Commit d0de6167 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge tag 'ipsec-2024-05-02' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says:

====================
pull request (net): ipsec 2024-05-02

1) Fix an error pointer dereference in xfrm_in_fwd_icmp.
   From Antony Antony.

2) Preserve vlan tags for ESP transport mode software GRO.
   From Paul Davey.

3) Fix a spelling mistake in an uapi xfrm.h comment.
   From Anotny Antony.

* tag 'ipsec-2024-05-02' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec:
  xfrm: Correct spelling mistake in xfrm.h comment
  xfrm: Preserve vlan tags for transport mode software GRO
  xfrm: fix possible derferencing in error path
====================

Link: https://lore.kernel.org/r/20240502084838.2269355-1-steffen.klassert@secunet.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents f2d85904 b6d2e438
...@@ -3031,6 +3031,21 @@ static inline void skb_mac_header_rebuild(struct sk_buff *skb) ...@@ -3031,6 +3031,21 @@ static inline void skb_mac_header_rebuild(struct sk_buff *skb)
} }
} }
/* Move the full mac header up to current network_header.
* Leaves skb->data pointing at offset skb->mac_len into the mac_header.
* Must be provided the complete mac header length.
*/
static inline void skb_mac_header_rebuild_full(struct sk_buff *skb, u32 full_mac_len)
{
if (skb_mac_header_was_set(skb)) {
const unsigned char *old_mac = skb_mac_header(skb);
skb_set_mac_header(skb, -full_mac_len);
memmove(skb_mac_header(skb), old_mac, full_mac_len);
__skb_push(skb, full_mac_len - skb->mac_len);
}
}
static inline int skb_checksum_start_offset(const struct sk_buff *skb) static inline int skb_checksum_start_offset(const struct sk_buff *skb)
{ {
return skb->csum_start - skb_headroom(skb); return skb->csum_start - skb_headroom(skb);
......
...@@ -1049,6 +1049,9 @@ struct xfrm_offload { ...@@ -1049,6 +1049,9 @@ struct xfrm_offload {
#define CRYPTO_INVALID_PACKET_SYNTAX 64 #define CRYPTO_INVALID_PACKET_SYNTAX 64
#define CRYPTO_INVALID_PROTOCOL 128 #define CRYPTO_INVALID_PROTOCOL 128
/* Used to keep whole l2 header for transport mode GRO */
__u32 orig_mac_len;
__u8 proto; __u8 proto;
__u8 inner_ipproto; __u8 inner_ipproto;
}; };
......
...@@ -228,7 +228,7 @@ enum { ...@@ -228,7 +228,7 @@ enum {
#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE) #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
/* /*
* Generic LSM security context for comunicating to user space * Generic LSM security context for communicating to user space
* NOTE: Same format as sadb_x_sec_ctx * NOTE: Same format as sadb_x_sec_ctx
*/ */
struct xfrm_user_sec_ctx { struct xfrm_user_sec_ctx {
......
...@@ -63,7 +63,11 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async) ...@@ -63,7 +63,11 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
ip_send_check(iph); ip_send_check(iph);
if (xo && (xo->flags & XFRM_GRO)) { if (xo && (xo->flags & XFRM_GRO)) {
skb_mac_header_rebuild(skb); /* The full l2 header needs to be preserved so that re-injecting the packet at l2
* works correctly in the presence of vlan tags.
*/
skb_mac_header_rebuild_full(skb, xo->orig_mac_len);
skb_reset_network_header(skb);
skb_reset_transport_header(skb); skb_reset_transport_header(skb);
return 0; return 0;
} }
......
...@@ -58,7 +58,11 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async) ...@@ -58,7 +58,11 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
skb_postpush_rcsum(skb, skb_network_header(skb), nhlen); skb_postpush_rcsum(skb, skb_network_header(skb), nhlen);
if (xo && (xo->flags & XFRM_GRO)) { if (xo && (xo->flags & XFRM_GRO)) {
skb_mac_header_rebuild(skb); /* The full l2 header needs to be preserved so that re-injecting the packet at l2
* works correctly in the presence of vlan tags.
*/
skb_mac_header_rebuild_full(skb, xo->orig_mac_len);
skb_reset_network_header(skb);
skb_reset_transport_header(skb); skb_reset_transport_header(skb);
return 0; return 0;
} }
......
...@@ -389,11 +389,15 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -389,11 +389,15 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
*/ */
static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb) static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb)
{ {
struct xfrm_offload *xo = xfrm_offload(skb);
int ihl = skb->data - skb_transport_header(skb); int ihl = skb->data - skb_transport_header(skb);
if (skb->transport_header != skb->network_header) { if (skb->transport_header != skb->network_header) {
memmove(skb_transport_header(skb), memmove(skb_transport_header(skb),
skb_network_header(skb), ihl); skb_network_header(skb), ihl);
if (xo)
xo->orig_mac_len =
skb_mac_header_was_set(skb) ? skb_mac_header_len(skb) : 0;
skb->network_header = skb->transport_header; skb->network_header = skb->transport_header;
} }
ip_hdr(skb)->tot_len = htons(skb->len + ihl); ip_hdr(skb)->tot_len = htons(skb->len + ihl);
...@@ -404,11 +408,15 @@ static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -404,11 +408,15 @@ static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb)
static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb) static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb)
{ {
#if IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_IPV6)
struct xfrm_offload *xo = xfrm_offload(skb);
int ihl = skb->data - skb_transport_header(skb); int ihl = skb->data - skb_transport_header(skb);
if (skb->transport_header != skb->network_header) { if (skb->transport_header != skb->network_header) {
memmove(skb_transport_header(skb), memmove(skb_transport_header(skb),
skb_network_header(skb), ihl); skb_network_header(skb), ihl);
if (xo)
xo->orig_mac_len =
skb_mac_header_was_set(skb) ? skb_mac_header_len(skb) : 0;
skb->network_header = skb->transport_header; skb->network_header = skb->transport_header;
} }
ipv6_hdr(skb)->payload_len = htons(skb->len + ihl - ipv6_hdr(skb)->payload_len = htons(skb->len + ihl -
......
...@@ -3593,6 +3593,8 @@ xfrm_policy *xfrm_in_fwd_icmp(struct sk_buff *skb, ...@@ -3593,6 +3593,8 @@ xfrm_policy *xfrm_in_fwd_icmp(struct sk_buff *skb,
return pol; return pol;
pol = xfrm_policy_lookup(net, &fl1, family, XFRM_POLICY_FWD, if_id); pol = xfrm_policy_lookup(net, &fl1, family, XFRM_POLICY_FWD, if_id);
if (IS_ERR(pol))
pol = NULL;
} }
return pol; return pol;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment