Commit 819f56ba authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 

Steffen Klassert says:

====================
pull request (net): ipsec 2020-12-07

1) Sysbot reported fixes for the new 64/32 bit compat layer.
   From Dmitry Safonov.

2) Fix a memory leak in xfrm_user_policy that was introduced
   by adding the 64/32 bit compat layer. From Yu Kuai.

* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec:
  net: xfrm: fix memory leak in xfrm_user_policy()
  xfrm/compat: Don't allocate memory with __GFP_ZERO
  xfrm/compat: memset(0) 64-bit padding at right place
  xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
====================

Link: https://lore.kernel.org/r/20201207093937.2874932-1-steffen.klassert@secunet.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 82ca4c92 48f486e1

net/xfrm/xfrm_compat.c

+3 −2
Original line number Diff line number Diff line
@@ -234,6 +234,7 @@ static int xfrm_xlate64_attr(struct sk_buff *dst, const struct nlattr *src) 
	case XFRMA_PAD:

		/* Ignore */

		return 0;

	case XFRMA_UNSPEC:

	case XFRMA_ALG_AUTH:

	case XFRMA_ALG_CRYPT:

	case XFRMA_ALG_COMP:
@@ -387,7 +388,7 @@ static int xfrm_attr_cpy32(void *dst, size_t *pos, const struct nlattr *src, 


	memcpy(nla, src, nla_attr_size(copy_len));

	nla->nla_len = nla_attr_size(payload);

	*pos += nla_attr_size(payload);

	*pos += nla_attr_size(copy_len);

	nlmsg->nlmsg_len += nla->nla_len;



	memset(dst + *pos, 0, payload - copy_len);
@@ -563,7 +564,7 @@ static struct nlmsghdr *xfrm_user_rcv_msg_compat(const struct nlmsghdr *h32, 
		return NULL;



	len += NLMSG_HDRLEN;

	h64 = kvmalloc(len, GFP_KERNEL | __GFP_ZERO);

	h64 = kvmalloc(len, GFP_KERNEL);

	if (!h64)

		return ERR_PTR(-ENOMEM);

net/xfrm/xfrm_state.c

+3 −1
Original line number Diff line number Diff line
@@ -2382,8 +2382,10 @@ int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen) 
	if (in_compat_syscall()) {

		struct xfrm_translator *xtr = xfrm_get_translator();



		if (!xtr)

		if (!xtr) {

			kfree(data);

			return -EOPNOTSUPP;

		}



		err = xtr->xlate_user_policy_sockptr(&data, optlen);

		xfrm_put_translator(xtr);