From patchwork Fri Jan  5 11:27:18 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1882840
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4T61Rc1R4dz1yP5
	for <incoming@patchwork.ozlabs.org>; Fri,  5 Jan 2024 22:28:28 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1rLiN6-0005It-LD; Fri, 05 Jan 2024 11:28:19 +0000
Received: from mail-co1nam11on2077.outbound.protection.outlook.com
 ([40.107.220.77] helo=NAM11-CO1-obe.outbound.protection.outlook.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <yifeid@nvidia.com>) id 1rLiMg-0004qu-6y
 for kernel-team@lists.ubuntu.com; Fri, 05 Jan 2024 11:27:50 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ZYVCIWqTIx/ZQg7BXdp1SQ9VNtpV6d3BuorAVpib8Tmjy9Bw92D0nLQrY/dSUQnAIspj4yFHJIxWZICTXUesl0jXSVCw/QnS6+nHF8DX6bgyDqBK2KOLHa396+tJKeaBXRWutoXeBkXfXWcaMrFm/LbdXOgMP78LxmCsRpGeFtkEoBAoUG4S80am4VZetNNaa9LNWMjiNRRJ0IuOOCJKqCtHIl547Zn2S9brc98HKIvsHhPzgie5L32DHx1VaNefv5gahu/ZN0ZZ9l8dHJsXfLe4OtCDSchOM9u2vp2VGo3tPr6NNA7hihhNeRo/AB/P8kuFL4ReAUgGXgKZZ2c0LA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=+No7uJsUW1N+cHRA9Nk4E7QwMoZOtgskn+68XYuDyok=;
 b=fSpg5MnBFx9n9HOIGdNS/ywjzYS4EURKMTWDxMy+cQP1onyvZTOqKvDwljcTc9+LVq8Ju/JdG7G7zN0cqExTqEnciat0QQqCX24/KHXQEHdBXHfeL2v7ULAIWjAg8Pck50snKDbVr2Ukx76Cv4Qdfc5zTEZuyPrqUSA+2pvtkQQs+/3KCBlvwaleRGSggjQXl12AdCUXbIYOhSHwokvIMWppZV7YZYlSxC9o8bFNCUkj9xDLxzdwVxB03CWSY7JmnBoepQWyXC+Xq7J3r2TiwpdUVGB7++8YvYtrk3bB7r10065gaq2KodhsJLAuqSvWmCE3LnjhZ1CbNTQc37a0rg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.118.233) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none (0)
Received: from SJ2PR07CA0024.namprd07.prod.outlook.com (2603:10b6:a03:505::14)
 by DS0PR12MB8072.namprd12.prod.outlook.com (2603:10b6:8:dd::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.17; Fri, 5 Jan
 2024 11:27:44 +0000
Received: from MWH0EPF000989E5.namprd02.prod.outlook.com
 (2603:10b6:a03:505:cafe::3) by SJ2PR07CA0024.outlook.office365.com
 (2603:10b6:a03:505::14) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.16 via Frontend
 Transport; Fri, 5 Jan 2024 11:27:44 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.233)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.118.233 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.118.233; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.118.233) by
 MWH0EPF000989E5.mail.protection.outlook.com (10.167.241.132) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.7159.9 via Frontend Transport; Fri, 5 Jan 2024 11:27:44 +0000
Received: from drhqmail203.nvidia.com (10.126.190.182) by mail.nvidia.com
 (10.127.129.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Fri, 5 Jan 2024
 03:27:32 -0800
Received: from drhqmail203.nvidia.com (10.126.190.182) by
 drhqmail203.nvidia.com (10.126.190.182) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.986.41; Fri, 5 Jan 2024 03:27:32 -0800
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend
 Transport; Fri, 5 Jan 2024 03:27:31 -0800
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 405BRK0s014036;
 Fri, 5 Jan 2024 13:27:28 +0200
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 4/6] xfrm: Silence warnings
 triggerable by bad packets
Date: Fri, 5 Jan 2024 05:27:18 -0600
Message-ID: <1704454040-11017-5-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1704454040-11017-1-git-send-email-yifeid@nvidia.com>
References: <1704454040-11017-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-NV-OnPremToCloud: ExternallySecured
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MWH0EPF000989E5:EE_|DS0PR12MB8072:EE_
X-MS-Office365-Filtering-Correlation-Id: 9b53211d-465b-4663-7467-08dc0de15612
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 cdf++zrBedl3+CyrZSaROjzHSsO4V+qiIUOEzaKLOLKu+kLkJlAvk+m+YJKHya7+A5/tw2lsClS5ka7bFRj8Ky3K6ERS3qUa0sp+FxZtj2OPBd+a9MT/I+ISXPqit7nOAu9K1l/mjJUUI2bY9jryEwWUsES7KzHUBn+yaDfSNWNMnXK0o01uZABQwLzTWW/GlJzzxbPSuGC3CAFpAoe+Zr2z6s/7zptw1XhW9pjmjWU3kO6XacnMUquf68AWG7Tw6T4H6i3NT7e9BX2K+LZLG8QtstNAd7Mk8uc8gZQ6Sw0EWr0R8dmJGjMO1bVfqT/zrbUxdi4Z0cxvoZVxLqqwDNmC5sD7tnjVKPqZ4c1o3qYjEivZvxEk/0UvD3jvxZfPUU+uG94qt0YjXmxFyzjXzEkHzVhNy3Vv6Okxqx7grDUmhth1PZtDjM6CMlMQH/zkB3+S0+whVRRRIJMM34MsvzTjhAV5AnwrFFLuDe1LuunlXkL/bThNDBeAwrhUPXrFznRAUGWfa1iGs+oHKgoDrXpdsuQYydWTfPQmcmk7+H5Hn5uQBcSQtLqDpaumWrrARbkDmios+0dyhhHjb0K94ycoHjWYDBriSbbzfcRd2WvdX2/LP5MgjIAOHQ1TPoyssYJDBrgXZoyYDG6W1tuj41Uz+UYyIKQblrdHvLGQ0BTUV+ySgSCODzkpDRycW86lBj//nptTGxWQbKd1468dBuKqb+q83ixI4PFskt5ngE0668/kfSjrGu7FRjypHLAtKKlbdl4TO6NEk5lqfRZsi7vXHZwyyau5VyCQbIlAFBHRb3hjs51YWlD0LVwZCtw7ZqPzUWD0ZYmPJ8HXZA4gbQ==
X-Forefront-Antispam-Report: CIP:216.228.118.233; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge2.nvidia.com; CAT:NONE;
 SFS:(13230031)(4636009)(346002)(39860400002)(396003)(136003)(376002)(230273577357003)(230173577357003)(230922051799003)(64100799003)(186009)(451199024)(82310400011)(1800799012)(36840700001)(46966006)(40470700004)(82740400003)(6916009)(70206006)(70586007)(86362001)(36860700001)(356005)(47076005)(7636003)(6666004)(2616005)(336012)(26005)(5660300002)(2906002)(36756003)(966005)(478600001)(83380400001)(316002)(8936002)(8676002)(54906003)(4326008)(40460700003)(40480700001)(41300700001);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2024 11:27:44.1839 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 9b53211d-465b-4663-7467-08dc0de15612
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.233];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 MWH0EPF000989E5.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8072
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Herbert Xu <herbert@gondor.apana.org.au>

