[v2,1/6] xfrm/compat: Add 64=>32-bit messages translator

Message ID	20200826014949.644441-2-dima@arista.com
State	Awaiting Upstream
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Dmitry Safonov <dima@arista.com> To: linux-kernel@vger.kernel.org Cc: Dmitry Safonov <0x7f454c46@gmail.com>, Dmitry Safonov <dima@arista.com>, "David S. Miller" <davem@davemloft.net>, Florian Westphal <fw@strlen.de>, Herbert Xu <herbert@gondor.apana.org.au>, Jakub Kicinski <kuba@kernel.org>, Steffen Klassert <steffen.klassert@secunet.com>, Stephen Suryaputra <ssuryaextr@gmail.com>, netdev@vger.kernel.org Subject: [PATCH v2 1/6] xfrm/compat: Add 64=>32-bit messages translator Date: Wed, 26 Aug 2020 02:49:44 +0100 Message-Id: <20200826014949.644441-2-dima@arista.com> In-Reply-To: <20200826014949.644441-1-dima@arista.com> References: <20200826014949.644441-1-dima@arista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	xfrm: Add compat layer \| expand [v2,0/6] xfrm: Add compat layer [v2,1/6] xfrm/compat: Add 64=>32-bit messages translator [v2,2/6] xfrm/compat: Attach xfrm dumps to 64=>32 bit translator [v2,3/6] netlink/compat: Append NLMSG_DONE/extack to frag_list [v2,4/6] xfrm/compat: Add 32=>64-bit messages translator [v2,5/6] xfrm/compat: Translate 32-bit user_policy from sockptr [v2,6/6] selftest/net/xfrm: Add test for ipsec tunnel

Message ID

20200826014949.644441-2-dima@arista.com

State

Awaiting Upstream

Delegated to:

David Miller

Headers

From: Dmitry Safonov <dima@arista.com>
To: linux-kernel@vger.kernel.org
Cc: Dmitry Safonov <0x7f454c46@gmail.com>,
        Dmitry Safonov <dima@arista.com>,
        "David S. Miller" <davem@davemloft.net>,
        Florian Westphal <fw@strlen.de>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Jakub Kicinski <kuba@kernel.org>,
        Steffen Klassert <steffen.klassert@secunet.com>,
        Stephen Suryaputra <ssuryaextr@gmail.com>,
        netdev@vger.kernel.org
Subject: [PATCH v2 1/6] xfrm/compat: Add 64=>32-bit messages translator
Date: Wed, 26 Aug 2020 02:49:44 +0100
Message-Id: <20200826014949.644441-2-dima@arista.com>
In-Reply-To: <20200826014949.644441-1-dima@arista.com>
References: <20200826014949.644441-1-dima@arista.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

xfrm: Add compat layer | expand

Commit Message

Dmitry Safonov Aug. 26, 2020, 1:49 a.m. UTC

XFRM is disabled for compatible users because of the UABI difference.
The difference is in structures paddings and in the result the size
of netlink messages differ.

Possibility for compatible application to manage xfrm tunnels was
disabled by: the commmit 19d7df69fdb2 ("xfrm: Refuse to insert 32 bit
userspace socket policies on 64 bit systems") and the commit 74005991b78a
("xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host").

This is my second attempt to resolve the xfrm/compat problem by adding
the 64=>32 and 32=>64 bit translators those non-visibly to a user
provide translation between compatible user and kernel.
Previous attempt was to interrupt the message ABI according to a syscall
by xfrm_user, which resulted in over-complicated code [1].

Florian Westphal provided the idea of translator and some draft patches
in the discussion. In these patches, his idea is reused and some of his
initial code is also present.

Provide the kernel-to-user translator under XFRM_USER_COMPAT, that
creates for 64-bit xfrm-user message a 32-bit translation and puts it
in skb's frag_list. net/compat.c layer provides MSG_CMSG_COMPAT to
decide if the message should be taken from skb or frag_list.
(used by wext-core which has also an ABI difference)

Kernel sends 64-bit xfrm messages to the userspace for:
- multicast (monitor events)
- netlink dumps

Wire up the translator to xfrm_nlmsg_multicast().

