diff options
| author | David S. Miller <davem@davemloft.net> | 2014-05-15 23:23:48 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-05-15 23:23:48 -0400 |
| commit | f895f0cfbb77ff432bb6ae4df27b608adbe6573f (patch) | |
| tree | ddd5f6ebbcfc309b563d886a0942f7ee573497ee /net/ipv6 | |
| parent | b394745df2d9d4c30bf1bcc55773bec6f3bc7c67 (diff) | |
| parent | 6d004d6cc73920299adf4cfe25010b348fc94395 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Conflicts:
net/ipv4/ip_vti.c
Steffen Klassert says:
====================
pull request (net): ipsec 2014-05-15
This pull request has a merge conflict in net/ipv4/ip_vti.c
between commit 8d89dcdf80d8 ("vti: don't allow to add the same
tunnel twice") and commit a32452366b72 ("vti4:Don't count header
length twice"). It can be solved like it is done in linux-next.
1) Fix a ipv6 xfrm output crash when a packet is rerouted
by netfilter to not use IPsec.
2) vti4 counts some header lengths twice leading to an incorrect
device mtu. Fix this by counting these headers only once.
3) We don't catch the case if an unsupported protocol is submitted
to the xfrm protocol handlers, this can lead to NULL pointer
dereferences. Fix this by adding the appropriate checks.
4) vti6 may unregister pernet ops twice on init errors.
Fix this by removing one of the calls to do it only once.
From Mathias Krause.
5) Set the vti tunnel mark before doing a lookup in the error
handlers. Otherwise we don't find the correct xfrm state.
====================
The conflict in ip_vti.c was simple, 'net' had a commit
removing a line from vti_tunnel_init() and this tree
being merged had a commit adding a line to the same
location.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/ip6_vti.c | 8 | ||||
| -rw-r--r-- | net/ipv6/xfrm6_output.c | 22 | ||||
| -rw-r--r-- | net/ipv6/xfrm6_protocol.c | 11 |
3 files changed, 27 insertions, 14 deletions
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c index b7c0f827140b..6cc9f9371cc5 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c | |||
| @@ -511,6 +511,7 @@ static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 511 | u8 type, u8 code, int offset, __be32 info) | 511 | u8 type, u8 code, int offset, __be32 info) |
| 512 | { | 512 | { |
| 513 | __be32 spi; | 513 | __be32 spi; |
| 514 | __u32 mark; | ||
| 514 | struct xfrm_state *x; | 515 | struct xfrm_state *x; |
| 515 | struct ip6_tnl *t; | 516 | struct ip6_tnl *t; |
| 516 | struct ip_esp_hdr *esph; | 517 | struct ip_esp_hdr *esph; |
| @@ -524,6 +525,8 @@ static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 524 | if (!t) | 525 | if (!t) |
| 525 | return -1; | 526 | return -1; |
| 526 | 527 | ||
| 528 | mark = be32_to_cpu(t->parms.o_key); | ||
| 529 | |||
| 527 | switch (protocol) { | 530 | switch (protocol) { |
| 528 | case IPPROTO_ESP: | 531 | case IPPROTO_ESP: |
| 529 | esph = (struct ip_esp_hdr *)(skb->data + offset); | 532 | esph = (struct ip_esp_hdr *)(skb->data + offset); |
| @@ -545,7 +548,7 @@ static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 545 | type != NDISC_REDIRECT) | 548 | type != NDISC_REDIRECT) |
| 546 | return 0; | 549 | return 0; |
| 547 | 550 | ||
| 548 | x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr, | 551 | x = xfrm_state_lookup(net, mark, (const xfrm_address_t *)&iph->daddr, |
| 549 | spi, protocol, AF_INET6); | 552 | spi, protocol, AF_INET6); |
