Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says:

====================
pull request (net): ipsec 2022-08-24

1) Fix a refcount leak in __xfrm_policy_check.
   From Xin Xiong.

2) Revert "xfrm: update SA curlft.use_time". This
   violates RFC 2367. From Antony Antony.

3) Fix a comment on XFRMA_LASTUSED.
   From Antony Antony.

4) x->lastused is not cloned in xfrm_do_migrate.
   Fix from Antony Antony.

5) Serialize the calls to xfrm_probe_algs.
   From Herbert Xu.

6) Fix a null pointer dereference of dst->dev on a metadata
   dst in xfrm_lookup_with_ifid. From Nikolay Aleksandrov.

Please pull or let me know if there are problems.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2022-08-24 12:51:50 +01:00
commit 76de008340
6 changed files with 7 additions and 4 deletions

View File

@ -296,7 +296,7 @@ enum xfrm_attr_type_t {
XFRMA_ETIMER_THRESH, XFRMA_ETIMER_THRESH,
XFRMA_SRCADDR, /* xfrm_address_t */ XFRMA_SRCADDR, /* xfrm_address_t */
XFRMA_COADDR, /* xfrm_address_t */ XFRMA_COADDR, /* xfrm_address_t */
XFRMA_LASTUSED, /* unsigned long */ XFRMA_LASTUSED, /* __u64 */
XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
XFRMA_MIGRATE, XFRMA_MIGRATE,
XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */ XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */

View File

@ -1697,9 +1697,12 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad
pfk->registered |= (1<<hdr->sadb_msg_satype); pfk->registered |= (1<<hdr->sadb_msg_satype);
} }
mutex_lock(&pfkey_mutex);
xfrm_probe_algs(); xfrm_probe_algs();
supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO); supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
mutex_unlock(&pfkey_mutex);
if (!supp_skb) { if (!supp_skb) {
if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
pfk->registered &= ~(1<<hdr->sadb_msg_satype); pfk->registered &= ~(1<<hdr->sadb_msg_satype);

View File

@ -669,7 +669,6 @@ resume:
x->curlft.bytes += skb->len; x->curlft.bytes += skb->len;
x->curlft.packets++; x->curlft.packets++;
x->curlft.use_time = ktime_get_real_seconds();
spin_unlock(&x->lock); spin_unlock(&x->lock);

View File

@ -534,7 +534,6 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
x->curlft.bytes += skb->len; x->curlft.bytes += skb->len;
x->curlft.packets++; x->curlft.packets++;
x->curlft.use_time = ktime_get_real_seconds();
spin_unlock_bh(&x->lock); spin_unlock_bh(&x->lock);

View File

@ -3162,7 +3162,7 @@ ok:
return dst; return dst;
nopol: nopol:
if (!(dst_orig->dev->flags & IFF_LOOPBACK) && if ((!dst_orig->dev || !(dst_orig->dev->flags & IFF_LOOPBACK)) &&
net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) { net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {
err = -EPERM; err = -EPERM;
goto error; goto error;
@ -3599,6 +3599,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
if (pols[1]) { if (pols[1]) {
if (IS_ERR(pols[1])) { if (IS_ERR(pols[1])) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR); XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR);
xfrm_pol_put(pols[0]);
return 0; return 0;
} }
pols[1]->curlft.use_time = ktime_get_real_seconds(); pols[1]->curlft.use_time = ktime_get_real_seconds();

View File

@ -1592,6 +1592,7 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
x->replay = orig->replay; x->replay = orig->replay;
x->preplay = orig->preplay; x->preplay = orig->preplay;
x->mapping_maxage = orig->mapping_maxage; x->mapping_maxage = orig->mapping_maxage;
x->lastused = orig->lastused;
x->new_mapping = 0; x->new_mapping = 0;
x->new_mapping_sport = 0; x->new_mapping_sport = 0;