[1]: https://lkml.kernel.org/r/20180726023144.31066-1-dima@arista.com
Signed-off-by: Dmitry Safonov <dima@arista.com>
---
 include/net/xfrm.h     |  10 ++
 net/xfrm/Kconfig       |  10 ++
 net/xfrm/Makefile      |   1 +
 net/xfrm/xfrm_compat.c | 302 +++++++++++++++++++++++++++++++++++++++++
 net/xfrm/xfrm_user.c   |   9 +-
 5 files changed, 331 insertions(+), 1 deletion(-)
 create mode 100644 net/xfrm/xfrm_compat.c

Comments

kernel test robot Aug. 26, 2020, 4:03 a.m. UTC | #1

Hi Dmitry,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on ipsec/master]
[also build test ERROR on kselftest/next linus/master v5.9-rc2 next-20200825]
[cannot apply to ipsec-next/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Dmitry-Safonov/xfrm-Add-compat-layer/20200826-095240
base:   https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master
config: x86_64-allmodconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce (this is a W=1 build):
        # save the attached .config to linux build tree
        make W=1 ARCH=x86_64 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   net/xfrm/xfrm_compat.c: In function 'xfrm_nlmsg_put_compat':
>> net/xfrm/xfrm_compat.c:103:16: error: 'xfrm_msg_min' undeclared (first use in this function); did you mean 'xfrm_alg_len'?
     103 |  int src_len = xfrm_msg_min[type];
         |                ^~~~~~~~~~~~
         |                xfrm_alg_len
   net/xfrm/xfrm_compat.c:103:16: note: each undeclared identifier is reported only once for each function it appears in
   net/xfrm/xfrm_compat.c: In function 'xfrm_xlate64':
   net/xfrm/xfrm_compat.c:260:34: error: 'xfrm_msg_min' undeclared (first use in this function); did you mean 'xfrm_alg_len'?
     260 |  attrs = nlmsg_attrdata(nlh_src, xfrm_msg_min[type]);
         |                                  ^~~~~~~~~~~~
         |                                  xfrm_alg_len
   net/xfrm/xfrm_compat.c: At top level:
>> net/xfrm/xfrm_compat.c:275:5: error: redefinition of 'xfrm_alloc_compat'
     275 | int xfrm_alloc_compat(struct sk_buff *skb)
         |     ^~~~~~~~~~~~~~~~~
   In file included from net/xfrm/xfrm_compat.c:9:
   include/net/xfrm.h:2007:19: note: previous definition of 'xfrm_alloc_compat' was here
    2007 | static inline int xfrm_alloc_compat(struct sk_buff *skb)
         |                   ^~~~~~~~~~~~~~~~~
   In file included from arch/x86/include/asm/bug.h:93,
                    from include/linux/bug.h:5,
                    from include/linux/thread_info.h:12,
                    from arch/x86/include/asm/preempt.h:7,
                    from include/linux/preempt.h:78,
                    from include/linux/spinlock.h:51,
                    from include/linux/seqlock.h:15,
                    from include/linux/time.h:6,
                    from include/linux/compat.h:10,
                    from net/xfrm/xfrm_compat.c:7:
   net/xfrm/xfrm_compat.c: In function 'xfrm_alloc_compat':
   net/xfrm/xfrm_compat.c:282:38: error: 'xfrm_msg_min' undeclared (first use in this function); did you mean 'xfrm_alg_len'?
     282 |  if (WARN_ON_ONCE(type >= ARRAY_SIZE(xfrm_msg_min)))
         |                                      ^~~~~~~~~~~~
   include/asm-generic/bug.h:102:25: note: in definition of macro 'WARN_ON_ONCE'
     102 |  int __ret_warn_on = !!(condition);   \
         |                         ^~~~~~~~~
   net/xfrm/xfrm_compat.c:282:27: note: in expansion of macro 'ARRAY_SIZE'
     282 |  if (WARN_ON_ONCE(type >= ARRAY_SIZE(xfrm_msg_min)))
         |                           ^~~~~~~~~~
>> include/linux/build_bug.h:16:51: error: bit-field '<anonymous>' width not an integer constant
      16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
         |                                                   ^
   include/asm-generic/bug.h:102:25: note: in definition of macro 'WARN_ON_ONCE'
     102 |  int __ret_warn_on = !!(condition);   \
         |                         ^~~~~~~~~
   include/linux/compiler.h:224:28: note: in expansion of macro 'BUILD_BUG_ON_ZERO'
     224 | #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
         |                            ^~~~~~~~~~~~~~~~~
   include/linux/kernel.h:47:59: note: in expansion of macro '__must_be_array'
      47 | #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
         |                                                           ^~~~~~~~~~~~~~~
   net/xfrm/xfrm_compat.c:282:27: note: in expansion of macro 'ARRAY_SIZE'
     282 |  if (WARN_ON_ONCE(type >= ARRAY_SIZE(xfrm_msg_min)))
         |                           ^~~~~~~~~~

# https://github.com/0day-ci/linux/commit/fa198f6763bf103396e06e12549e1dc00941a3d0
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Dmitry-Safonov/xfrm-Add-compat-layer/20200826-095240
git checkout fa198f6763bf103396e06e12549e1dc00941a3d0
vim +103 net/xfrm/xfrm_compat.c

    98	
    99	static struct nlmsghdr *xfrm_nlmsg_put_compat(struct sk_buff *skb,
   100				const struct nlmsghdr *nlh_src, u16 type)
   101	{
   102		int payload = compat_msg_min[type];
 > 103		int src_len = xfrm_msg_min[type];
   104		struct nlmsghdr *nlh_dst;
   105	
   106		/* Compat messages are shorter or equal to native (+padding) */
   107		if (WARN_ON_ONCE(src_len < payload))
   108			return ERR_PTR(-EMSGSIZE);
   109	
   110		nlh_dst = nlmsg_put(skb, nlh_src->nlmsg_pid, nlh_src->nlmsg_seq,
   111				    nlh_src->nlmsg_type, payload, nlh_src->nlmsg_flags);
   112		if (!nlh_dst)
   113			return ERR_PTR(-EMSGSIZE);
   114	
   115		memset(nlmsg_data(nlh_dst), 0, payload);
   116	
   117		switch (nlh_src->nlmsg_type) {
   118		/* Compat message has the same layout as native */
   119		case XFRM_MSG_DELSA:
   120		case XFRM_MSG_DELPOLICY:
   121		case XFRM_MSG_FLUSHSA:
   122		case XFRM_MSG_FLUSHPOLICY:
   123		case XFRM_MSG_NEWAE:
   124		case XFRM_MSG_REPORT:
   125		case XFRM_MSG_MIGRATE:
   126		case XFRM_MSG_NEWSADINFO:
   127		case XFRM_MSG_NEWSPDINFO:
   128		case XFRM_MSG_MAPPING:
   129			WARN_ON_ONCE(src_len != payload);
   130			memcpy(nlmsg_data(nlh_dst), nlmsg_data(nlh_src), src_len);
   131			break;
   132		/* 4 byte alignment for trailing u64 on native, but not on compat */
   133		case XFRM_MSG_NEWSA:
   134		case XFRM_MSG_NEWPOLICY:
   135		case XFRM_MSG_UPDSA:
   136		case XFRM_MSG_UPDPOLICY:
   137			WARN_ON_ONCE(src_len != payload + 4);
   138			memcpy(nlmsg_data(nlh_dst), nlmsg_data(nlh_src), payload);
   139			break;
   140		case XFRM_MSG_EXPIRE: {
   141			const struct xfrm_user_expire *src_ue  = nlmsg_data(nlh_src);
   142			struct compat_xfrm_user_expire *dst_ue = nlmsg_data(nlh_dst);
   143	
   144			/* compat_xfrm_user_expire has 4-byte smaller state */
   145			memcpy(dst_ue, src_ue, sizeof(dst_ue->state));
   146			dst_ue->hard = src_ue->hard;
   147			break;
   148		}
   149		case XFRM_MSG_ACQUIRE: {
   150			const struct xfrm_user_acquire *src_ua  = nlmsg_data(nlh_src);
   151			struct compat_xfrm_user_acquire *dst_ua = nlmsg_data(nlh_dst);
   152	
   153			memcpy(dst_ua, src_ua, offsetof(struct compat_xfrm_user_acquire, aalgos));
   154			dst_ua->aalgos = src_ua->aalgos;
   155			dst_ua->ealgos = src_ua->ealgos;
   156			dst_ua->calgos = src_ua->calgos;
   157			dst_ua->seq    = src_ua->seq;
   158			break;
   159		}
   160		case XFRM_MSG_POLEXPIRE: {
   161			const struct xfrm_user_polexpire *src_upe  = nlmsg_data(nlh_src);
   162			struct compat_xfrm_user_polexpire *dst_upe = nlmsg_data(nlh_dst);
   163	
   164			/* compat_xfrm_user_polexpire has 4-byte smaller state */
   165			memcpy(dst_upe, src_upe, sizeof(dst_upe->pol));
   166			dst_upe->hard = src_upe->hard;
   167			break;
   168		}
   169		case XFRM_MSG_ALLOCSPI: {
   170			const struct xfrm_userspi_info *src_usi = nlmsg_data(nlh_src);
   171			struct compat_xfrm_userspi_info *dst_usi = nlmsg_data(nlh_dst);
   172	
   173			/* compat_xfrm_user_polexpire has 4-byte smaller state */
   174			memcpy(dst_usi, src_usi, sizeof(src_usi->info));
   175			dst_usi->min = src_usi->min;
   176			dst_usi->max = src_usi->max;
   177			break;
   178		}
   179		/* Not being sent by kernel */
