Received: by 10.192.165.148 with SMTP id m20csp209809imm; Thu, 3 May 2018 18:20:52 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpSFjDhvjGycT9hfjvOc4GjGwISwyBOK+10ldqsP+ufx4hiXZvqUD3HzVhTviYauIALcT9q X-Received: by 2002:a63:6842:: with SMTP id d63-v6mr20954148pgc.304.1525396852101; Thu, 03 May 2018 18:20:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525396852; cv=none; d=google.com; s=arc-20160816; b=KYaOLfNog1eQI3zNVV3pquc0KNyiim9y0mQWe7dXR1/t6nr8OQD/SPYuaNn4NaWZXN BlwzZt14+bM1LdQZkizZ8OjsuPlYWwzCQVoWt/dQMshwFmKKXJAhZ8/KEFeLiHur2toT IjIQshvbXsLvti1IrUcjY9Lah9lbLpKdpqtiBOXvEZmW6IUoRlcNemJy2SkX4HSwR4FR NrwxypELtVq8VfblsNrVqseoGCO30MHfM6DlaWrq1fACwUJok9rSOaqJPMh3zqqGoijj gEHaQcPDyHJxzzYlyacKGvtsn7EmogYzmqFy5B9niX2uSD/dZXNl9l7CQRzjO2ea96q+ POMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=VyW5zDC1E95JwBDQqziM8HFvwLmjM5duaKpcx7KhcQI=; b=KhBiMYZpnKCsdtTejUEvZQQsMyThPJsVX/xdm4nbvfrbBerJOn05/OW8WwdbhnDZJO MsWbZyqskWKNjx0pEMhhAr03gP1K7c/qCLszNDGk+lug0Ilvy1FBn5IsgyEJZk1Ak+Pd 0+TC2IAptOY2A3jp58HLwx4b6naCug5Z/Yv81GGX0fB6wHgPDxfwCdMinKASkz1UvGh5 jm/CSGlvOe0JERLs2QRkpEsaoxKL87y70M3e07VIDsUvXU2dYID/NcuaQ6pPHdKhuzTq oY3mxO5GfMXdXs+eEl8t9TQlKGBOIZxyy/9jQyrf1azNfIPraWFUIkFYC5klnscEoFyK QL8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b=gj11qih2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l186si15574609pfl.155.2018.05.03.18.20.37; Thu, 03 May 2018 18:20:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b=gj11qih2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751393AbeEDBUP (ORCPT + 99 others); Thu, 3 May 2018 21:20:15 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:33758 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751314AbeEDBUN (ORCPT ); Thu, 3 May 2018 21:20:13 -0400 Received: by mail-wm0-f67.google.com with SMTP id x12-v6so5037625wmc.0 for ; Thu, 03 May 2018 18:20:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=googlenew; h=from:to:cc:subject:date:message-id; bh=VyW5zDC1E95JwBDQqziM8HFvwLmjM5duaKpcx7KhcQI=; b=gj11qih2051pF6DL0HJG3BjquwMFBwMS4q+7reTAGhZ7Khz3qI8bmq6WxTJV4c8flJ UoOMpfKWzL2W4YGS5tiZCOEggHbaSSVaAnxXWI/EEK39QtH1Jq7nd1MmDyI2RdYd2UxH 2p6NZvDTO0EcfScb2V+G5A2wY2Jzcr7sYVjx33DCykA1iQP9W6Pmt+2hPjPklUCvbjoV O1nJzXtEV1NAfCX5Bf2qbvYnq9zTasz82eujaNFTA7InxIUyM8ZLuNRL9Ng6lhujqfD8 5fP8TaOV2Llj4Zy1OAqPb+Jzwo6FPzFipm+YHDIYW6+d+yPyxRrO04KpCxFn0qIraIST bybg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=VyW5zDC1E95JwBDQqziM8HFvwLmjM5duaKpcx7KhcQI=; b=LGSIO0XfkNEVTRa0baKssycPiMYXWS7vcwtNU4ctirBvouaH8blbRIw5Id4KXEmKzv ZDt4afp5YtealmLasChNZVdmi/GrmjtLhtp0JamQCvrsyNxJiyUSMZ/rL/psbCfJjJge hE5nPT9U+gOFvUQvihh+cBnZ0/BgaYDHcFnD0kKYeOhbxkJdbBxAXiX948ExyXigm1RE dTDmuMEtzFv/Klo6aOyDvgoZ+WI5H4UWdej9g6nLz/tQfu7YeuwVlrGHR6xPTq0fNFgu VpZUk5oO32YqDSBgdzbBxTo5BX9lscSFoNnOu0wibK2C/rXjfbrgOoOcXXuNCiv5A5UG hQnQ== X-Gm-Message-State: ALQs6tALNuTs/krJkF2LyX1CtJ4ZRkjwdR73VLmz7qGvGL6K7Y7/TqxX qhCNPRGK6kGH/KgFrkyDNAKw5E86Kt0= X-Received: by 2002:a50:c20a:: with SMTP id n10-v6mr4942440edf.287.1525396811546; Thu, 03 May 2018 18:20:11 -0700 (PDT) Received: from dhcp.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id u8-v6sm1255276edj.2.2018.05.03.18.20.10 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 03 May 2018 18:20:10 -0700 (PDT) From: Dmitry Safonov To: linux-kernel@vger.kernel.org Cc: 0x7f454c46@gmail.com, Dmitry Safonov , Herbert Xu , Masahide NAKAMURA , YOSHIFUJI Hideaki , Steffen Klassert , "David S. Miller" , netdev@vger.kernel.org Subject: [PATCHv2] net/xfrm: Revert "[XFRM]: Do not add a state whose SPI is zero to the SPI hash." Date: Fri, 4 May 2018 02:20:09 +0100 Message-Id: <20180504012009.643-1-dima@arista.com> X-Mailer: git-send-email 2.13.6 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This reverts commit 7b4dc3600e48 ("[XFRM]: Do not add a state whose SPI is zero to the SPI hash."). Zero SPI is legal and defined for IPcomp. We shouldn't omit adding the state to SPI hash because it'll not be possible to delete or lookup for it afterward: __xfrm_state_insert() obviously doesn't add hash for zero SPI in xfrm.state_byspi, and