| 550 | if (!x) | 553 | if (!x) |
| 551 | return 0; | 554 | return 0; |
| @@ -1097,7 +1100,6 @@ static int __init vti6_tunnel_init(void) | |||
| 1097 | 1100 | ||
| 1098 | err = xfrm6_protocol_register(&vti_esp6_protocol, IPPROTO_ESP); | 1101 | err = xfrm6_protocol_register(&vti_esp6_protocol, IPPROTO_ESP); |
| 1099 | if (err < 0) { | 1102 | if (err < 0) { |
| 1100 | unregister_pernet_device(&vti6_net_ops); | ||
| 1101 | pr_err("%s: can't register vti6 protocol\n", __func__); | 1103 | pr_err("%s: can't register vti6 protocol\n", __func__); |
| 1102 | 1104 | ||
| 1103 | goto out; | 1105 | goto out; |
| @@ -1106,7 +1108,6 @@ static int __init vti6_tunnel_init(void) | |||
| 1106 | err = xfrm6_protocol_register(&vti_ah6_protocol, IPPROTO_AH); | 1108 | err = xfrm6_protocol_register(&vti_ah6_protocol, IPPROTO_AH); |
| 1107 | if (err < 0) { | 1109 | if (err < 0) { |
| 1108 | xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP); | 1110 | xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP); |
| 1109 | unregister_pernet_device(&vti6_net_ops); | ||
| 1110 | pr_err("%s: can't register vti6 protocol\n", __func__); | 1111 | pr_err("%s: can't register vti6 protocol\n", __func__); |
| 1111 | 1112 | ||
| 1112 | goto out; | 1113 | goto out; |
| @@ -1116,7 +1117,6 @@ static int __init vti6_tunnel_init(void) | |||
| 1116 | if (err < 0) { | 1117 | if (err < 0) { |
| 1117 | xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH); | 1118 | xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH); |
| 1118 | xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP); | 1119 | xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP); |
| 1119 | unregister_pernet_device(&vti6_net_ops); | ||
| 1120 | pr_err("%s: can't register vti6 protocol\n", __func__); | 1120 | pr_err("%s: can't register vti6 protocol\n", __func__); |
| 1121 | 1121 | ||
| 1122 | goto out; | 1122 | goto out; |
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index 19ef329bdbf8..b930d080c66f 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c | |||
| @@ -114,12 +114,6 @@ int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 114 | if (err) | 114 | if (err) |
| 115 | return err; | 115 | return err; |
| 116 | 116 | ||
| 117 | memset(IP6CB(skb), 0, sizeof(*IP6CB(skb))); | ||
| 118 | #ifdef CONFIG_NETFILTER | ||
| 119 | IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED; | ||
| 120 | #endif | ||
| 121 | |||
| 122 | skb->protocol = htons(ETH_P_IPV6); | ||
| 123 | skb->local_df = 1; | 117 | skb->local_df = 1; |
| 124 | 118 | ||
| 125 | return x->outer_mode->output2(x, skb); | 119 | return x->outer_mode->output2(x, skb); |
| @@ -128,11 +122,13 @@ EXPORT_SYMBOL(xfrm6_prepare_output); | |||
| 128 | 122 | ||
| 129 | int xfrm6_output_finish(struct sk_buff *skb) | 123 | int xfrm6_output_finish(struct sk_buff *skb) |
| 130 | { | 124 | { |
| 125 | memset(IP6CB(skb), 0, sizeof(*IP6CB(skb))); | ||
| 126 | skb->protocol = htons(ETH_P_IPV6); | ||
| 127 | |||
| 131 | #ifdef CONFIG_NETFILTER | 128 | #ifdef CONFIG_NETFILTER |
| 132 | IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED; | 129 | IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED; |
| 133 | #endif | 130 | #endif |
| 134 | 131 | ||
| 135 | skb->protocol = htons(ETH_P_IPV6); | ||
| 136 | return xfrm_output(skb); | 132 | return xfrm_output(skb); |
| 137 | } | 133 | } |