   180		case XFRM_MSG_GETSA:
   181		case XFRM_MSG_GETPOLICY:
   182		case XFRM_MSG_GETAE:
   183		case XFRM_MSG_GETSADINFO:
   184		case XFRM_MSG_GETSPDINFO:
   185		default:
   186			WARN_ONCE(1, "unsupported nlmsg_type %d", nlh_src->nlmsg_type);
   187			return ERR_PTR(-EOPNOTSUPP);
   188		}
   189	
   190		return nlh_dst;
   191	}
   192	
   193	static int xfrm_nla_cpy(struct sk_buff *dst, const struct nlattr *src, int len)
   194	{
   195		return nla_put(dst, src->nla_type, len, nla_data(src));
   196	}
   197	
   198	static int xfrm_xlate64_attr(struct sk_buff *dst, const struct nlattr *src)
   199	{
   200		switch (src->nla_type) {
   201		case XFRMA_ALG_AUTH:
   202		case XFRMA_ALG_CRYPT:
   203		case XFRMA_ALG_COMP:
   204		case XFRMA_ENCAP:
   205		case XFRMA_TMPL:
   206			return xfrm_nla_cpy(dst, src, nla_len(src));
   207		case XFRMA_SA:
   208			return xfrm_nla_cpy(dst, src, XMSGSIZE(compat_xfrm_usersa_info));
   209		case XFRMA_POLICY:
   210			return xfrm_nla_cpy(dst, src, XMSGSIZE(compat_xfrm_userpolicy_info));
   211		case XFRMA_SEC_CTX:
   212			return xfrm_nla_cpy(dst, src, nla_len(src));
   213		case XFRMA_LTIME_VAL:
   214			return nla_put_64bit(dst, src->nla_type, nla_len(src),
   215				nla_data(src), XFRMA_PAD);
   216		case XFRMA_REPLAY_VAL:
   217		case XFRMA_REPLAY_THRESH:
   218		case XFRMA_ETIMER_THRESH:
   219		case XFRMA_SRCADDR:
   220		case XFRMA_COADDR:
   221			return xfrm_nla_cpy(dst, src, nla_len(src));
   222		case XFRMA_LASTUSED:
   223			return nla_put_64bit(dst, src->nla_type, nla_len(src),
   224				nla_data(src), XFRMA_PAD);
   225		case XFRMA_POLICY_TYPE:
   226		case XFRMA_MIGRATE:
   227		case XFRMA_ALG_AEAD:
   228		case XFRMA_KMADDRESS:
   229		case XFRMA_ALG_AUTH_TRUNC:
   230		case XFRMA_MARK:
   231		case XFRMA_TFCPAD:
   232		case XFRMA_REPLAY_ESN_VAL:
   233		case XFRMA_SA_EXTRA_FLAGS:
   234		case XFRMA_PROTO:
   235		case XFRMA_ADDRESS_FILTER:
   236		case XFRMA_OFFLOAD_DEV:
   237		case XFRMA_SET_MARK:
   238		case XFRMA_SET_MARK_MASK:
   239		case XFRMA_IF_ID:
   240			return xfrm_nla_cpy(dst, src, nla_len(src));
   241		default:
   242			BUILD_BUG_ON(XFRMA_MAX != XFRMA_IF_ID);
   243			WARN_ONCE(1, "unsupported nla_type %d", src->nla_type);
   244			return -EOPNOTSUPP;
   245		}
   246	}
   247	
   248	/* Take kernel-built (64bit layout) and create 32bit layout for userspace */
   249	static int xfrm_xlate64(struct sk_buff *dst, const struct nlmsghdr *nlh_src)
   250	{
   251		u16 type = nlh_src->nlmsg_type - XFRM_MSG_BASE;
   252		const struct nlattr *nla, *attrs;
   253		struct nlmsghdr *nlh_dst;
   254		int len, remaining;
   255	
   256		nlh_dst = xfrm_nlmsg_put_compat(dst, nlh_src, type);
   257		if (IS_ERR(nlh_dst))
   258			return PTR_ERR(nlh_dst);
   259	
   260		attrs = nlmsg_attrdata(nlh_src, xfrm_msg_min[type]);
   261		len = nlmsg_attrlen(nlh_src, xfrm_msg_min[type]);
   262	
   263		nla_for_each_attr(nla, attrs, len, remaining) {
   264			int err = xfrm_xlate64_attr(dst, nla);
   265	
   266			if (err)
   267				return err;
   268		}
   269	
   270		nlmsg_end(dst, nlh_dst);
   271	
   272		return 0;
   273	}
   274	
 > 275	int xfrm_alloc_compat(struct sk_buff *skb)

