Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp1982875ioo;
        Mon, 23 May 2022 07:34:03 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxjxNbuQd+Au8mK9uEa288WKcnRz0eeAvkDaac1pufmEYTAYvHd9LKZv9c8Ljk8vaM+gjc4
X-Received: by 2002:a17:902:a585:b0:14d:58ef:65 with SMTP id az5-20020a170902a58500b0014d58ef0065mr22850378plb.139.1653316443128;
        Mon, 23 May 2022 07:34:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1653316443; cv=none;
        d=google.com; s=arc-20160816;
        b=SL5lYXcGoO6smuHwnmraUCuTWg33oru0zHQeviC5TPrlClY2izYNoEyslHFCQ/f2pE
         y/t9tvVC8M5lz4CTB8jBkhETXtZeXwTFWnr/k/QIKoCo4I+wCKwJhLrP99YD3lVWLv8w
         bZTSoyDZmDpCqJiPBMhIcDUSv/Sgqb2ka2GZy1Lf4/YTAs6tey+3o+EVwHQNvGP3rnXq
         1nCeBN1tRjgZZpdqF9W0CCr/CJtNw8vu6cr7UrHTC2H+2Pi+VtimwncOx3NeigdQr75i
         eSJpOfbPic/YnTxrVQUQ0tYr1bVZcUF0tFsvR3ndeHehVv9B0+lJEWODPphyhzJyg/UC
         I5Fg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=rZmuBeExR2OKOi/JyrIxcSaTPcgWz5AAzh3rDI7x5lo=;
        b=mqm0wR70KC8Y05+EszXww7Yp8PyTst+Bsanosc3m8vS+TCizNrHgHhLf9619+RDXbI
         0+mGr2Bmgq7HVPL1pnp5bF+XAdWaNPUgTY7JsL69i+6ET02NerfyTmcYsp2NnGpn9iuD
         Ifh1U1bJTTPQMBTf7rKErWzzYTjABwJR52ulNCi26nd+yvT1R4t+Dcyb6hgp5XG3EDHf
         GdxJUqBuFyJMy6p8iVEdYNvoinHTBfkqGcZOS7TnVblO2ObReNCPaow1IfvuzrIBSSnA
         UDsXTnErUSmJaSrfIStmIpM8PGfCNHSxmzJoZt5LHpasIcKy6a0I17LCuivNpRJN/edJ
         cKTA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id g1-20020a056a001a0100b004fa3a8dff75si15428731pfv.44.2022.05.23.07.34.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 23 May 2022 07:34:03 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id EDF9836301;
	Mon, 23 May 2022 07:33:13 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237218AbiEWOdG (ORCPT <rfc822;0x.yzhang@gmail.com> + 99 others);
        Mon, 23 May 2022 10:33:06 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57670 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237181AbiEWOdE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 23 May 2022 10:33:04 -0400
Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F50E33361;
        Mon, 23 May 2022 07:33:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
        by a.mx.secunet.com (Postfix) with ESMTP id 25AC3201CF;
        Mon, 23 May 2022 16:33:01 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1])
        by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id Oeroqqsihyg4; Mon, 23 May 2022 16:33:00 +0200 (CEST)
Received: from mailout2.secunet.com (mailout2.secunet.com [62.96.220.49])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by a.mx.secunet.com (Postfix) with ESMTPS id A013D200AC;
        Mon, 23 May 2022 16:33:00 +0200 (CEST)
Received: from cas-essen-01.secunet.de (unknown [10.53.40.201])
        by mailout2.secunet.com (Postfix) with ESMTP id 97E3880004A;
        Mon, 23 May 2022 16:33:00 +0200 (CEST)
Received: from mbx-essen-01.secunet.de (10.53.40.197) by
 cas-essen-01.secunet.de (10.53.40.201) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.24; Mon, 23 May 2022 16:32:58 +0200
Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-01.secunet.de
 (10.53.40.197) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 23 May
 2022 16:33:00 +0200
Received: by gauss2.secunet.de (Postfix, from userid 1000)
        id E9B5A3182B34; Mon, 23 May 2022 16:32:59 +0200 (CEST)
Date:   Mon, 23 May 2022 16:32:59 +0200
From:   Steffen Klassert <steffen.klassert@secunet.com>
To:     Michal Kubecek <mkubecek@suse.cz>
CC:     Jiasheng Jiang <jiasheng@iscas.ac.cn>,
        <herbert@gondor.apana.org.au>, <davem@davemloft.net>,
        <edumazet@google.com>, <kuba@kernel.org>, <pabeni@redhat.com>,
        <netdev@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: REGRESSION (?) (Re: [PATCH] net: af_key: add check for
 pfkey_broadcast in function pfkey_process)
Message-ID: <20220523143259.GX680067@gauss3.secunet.de>
References: <20220517094231.414168-1-jiasheng@iscas.ac.cn>
 <20220523022438.ofhehjievu2alj3h@lion.mk-sys.cz>
 <20220523083349.zzgdmoq2bzstxla6@lion.mk-sys.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20220523083349.zzgdmoq2bzstxla6@lion.mk-sys.cz>
X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To
 mbx-essen-01.secunet.de (10.53.40.197)
X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, May 23, 2022 at 10:33:49AM +0200, Michal Kubecek wrote:
> On Mon, May 23, 2022 at 04:24:38AM +0200, Michal Kubecek wrote:
> > After upgrading from 5.18-rc7 to 5.18 final, my racoon daemon refuses to
> > start because it cannot find some algorithms (it says "aes"). I have not
> > finished the debugging completely but this patch, mainline commit
> > 4dc2a5a8f675 ("net: af_key: add check for pfkey_broadcast in function
> > pfkey_process"), seems to be the most promising candidate.
> 
> Tested now, reverting commit 4dc2a5a8f675 ("net: af_key: add check for
> pfkey_broadcast in function pfkey_process") seems to fix the issue,
> after rebuilding the af_key module with this commit reverted and
> reloading it, racoon daemon starts and works and /proc/crypto shows
> algrorithms it did not without the revert.
> 
> We might get away with changing the test to
> 
> 	if (err && err != -ESRCH)
> 		return err;
> 
> but I'm not sure if bailing up on failed notification broadcast is
> really what we want. Also, most other calling sites of pfkey_broadcast()
> do not check the return value either so if we want to add the check, it
> should probably be done more consistently. So for now, a revert is IMHO
> more appropriate.

Yes, let's just revert it. Maybe we should only accept serious security
bugfixes for the pfkey interface and leave everyting else as it is. Noone
really cares for the pfkey code anymore for more than 10 years. People
should switch to the netlink interface.