| Message ID | 02b5650c-29f4-568f-b3be-689594dfacc2@secunet.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [ipsec,v3] xfrm: replay: Fix ESN wrap around for GSO | expand |
On Thu, Sep 29, 2022 at 07:59:31AM +0200, Christian Langrock wrote: > When using GSO it can happen that the wrong seq_hi is used for the last > packets before the wrap around. This can lead to double usage of a > sequence number. To avoid this, we should serialize this last GSO > packet. > > Changes in v3: > - fix build > - remove wrapper function > > Changes in v2: > - switch to bool as return value > - remove switch case in wrapper function > > Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for...") > Signed-off-by: Christian Langrock <christian.langrock@secunet.com> > --- Please put changelog after "---" trailer. > include/net/xfrm.h | 1 + > net/xfrm/xfrm_output.c | 2 +- > net/xfrm/xfrm_replay.c | 26 ++++++++++++++++++++++++++ > 3 files changed, 28 insertions(+), 1 deletion(-) > > diff --git a/include/net/xfrm.h b/include/net/xfrm.h > index 6e8fa98f786f..b845f911767c 100644 > --- a/include/net/xfrm.h > +++ b/include/net/xfrm.h > @@ -1749,6 +1749,7 @@ void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq); > int xfrm_replay_check(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq); > void xfrm_replay_notify(struct xfrm_state *x, int event); > int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb); > +bool xfrm_replay_overflow_check(struct xfrm_state *x, struct sk_buff *skb); > int xfrm_replay_recheck(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq); > > static inline int xfrm_aevent_is_on(struct net *net) > diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c > index 9a5e79a38c67..c470a68d9c88 100644 > --- a/net/xfrm/xfrm_output.c > +++ b/net/xfrm/xfrm_output.c > @@ -738,7 +738,7 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) > skb->encapsulation = 1; > > if (skb_is_gso(skb)) { > - if (skb->inner_protocol) > + if (skb->inner_protocol || xfrm_replay_overflow_check(x, skb)) > return xfrm_output_gso(net, sk, skb); > > skb_shinfo(skb)->gso_type |= SKB_GSO_ESP; > diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c > index 9277d81b344c..23858eb5eab4 100644 > --- a/net/xfrm/xfrm_replay.c > +++ b/net/xfrm/xfrm_replay.c > @@ -750,6 +750,27 @@ int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb) > > return xfrm_replay_overflow_offload(x, skb); > } > + > +static bool xfrm_replay_overflow_check(struct xfrm_state *x, struct sk_buff *skb) > +{ > + struct xfrm_replay_state_esn *replay_esn = x->replay_esn; > + __u32 oseq = replay_esn->oseq; > + > + /* We assume that this function is called with > + * skb_is_gso(skb) == true > + */ > + > + if (x->repl_mode == XFRM_REPLAY_MODE_ESN) { > + if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { It can be one if( ... && ...), but not critical. Once you fix commit message, feel free to add my tag. Thanks, Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 6e8fa98f786f..b845f911767c 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1749,6 +1749,7 @@ void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq); int xfrm_replay_check(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq); void xfrm_replay_notify(struct xfrm_state *x, int event); int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb); +bool xfrm_replay_overflow_check(struct xfrm_state *x, struct sk_buff *skb); int xfrm_replay_recheck(struct xfrm_state *x, struct sk_buff *skb, __be32 net_seq); static inline int xfrm_aevent_is_on(struct net *net) diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index 9a5e79a38c67..c470a68d9c88 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c @@ -738,7 +738,7 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) skb->encapsulation = 1; if (skb_is_gso(skb)) { - if (skb->inner_protocol) + if (skb->inner_protocol || xfrm_replay_overflow_check(x, skb)) return xfrm_output_gso(net, sk, skb); skb_shinfo(skb)->gso_type |= SKB_GSO_ESP; diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 9277d81b344c..23858eb5eab4 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c @@ -750,6 +750,27 @@ int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb) return xfrm_replay_overflow_offload(x, skb); } + +static bool xfrm_replay_overflow_check(struct xfrm_state *x, struct sk_buff *skb) +{ + struct xfrm_replay_state_esn *replay_esn = x->replay_esn; + __u32 oseq = replay_esn->oseq; + + /* We assume that this function is called with + * skb_is_gso(skb) == true + */ + + if (x->repl_mode == XFRM_REPLAY_MODE_ESN) { + if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { + oseq = oseq + 1 + skb_shinfo(skb)->gso_segs; + if (unlikely(oseq < replay_esn->oseq)) + return true; + } + } + + return false; +} + #else int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb) { @@ -764,6 +785,11 @@ int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb) return __xfrm_replay_overflow(x, skb); } + +bool xfrm_replay_overflow_check(struct xfrm_state *x, struct sk_buff *skb) +{ + return false; +} #endif int xfrm_init_replay(struct xfrm_state *x)
When using GSO it can happen that the wrong seq_hi is used for the last packets before the wrap around. This can lead to double usage of a sequence number. To avoid this, we should serialize this last GSO packet. Changes in v3: - fix build - remove wrapper function Changes in v2: - switch to bool as return value - remove switch case in wrapper function Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for...") Signed-off-by: Christian Langrock <christian.langrock@secunet.com> --- include/net/xfrm.h | 1 + net/xfrm/xfrm_output.c | 2 +- net/xfrm/xfrm_replay.c | 26 ++++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-)