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Steffen Klassert Sept. 7, 2020, 11:24 a.m. UTC | #2

On Wed, Aug 26, 2020 at 02:49:44AM +0100, Dmitry Safonov wrote:
> XFRM is disabled for compatible users because of the UABI difference.
> The difference is in structures paddings and in the result the size
> of netlink messages differ.
> 
> Possibility for compatible application to manage xfrm tunnels was
> disabled by: the commmit 19d7df69fdb2 ("xfrm: Refuse to insert 32 bit
> userspace socket policies on 64 bit systems") and the commit 74005991b78a
> ("xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host").
> 
> This is my second attempt to resolve the xfrm/compat problem by adding
> the 64=>32 and 32=>64 bit translators those non-visibly to a user
> provide translation between compatible user and kernel.
> Previous attempt was to interrupt the message ABI according to a syscall
> by xfrm_user, which resulted in over-complicated code [1].
> 
> Florian Westphal provided the idea of translator and some draft patches
> in the discussion. In these patches, his idea is reused and some of his
> initial code is also present.

One comment on this. Looks like the above is the same in all
commit messages. Please provide that generic information
with the patch 0/n and remove it from the other patches.

Dmitry Safonov Sept. 7, 2020, 5:01 p.m. UTC | #3

On 9/7/20 12:24 PM, Steffen Klassert wrote:
[..]
> One comment on this. Looks like the above is the same in all
> commit messages. Please provide that generic information
> with the patch 0/n and remove it from the other patches.

Yeah, I think I've used to that from x86/core submissions - they prefer
having general information copied from cover-letter to every patch, that
way commits in `git log` or `git show` preserve it.
Probably, one of small differences in style between contributions to
different subsystems. Will do, no problem.

Thanks,
          Dmitry

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 2737d24ec244..9810b5090338 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -2000,6 +2000,16 @@  static inline int xfrm_tunnel_check(struct sk_buff *skb, struct xfrm_state *x,
 	return 0;
 }
 
+#ifdef CONFIG_XFRM_USER_COMPAT
+extern int xfrm_alloc_compat(struct sk_buff *skb);
+extern const int xfrm_msg_min[XFRM_NR_MSGTYPES];
+#else
+static inline int xfrm_alloc_compat(struct sk_buff *skb)
+{
+	return 0;
+}
+#endif
+
 #if IS_ENABLED(CONFIG_IPV6)
 static inline bool xfrm6_local_dontfrag(const struct sock *sk)
 {
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index 5b9a5ab48111..e79b48dab61b 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -28,6 +28,16 @@  config XFRM_USER
 
 	  If unsure, say Y.
 
