Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3196749pxk; Mon, 21 Sep 2020 07:38:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxucdbIFWmIEDuvVEvLqeWedLymd0/2v4xneVMulNlozlePw+Mr9SHr+wBMMl1Oxv5O7ZCD X-Received: by 2002:a05:6402:b72:: with SMTP id cb18mr51307343edb.299.1600699108767; Mon, 21 Sep 2020 07:38:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600699108; cv=none; d=google.com; s=arc-20160816; b=mKNFq4RdEguyICodfjf8KNpCQPQ2fqzZyItx7fC7Sqcj7yGsmiQJAgyELcDkYae15o OqnuAWM6Bglr7MMlU0WoakL/lasDwqFaS5QMAR28PSqdTwLawKBlDf4FrZanRnfa00Wx lYguHs1uSqJpmdy3NdNixyDEIcCq+RGWflEjY/bQ7GBHvW6fjmB/fQwO51scIUx/hUtk TZdk/vSYqpZ5pirjtJ6yddXM3twI4VIK0J6XLIhT8EhivaQcW1CifLJE9mquT3dmyhd9 EpBOfkzgJWycV+g/hrLGMjSQpkDCQtH6GX4YWCFw6+i2I+R3dN7+zBEHDyK8qzkNYRfy jvfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=v8pcZTN+i/7Fb4vyTfG/UopYgDCcumlDoCD0Nm0/ODM=; b=Tae0NxPRWA7fF0CZhTCZ27RqQF6+mFFZQKe9s9DYD2uEqBljeRRCL3bn0JxgsTJCuZ 2M+6yxk53Xir7Kpm+v7dqPOsX7+50bQG0fr3qxYoU9egJatpjFN5sDrfE4P727z02XiK +gEBv+JVdC2LhoLj403Oa3qPGCoWZZQqdSZQb8PmrBKNPIMEPXTJUOemk5RhVRulm1Uz uAxqfSEBOHAk7pq/URIawhcTuLQ2qRxXUtDQu3liA4yTfeTY0/7485LDB4axjk6Lrz16 5C+3rk5XA+Wo0r8QmAr6JC/vweWtbMWB0ZTJPnCc0aO4b12qcwHYDTUoQ6uyjVZ2Ahs4 gy1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b=BuWNVkVr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f3si8368013ejt.743.2020.09.21.07.38.04; Mon, 21 Sep 2020 07:38:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b=BuWNVkVr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727895AbgIUOhC (ORCPT + 99 others); Mon, 21 Sep 2020 10:37:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42596 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727485AbgIUOhB (ORCPT ); Mon, 21 Sep 2020 10:37:01 -0400 Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4AF24C0613D0 for ; Mon, 21 Sep 2020 07:37:01 -0700 (PDT) Received: by mail-wm1-x341.google.com with SMTP id s13so12366300wmh.4 for ; Mon, 21 Sep 2020 07:37:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=googlenew; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=v8pcZTN+i/7Fb4vyTfG/UopYgDCcumlDoCD0Nm0/ODM=; b=BuWNVkVr+wdx6IkSh0we8UYHMffxew16ocu/iGlVvYfgUg4rEdJVZkztwR2qvUWYjb lDc1zsfBltXWC/+nWZ+9wHihwIGvCc/Q6Wq9NOKrL3vZHrzzjpPOPlyTHZjB6x+wFY6o f1CGSkr4HoW1CwUGvfjIjxF4VhJbuo01ipe7SbBU4fbK/1k2diIlFUUjVDNfxkTN1koc 5sXZk8Bkgawx9re+wKExncSEd750J/1+bCIneEXYBOm72sId9diP9GdgKobiWhtlxNVA NhNdNxERkEbKiF8DVGGnDBLJdA86/ST/PkCdSmwz6SloR33+7bOPaik7waYy7BJwdhSu io+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=v8pcZTN+i/7Fb4vyTfG/UopYgDCcumlDoCD0Nm0/ODM=; b=WZ6lK+hLX1PcJBTrfGg2xO0hSUql8AMr6h8VEmcQzSSUL43OT6QGSOODnR6nR+/HMs kTdR9wnDrDV322vmS4GV+iDc+DkrQoTqWXaiedHA0sckqG3UwdiCP2FD7KebXMykA1Pz t5F30uCiR6Tdx4FRn7R3VEQjBF7uRav8DyxJJAYbl3cbKgJPYwOUNXMFtLjAp6TOd+Pb rUXq9VQU6XVr2HyIjC2tWLSTsHoLMocSj7KTmxvemnDdw3yHZehsRYp9gHAZR8veucrq SenJCVAsPOaKgThq0u2IDnP3CP2/jLIyhCtqjEi5mzT1l0wajl9n+4HFnugw5NIlA/CK K3aQ== X-Gm-Message-State: AOAM531UqbRdD0xe9mGns7Lm0bKav2wgctSGMgO50NimSGxwDuMfZJ1Z U0qZFjQcCUawhi/tz15LIe1IRz62QwNfAA== X-Received: by 2002:a1c:f20b:: with SMTP id s11mr203831wmc.144.1600699019590; Mon, 21 Sep 2020 07:36:59 -0700 (PDT) Received: from localhost.localdomain ([2a02:8084:e84:2480:228:f8ff:fe6f:83a8]) by smtp.gmail.com with ESMTPSA id c14sm20370753wrv.12.2020.09.21.07.36.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Sep 2020 07:36:58 -0700 (PDT) From: Dmitry Safonov To: linux-kernel@vger.kernel.org Cc: Dmitry Safonov <0x7f454c46@gmail.com>, Dmitry Safonov , "David S. Miller" , Florian Westphal , Herbert Xu , Jakub Kicinski , Johannes Berg , Steffen Klassert , Stephen Suryaputra , netdev@vger.kernel.org, Shuah Khan , linux-kselftest@vger.kernel.org Subject: [PATCH v3 0/7] xfrm: Add compat layer Date: Mon, 21 Sep 2020 15:36:50 +0100 Message-Id: <20200921143657.604020-1-dima@arista.