xfrm_user_state_lookup() will fail as xfrm_state_lookup() does lookups by hash. It also isn't possible to workaround from userspace as xfrm_id_proto_match() will be always true for ah/esp/comp protos. v1 link: https://lkml.kernel.org/r/<20180502020220.2027-1-dima@arista.com> Cc: Masahide NAKAMURA Cc: YOSHIFUJI Hideaki Cc: Steffen Klassert Cc: "David S. Miller" Cc: netdev@vger.kernel.org Suggested-by: Herbert Xu Signed-off-by: Dmitry Safonov --- net/xfrm/xfrm_state.c | 39 +++++++++++++++------------------------ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f9d2f2233f09..03afe5423448 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -97,12 +97,9 @@ static void xfrm_hash_transfer(struct hlist_head *list, nhashmask); hlist_add_head_rcu(&x->bysrc, nsrctable + h); - if (x->id.spi) { - h = __xfrm_spi_hash(&x->id.daddr, x->id.spi, - x->id.proto, x->props.family, - nhashmask); - hlist_add_head_rcu(&x->byspi, nspitable + h); - } + h = __xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, + x->props.family, nhashmask); + hlist_add_head_rcu(&x->byspi, nspitable + h); } } @@ -613,8 +610,7 @@ int __xfrm_state_delete(struct xfrm_state *x) list_del(&x->km.all); hlist_del_rcu(&x->bydst); hlist_del_rcu(&x->bysrc); - if (x->id.spi) - hlist_del_rcu(&x->byspi); + hlist_del_rcu(&x->byspi); net->xfrm.state_num--; spin_unlock(&net->xfrm.xfrm_state_lock); @@ -958,7 +954,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr, xfrm_state_addr_check(x, daddr, saddr, encap_family) && tmpl->mode == x->props.mode && tmpl->id.proto == x->id.proto && - (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) + tmpl->id.spi == x->id.spi) xfrm_state_look_at(pol, x, fl, encap_family, &best, &acquire_in_progress, &error); } @@ -974,7 +970,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr, xfrm_addr_equal(&x->id.daddr, daddr, encap_family) && tmpl->mode == x->props.mode && tmpl->id.proto == x->id.proto && - (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) + tmpl->id.spi == x->id.spi) xfrm_state_look_at(pol, x, fl, encap_family, &best, &acquire_in_progress, &error); } @@ -982,8 +978,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr, found: x = best; if (!x && !error && !acquire_in_progress) { - if (tmpl->id.spi && - (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi, + if ((x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi, tmpl->id.proto, encap_family)) != NULL) { to_put = x0; error = -EEXIST; @@ -1025,10 +1020,8 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr, hlist_add_head_rcu(&x->bydst, net->xfrm.state_bydst + h); h = xfrm_src_hash(net, daddr, saddr, encap_family); hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h); - if (x->id.spi) { - h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family); - hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h); - } + h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family); + hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h); x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires; tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL); net->xfrm.state_num++; @@ -1134,7 +1127,7 @@ static void __xfrm_state_insert(struct xfrm_state *x) h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family); hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h); - if (x->id.spi) { + if (xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY)) { h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family); @@ -1787,14 +1780,12 @@ int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) xfrm_state_put(x0); } } - if (x->id.spi) { - spin_lock_bh(&net->xfrm.xfrm_state_lock); - h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family); - hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h); - spin_unlock_bh(&net->xfrm.xfrm_state_lock); + spin_lock_bh(&net->xfrm.xfrm_state_lock); + h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family); + hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h); + spin_unlock_bh(&net->xfrm.xfrm_state_lock); - err = 0; - } + err = 0; unlock: spin_unlock_bh(&x->lock); -- 2.13.6