microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
The source for the Linux kernel used in Windows Subsystem for Linux 2 (WSL2)
1 059 241 коммит 10 Ветки 3 162 Теги 3,2 GiB
C 97.7%
Assembly 1.2%
Shell 0.4%
Makefile 0.3%
Python 0.2%
Разное 0.1%
Перейти к файлу
Benedict Wong 503e3d93cf Fix XFRM-I support for nested ESP tunnels 
[ Upstream commit b0355dbbf1 ]

This change adds support for nested IPsec tunnels by ensuring that
XFRM-I verifies existing policies before decapsulating a subsequent
policies. Addtionally, this clears the secpath entries after policies
are verified, ensuring that previous tunnels with no-longer-valid
do not pollute subsequent policy checks.

This is necessary especially for nested tunnels, as the IP addresses,
protocol and ports may all change, thus not matching the previous
policies. In order to ensure that packets match the relevant inbound
templates, the xfrm_policy_check should be done before handing off to
the inner XFRM protocol to decrypt and decapsulate.

Notably, raw ESP/AH packets did not perform policy checks inherently,
whereas all other encapsulated packets (UDP, TCP encapsulated) do policy
checks after calling xfrm_input handling in the respective encapsulation
layer.

Test: Verified with additional Android Kernel Unit tests
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-03-03 11:45:51 +01:00
Documentation Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions 2023-02-14 19:18:05 +01:00
LICENSES LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes" 2021-07-15 06:31:24 -06:00
arch powerpc/64s/radix: Fix RWX mapping with relocated kernel 2023-02-25 12:06:44 +01:00
block block, bfq: fix uaf for bfqq in bic_set_bfqq() 2023-02-09 11:26:36 +01:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:22:01 +02:00
crypto crypto: tcrypt - Fix multibuffer skcipher speed test mem leak 2022-12-31 13:14:24 +01:00
drivers ionic: refactor use of ionic_rx_fill() 2023-03-03 11:45:51 +01:00
fs ext4: Fix function prototype mismatch for ext4_feat_ktype 2023-02-25 12:06:45 +01:00
include uaccess: Add speculation barrier to copy_from_user() 2023-02-25 12:06:44 +01:00
init kbuild: Add CONFIG_PAHOLE_VERSION 2023-02-25 12:06:45 +01:00
io_uring io_uring/rw: remove leftover debug statement 2023-01-24 07:22:49 +01:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:28:45 +01:00
kernel bpf: add missing header file include 2023-02-25 12:06:46 +01:00
lib lib/Kconfig.debug: Allow BTF + DWARF5 with pahole 1.21+ 2023-02-25 12:06:46 +01:00
mm mm/filemap: fix page end in filemap_get_read_batch 2023-02-22 12:57:10 +01:00
net Fix XFRM-I support for nested ESP tunnels 2023-03-03 11:45:51 +01:00
samples samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() 2022-12-31 13:14:31 +01:00
scripts scripts/pahole-flags.sh: Use pahole-version.sh 2023-02-25 12:06:46 +01:00
security tomoyo: fix broken dependency on *.conf.default 2023-02-01 08:27:05 +01:00
sound ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak 2023-02-22 12:57:11 +01:00
tools selftest/lkdtm: Skip stack-entropy test if lkdtm is not available 2023-02-22 12:57:07 +01:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:27:15 +01:00
virt kvm: Add support for arch compat vm ioctls 2022-10-29 10:12:54 +02:00
.clang-format clang-format: Update with the latest for_each macro list 2021-05-12 23:32:39 +02:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap mailmap: add Andrej Shadura 2021-10-18 20:22:03 -10:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Daniel Drake to credits 2021-09-21 08:34:58 +03:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS kbuild: Add CONFIG_PAHOLE_VERSION 2023-02-25 12:06:45 +01:00
Makefile Linux 5.15.96 2023-02-25 12:06:46 +01:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.