BugLink: https://bugs.launchpad.net/bugs/2044427

After the elimination of inner modes, a couple of warnings that
were previously unreachable can now be triggered by malformed
inbound packets.

Fix this by:

1. Moving the setting of skb->protocol into the decap functions.
2. Returning -EINVAL when unexpected protocol is seen.

Reported-by: Maciej Żenczykowski<maze@google.com>
Fixes: 5f24f41e8ea6 ("xfrm: Remove inner/outer modes from input path")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Maciej Żenczykowski <maze@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
(cherry picked from commit 57010b8ece2821a1fdfdba2197d14a022f3769db)
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 net/xfrm/xfrm_input.c | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 33c15fb2..eda890d 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -179,6 +179,8 @@ static int xfrm4_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb)
 	int optlen = 0;
 	int err = -EINVAL;
 
+	skb->protocol = htons(ETH_P_IP);
+
 	if (unlikely(XFRM_MODE_SKB_CB(skb)->protocol == IPPROTO_BEETPH)) {
 		struct ip_beet_phdr *ph;
 		int phlen;
@@ -231,6 +233,8 @@ static int xfrm4_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
 {
 	int err = -EINVAL;
 
+	skb->protocol = htons(ETH_P_IP);
+
 	if (!pskb_may_pull(skb, sizeof(struct iphdr)))
 		goto out;
 
@@ -266,6 +270,8 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
 {
 	int err = -EINVAL;
 
+	skb->protocol = htons(ETH_P_IPV6);
+
 	if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
 		goto out;
 
@@ -295,6 +301,8 @@ static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb)
 	int size = sizeof(struct ipv6hdr);
 	int err;
 
+	skb->protocol = htons(ETH_P_IPV6);
+
 	err = skb_cow_head(skb, size + skb->mac_len);
 	if (err)
 		goto out;
@@ -346,6 +354,7 @@ static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb)
 			return xfrm6_remove_tunnel_encap(x, skb);
 		break;
 		}
+		return -EINVAL;
 	}
 
 	WARN_ON_ONCE(1);
@@ -366,19 +375,6 @@ static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
 		return -EAFNOSUPPORT;
 	}
 
-	switch (XFRM_MODE_SKB_CB(skb)->protocol) {
-	case IPPROTO_IPIP:
-	case IPPROTO_BEETPH:
-		skb->protocol = htons(ETH_P_IP);
-		break;
-	case IPPROTO_IPV6:
-		skb->protocol = htons(ETH_P_IPV6);
-		break;
-	default:
-		WARN_ON_ONCE(1);
-		break;
-	}
-
 	return xfrm_inner_mode_encap_remove(x, skb);
 }