aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2013-11-02 02:13:48 -0400
committerDavid S. Miller <davem@davemloft.net>2013-11-02 02:13:48 -0400
commit296c10639a33941d0090afa17b7535fcbf81d97a (patch)
treef85819ef71b07bcf004c7971fa66c9f68a45bd74 /net
parente139862eeec985d7139b11b09deeb9a32e3f3af2 (diff)
parent1c5ad13f7c2b2afe30e43858d04fff979dc9d243 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Conflicts: net/xfrm/xfrm_policy.c Minor merge conflict in xfrm_policy.c, consisting of overlapping changes which were trivial to resolve. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/esp4.c49
-rw-r--r--net/ipv6/esp6.c48
-rw-r--r--net/xfrm/xfrm_ipcomp.c6
-rw-r--r--net/xfrm/xfrm_policy.c7
4 files changed, 41 insertions, 69 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 109ee89f123e..7785b28061ac 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -121,7 +121,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
121 struct aead_givcrypt_request *req; 121 struct aead_givcrypt_request *req;
122 struct scatterlist *sg; 122 struct scatterlist *sg;
123 struct scatterlist *asg; 123 struct scatterlist *asg;
124 struct esp_data *esp;
125 struct sk_buff *trailer; 124 struct sk_buff *trailer;
126 void *tmp; 125 void *tmp;
127 u8 *iv; 126 u8 *iv;
@@ -139,8 +138,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
139 138
140 /* skb is pure payload to encrypt */ 139 /* skb is pure payload to encrypt */
141 140
142 esp = x->data; 141 aead = x->data;
143 aead = esp->aead;
144 alen = crypto_aead_authsize(aead); 142 alen = crypto_aead_authsize(aead);
145 143
146 tfclen = 0; 144 tfclen = 0;
@@ -154,8 +152,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
154 } 152 }
155 blksize = ALIGN(crypto_aead_blocksize(aead), 4); 153 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
156 clen = ALIGN(skb->len + 2 + tfclen, blksize); 154 clen = ALIGN(skb->len + 2 + tfclen, blksize);
157 if (esp->padlen)
158 clen = ALIGN(clen, esp->padlen);
159 plen = clen - skb->len - tfclen; 155 plen = clen - skb->len - tfclen;
160 156
161 err = skb_cow_data(skb, tfclen + plen + alen, &trailer); 157 err = skb_cow_data(skb, tfclen + plen + alen, &trailer);
@@ -280,8 +276,7 @@ static int esp_input_done2(struct sk_buff *skb, int err)
280{ 276{
281 const struct iphdr *iph; 277 const struct iphdr *iph;
282 struct xfrm_state *x = xfrm_input_state(skb); 278 struct xfrm_state *x = xfrm_input_state(skb);
283 struct esp_data *esp = x->data; 279 struct crypto_aead *aead = x->data;
284 struct crypto_aead *aead = esp->aead;
285 int alen = crypto_aead_authsize(aead); 280 int alen = crypto_aead_authsize(aead);
286 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); 281 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
287 int elen = skb->len - hlen; 282 int elen = skb->len - hlen;
@@ -376,8 +371,7 @@ static void esp_input_done(struct crypto_async_request *base, int err)
376static int esp_input(struct xfrm_state *x, struct sk_buff *skb) 371static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
377{ 372{
378 struct ip_esp_hdr *esph; 373 struct ip_esp_hdr *esph;
379 struct esp_data *esp = x->data; 374 struct crypto_aead *aead = x->data;
380 struct crypto_aead *aead = esp->aead;
381 struct aead_request *req; 375 struct aead_request *req;
382 struct sk_buff *trailer; 376 struct sk_buff *trailer;
383 int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead); 377 int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead);
@@ -459,9 +453,8 @@ out:
459 453
460static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) 454static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
461{ 455{
462 struct esp_data *esp = x->data; 456 struct crypto_aead *aead = x->data;
463 u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); 457 u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
464 u32 align = max_t(u32, blksize, esp->padlen);
465 unsigned int net_adj; 458 unsigned int net_adj;
466 459
467 switch (x->props.mode) { 460 switch (x->props.mode) {
@@ -476,8 +469,8 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
476 BUG(); 469 BUG();
477 } 470 }
478 471
