Commit 2cc7fb9d authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 



Steffen Klassert says:

====================
pull request (net): ipsec 2022-04-14

1) Fix the output interface for VRF cases in xfrm_dst_lookup.
   From David Ahern.

2) Fix write out of bounds by doing COW on esp output when the
   packet size is larger than a page.
   From Sabrina Dubroca.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 29e8e659 5bd8baab

include/net/esp.h

+0 −2
Original line number Diff line number Diff line
@@ -4,8 +4,6 @@ 


#include <linux/skbuff.h>



#define ESP_SKB_FRAG_MAXSIZE (PAGE_SIZE << SKB_FRAG_PAGE_ORDER)



struct ip_esp_hdr;



static inline struct ip_esp_hdr *ip_esp_hdr(const struct sk_buff *skb)

net/ipv4/esp4.c

+2 −3
Original line number Diff line number Diff line
@@ -446,7 +446,6 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * 
	struct page *page;

	struct sk_buff *trailer;

	int tailen = esp->tailen;

	unsigned int allocsz;



	/* this is non-NULL only with TCP/UDP Encapsulation */

	if (x->encap) {
@@ -456,8 +455,8 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * 
			return err;

	}



	allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES);

	if (allocsz > ESP_SKB_FRAG_MAXSIZE)

	if (ALIGN(tailen, L1_CACHE_BYTES) > PAGE_SIZE ||

	    ALIGN(skb->data_len, L1_CACHE_BYTES) > PAGE_SIZE)

		goto cow;



	if (!skb_cloned(skb)) {

net/ipv6/esp6.c

+2 −3
Original line number Diff line number Diff line
@@ -482,7 +482,6 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info 
	struct page *page;

	struct sk_buff *trailer;

	int tailen = esp->tailen;

	unsigned int allocsz;



	if (x->encap) {

		int err = esp6_output_encap(x, skb, esp);
@@ -491,8 +490,8 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info 
			return err;

	}



	allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES);

	if (allocsz > ESP_SKB_FRAG_MAXSIZE)

	if (ALIGN(tailen, L1_CACHE_BYTES) > PAGE_SIZE ||

	    ALIGN(skb->data_len, L1_CACHE_BYTES) > PAGE_SIZE)

		goto cow;



	if (!skb_cloned(skb)) {

net/xfrm/xfrm_policy.c

+3 −1
Original line number Diff line number Diff line
@@ -2593,12 +2593,14 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, 


		if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {

			__u32 mark = 0;

			int oif;



			if (xfrm[i]->props.smark.v || xfrm[i]->props.smark.m)

				mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]);



			family = xfrm[i]->props.family;

			dst = xfrm_dst_lookup(xfrm[i], tos, fl->flowi_oif,

			oif = fl->flowi_oif ? : fl->flowi_l3mdev;

			dst = xfrm_dst_lookup(xfrm[i], tos, oif,

					      &saddr, &daddr, family, mark);

			err = PTR_ERR(dst);

			if (IS_ERR(dst))