+config XFRM_USER_COMPAT
+	tristate "Compatible ABI support"
+	depends on XFRM_USER && COMPAT_FOR_U64_ALIGNMENT
+	select WANT_COMPAT_NETLINK_MESSAGES
+	help
+	  Transformation(XFRM) user configuration interface like IPsec
+	  used by compatible Linux applications.
+
+	  If unsure, say N.
+
 config XFRM_INTERFACE
 	tristate "Transformation virtual interface"
 	depends on XFRM && IPV6
diff --git a/net/xfrm/Makefile b/net/xfrm/Makefile
index 2d4bb4b9f75e..494aa744bfb9 100644
--- a/net/xfrm/Makefile
+++ b/net/xfrm/Makefile
@@ -9,6 +9,7 @@  obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
 obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o
 obj-$(CONFIG_XFRM_ALGO) += xfrm_algo.o
 obj-$(CONFIG_XFRM_USER) += xfrm_user.o
+obj-$(CONFIG_XFRM_USER_COMPAT) += xfrm_compat.o
 obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o
 obj-$(CONFIG_XFRM_INTERFACE) += xfrm_interface.o
 obj-$(CONFIG_XFRM_ESPINTCP) += espintcp.o
diff --git a/net/xfrm/xfrm_compat.c b/net/xfrm/xfrm_compat.c
new file mode 100644
index 000000000000..b9eb65dde0db
--- /dev/null
+++ b/net/xfrm/xfrm_compat.c
@@ -0,0 +1,302 @@ 
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * XFRM compat layer
+ * Author: Dmitry Safonov <dima@arista.com>
+ * Based on code and translator idea by: Florian Westphal <fw@strlen.de>
+ */
+#include <linux/compat.h>
+#include <linux/xfrm.h>
+#include <net/xfrm.h>
+
+struct compat_xfrm_lifetime_cfg {
+	compat_u64 soft_byte_limit, hard_byte_limit;
+	compat_u64 soft_packet_limit, hard_packet_limit;
+	compat_u64 soft_add_expires_seconds, hard_add_expires_seconds;
+	compat_u64 soft_use_expires_seconds, hard_use_expires_seconds;
+}; /* same size on 32bit, but only 4 byte alignment required */
+
+struct compat_xfrm_lifetime_cur {
+	compat_u64 bytes, packets, add_time, use_time;
+}; /* same size on 32bit, but only 4 byte alignment required */
+
+struct compat_xfrm_userpolicy_info {
+	struct xfrm_selector sel;
+	struct compat_xfrm_lifetime_cfg lft;
+	struct compat_xfrm_lifetime_cur curlft;
+	__u32 priority, index;
+	u8 dir, action, flags, share;
+	/* 4 bytes additional padding on 64bit */
+};
+
+struct compat_xfrm_usersa_info {
+	struct xfrm_selector sel;
+	struct xfrm_id id;
+	xfrm_address_t saddr;
+	struct compat_xfrm_lifetime_cfg lft;
+	struct compat_xfrm_lifetime_cur curlft;
+	struct xfrm_stats stats;
+	__u32 seq, reqid;
+	u16 family;
+	u8 mode, replay_window, flags;
+	/* 4 bytes additional padding on 64bit */
+};
+
+struct compat_xfrm_user_acquire {
+	struct xfrm_id id;
+	xfrm_address_t saddr;
+	struct xfrm_selector sel;
+	struct compat_xfrm_userpolicy_info policy;
+	/* 4 bytes additional padding on 64bit */
+	__u32 aalgos, ealgos, calgos, seq;
+};
+
+struct compat_xfrm_userspi_info {
+	struct compat_xfrm_usersa_info info;
+	/* 4 bytes additional padding on 64bit */
+	__u32 min, max;
+};
+
+struct compat_xfrm_user_expire {
+	struct compat_xfrm_usersa_info state;
+	/* 8 bytes additional padding on 64bit */
+	u8 hard;
+};
+
+struct compat_xfrm_user_polexpire {
+	struct compat_xfrm_userpolicy_info pol;
+	/* 8 bytes additional padding on 64bit */
+	u8 hard;
+};
+
+#define XMSGSIZE(type) sizeof(struct type)
+
+static const int compat_msg_min[XFRM_NR_MSGTYPES] = {
+	[XFRM_MSG_NEWSA       - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_usersa_info),
+	[XFRM_MSG_DELSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
+	[XFRM_MSG_GETSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
+	[XFRM_MSG_NEWPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_userpolicy_info),
+	[XFRM_MSG_DELPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
+	[XFRM_MSG_GETPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
+	[XFRM_MSG_ALLOCSPI    - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_userspi_info),
+	[XFRM_MSG_ACQUIRE     - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_user_acquire),
+	[XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_user_expire),
+	[XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_userpolicy_info),