479 return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - 472 return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
480 net_adj) & ~(align - 1)) + net_adj - 2; 473 net_adj) & ~(blksize - 1)) + net_adj - 2;
481} 474}
482 475
483static void esp4_err(struct sk_buff *skb, u32 info) 476static void esp4_err(struct sk_buff *skb, u32 info)
@@ -511,18 +504,16 @@ static void esp4_err(struct sk_buff *skb, u32 info)
511 504
512static void esp_destroy(struct xfrm_state *x) 505static void esp_destroy(struct xfrm_state *x)
513{ 506{
514 struct esp_data *esp = x->data; 507 struct crypto_aead *aead = x->data;
515 508
516 if (!esp) 509 if (!aead)
517 return; 510 return;
518 511
519 crypto_free_aead(esp->aead); 512 crypto_free_aead(aead);
520 kfree(esp);
521} 513}
522 514
523static int esp_init_aead(struct xfrm_state *x) 515static int esp_init_aead(struct xfrm_state *x)
524{ 516{
525 struct esp_data *esp = x->data;
526 struct crypto_aead *aead; 517 struct crypto_aead *aead;
527 int err; 518 int err;
528 519
@@ -531,7 +522,7 @@ static int esp_init_aead(struct xfrm_state *x)
531 if (IS_ERR(aead)) 522 if (IS_ERR(aead))
532 goto error; 523 goto error;
533 524
534 esp->aead = aead; 525 x->data = aead;
535 526
536 err = crypto_aead_setkey(aead, x->aead->alg_key, 527 err = crypto_aead_setkey(aead, x->aead->alg_key,
537 (x->aead->alg_key_len + 7) / 8); 528 (x->aead->alg_key_len + 7) / 8);
@@ -548,7 +539,6 @@ error:
548 539
549static int esp_init_authenc(struct xfrm_state *x) 540static int esp_init_authenc(struct xfrm_state *x)
550{ 541{
551 struct esp_data *esp = x->data;
552 struct crypto_aead *aead; 542 struct crypto_aead *aead;
553 struct crypto_authenc_key_param *param; 543 struct crypto_authenc_key_param *param;
554 struct rtattr *rta; 544 struct rtattr *rta;
@@ -583,7 +573,7 @@ static int esp_init_authenc(struct xfrm_state *x)
583 if (IS_ERR(aead)) 573 if (IS_ERR(aead))
584 goto error; 574 goto error;
585 575
586 esp->aead = aead; 576 x->data = aead;
587 577
588 keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) + 578 keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
589 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param)); 579 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
@@ -638,16 +628,11 @@ error:
638 628
639static int esp_init_state(struct xfrm_state *x) 629static int esp_init_state(struct xfrm_state *x)
640{ 630{
641 struct esp_data *esp;
642 struct crypto_aead *aead; 631 struct crypto_aead *aead;
643 u32 align; 632 u32 align;
644 int err; 633 int err;
645 634
646 esp = kzalloc(sizeof(*esp), GFP_KERNEL); 635 x->data = NULL;
647 if (esp == NULL)
648 return -ENOMEM;
649
650 x->data = esp;
651 636
652 if (x->aead) 637 if (x->aead)
653 err = esp_init_aead(x); 638 err = esp_init_aead(x);
@@ -657,9 +642,7 @@ static int esp_init_state(struct xfrm_state *x)
657 if (err) 642 if (err)
658 goto error; 643 goto error;
659 644
660 aead = esp->aead; 645 aead = x->data;
661
662 esp->padlen = 0;
663 646
664 x->props.header_len = sizeof(struct ip_esp_hdr) + 647 x->props.header_len = sizeof(struct ip_esp_hdr) +
665 crypto_aead_ivsize(aead); 648 crypto_aead_ivsize(aead);
@@ -683,9 +666,7 @@ static int esp_init_state(struct xfrm_state *x)
683 } 666 }
684 667
685 align = ALIGN(crypto_aead_blocksize(aead), 4); 668 align = ALIGN(crypto_aead_blocksize(aead), 4);
686 if (esp->padlen) 669 x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
687 align = max_t(u32, align, esp->padlen);
688 x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead);
689 670
690error: 671error:
691 return err; 672 return err;
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index e67e63f9858d..b8719df0366e 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -164,10 +164,9 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
164 u8 *iv; 164 u8 *iv;
165 u8 *tail; 165 u8 *tail;
166 __be32 *seqhi; 166 __be32 *seqhi;
167 struct esp_data *esp = x->data;
168 167
169 /* skb is pure payload to encrypt */ 168 /* skb is pure payload to encrypt */
170 aead = esp->aead; 169 aead = x->data;
171 alen = crypto_aead_authsize(aead); 170 alen = crypto_aead_authsize(aead);
172 171
173 tfclen = 0; 172 tfclen = 0;
