LinuxLists.cc - [Patch] net: af_key: check encryption module availability consistency

2022-05-18 06:39:26

Subject: [Patch] net: af_key: check encryption module availability consistency

Since the recent introduction supporting the SM3 and SM4 hash algos for IPsec, the kernel
produces invalid pfkey acquire messages, when these encryption modules are disabled. This
happens because the availability of the algos wasn't checked in all necessary functions.
This patch adds these checks.

Signed-off-by: Thomas Bartschies <[email protected]>

diff -uprN a/net/key/af_key.c b/net/key/af_key.c
--- a/net/key/af_key.c 2022-05-09 09:16:33.000000000 +0200
+++ b/net/key/af_key.c 2022-05-13 13:51:58.286250337 +0200
@@ -2898,7 +2898,7 @@ static int count_ah_combs(const struct x
break;
if (!aalg->pfkey_supported)
continue;
- if (aalg_tmpl_set(t, aalg))
+ if (aalg_tmpl_set(t, aalg) && aalg->available)
sz += sizeof(struct sadb_comb);
}
return sz + sizeof(struct sadb_prop);
@@ -2916,7 +2916,7 @@ static int count_esp_combs(const struct
if (!ealg->pfkey_supported)
continue;

- if (!(ealg_tmpl_set(t, ealg)))
+ if (!(ealg_tmpl_set(t, ealg) && ealg->available))
continue;

for (k = 1; ; k++) {
@@ -2927,7 +2927,7 @@ static int count_esp_combs(const struct
if (!aalg->pfkey_supported)
continue;

- if (aalg_tmpl_set(t, aalg))
+ if (aalg_tmpl_set(t, aalg) && aalg->available)
sz += sizeof(struct sadb_comb);
}
}

2022-05-18 08:14:33

by Steffen Klassert

[permalink] [raw]

Subject: Re: [Patch] net: af_key: check encryption module availability consistency

On Wed, May 18, 2022 at 08:32:18AM +0200, Thomas Bartschies wrote:
> Since the recent introduction supporting the SM3 and SM4 hash algos for IPsec, the kernel
> produces invalid pfkey acquire messages, when these encryption modules are disabled. This
> happens because the availability of the algos wasn't checked in all necessary functions.
> This patch adds these checks.
>
> Signed-off-by: Thomas Bartschies <[email protected]>

Applied, thanks!

2022-05-18 12:04:41

by patchwork-bot+netdevbpf

[permalink] [raw]

Subject: Re: [Patch] net: af_key: check encryption module availability consistency

Hello:

This patch was applied to netdev/net.git (master)
by Steffen Klassert <[email protected]>:

On Wed, 18 May 2022 08:32:18 +0200 (CEST) you wrote:
> Since the recent introduction supporting the SM3 and SM4 hash algos for IPsec, the kernel
> produces invalid pfkey acquire messages, when these encryption modules are disabled. This
> happens because the availability of the algos wasn't checked in all necessary functions.
> This patch adds these checks.
>
> Signed-off-by: Thomas Bartschies <[email protected]>

Here is the summary with links:
- net: af_key: check encryption module availability consistency
https://git.kernel.org/netdev/net/c/015c44d7bff3

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html