+	[XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_usersa_info),
+	[XFRM_MSG_POLEXPIRE   - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_user_polexpire),
+	[XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
+	[XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0,
+	[XFRM_MSG_NEWAE       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
+	[XFRM_MSG_GETAE       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
+	[XFRM_MSG_REPORT      - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report),
+	[XFRM_MSG_MIGRATE     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
+	[XFRM_MSG_NEWSADINFO  - XFRM_MSG_BASE] = sizeof(u32),
+	[XFRM_MSG_GETSADINFO  - XFRM_MSG_BASE] = sizeof(u32),
+	[XFRM_MSG_NEWSPDINFO  - XFRM_MSG_BASE] = sizeof(u32),
+	[XFRM_MSG_GETSPDINFO  - XFRM_MSG_BASE] = sizeof(u32),
+	[XFRM_MSG_MAPPING     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_mapping)
+};
+
+static struct nlmsghdr *xfrm_nlmsg_put_compat(struct sk_buff *skb,
+			const struct nlmsghdr *nlh_src, u16 type)
+{
+	int payload = compat_msg_min[type];
+	int src_len = xfrm_msg_min[type];
+	struct nlmsghdr *nlh_dst;
+
+	/* Compat messages are shorter or equal to native (+padding) */
+	if (WARN_ON_ONCE(src_len < payload))
+		return ERR_PTR(-EMSGSIZE);
+
+	nlh_dst = nlmsg_put(skb, nlh_src->nlmsg_pid, nlh_src->nlmsg_seq,
+			    nlh_src->nlmsg_type, payload, nlh_src->nlmsg_flags);
+	if (!nlh_dst)
+		return ERR_PTR(-EMSGSIZE);
+
+	memset(nlmsg_data(nlh_dst), 0, payload);
+
+	switch (nlh_src->nlmsg_type) {
+	/* Compat message has the same layout as native */
+	case XFRM_MSG_DELSA:
+	case XFRM_MSG_DELPOLICY:
+	case XFRM_MSG_FLUSHSA:
+	case XFRM_MSG_FLUSHPOLICY:
+	case XFRM_MSG_NEWAE:
+	case XFRM_MSG_REPORT:
+	case XFRM_MSG_MIGRATE:
+	case XFRM_MSG_NEWSADINFO:
+	case XFRM_MSG_NEWSPDINFO:
+	case XFRM_MSG_MAPPING:
+		WARN_ON_ONCE(src_len != payload);
+		memcpy(nlmsg_data(nlh_dst), nlmsg_data(nlh_src), src_len);
+		break;
+	/* 4 byte alignment for trailing u64 on native, but not on compat */
+	case XFRM_MSG_NEWSA:
+	case XFRM_MSG_NEWPOLICY:
+	case XFRM_MSG_UPDSA:
+	case XFRM_MSG_UPDPOLICY:
+		WARN_ON_ONCE(src_len != payload + 4);
+		memcpy(nlmsg_data(nlh_dst), nlmsg_data(nlh_src), payload);
+		break;
+	case XFRM_MSG_EXPIRE: {
+		const struct xfrm_user_expire *src_ue  = nlmsg_data(nlh_src);
+		struct compat_xfrm_user_expire *dst_ue = nlmsg_data(nlh_dst);
+
+		/* compat_xfrm_user_expire has 4-byte smaller state */
+		memcpy(dst_ue, src_ue, sizeof(dst_ue->state));
+		dst_ue->hard = src_ue->hard;
+		break;
+	}
+	case XFRM_MSG_ACQUIRE: {
+		const struct xfrm_user_acquire *src_ua  = nlmsg_data(nlh_src);
+		struct compat_xfrm_user_acquire *dst_ua = nlmsg_data(nlh_dst);
+
+		memcpy(dst_ua, src_ua, offsetof(struct compat_xfrm_user_acquire, aalgos));
+		dst_ua->aalgos = src_ua->aalgos;
+		dst_ua->ealgos = src_ua->ealgos;
+		dst_ua->calgos = src_ua->calgos;
+		dst_ua->seq    = src_ua->seq;
+		break;
+	}
+	case XFRM_MSG_POLEXPIRE: {
+		const struct xfrm_user_polexpire *src_upe  = nlmsg_data(nlh_src);
+		struct compat_xfrm_user_polexpire *dst_upe = nlmsg_data(nlh_dst);
+
+		/* compat_xfrm_user_polexpire has 4-byte smaller state */
+		memcpy(dst_upe, src_upe, sizeof(dst_upe->pol));
+		dst_upe->hard = src_upe->hard;
+		break;
+	}
+	case XFRM_MSG_ALLOCSPI: {
+		const struct xfrm_userspi_info *src_usi = nlmsg_data(nlh_src);
+		struct compat_xfrm_userspi_info *dst_usi = nlmsg_data(nlh_dst);
+
+		/* compat_xfrm_user_polexpire has 4-byte smaller state */
+		memcpy(dst_usi, src_usi, sizeof(src_usi->info));
+		dst_usi->min = src_usi->min;
+		dst_usi->max = src_usi->max;
+		break;
+	}
+	/* Not being sent by kernel */
+	case XFRM_MSG_GETSA:
+	case XFRM_MSG_GETPOLICY:
+	case XFRM_MSG_GETAE:
+	case XFRM_MSG_GETSADINFO:
+	case XFRM_MSG_GETSPDINFO:
+	default:
+		WARN_ONCE(1, "unsupported nlmsg_type %d", nlh_src->nlmsg_type);
+		return ERR_PTR(-EOPNOTSUPP);
+	}
+
+	return nlh_dst;
+}
+
+static int xfrm_nla_cpy(struct sk_buff *dst, const struct nlattr *src, int len)
+{
+	return nla_put(dst, src->nla_type, len, nla_data(src));
+}
+
+static int xfrm_xlate64_attr(struct sk_buff *dst, const struct nlattr *src)
+{
+	switch (src->nla_type) {
+	case XFRMA_ALG_AUTH:
+	case XFRMA_ALG_CRYPT:
+	case XFRMA_ALG_COMP:
+	case XFRMA_ENCAP:
+	case XFRMA_TMPL:
+		return xfrm_nla_cpy(dst, src, nla_len(src));
+	case XFRMA_SA:
+		return xfrm_nla_cpy(dst, src, XMSGSIZE(compat_xfrm_usersa_info));
+	case XFRMA_POLICY:
+		return xfrm_nla_cpy(dst, src, XMSGSIZE(compat_xfrm_userpolicy_info));
+	case XFRMA_SEC_CTX:
+		return xfrm_nla_cpy(dst, src, nla_len(src));
+	case XFRMA_LTIME_VAL:
+		return nla_put_64bit(dst, src->nla_type, nla_len(src),
+			nla_data(src), XFRMA_PAD);
+	case XFRMA_REPLAY_VAL:
+	case XFRMA_REPLAY_THRESH:
+	case XFRMA_ETIMER_THRESH:
+	case XFRMA_SRCADDR:
+	case XFRMA_COADDR:
+		return xfrm_nla_cpy(dst, src, nla_len(src));
+	case XFRMA_LASTUSED:
+		return nla_put_64bit(dst, src->nla_type, nla_len(src),
+			nla_data(src), XFRMA_PAD);
+	case XFRMA_POLICY_TYPE:
+	case XFRMA_MIGRATE:
+	case XFRMA_ALG_AEAD:
+	case XFRMA_KMADDRESS:
+	case XFRMA_ALG_AUTH_TRUNC:
+	case XFRMA_MARK:
+	case XFRMA_TFCPAD:
+	case XFRMA_REPLAY_ESN_VAL:
+	case XFRMA_SA_EXTRA_FLAGS:
+	case XFRMA_PROTO:
+	case XFRMA_ADDRESS_FILTER:
+	case XFRMA_OFFLOAD_DEV:
+	case XFRMA_SET_MARK:
+	case XFRMA_SET_MARK_MASK:
+	case XFRMA_IF_ID:
+		return xfrm_nla_cpy(dst, src, nla_len(src));
+	default:
+		BUILD_BUG_ON(XFRMA_MAX != XFRMA_IF_ID);
+		WARN_ONCE(1, "unsupported nla_type %d", src->nla_type);
+		return -EOPNOTSUPP;
+	}
+}
+
+/* Take kernel-built (64bit layout) and create 32bit layout for userspace */
+static int xfrm_xlate64(struct sk_buff *dst, const struct nlmsghdr *nlh_src)
+{
+	u16 type = nlh_src->nlmsg_type - XFRM_MSG_BASE;
+	const struct nlattr *nla, *attrs;
+	struct nlmsghdr *nlh_dst;
+	int len, remaining;
+
+	nlh_dst = xfrm_nlmsg_put_compat(dst, nlh_src, type);
+	if (IS_ERR(nlh_dst))
+		return PTR_ERR(nlh_dst);
+
+	attrs = nlmsg_attrdata(nlh_src, xfrm_msg_min[type]);
+	len = nlmsg_attrlen(nlh_src, xfrm_msg_min[type]);
+
+	nla_for_each_attr(nla, attrs, len, remaining) {
+		int err = xfrm_xlate64_attr(dst, nla);
+
+		if (err)
+			return err;
+	}
+
+	nlmsg_end(dst, nlh_dst);
+
+	return 0;
+}
+
+int xfrm_alloc_compat(struct sk_buff *skb)
+{
+	const struct nlmsghdr *nlh_src = nlmsg_hdr(skb);
+	u16 type = nlh_src->nlmsg_type - XFRM_MSG_BASE;
+	struct sk_buff *new = NULL;
+	int err;
+
+	if (WARN_ON_ONCE(type >= ARRAY_SIZE(xfrm_msg_min)))
+		return -EOPNOTSUPP;
+
+	if (skb_shinfo(skb)->frag_list == NULL) {
+		new = alloc_skb(skb->len + skb_tailroom(skb), GFP_ATOMIC);
+		if (!new)
+			return -ENOMEM;
+		skb_shinfo(skb)->frag_list = new;
+	}
+
+	err = xfrm_xlate64(skb_shinfo(skb)->frag_list, nlh_src);
+	if (err) {
+		if (new) {
+			kfree_skb(new);
+			skb_shinfo(skb)->frag_list = NULL;
+		}
+		return err;
+	}
+
+	return 0;
+}
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index fbb7d9d06478..90c57d4a0b47 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1083,12 +1083,19 @@  static inline int xfrm_nlmsg_multicast(struct net *net, struct sk_buff *skb,
 				       u32 pid, unsigned int group)
 {
 	struct sock *nlsk = rcu_dereference(net->xfrm.nlsk);
+	int err;
 
 	if (!nlsk) {
 		kfree_skb(skb);
 		return -EPIPE;
 	}
 
+	err = xfrm_alloc_compat(skb);
+	if (err) {
+		kfree_skb(skb);
+		return err;
+	}
+
 	return nlmsg_multicast(nlsk, skb, pid, group, GFP_ATOMIC);
 }
 
@@ -2533,7 +2540,7 @@  static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
 
 #define XMSGSIZE(type) sizeof(struct type)
 
-static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
+const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
 	[XFRM_MSG_NEWSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
 	[XFRM_MSG_DELSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
 	[XFRM_MSG_GETSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),

[v2,1/6] xfrm/compat: Add 64=>32-bit messages translator

Commit Message

Comments

Patch