Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

author David S. Miller <davem@davemloft.net>

Tue, 8 May 2018 03:51:30 +0000 (23:51 -0400)

committer David S. Miller <davem@davemloft.net>

Tue, 8 May 2018 03:51:30 +0000 (23:51 -0400)
author David S. Miller <davem@davemloft.net>
Tue, 8 May 2018 03:51:30 +0000 (23:51 -0400)
committer David S. Miller <davem@davemloft.net>
Tue, 8 May 2018 03:51:30 +0000 (23:51 -0400)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h

index a872379b69da4e8e03a2b07d98f0ef4ce45cdcf7..45e75c36b738bf647584db536c22eddd6dd439cc 100644 (file)
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -375,6 +375,7 @@ struct xfrm_input_afinfo {
  int xfrm_input_register_afinfo(const struct xfrm_input_afinfo *afinfo);
  int xfrm_input_unregister_afinfo(const struct xfrm_input_afinfo *afinfo);
  
+void xfrm_flush_gc(void);
  void xfrm_state_delete_tunnel(struct xfrm_state *x);
  
  struct xfrm_type {
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c

index c214ffec02f06f6dccfb9769fc8640e5e56da618..ca957dd93a2989431a8b97c49b0592471b18bd78 100644 (file)
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -669,7 +669,7 @@ static void vti6_link_config(struct ip6_tnl *t, bool keep_mtu)
         else
                 mtu = ETH_DATA_LEN - LL_MAX_HEADER - sizeof(struct ipv6hdr);
  
-       dev->mtu = max_t(int, mtu, IPV6_MIN_MTU);
+       dev->mtu = max_t(int, mtu, IPV4_MIN_MTU);
  }
  
  /**
@@ -881,7 +881,7 @@ static void vti6_dev_setup(struct net_device *dev)
         dev->priv_destructor = vti6_dev_free;
  
         dev->type = ARPHRD_TUNNEL6;
-       dev->min_mtu = IPV6_MIN_MTU;
+       dev->min_mtu = IPV4_MIN_MTU;
         dev->max_mtu = IP_MAX_MTU - sizeof(struct ipv6hdr);
         dev->flags |= IFF_NOARP;
         dev->addr_len = sizeof(struct in6_addr);
diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c

index f85f0d7480acf48074a7d53557c3c50ca59973cf..4a46df8441c9fabd96c1a10e1b74e8821760c6e4 100644 (file)
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -341,6 +341,9 @@ static void __net_exit xfrm6_tunnel_net_exit(struct net *net)
         struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net);
         unsigned int i;
  
+       xfrm_state_flush(net, IPSEC_PROTO_ANY, false);
+       xfrm_flush_gc();
+
         for (i = 0; i < XFRM6_TUNNEL_SPI_BYADDR_HSIZE; i++)
                 WARN_ON_ONCE(!hlist_empty(&xfrm6_tn->spi_byaddr[i]));
  
diff --git a/net/key/af_key.c b/net/key/af_key.c

index 7e2e7188e7f4a28aa45c26848364ab0c297161a2..e62e52e8f1415f711133a97c357ae3da570ab781 100644 (file)
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -437,6 +437,24 @@ static int verify_address_len(const void *p)
         return 0;
  }
  
+static inline int sadb_key_len(const struct sadb_key *key)
+{
+       int key_bytes = DIV_ROUND_UP(key->sadb_key_bits, 8);
+
+       return DIV_ROUND_UP(sizeof(struct sadb_key) + key_bytes,
+                           sizeof(uint64_t));
+}
+
+static int verify_key_len(const void *p)
+{
+       const struct sadb_key *key = p;
+
+       if (sadb_key_len(key) > key->sadb_key_len)
+               return -EINVAL;
+
+       return 0;
+}
+
  static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx)
  {
         return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
@@ -533,16 +551,25 @@ static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void *
                                 return -EINVAL;
                         if (ext_hdrs[ext_type-1] != NULL)
                                 return -EINVAL;
-                       if (ext_type == SADB_EXT_ADDRESS_SRC ||
-                           ext_type == SADB_EXT_ADDRESS_DST ||
-                           ext_type == SADB_EXT_ADDRESS_PROXY ||
-                           ext_type == SADB_X_EXT_NAT_T_OA) {
+                       switch (ext_type) {
+                       case SADB_EXT_ADDRESS_SRC:
+                       case SADB_EXT_ADDRESS_DST:
+                       case SADB_EXT_ADDRESS_PROXY:
+                       case SADB_X_EXT_NAT_T_OA:
                                 if (verify_address_len(p))
                                         return -EINVAL;
-                       }
-                       if (ext_type == SADB_X_EXT_SEC_CTX) {
+                               break;
+                       case SADB_X_EXT_SEC_CTX:
                                 if (verify_sec_ctx_len(p))
                                         return -EINVAL;
+                               break;
+                       case SADB_EXT_KEY_AUTH:
+                       case SADB_EXT_KEY_ENCRYPT:
+                               if (verify_key_len(p))
+                                       return -EINVAL;
+                               break;
+                       default:
+                               break;
                         }
                         ext_hdrs[ext_type-1] = (void *) p;
                 }
@@ -1104,14 +1131,12 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
         key = ext_hdrs[SADB_EXT_KEY_AUTH - 1];
         if (key != NULL &&
             sa->sadb_sa_auth != SADB_X_AALG_NULL &&
-           ((key->sadb_key_bits+7) / 8 == 0 ||
-            (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t)))
+           key->sadb_key_bits == 0)
                 return ERR_PTR(-EINVAL);
         key = ext_hdrs[SADB_EXT_KEY_ENCRYPT-1];
         if (key != NULL &&
             sa->sadb_sa_encrypt != SADB_EALG_NULL &&
-           ((key->sadb_key_bits+7) / 8 == 0 ||
-            (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t)))
+           key->sadb_key_bits == 0)
                 return ERR_PTR(-EINVAL);
  
         x = xfrm_state_alloc(net);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c

index f9d2f2233f09531697b35209fe86754d23971e3f..6c177ae7a6d92ff90966fe9895b4a9b69cc892ae 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2175,6 +2175,12 @@ struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
         return afinfo;
  }
  
+void xfrm_flush_gc(void)
+{
+       flush_work(&xfrm_state_gc_work);
+}
+EXPORT_SYMBOL(xfrm_flush_gc);
+
  /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
  void xfrm_state_delete_tunnel(struct xfrm_state *x)
  {
author	David S. Miller <davem@davemloft.net>
	Tue, 8 May 2018 03:51:30 +0000 (23:51 -0400)
committer	David S. Miller <davem@davemloft.net>
	Tue, 8 May 2018 03:51:30 +0000 (23:51 -0400)
include/net/xfrm.h		patch \| blob \| history
net/ipv6/ip6_vti.c		patch \| blob \| history
net/ipv6/xfrm6_tunnel.c		patch \| blob \| history
net/key/af_key.c		patch \| blob \| history
net/xfrm/xfrm_state.c		patch \| blob \| history