| 138 | 134 | ||
| @@ -142,6 +138,13 @@ static int __xfrm6_output(struct sk_buff *skb) | |||
| 142 | struct xfrm_state *x = dst->xfrm; | 138 | struct xfrm_state *x = dst->xfrm; |
| 143 | int mtu; | 139 | int mtu; |
| 144 | 140 | ||
| 141 | #ifdef CONFIG_NETFILTER | ||
| 142 | if (!x) { | ||
| 143 | IP6CB(skb)->flags |= IP6SKB_REROUTED; | ||
| 144 | return dst_output(skb); | ||
| 145 | } | ||
| 146 | #endif | ||
| 147 | |||
| 145 | if (skb->protocol == htons(ETH_P_IPV6)) | 148 | if (skb->protocol == htons(ETH_P_IPV6)) |
| 146 | mtu = ip6_skb_dst_mtu(skb); | 149 | mtu = ip6_skb_dst_mtu(skb); |
| 147 | else | 150 | else |
| @@ -165,6 +168,7 @@ static int __xfrm6_output(struct sk_buff *skb) | |||
| 165 | 168 | ||
| 166 | int xfrm6_output(struct sock *sk, struct sk_buff *skb) | 169 | int xfrm6_output(struct sock *sk, struct sk_buff *skb) |
| 167 | { | 170 | { |
| 168 | return NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, | 171 | return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, |
| 169 | skb_dst(skb)->dev, __xfrm6_output); | 172 | NULL, skb_dst(skb)->dev, __xfrm6_output, |
| 173 | !(IP6CB(skb)->flags & IP6SKB_REROUTED)); | ||
| 170 | } | 174 | } |
diff --git a/net/ipv6/xfrm6_protocol.c b/net/ipv6/xfrm6_protocol.c index 6ab989c486f7..54d13f8dbbae 100644 --- a/net/ipv6/xfrm6_protocol.c +++ b/net/ipv6/xfrm6_protocol.c | |||
| @@ -50,6 +50,10 @@ int xfrm6_rcv_cb(struct sk_buff *skb, u8 protocol, int err) | |||
| 50 | { | 50 | { |
| 51 | int ret; | 51 | int ret; |
| 52 | struct xfrm6_protocol *handler; | 52 | struct xfrm6_protocol *handler; |
| 53 | struct xfrm6_protocol __rcu **head = proto_handlers(protocol); | ||
| 54 | |||
| 55 | if (!head) | ||
| 56 | return 0; | ||
| 53 | 57 | ||
| 54 | for_each_protocol_rcu(*proto_handlers(protocol), handler) | 58 | for_each_protocol_rcu(*proto_handlers(protocol), handler) |
| 55 | if ((ret = handler->cb_handler(skb, err)) <= 0) | 59 | if ((ret = handler->cb_handler(skb, err)) <= 0) |
| @@ -184,10 +188,12 @@ int xfrm6_protocol_register(struct xfrm6_protocol *handler, | |||
| 184 | struct xfrm6_protocol __rcu **pprev; | 188 | struct xfrm6_protocol __rcu **pprev; |
| 185 | struct xfrm6_protocol *t; | 189 | struct xfrm6_protocol *t; |
| 186 | bool add_netproto = false; | 190 | bool add_netproto = false; |
| 187 | |||
| 188 | int ret = -EEXIST; | 191 | int ret = -EEXIST; |
| 189 | int priority = handler->priority; | 192 | int priority = handler->priority; |
| 190 | 193 | ||
| 194 | if (!proto_handlers(protocol) || !netproto(protocol)) | ||
| 195 | return -EINVAL; | ||
| 196 | |||
| 191 | mutex_lock(&xfrm6_protocol_mutex); | 197 | mutex_lock(&xfrm6_protocol_mutex); |
| 192 | 198 | ||
| 193 | if (!rcu_dereference_protected(*proto_handlers(protocol), | 199 | if (!rcu_dereference_protected(*proto_handlers(protocol), |
| @@ -230,6 +236,9 @@ int xfrm6_protocol_deregister(struct xfrm6_protocol *handler, | |||
| 230 | struct xfrm6_protocol *t; | 236 | struct xfrm6_protocol *t; |
| 231 | int ret = -ENOENT; | 237 | int ret = -ENOENT; |
| 232 | 238 | ||
| 239 | if (!proto_handlers(protocol) || !netproto(protocol)) | ||
| 240 | return -EINVAL; | ||
| 241 | |||
| 233 | mutex_lock(&xfrm6_protocol_mutex); | 242 | mutex_lock(&xfrm6_protocol_mutex); |
| 234 | 243 | ||
| 235 | for (pprev = proto_handlers(protocol); | 244 | for (pprev = proto_handlers(protocol); |