From patchwork Fri Jun 29 22:07:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nathan Harold X-Patchwork-Id: 937176 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="hfEaDR7v"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41HW3c0lsfz9ry1 for ; Sat, 30 Jun 2018 08:07:40 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936735AbeF2WHh (ORCPT ); Fri, 29 Jun 2018 18:07:37 -0400 Received: from mail-qt0-f202.google.com ([209.85.216.202]:42487 "EHLO mail-qt0-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932935AbeF2WHf (ORCPT ); Fri, 29 Jun 2018 18:07:35 -0400 Received: by mail-qt0-f202.google.com with SMTP id f8-v6so10782172qth.9 for ; Fri, 29 Jun 2018 15:07:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:date:message-id:subject:from:to:cc; bh=a4atYOwIt/ke7vd3+pWUqihhIc5XArIXX0d8g3pQKWY=; b=hfEaDR7vn6ihIuT8D29qjxbYIKK5rj5EBonJT502OwFvwCm+Y4ESJJGmZhaAionXWa uRI13WCbn1oCqz/OEWILow/cCKAuTTacj68FoWFoajd21NvsUs3Da8oymgFlInKOs0lp rPbyw0HM64xBMGcqS9wv+HyQESrDkVEC+N75E4x+J4Qwbypn6AmMEt0WDFicK2Ya/BWl 7HYMyRlIQ3YTJpCR9RZB1sjGypzK41GLMkE+fKbIjPO48CBHuU4k1We7SqG1DQQL3VNL VOCsqS2vnXLNRMtbwjb9nlXLck0ESD53m8Vof0Ew2GkGK4qTNkFAkucPFtK488lkTHOD +jIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc; bh=a4atYOwIt/ke7vd3+pWUqihhIc5XArIXX0d8g3pQKWY=; b=c5RVQdAyLYuDIXvKbSxXevzJKZOHLYsGyl5S0EKEUhvJj8471djEMvbM4ZPbtwZvji YxF4jSovw4tNIIoCrtQb6zvKUiGlCTxESund6enekmbpatggTXAhgHPTCeIPo8cdZUvu IdbEcUL1u+ZfAZrOtFBAVtRu0ZyOA1xQ635hLtFc5z65vAnQaDMMsnO3ApxMLnMdMQ9n z9nU/s2ajCqWjROYffTui9icp4cixP4ciFTkfzfJoVEcIUm15QmtGrQa8tLFQQeFZFio yJpo+YtXmjQjHOoSg5SiT4REujAbLuA9qp9kmr4PAkKLDq5LKhQxmTXZL5b8e9zHKXHX TZVA== X-Gm-Message-State: APt69E3sosY9s3zkghxMEEEb+r2Q0VvtkXTKMuDqtnDJYHZUTi9nxVmx 1q6t0j8f2aim7LzW2UbqjzXYUx3eNZ/nFhJemf/tF1c1+v2C8Vf8U3R4YFJ5RcxqYulavskcjte FRed2YVUrCcKO1xWU3SOc8I2CuFaH4w1EN86t0dSc4Yc9IpP3pKAIxyjgnU7CEqdA X-Google-Smtp-Source: AAOMgpd4Aaw5BHa2DqweksFcNh6GJCU+8TaHdF8ANFjJKm1Oasw7bLxPTVaK2h9OK5BQccIkXJHcu03bXob4 MIME-Version: 1.0 X-Received: by 2002:a0c:f98c:: with SMTP id t12-v6mr8708453qvn.2.1530310055225; Fri, 29 Jun 2018 15:07:35 -0700 (PDT) Date: Fri, 29 Jun 2018 15:07:10 -0700 Message-Id: <20180629220710.190783-1-nharold@google.com> X-Mailer: git-send-email 2.18.0.399.gad0ab374a1-goog Subject: [PATCH ipsec-next] xfrm: Allow Set Mark to be Updated Using UPDSA From: Nathan Harold To: netdev@vger.kernel.org Cc: Nathan Harold Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Allow UPDSA to change "set mark" to permit policy separation of packet routing decisions from SA keying in systems that use mark-based routing. The set mark, used as a routing and firewall mark for outbound packets, is made update-able which allows routing decisions to be handled independently of keying/SA creation. To maintain consistency with other optional attributes, the set mark is only updated if sent with a non-zero value. The per-SA lock and the xfrm_state_lock are taken in that order to avoid a deadlock with xfrm_timer_handler(), which also takes the locks in that order. Signed-off-by: Nathan Harold Change-Id: Ia05c6733a94c1901cd1e54eb7c7e237704678d71 Reviewed-by: Eyal Birger --- net/xfrm/xfrm_state.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index e04a510ec992..c9ffcdfa89f6 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1562,6 +1562,15 @@ int xfrm_state_update(struct xfrm_state *x) if (x1->curlft.use_time) xfrm_state_check_expire(x1); + if (x->props.smark.m || x->props.smark.v) { + spin_lock_bh(&net->xfrm.xfrm_state_lock); + + x1->props.smark = x->props.smark; + + __xfrm_state_bump_genids(x1); + spin_unlock_bh(&net->xfrm.xfrm_state_lock); + } + err = 0; x->km.state = XFRM_STATE_DEAD; __xfrm_state_put(x);