Commit 76de0083 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 



Steffen Klassert says:

====================
pull request (net): ipsec 2022-08-24

1) Fix a refcount leak in __xfrm_policy_check.
   From Xin Xiong.

2) Revert "xfrm: update SA curlft.use_time". This
   violates RFC 2367. From Antony Antony.

3) Fix a comment on XFRMA_LASTUSED.
   From Antony Antony.

4) x->lastused is not cloned in xfrm_do_migrate.
   Fix from Antony Antony.

5) Serialize the calls to xfrm_probe_algs.
   From Herbert Xu.

6) Fix a null pointer dereference of dst->dev on a metadata
   dst in xfrm_lookup_with_ifid. From Nikolay Aleksandrov.

Please pull or let me know if there are problems.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents f7995922 17ecd4a4

include/uapi/linux/xfrm.h

+1 −1
Original line number Diff line number Diff line
@@ -296,7 +296,7 @@ enum xfrm_attr_type_t { 
	XFRMA_ETIMER_THRESH,

	XFRMA_SRCADDR,		/* xfrm_address_t */

	XFRMA_COADDR,		/* xfrm_address_t */

	XFRMA_LASTUSED,		/* unsigned long  */

	XFRMA_LASTUSED,		/* __u64 */

	XFRMA_POLICY_TYPE,	/* struct xfrm_userpolicy_type */

	XFRMA_MIGRATE,

	XFRMA_ALG_AEAD,		/* struct xfrm_algo_aead */

net/key/af_key.c

+3 −0
Original line number Diff line number Diff line
@@ -1697,9 +1697,12 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad 
		pfk->registered |= (1<<hdr->sadb_msg_satype);

	}



	mutex_lock(&pfkey_mutex);

	xfrm_probe_algs();



	supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);

	mutex_unlock(&pfkey_mutex);



	if (!supp_skb) {

		if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)

			pfk->registered &= ~(1<<hdr->sadb_msg_satype);

net/xfrm/xfrm_input.c

+0 −1
Original line number Diff line number Diff line
@@ -669,7 +669,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) 


		x->curlft.bytes += skb->len;

		x->curlft.packets++;

		x->curlft.use_time = ktime_get_real_seconds();



		spin_unlock(&x->lock);

net/xfrm/xfrm_output.c

+0 −1
Original line number Diff line number Diff line
@@ -534,7 +534,6 @@ static int xfrm_output_one(struct sk_buff *skb, int err) 


		x->curlft.bytes += skb->len;

		x->curlft.packets++;

		x->curlft.use_time = ktime_get_real_seconds();



		spin_unlock_bh(&x->lock);

net/xfrm/xfrm_policy.c

+2 −1
Original line number Diff line number Diff line
@@ -3162,7 +3162,7 @@ struct dst_entry *xfrm_lookup_with_ifid(struct net *net, 
	return dst;



nopol:

	if (!(dst_orig->dev->flags & IFF_LOOPBACK) &&

	if ((!dst_orig->dev || !(dst_orig->dev->flags & IFF_LOOPBACK)) &&

	    net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {

		err = -EPERM;

		goto error;
@@ -3599,6 +3599,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, 
		if (pols[1]) {

			if (IS_ERR(pols[1])) {

				XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR);

				xfrm_pol_put(pols[0]);

				return 0;

			}

			pols[1]->curlft.use_time = ktime_get_real_seconds();