From patchwork Wed May 2 02:02:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 907262 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none) header.from=arista.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=arista.com header.i=@arista.com header.b="h7xzScbk"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40bM3l3qmfz9s2k for ; Wed, 2 May 2018 12:02:27 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751069AbeEBCCZ (ORCPT ); Tue, 1 May 2018 22:02:25 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:34819 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750743AbeEBCCX (ORCPT ); Tue, 1 May 2018 22:02:23 -0400 Received: by mail-wm0-f66.google.com with SMTP id o78so21576302wmg.0 for ; Tue, 01 May 2018 19:02:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=googlenew; h=from:to:cc:subject:date:message-id; bh=vIjipSQeyUnXmcMLmndEmeNvZZ5LBEPK13bvNt2crtQ=; b=h7xzScbkhrMMkcWYiOWUPGdruBLDV3Tt8cGlqWqyKo4QYOAJazmVqN/1NciFr3xsYK LqaQWPl3YFNJohTwWc7cyrBuKIHA25lAEHQNZ+ZwkTeDO2x23Wn8z7ZHfseIbb2u4DE/ IKPhk/r2gts8F4dVB62xTo+GgXtBR52zOVhxtWIeE4HHW7jwxmSkrP2ZdMcr5yp0190P oPrwA+6NPMsb8/maBM0XyQBctKopK2JA0Sr4mQ3BNzGI5wr55BIOCtjP3Huvtbqp6cwK jKHDvvxj+A/sFmny9ElipFQrvcBnOwwOB4fl+IJvQsNw4rTKbK/s5YZBAgYp3XSDuHeS KWpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=vIjipSQeyUnXmcMLmndEmeNvZZ5LBEPK13bvNt2crtQ=; b=o7sJKcday4SBfJ0Raknt6OpmJ89N9PpwHxRMndW3ftHMuajxU85FNwJJJoNQD/9ZTw PX5PTJRy5F1ap3TG31Y28dw0XSqnHMzSt9AGx4kRdbSxxy+M+7YvSONcG+d4UlhtkGVT 5oddKg3nuJ9KZsCn78TWfkz63pAQB8nb6RnmMVpvcgFXMIdfadh8xXBN2T+h71qy3Ngi Hg+9aQWODFRf8rh+D83BsO7TzQSyYe0yT+6AWhSreIiHsE7xAOgM+Xk+H5x5pAEYf7kj dRT0IFhc719ffq9H3aAa13u/0Xu2H6CDMrJGEwsFhkXXnF+Z3joRXSXfseF+gXnY0kLO uvbQ== X-Gm-Message-State: ALQs6tCG76SwSwPSTS1XmautVRL7CeAsuze/X+wOARionK5vdvwzJxGx Qgynf/mEgdACMWelSPnISjfwbA== X-Google-Smtp-Source: AB8JxZp8HqfCxf04oz9SC7F3nhA2Gdf7zWTGdzQMNUvQke99NEbQS7iKtmvsTUVb22Cjpws8PX6CTw== X-Received: by 2002:aa7:c6d0:: with SMTP id b16-v6mr23292660eds.302.1525226542049; Tue, 01 May 2018 19:02:22 -0700 (PDT) Received: from dhcp.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id q30-v6sm6107275edc.93.2018.05.01.19.02.20 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 01 May 2018 19:02:21 -0700 (PDT) From: Dmitry Safonov To: linux-kernel@vger.kernel.org Cc: 0x7f454c46@gmail.com, Dmitry Safonov , Steffen Klassert , Herbert Xu , "David S. Miller" , netdev@vger.kernel.org Subject: [PATCH] net/xfrm: Fix lookups for states with spi == 0 Date: Wed, 2 May 2018 03:02:20 +0100 Message-Id: <20180502020220.2027-1-dima@arista.com> X-Mailer: git-send-email 2.13.6 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org It seems to be a valid use case to add xfrm state without Security Parameter Indexes (SPI) value associated: ip xfrm state add src $src dst $dst proto $proto mode $mode sel src $src dst $dst $algo The bad thing is that it's currently impossible to get/delete the state without SPI: __xfrm_state_insert() obviously doesn't add hash for zero SPI in xfrm.state_byspi, and xfrm_user_state_lookup() will fail as xfrm_state_lookup() does lookups by hash. It also isn't possible to workaround from userspace as xfrm_id_proto_match() will be always true for ah/esp/comp protos. So, don't try looking up by hash if SPI == 0. Cc: Steffen Klassert Cc: Herbert Xu Cc: "David S. Miller" Cc: netdev@vger.kernel.org Signed-off-by: Dmitry Safonov --- net/xfrm/xfrm_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 080035f056d9..6b38503255c8 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -681,7 +681,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct net *net, int err; u32 mark = xfrm_mark_get(attrs, &m); - if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { + if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY) && p->spi) { err = -ESRCH; x = xfrm_state_lookup(net, mark, &p->daddr, p->spi, p->proto, p->family); } else {