@@ -181,8 +180,6 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
181 } 180 }
182 blksize = ALIGN(crypto_aead_blocksize(aead), 4); 181 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
183 clen = ALIGN(skb->len + 2 + tfclen, blksize); 182 clen = ALIGN(skb->len + 2 + tfclen, blksize);
184 if (esp->padlen)
185 clen = ALIGN(clen, esp->padlen);
186 plen = clen - skb->len - tfclen; 183 plen = clen - skb->len - tfclen;
187 184
188 err = skb_cow_data(skb, tfclen + plen + alen, &trailer); 185 err = skb_cow_data(skb, tfclen + plen + alen, &trailer);
@@ -271,8 +268,7 @@ error:
271static int esp_input_done2(struct sk_buff *skb, int err) 268static int esp_input_done2(struct sk_buff *skb, int err)
272{ 269{
273 struct xfrm_state *x = xfrm_input_state(skb); 270 struct xfrm_state *x = xfrm_input_state(skb);
274 struct esp_data *esp = x->data; 271 struct crypto_aead *aead = x->data;
275 struct crypto_aead *aead = esp->aead;
276 int alen = crypto_aead_authsize(aead); 272 int alen = crypto_aead_authsize(aead);
277 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); 273 int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
278 int elen = skb->len - hlen; 274 int elen = skb->len - hlen;
@@ -325,8 +321,7 @@ static void esp_input_done(struct crypto_async_request *base, int err)
325static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) 321static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
326{ 322{
327 struct ip_esp_hdr *esph; 323 struct ip_esp_hdr *esph;
328 struct esp_data *esp = x->data; 324 struct crypto_aead *aead = x->data;
329 struct crypto_aead *aead = esp->aead;
330 struct aead_request *req; 325 struct aead_request *req;
331 struct sk_buff *trailer; 326 struct sk_buff *trailer;
332 int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead); 327 int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead);
@@ -414,9 +409,8 @@ out:
414 409
415static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) 410static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
416{ 411{
417 struct esp_data *esp = x->data; 412 struct crypto_aead *aead = x->data;
418 u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); 413 u32 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
419 u32 align = max_t(u32, blksize, esp->padlen);
420 unsigned int net_adj; 414 unsigned int net_adj;
421 415
422 if (x->props.mode != XFRM_MODE_TUNNEL) 416 if (x->props.mode != XFRM_MODE_TUNNEL)
@@ -424,8 +418,8 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
424 else 418 else
425 net_adj = 0; 419 net_adj = 0;
426 420
427 return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - 421 return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
428 net_adj) & ~(align - 1)) + net_adj - 2; 422 net_adj) & ~(blksize - 1)) + net_adj - 2;
429} 423}
430 424
431static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 425static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
@@ -454,18 +448,16 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
454 448
455static void esp6_destroy(struct xfrm_state *x) 449static void esp6_destroy(struct xfrm_state *x)
456{ 450{
457 struct esp_data *esp = x->data; 451 struct crypto_aead *aead = x->data;
458 452
459 if (!esp) 453 if (!aead)
460 return; 454 return;
461 455
462 crypto_free_aead(esp->aead); 456 crypto_free_aead(aead);
463 kfree(esp);
464} 457}
465 458
466static int esp_init_aead(struct xfrm_state *x) 459static int esp_init_aead(struct xfrm_state *x)
467{ 460{
468 struct esp_data *esp = x->data;
469 struct crypto_aead *aead; 461 struct crypto_aead *aead;
470 int err; 462 int err;
471 463
@@ -474,7 +466,7 @@ static int esp_init_aead(struct xfrm_state *x)
474 if (IS_ERR(aead)) 466 if (IS_ERR(aead))
475 goto error; 467 goto error;
476 468
477 esp->aead = aead; 469 x->data = aead;
478 470
479 err = crypto_aead_setkey(aead, x->aead->alg_key, 471 err = crypto_aead_setkey(aead, x->aead->alg_key,
480 (x->aead->alg_key_len + 7) / 8); 472 (x->aead->alg_key_len + 7) / 8);
@@ -491,7 +483,6 @@ error:
491 483
492static int esp_init_authenc(struct xfrm_state *x) 484static int esp_init_authenc(struct xfrm_state *x)
493{ 485{
494 struct esp_data *esp = x->data;
