Commit 7679f864 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 



Steffen Klassert says:

====================
pull request (net-next): ipsec-next 2021-04-23

1) The SPI flow key in struct flowi has no consumers,
   so remove it. From Florian Westphal.

2) Remove stray synchronize_rcu from xfrm_init.
   From Florian Westphal.

3) Use the new exit_pre hook to reset the netlink socket
   on net namespace destruction. From Florian Westphal.

4) Remove an unnecessary get_cpu() in ipcomp, that
   code is always called with BHs off.
   From Sabrina Dubroca.

Please pull or let me know if there are problems.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents d02f304b 747b6708

include/net/flow.h

+0 −3
Original line number Diff line number Diff line
@@ -59,7 +59,6 @@ union flowi_uli { 
		__le16	sport;

	} dnports;



	__be32		spi;

	__be32		gre_key;



	struct {
@@ -90,7 +89,6 @@ struct flowi4 { 
#define fl4_dport		uli.ports.dport

#define fl4_icmp_type		uli.icmpt.type

#define fl4_icmp_code		uli.icmpt.code

#define fl4_ipsec_spi		uli.spi

#define fl4_mh_type		uli.mht.type

#define fl4_gre_key		uli.gre_key

} __attribute__((__aligned__(BITS_PER_LONG/8)));
@@ -150,7 +148,6 @@ struct flowi6 { 
#define fl6_dport		uli.ports.dport

#define fl6_icmp_type		uli.icmpt.type

#define fl6_icmp_code		uli.icmpt.code

#define fl6_ipsec_spi		uli.spi

#define fl6_mh_type		uli.mht.type

#define fl6_gre_key		uli.gre_key

	__u32			mp_hash;

net/xfrm/xfrm_ipcomp.c

+8 −17
Original line number Diff line number Diff line
@@ -41,19 +41,16 @@ static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb) 
	const int plen = skb->len;

	int dlen = IPCOMP_SCRATCH_SIZE;

	const u8 *start = skb->data;

	const int cpu = get_cpu();

	u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);

	struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);

	u8 *scratch = *this_cpu_ptr(ipcomp_scratches);

	struct crypto_comp *tfm = *this_cpu_ptr(ipcd->tfms);

	int err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);

	int len;



	if (err)

		goto out;

		return err;



	if (dlen < (plen + sizeof(struct ip_comp_hdr))) {

		err = -EINVAL;

		goto out;

	}

	if (dlen < (plen + sizeof(struct ip_comp_hdr)))

		return -EINVAL;



	len = dlen - plen;

	if (len > skb_tailroom(skb))
@@ -68,16 +65,14 @@ static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb) 
		skb_frag_t *frag;

		struct page *page;



		err = -EMSGSIZE;

		if (WARN_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS))

			goto out;

			return -EMSGSIZE;



		frag = skb_shinfo(skb)->frags + skb_shinfo(skb)->nr_frags;

		page = alloc_page(GFP_ATOMIC);



		err = -ENOMEM;

		if (!page)

			goto out;

			return -ENOMEM;



		__skb_frag_set_page(frag, page);
@@ -96,11 +91,7 @@ static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb) 
		skb_shinfo(skb)->nr_frags++;

	}



	err = 0;



out:

	put_cpu();

	return err;

	return 0;

}



int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)

net/xfrm/xfrm_policy.c

+0 −42
Original line number Diff line number Diff line
@@ -3326,39 +3326,6 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) 
				fl4->fl4_icmp_code = icmp[1];

			}

			break;

		case IPPROTO_ESP:

			if (xprth + 4 < skb->data ||

			    pskb_may_pull(skb, xprth + 4 - skb->data)) {

				__be32 *ehdr;



				xprth = skb_network_header(skb) + ihl * 4;

				ehdr = (__be32 *)xprth;



				fl4->fl4_ipsec_spi = ehdr[0];

			}

			break;

		case IPPROTO_AH:

			if (xprth + 8 < skb->data ||

			    pskb_may_pull(skb, xprth + 8 - skb->data)) {

				__be32 *ah_hdr;



				xprth = skb_network_header(skb) + ihl * 4;

				ah_hdr = (__be32 *)xprth;



				fl4->fl4_ipsec_spi = ah_hdr[1];

			}

			break;

		case IPPROTO_COMP:

			if (xprth + 4 < skb->data ||

			    pskb_may_pull(skb, xprth + 4 - skb->data)) {

				__be16 *ipcomp_hdr;



				xprth = skb_network_header(skb) + ihl * 4;

				ipcomp_hdr = (__be16 *)xprth;



				fl4->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1]));

			}

			break;

		case IPPROTO_GRE:

			if (xprth + 12 < skb->data ||

			    pskb_may_pull(skb, xprth + 12 - skb->data)) {
@@ -3377,7 +3344,6 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) 
			}

			break;

		default:

			fl4->fl4_ipsec_spi = 0;

			break;

		}

	}
@@ -3470,12 +3436,7 @@ decode_session6(struct sk_buff *skb, struct flowi *fl, bool reverse) 
			fl6->flowi6_proto = nexthdr;

			return;

#endif

		/* XXX Why are there these headers? */

		case IPPROTO_AH:

		case IPPROTO_ESP:

		case IPPROTO_COMP:

		default:

			fl6->fl6_ipsec_spi = 0;

			fl6->flowi6_proto = nexthdr;

			return;

		}
@@ -4173,9 +4134,6 @@ void __init xfrm_init(void) 
#ifdef CONFIG_XFRM_ESPINTCP

	espintcp_init();

#endif



	RCU_INIT_POINTER(xfrm_if_cb, NULL);

	synchronize_rcu();

}



#ifdef CONFIG_AUDITSYSCALL

net/xfrm/xfrm_user.c

+7 −3
Original line number Diff line number Diff line
@@ -3480,18 +3480,22 @@ static int __net_init xfrm_user_net_init(struct net *net) 
	return 0;

}



static void __net_exit xfrm_user_net_pre_exit(struct net *net)

{

	RCU_INIT_POINTER(net->xfrm.nlsk, NULL);

}



static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list)

{

	struct net *net;

	list_for_each_entry(net, net_exit_list, exit_list)

		RCU_INIT_POINTER(net->xfrm.nlsk, NULL);

	synchronize_net();



	list_for_each_entry(net, net_exit_list, exit_list)

		netlink_kernel_release(net->xfrm.nlsk_stash);

}



static struct pernet_operations xfrm_user_net_ops = {

	.init	    = xfrm_user_net_init,

	.pre_exit   = xfrm_user_net_pre_exit,

	.exit_batch = xfrm_user_net_exit,

};