n+\tuint8_t prefix[PREFIX_SIZE];\n+\tuint16_t frame_len;\n+\tuint32_t spi_net, seq_net;\n+\tchar ulp[] = \"espintcp\";\n+\tint acc_fd;\n+\tloff_t off;\n+\n+\tframe_len = htons(PREFIX_SIZE + DATA_SIZE);\n+\tmemcpy(prefix, &frame_len, 2);\n+\n+\tspi_net = htonl(SPI);\n+\tmemcpy(prefix + 2, &spi_net, 4);\n+\n+\tseq_net = htonl(1);\n+\tmemcpy(prefix + 6, &seq_net, 4);\n+\n+\tmemset(prefix + 10, 0xcc, IV_LEN);\n+\n+\tsrv_fd = SAFE_SOCKET(AF_INET6, SOCK_STREAM, 0);\n+\tSAFE_SETSOCKOPT_INT(srv_fd, SOL_SOCKET, SO_REUSEADDR, 1);\n+\tSAFE_BIND(srv_fd, (struct sockaddr *)&addr, sizeof(addr));\n+\tSAFE_LISTEN(srv_fd, 1);\n+\n+\tif (!SAFE_FORK()) {\n+\t\tint cli_fd, pipefd[2];\n+\n+\t\tSAFE_CLOSE(srv_fd);\n+\n+\t\tcli_fd = SAFE_SOCKET(AF_INET6, SOCK_STREAM, 0);\n+\t\tSAFE_SETSOCKOPT_INT(cli_fd, IPPROTO_TCP, TCP_NODELAY, 1);\n+\t\tSAFE_CONNECT(cli_fd, (struct sockaddr *)&addr, sizeof(addr));\n+\n+\t\tSAFE_POSIX_FADVISE(cli_fd, 0, 0, POSIX_FADV_DONTNEED);\n+\n+\t\tSAFE_SEND(1, cli_fd, prefix, sizeof(prefix), 0);\n+\t\tSAFE_PIPE(pipefd);\n+\n+\t\toff = 0;\n+\t\tSAFE_SPLICE(file_fd, &off, pipefd[1], NULL, DATA_SIZE, 0);\n+\n+\t\t/*\n+\t\t * Splice pipe into TCP socket. The kernel uses\n+\t\t * MSG_SPLICE_PAGES to keep page cache references in\n+\t\t * the skb. On loopback the receiver's ESP handler may\n+\t\t * decrypt in-place, corrupting the page cache. May\n+\t\t * fail on patched kernels.\n+\t\t */\n+\t\tsplice(pipefd[0], NULL, cli_fd, NULL, DATA_SIZE, 0);\n+\n+\t\tSAFE_CLOSE(pipefd[0]);\n+\t\tSAFE_CLOSE(pipefd[1]);\n+\t\tSAFE_CLOSE(cli_fd);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\n+\tacc_fd = SAFE_ACCEPT(srv_fd, NULL, NULL);\n+\tSAFE_CLOSE(srv_fd);\n+\n+\tSAFE_SETSOCKOPT(acc_fd, IPPROTO_TCP, TCP_ULP, ulp, sizeof(ulp));\n+\n+\t/* Let the espintcp strparser process buffered ESP data */\n+\tusleep(30000);\n+\n+\tSAFE_CLOSE(acc_fd);\n+}\n+\n+static void run(void)\n+{\n+\tuint8_t readback[DATA_SIZE];\n+\n+\tfile_fd = SAFE_OPEN(TESTFILE, O_WRONLY | O_CREAT, 0444);\n+\tSAFE_WRITE(SAFE_WRITE_ALL, file_fd, original, DATA_SIZE);\n+\tSAFE_CLOSE(file_fd);\n+\n+\tfile_fd = SAFE_OPEN(TESTFILE, O_RDONLY);\n+\ttry_corrupt();\n+\tSAFE_CLOSE(file_fd);\n+\n+\tfile_fd = SAFE_OPEN(TESTFILE, O_RDONLY);\n+\tSAFE_READ(1, file_fd, readback, sizeof(readback));\n+\tSAFE_CLOSE(file_fd);\n+\n+\tif (memcmp(readback, original, DATA_SIZE) != 0)\n+\t\ttst_res(TFAIL, \"Page cache corrupted via xfrm ESP-in-TCP splice\");\n+\telse\n+\t\ttst_res(TPASS, \"Page cache was not corrupted\");\n+\n+\tSAFE_UNLINK(TESTFILE);\n+}\n+\n+static void cleanup(void)\n+{\n+\tif (srv_fd != -1)\n+\t\tSAFE_CLOSE(srv_fd);\n+\n+\tif (file_fd != -1)\n+\t\tSAFE_CLOSE(file_fd);\n+}\n+\n+static struct tst_test test = {\n+\t.test_all = run,\n+\t.setup = setup,\n+\t.cleanup = cleanup,\n+\t.needs_tmpdir = 1,\n+\t.forks_child = 1,\n+\t.needs_kconfigs = (const char *[]) {\n+\t\t\"CONFIG_USER_NS=y\",\n+\t\t\"CONFIG_NET_NS=y\",\n+\t\t\"CONFIG_XFRM\",\n+\t\t\"CONFIG_INET6_ESP\",\n+\t\t\"CONFIG_INET6_ESPINTCP\",\n+\t\t\"CONFIG_CRYPTO_GCM\",\n+\t\tNULL\n+\t},\n+\t.save_restore = (const struct tst_path_val[]) {\n+\t\t{\"/proc/sys/user/max_user_namespaces\", \"1024\", TST_SR_SKIP},\n+\t\t{}\n+\t},\n+\t.needs_cmds = (struct tst_cmd[]) {\n+\t\t{.cmd = \"ip\"},\n+\t\t{}\n+\t},\n+};\n","prefixes":["v2"]}