Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-23 04:31:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

xfrm: Add SA to hardware at the end of xfrm_state_construct()

Browse Source 
Current code configures the hardware with a new SA before the state has been
fully initialized. During this time interval, an incoming ESP packet can cause
a crash due to a NULL dereference. More specifically, xfrm_input() considers
the packet as valid, and yet, anti-replay mechanism is not initialized.

Move hardware configuration to the end of xfrm_state_construct(), and mark
the state as valid once the SA is fully initialized.

Fixes: d77e38e612 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Aviad Yehezkel <aviadye@mellnaox.com>
Signed-off-by: Aviv Heller <avivh@mellanox.com>
Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Yossi Kuperman 2018-01-17 15:52:41 +02:00 committed by Steffen Klassert
parent ad9294dbc2
commit cc01572e2f
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
net/xfrm/xfrm_state.c
View File

@ -2272,8 +2272,6 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
goto error; goto error;
} }
x->km.state = XFRM_STATE_VALID;
error: error:
return err; return err;
} }
@ -2282,7 +2280,13 @@ EXPORT_SYMBOL(__xfrm_init_state);
int xfrm_init_state(struct xfrm_state *x) int xfrm_init_state(struct xfrm_state *x)
{ {
return __xfrm_init_state(x, true, false); int err;
err = __xfrm_init_state(x, true, false);
if (!err)
x->km.state = XFRM_STATE_VALID;
return err;
} }
EXPORT_SYMBOL(xfrm_init_state); EXPORT_SYMBOL(xfrm_init_state);

18
net/xfrm/xfrm_user.c
View File

@ -598,13 +598,6 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
goto error; goto error;
} }
if (attrs[XFRMA_OFFLOAD_DEV]) {
err = xfrm_dev_state_add(net, x,
nla_data(attrs[XFRMA_OFFLOAD_DEV]));
if (err)
goto error;
}
if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn, if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn,
attrs[XFRMA_REPLAY_ESN_VAL]))) attrs[XFRMA_REPLAY_ESN_VAL])))
goto error; goto error;
@ -620,6 +613,14 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
/* override default values from above */ /* override default values from above */
xfrm_update_ae_params(x, attrs, 0); xfrm_update_ae_params(x, attrs, 0);
/* configure the hardware if offload is requested */
if (attrs[XFRMA_OFFLOAD_DEV]) {
err = xfrm_dev_state_add(net, x,
nla_data(attrs[XFRMA_OFFLOAD_DEV]));
if (err)
goto error;
}
return x; return x;
error: error:
@ -662,6 +663,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
goto out; goto out;
} }
if (x->km.state == XFRM_STATE_VOID)
x->km.state = XFRM_STATE_VALID;
c.seq = nlh->nlmsg_seq; c.seq = nlh->nlmsg_seq;
c.portid = nlh->nlmsg_pid; c.portid = nlh->nlmsg_pid;
c.event = nlh->nlmsg_type; c.event = nlh->nlmsg_type;