diff options
| author | David S. Miller <davem@davemloft.net> | 2017-03-07 17:59:24 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-03-07 18:00:37 -0500 |
| commit | 8474c8caac7e06b50fa366022ecd109b955822cb (patch) | |
| tree | 6de4691ad6c59a62c6f4d35530447112a2ff8bf1 /net | |
| parent | 15e668070a64bb97f102ad9cf3bccbca0545cda8 (diff) | |
| parent | e3dc847a5f85b43ee2bfc8eae407a7e383483228 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2017-03-06
1) Fix lockdep splat on xfrm policy subsystem initialization.
From Florian Westphal.
2) When using socket policies on IPv4-mapped IPv6 addresses,
we access the flow informations of the wrong address family
what leads to an out of bounds access. Fix this by using
the family we get with the dst_entry, like we do it for the
standard policy lookup.
3) vti6 can report a PMTU below IPV6_MIN_MTU. Fix this by
adding a check for that before sending a ICMPV6_PKT_TOOBIG
message.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv6/ip6_vti.c | 8 | ||||
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 19 |
2 files changed, 15 insertions, 12 deletions
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c index 644ba59fbd9d..3d8a3b63b4fd 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c | |||
| @@ -485,11 +485,15 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) | |||
| 485 | if (!skb->ignore_df && skb->len > mtu) { | 485 | if (!skb->ignore_df && skb->len > mtu) { |
| 486 | skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu); | 486 | skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu); |
| 487 | 487 | ||
| 488 | if (skb->protocol == htons(ETH_P_IPV6)) | 488 | if (skb->protocol == htons(ETH_P_IPV6)) { |
| 489 | if (mtu < IPV6_MIN_MTU) | ||
| 490 | mtu = IPV6_MIN_MTU; | ||
| 491 | |||
| 489 | icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); | 492 | icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); |
| 490 | else | 493 | } else { |
| 491 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, | 494 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, |
| 492 | htonl(mtu)); | 495 | htonl(mtu)); |
| 496 | } | ||
| 493 | 497 | ||
| 494 | return -EMSGSIZE; | 498 | return -EMSGSIZE; |
| 495 | } | 499 | } |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 0806dccdf507..236cbbc0ab9c 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1243,7 +1243,7 @@ static inline int policy_to_flow_dir(int dir) | |||
| 1243 | } | 1243 | } |
| 1244 | 1244 | ||
| 1245 | static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, | 1245 | static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, |
| 1246 | const struct flowi *fl) | 1246 | const struct flowi *fl, u16 family) |
| 1247 | { | 1247 | { |
| 1248 | struct xfrm_policy *pol; | 1248 | struct xfrm_policy *pol; |
| 1249 | 1249 | ||
| @@ -1251,8 +1251,7 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, | |||
| 1251 | again: | 1251 | again: |
| 1252 | pol = rcu_dereference(sk->sk_policy[dir]); | 1252 | pol = rcu_dereference(sk->sk_policy[dir]); |
| 1253 | if (pol != NULL) { | 1253 | if (pol != NULL) { |
| 1254 | bool match = xfrm_selector_match(&pol->selector, fl, | 1254 | bool match = xfrm_selector_match(&pol->selector, fl, family); |
| 1255 | sk->sk_family); | ||
| 1256 | int err = 0; | 1255 | int err = 0; |
| 1257 | 1256 | ||
| 1258 | if (match) { | 1257 | if (match) { |
| @@ -2239,7 +2238,7 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, | |||
| 2239 | sk = sk_const_to_full_sk(sk); | 2238 | sk = sk_const_to_full_sk(sk); |
| 2240 | if (sk && sk->sk_policy[XFRM_POLICY_OUT]) { | 2239 | if (sk && sk->sk_policy[XFRM_POLICY_OUT]) { |
| 2241 | num_pols = 1; | 2240 | num_pols = 1; |
| 2242 | pols[0] = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl); | 2241 | pols[0] = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl, family); |
| 2243 | err = xfrm_expand_policies(fl, family, pols, | 2242 | err = xfrm_expand_policies(fl, family, pols, |
| 2244 | &num_pols, &num_xfrms); | 2243 | &num_pols, &num_xfrms); |
| 2245 | if (err < 0) | 2244 | if (err < 0) |
| @@ -2518,7 +2517,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
| 2518 | pol = NULL; | 2517 | pol = NULL; |
| 2519 | sk = sk_to_full_sk(sk); | 2518 | sk = sk_to_full_sk(sk); |
| 2520 | if (sk && sk->sk_policy[dir]) { | 2519 | if (sk && sk->sk_policy[dir]) { |
| 2521 | pol = xfrm_sk_policy_lookup(sk, dir, &fl); | 2520 | pol = xfrm_sk_policy_lookup(sk, dir, &fl, family); |
| 2522 | if (IS_ERR(pol)) { | 2521 | if (IS_ERR(pol)) { |
| 2523 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR); | 2522 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR); |
| 2524 | return 0; | 2523 | return 0; |
| @@ -3069,6 +3068,11 @@ static int __net_init xfrm_net_init(struct net *net) | |||
| 3069 | { | 3068 | { |
| 3070 | int rv; | 3069 | int rv; |
| 3071 | 3070 | ||
| 3071 | /* Initialize the per-net locks here */ | ||
| 3072 | spin_lock_init(&net->xfrm.xfrm_state_lock); | ||
| 3073 | spin_lock_init(&net->xfrm.xfrm_policy_lock); | ||
| 3074 | mutex_init(&net->xfrm.xfrm_cfg_mutex); | ||
| 3075 | |||
| 3072 | rv = xfrm_statistics_init(net); | 3076 | rv = xfrm_statistics_init(net); |
| 3073 | if (rv < 0) | 3077 | if (rv < 0) |
| 3074 | goto out_statistics; | 3078 | goto out_statistics; |
| @@ -3085,11 +3089,6 @@ static int __net_init xfrm_net_init(struct net *net) | |||
| 3085 | if (rv < 0) | 3089 | if (rv < 0) |
| 3086 | goto out; | 3090 | goto out; |
| 3087 | 3091 | ||
| 3088 | /* Initialize the per-net locks here */ | ||
| 3089 | spin_lock_init(&net->xfrm.xfrm_state_lock); | ||
| 3090 | spin_lock_init(&net->xfrm.xfrm_policy_lock); | ||
| 3091 | mutex_init(&net->xfrm.xfrm_cfg_mutex); | ||
| 3092 | |||
| 3093 | return 0; | 3092 | return 0; |
| 3094 | 3093 | ||
| 3095 | out: | 3094 | out: |