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Changes since v2: - added struct xfrm_translator as API to register xfrm_compat.ko with xfrm_state.ko. This allows compilation of translator as a loadable module - fixed indention and collected reviewed-by (Johannes Berg) - moved boilerplate from commit messages into cover-letter (Steffen Klassert) - found on KASAN build and fixed non-initialised stack variable usage in the translator The resulting v2/v3 diff can be found here: https://gist.github.com/0x7f454c46/8f68311dfa1f240959fdbe7c77ed2259 Patches as a .git branch: https://github.com/0x7f454c46/linux/tree/xfrm-compat-v3 Changes since v1: - reworked patches set to use translator - separated the compat layer into xfrm_compat.c, compiled under XFRM_USER_COMPAT config - 32-bit messages now being sent in frag_list (like wext-core does) - instead of __packed add compat_u64 members in compat structures - selftest reworked to kselftest lib API - added netlink dump testing to the selftest XFRM is disabled for compatible users because of the UABI difference. The difference is in structures paddings and in the result the size of netlink messages differ. Possibility for compatible application to manage xfrm tunnels was disabled by: the commmit 19d7df69fdb2 ("xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems") and the commit 74005991b78a ("xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host"). This is my second attempt to resolve the xfrm/compat problem by adding the 64=>32 and 32=>64 bit translators those non-visibly to a user provide translation between compatible user and kernel. Previous attempt was to interrupt the message ABI according to a syscall by xfrm_user, which resulted in over-complicated code [1]. Florian Westphal provided the idea of translator and some draft patches in the discussion. In these patches, his idea is reused and some of his initial code is also present. There were a couple of attempts to solve xfrm compat problem: https://lkml.org/lkml/2017/1/20/733 https://patchwork.ozlabs.org/patch/44600/ http://netdev.vger.kernel.narkive.com/2Gesykj6/patch-net-next-xfrm-correctly-parse-netlink-msg-from-32bits-ip-command-on-64bits-host All the discussions end in the conclusion that xfrm should have a full compatible layer to correctly work with 32-bit applications on 64-bit kernels: https://lkml.org/lkml/2017/1/23/413 https://patchwork.ozlabs.org/patch/433279/ In some recent lkml discussion, Linus said that it's worth to fix this problem and not giving people an excuse to stay on 32-bit kernel: https://lkml.org/lkml/2018/2/13/752 There is also an selftest for ipsec tunnels. It doesn't depend on any library and compat version can be easy build with: make CFLAGS=-m32 net/ipsec [1]: https://lkml.kernel.org/r/20180726023144.31066-1-dima@arista.com Cc: "David S. Miller" Cc: Florian Westphal Cc: Herbert Xu Cc: Jakub Kicinski Cc: Johannes Berg Cc: Steffen Klassert Cc: Stephen Suryaputra Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: netdev@vger.kernel.org Dmitry Safonov (7): xfrm: Provide API to register translator module xfrm/compat: Add 64=>32-bit messages translator xfrm/compat: Attach xfrm dumps to 64=>32 bit translator netlink/compat: Append NLMSG_DONE/extack to frag_list xfrm/compat: Add 32=>64-bit messages translator xfrm/compat: Translate 32-bit user_policy from sockptr selftest/net/xfrm: Add test for ipsec tunnel MAINTAINERS | 1 + include/net/xfrm.h | 33 + net/netlink/af_netlink.c | 47 +- net/xfrm/Kconfig | 11 + net/xfrm/Makefile | 1 + net/xfrm/xfrm_compat.c | 625 +++++++ net/xfrm/xfrm_state.c | 77 +- net/xfrm/xfrm_user.c | 110 +- tools/testing/selftests/net/.gitignore | 1 + tools/testing/selftests/net/Makefile | 1 + tools/testing/selftests/net/ipsec.c | 2195 ++++++++++++++++++++++++ 11 files changed, 3066 insertions(+), 36 deletions(-) create mode 100644 net/xfrm/xfrm_compat.c create mode 100644 tools/testing/selftests/net/ipsec.c base-commit: ba4f184e126b751d1bffad5897f263108befc780 -- 2.28.0