xfrm: Use xfrm_state selector for BEET input

Message ID	ZIBCFyszqwJlZd/V@gondor.apana.org.au (mailing list archive)
State	Awaiting Upstream
Delegated to:	Netdev Maintainers
Headers	show Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A603A5664 for <netdev@vger.kernel.org>; Wed, 7 Jun 2023 08:38:59 +0000 (UTC) Date: Wed, 7 Jun 2023 16:38:47 +0800 From: Herbert Xu <herbert@gondor.apana.org.au> To: Steffen Klassert <steffen.klassert@secunet.com> Cc: netdev@vger.kernel.org, David George <David.George@sophos.com>, Markus Trapp <markus.trapp@secunet.com> Subject: [PATCH] xfrm: Use xfrm_state selector for BEET input Message-ID: <ZIBCFyszqwJlZd/V@gondor.apana.org.au> References: <ZAr3rc+QvKs50xkm@gondor.apana.org.au> <ZH8OSd1ElPIKCFa+@gauss3.secunet.de> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <ZH8OSd1ElPIKCFa+@gauss3.secunet.de>
Series	xfrm: Use xfrm_state selector for BEET input \| expand xfrm: Use xfrm_state selector for BEET input

Context	Check	Description
netdev/series_format	warning	Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection	success	Guessed tree name to be net-next
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 13 this patch: 13
netdev/cc_maintainers	warning	4 maintainers not CCed: kuba@kernel.org edumazet@google.com davem@davemloft.net pabeni@redhat.com
netdev/build_clang	success	Errors and warnings before: 8 this patch: 8
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/deprecated_api	success	None detected
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	Fixes tag looks correct
netdev/build_allmodconfig_warn	success	Errors and warnings before: 13 this patch: 13
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 14 lines checked
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0

Herbert Xu June 7, 2023, 8:38 a.m. UTC

On Tue, Jun 06, 2023 at 12:45:29PM +0200, Steffen Klassert wrote:
>
> the assumption that the L4 protocol on BEET mode can be
> just IPIP or BEETPH seems not to be correct. One of
> our testcaces hit the second WARN_ON_ONCE() in
> xfrm_prepare_input. In that case the L4 protocol
> is UDP. Looks like we need some other way to
> dertermine the inner protocol family.

Oops, that was a thinko on my part:

---8<---
For BEET the inner address and therefore family is stored in the
xfrm_state selector.  Use that when decapsulating an input packet
instead of incorrectly relying on a non-existent tunnel protocol.

Fixes: 5f24f41e8ea6 ("xfrm: Remove inner/outer modes from input path")
Reported-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Steffen Klassert June 7, 2023, 8:47 a.m. UTC | #1

On Wed, Jun 07, 2023 at 04:38:47PM +0800, Herbert Xu wrote:
> On Tue, Jun 06, 2023 at 12:45:29PM +0200, Steffen Klassert wrote:
> >
> > the assumption that the L4 protocol on BEET mode can be
> > just IPIP or BEETPH seems not to be correct. One of
> > our testcaces hit the second WARN_ON_ONCE() in
> > xfrm_prepare_input. In that case the L4 protocol
> > is UDP. Looks like we need some other way to
> > dertermine the inner protocol family.
> 
> Oops, that was a thinko on my part:
> 
> ---8<---
> For BEET the inner address and therefore family is stored in the
> xfrm_state selector.  Use that when decapsulating an input packet
> instead of incorrectly relying on a non-existent tunnel protocol.
> 
> Fixes: 5f24f41e8ea6 ("xfrm: Remove inner/outer modes from input path")
> Reported-by: Steffen Klassert <steffen.klassert@secunet.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
> index 39fb91ff23d9..bdaed1d1ff97 100644
> --- a/net/xfrm/xfrm_input.c
> +++ b/net/xfrm/xfrm_input.c
> @@ -330,11 +330,10 @@ xfrm_inner_mode_encap_remove(struct xfrm_state *x,
>  {
>  	switch (x->props.mode) {
>  	case XFRM_MODE_BEET:
> -		switch (XFRM_MODE_SKB_CB(skb)->protocol) {
> -		case IPPROTO_IPIP:
> -		case IPPROTO_BEETPH:
> +		switch (x->sel.family) {

Hm, I thought about that one too. But x->sel.family can
also be AF_UNSPEC, in which case we used the address
family of the inner mode before your change.

> +		case AF_INET:
>  			return xfrm4_remove_beet_encap(x, skb);
> -		case IPPROTO_IPV6:
> +		case AF_INET6:
>  			return xfrm6_remove_beet_encap(x, skb);
>  		}
>  		break;
> -- 
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Herbert Xu June 7, 2023, 8:50 a.m. UTC | #2

On Wed, Jun 07, 2023 at 10:47:45AM +0200, Steffen Klassert wrote:
>
> Hm, I thought about that one too. But x->sel.family can
> also be AF_UNSPEC, in which case we used the address
> family of the inner mode before your change.

It must not be AF_UNSPECT for BEET.  How would you even get the
inner addresses if it were UNSPEC?

With BEET the inner addresses are stored in the IPsec SA rather
than the actual packet.  So the family is also fixed for a given
SA (which we call xfrm_state).

Cheers,

Steffen Klassert June 7, 2023, 8:57 a.m. UTC | #3

On Wed, Jun 07, 2023 at 04:50:51PM +0800, Herbert Xu wrote:
> On Wed, Jun 07, 2023 at 10:47:45AM +0200, Steffen Klassert wrote:
> >
> > Hm, I thought about that one too. But x->sel.family can
> > also be AF_UNSPEC, in which case we used the address
> > family of the inner mode before your change.
> 
> It must not be AF_UNSPECT for BEET.  How would you even get the
> inner addresses if it were UNSPEC?
> 
> With BEET the inner addresses are stored in the IPsec SA rather
> than the actual packet.  So the family is also fixed for a given
> SA (which we call xfrm_state).

Right, Good point.

Thanks!

Herbert Xu June 7, 2023, 9:04 a.m. UTC | #4

On Wed, Jun 07, 2023 at 10:57:38AM +0200, Steffen Klassert wrote:
>
> > With BEET the inner addresses are stored in the IPsec SA rather
> > than the actual packet.  So the family is also fixed for a given
> > SA (which we call xfrm_state).
> 
> Right, Good point.

We should probably add some checks in xfrm_user to ensure that
BEET-mode SAs come with valid inner addresses (and family) just
in case user-space tries something funny on us.

Cheers,

Steffen Klassert June 12, 2023, 11:46 a.m. UTC | #5

On Wed, Jun 07, 2023 at 04:38:47PM +0800, Herbert Xu wrote:
> On Tue, Jun 06, 2023 at 12:45:29PM +0200, Steffen Klassert wrote:
> >
> > the assumption that the L4 protocol on BEET mode can be
> > just IPIP or BEETPH seems not to be correct. One of
> > our testcaces hit the second WARN_ON_ONCE() in
> > xfrm_prepare_input. In that case the L4 protocol
> > is UDP. Looks like we need some other way to
> > dertermine the inner protocol family.
> 
> Oops, that was a thinko on my part:
> 
> ---8<---
> For BEET the inner address and therefore family is stored in the
> xfrm_state selector.  Use that when decapsulating an input packet
> instead of incorrectly relying on a non-existent tunnel protocol.
> 
> Fixes: 5f24f41e8ea6 ("xfrm: Remove inner/outer modes from input path")
> Reported-by: Steffen Klassert <steffen.klassert@secunet.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied, thanks a lot Herbert!

xfrm: Use xfrm_state selector for BEET input

Checks

Commit Message

Comments

Patch