495 struct crypto_aead *aead; 486 struct crypto_aead *aead;
496 struct crypto_authenc_key_param *param; 487 struct crypto_authenc_key_param *param;
497 struct rtattr *rta; 488 struct rtattr *rta;
@@ -526,7 +517,7 @@ static int esp_init_authenc(struct xfrm_state *x)
526 if (IS_ERR(aead)) 517 if (IS_ERR(aead))
527 goto error; 518 goto error;
528 519
529 esp->aead = aead; 520 x->data = aead;
530 521
531 keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) + 522 keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
532 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param)); 523 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
@@ -581,7 +572,6 @@ error:
581 572
582static int esp6_init_state(struct xfrm_state *x) 573static int esp6_init_state(struct xfrm_state *x)
583{ 574{
584 struct esp_data *esp;
585 struct crypto_aead *aead; 575 struct crypto_aead *aead;
586 u32 align; 576 u32 align;
587 int err; 577 int err;
@@ -589,11 +579,7 @@ static int esp6_init_state(struct xfrm_state *x)
589 if (x->encap) 579 if (x->encap)
590 return -EINVAL; 580 return -EINVAL;
591 581
592 esp = kzalloc(sizeof(*esp), GFP_KERNEL); 582 x->data = NULL;
593 if (esp == NULL)
594 return -ENOMEM;
595
596 x->data = esp;
597 583
598 if (x->aead) 584 if (x->aead)
599 err = esp_init_aead(x); 585 err = esp_init_aead(x);
@@ -603,9 +589,7 @@ static int esp6_init_state(struct xfrm_state *x)
603 if (err) 589 if (err)
604 goto error; 590 goto error;
605 591
606 aead = esp->aead; 592 aead = x->data;
607
608 esp->padlen = 0;
609 593
610 x->props.header_len = sizeof(struct ip_esp_hdr) + 594 x->props.header_len = sizeof(struct ip_esp_hdr) +
611 crypto_aead_ivsize(aead); 595 crypto_aead_ivsize(aead);
@@ -625,9 +609,7 @@ static int esp6_init_state(struct xfrm_state *x)
625 } 609 }
626 610
627 align = ALIGN(crypto_aead_blocksize(aead), 4); 611 align = ALIGN(crypto_aead_blocksize(aead), 4);
628 if (esp->padlen) 612 x->props.trailer_len = align + 1 + crypto_aead_authsize(aead);
629 align = max_t(u32, align, esp->padlen);
630 x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead);
631 613
632error: 614error:
633 return err; 615 return err;
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
index 2906d520eea7..b943c7fc5ed2 100644
--- a/net/xfrm/xfrm_ipcomp.c
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -220,8 +220,8 @@ static void ipcomp_free_scratches(void)
220 220
221static void * __percpu *ipcomp_alloc_scratches(void) 221static void * __percpu *ipcomp_alloc_scratches(void)
222{ 222{
223 int i;
224 void * __percpu *scratches; 223 void * __percpu *scratches;
224 int i;
225 225
226 if (ipcomp_scratch_users++) 226 if (ipcomp_scratch_users++)
227 return ipcomp_scratches; 227 return ipcomp_scratches;
@@ -233,7 +233,9 @@ static void * __percpu *ipcomp_alloc_scratches(void)
233 ipcomp_scratches = scratches; 233 ipcomp_scratches = scratches;
234 234
235 for_each_possible_cpu(i) { 235 for_each_possible_cpu(i) {
236 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE); 236 void *scratch;
237
238 scratch = vmalloc_node(IPCOMP_SCRATCH_SIZE, cpu_to_node(i));
237 if (!scratch) 239 if (!scratch)
238 return NULL; 240 return NULL;
239 *per_cpu_ptr(scratches, i) = scratch; 241 *per_cpu_ptr(scratches, i) = scratch;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 76e1873811d4..9a91f7431c41 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1844,6 +1844,13 @@ static int xdst_queue_output(struct sk_buff *skb)
1844 struct xfrm_dst *xdst = (struct xfrm_dst *) dst; 1844 struct xfrm_dst *xdst = (struct xfrm_dst *) dst;
1845 struct xfrm_policy *pol = xdst->pols[0]; 1845 struct xfrm_policy *pol = xdst->pols[0];
1846 struct xfrm_policy_queue *pq = &pol->polq; 1846 struct xfrm_policy_queue *pq = &pol->polq;
1847 const struct sk_buff *fclone = skb + 1;
1848
1849 if (unlikely(skb->fclone == SKB_FCLONE_ORIG &&
1850 fclone->fclone == SKB_FCLONE_CLONE)) {
1851 kfree_skb(skb);
1852 return 0;
1853 }
1847 1854
1848 if (pq->hold_queue.qlen > XFRM_MAX_QUEUE_LEN) { 1855 if (pq->hold_queue.qlen > XFRM_MAX_QUEUE_LEN) {
1849 kfree_skb(skb); 1856 kfree_skb(skb);
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-31 12:20:28 -0400