Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says: ==================== pull request (net): ipsec 2022-08-24 1) Fix a refcount leak in __xfrm_policy_check. From Xin Xiong. 2) Revert "xfrm: update SA curlft.use_time". This violates RFC 2367. From Antony Antony. 3) Fix a comment on XFRMA_LASTUSED. From Antony Antony. 4) x->lastused is not cloned in xfrm_do_migrate. Fix from Antony Antony. 5) Serialize the calls to xfrm_probe_algs. From Herbert Xu. 6) Fix a null pointer dereference of dst->dev on a metadata dst in xfrm_lookup_with_ifid. From Nikolay Aleksandrov. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Коммит
76de008340
|
@ -296,7 +296,7 @@ enum xfrm_attr_type_t {
|
|||
XFRMA_ETIMER_THRESH,
|
||||
XFRMA_SRCADDR, /* xfrm_address_t */
|
||||
XFRMA_COADDR, /* xfrm_address_t */
|
||||
XFRMA_LASTUSED, /* unsigned long */
|
||||
XFRMA_LASTUSED, /* __u64 */
|
||||
XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
|
||||
XFRMA_MIGRATE,
|
||||
XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */
|
||||
|
|
|
@ -1697,9 +1697,12 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad
|
|||
pfk->registered |= (1<<hdr->sadb_msg_satype);
|
||||
}
|
||||
|
||||
mutex_lock(&pfkey_mutex);
|
||||
xfrm_probe_algs();
|
||||
|
||||
supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
|
||||
mutex_unlock(&pfkey_mutex);
|
||||
|
||||
if (!supp_skb) {
|
||||
if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
|
||||
pfk->registered &= ~(1<<hdr->sadb_msg_satype);
|
||||
|
|
|
@ -669,7 +669,6 @@ resume:
|
|||
|
||||
x->curlft.bytes += skb->len;
|
||||
x->curlft.packets++;
|
||||
x->curlft.use_time = ktime_get_real_seconds();
|
||||
|
||||
spin_unlock(&x->lock);
|
||||
|
||||
|
|
|
@ -534,7 +534,6 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
|
|||
|
||||
x->curlft.bytes += skb->len;
|
||||
x->curlft.packets++;
|
||||
x->curlft.use_time = ktime_get_real_seconds();
|
||||
|
||||
spin_unlock_bh(&x->lock);
|
||||
|
||||
|
|
|
@ -3162,7 +3162,7 @@ ok:
|
|||
return dst;
|
||||
|
||||
nopol:
|
||||
if (!(dst_orig->dev->flags & IFF_LOOPBACK) &&
|
||||
if ((!dst_orig->dev || !(dst_orig->dev->flags & IFF_LOOPBACK)) &&
|
||||
net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {
|
||||
err = -EPERM;
|
||||
goto error;
|
||||
|
@ -3599,6 +3599,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
|
|||
if (pols[1]) {
|
||||
if (IS_ERR(pols[1])) {
|
||||
XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR);
|
||||
xfrm_pol_put(pols[0]);
|
||||
return 0;
|
||||
}
|
||||
pols[1]->curlft.use_time = ktime_get_real_seconds();
|
||||
|
|
|
@ -1592,6 +1592,7 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
|
|||
x->replay = orig->replay;
|
||||
x->preplay = orig->preplay;
|
||||
x->mapping_maxage = orig->mapping_maxage;
|
||||
x->lastused = orig->lastused;
|
||||
x->new_mapping = 0;
|
||||
x->new_mapping_sport = 0;
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче