From patchwork Tue Sep 10 06:54:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798001 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD2E517ADF1 for ; Tue, 10 Sep 2024 06:55:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951325; cv=none; b=PxlYbzpEFq5XndiFtHVBiScVP9r3Ky5bgdFxuQ8c9P3w1DRlBX+qHkCvi7yY88A9YCt8/vYpJ6rdee4E4mHjVcFRfpl+XyaHRPsB7/CxNQnPcc8y4ThigTDiiD1R13qH7XTRzMtzpiqbzSk597uslFD1YRlexH98AB5J6TtfIDc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951325; c=relaxed/simple; bh=RJdxDspsIkMexFz8u6rSIAX8xha9ppNa4YIYohlVjx8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WPNuTjlDIAn6lrbG98dmpwQEdinqSfRWBJnYtiHMqa7v8q1XQTLE5Ep+kxXC55ZbTU8MjBoGzgkq4hk/h4L+tB9qbhFOw1KrRyqOoxU/U0uT745FXhk8BBI+Stuy9mtiBRpS1mOj2F5l/6HQxMdOCbx4G2K7APQfPm7qKRl2kpM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=zm8+H34w; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="zm8+H34w" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 6AD1620899; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8NYefbJl8yeT; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id DEB0E2074B; Tue, 10 Sep 2024 08:55:21 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com DEB0E2074B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951321; bh=IRztqup5ks2ZMtLrfzn4qHW/9FuWOjd4TSiMvDaUn5w=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=zm8+H34w9/b3si24+rzNDU/NWP5ifgkw8iODEHgBHaGYx77BooASgYaYORynAqVrM IwEpbEwqoTwGDJX29sgoKGTkNwnRsdHuysotYJ2F0ck1kQg+Vw+TAYixmqDgWJ2sTM crgVaumvc2ANstTJrkFX0sGWkwRgUlGgcjdtxB+lksi7b1HLgGrcjaJMOJisKpDyUD Pb0zCQ/6nPnop04FeBFAMONq/hSu7b31/dyuMjRj3xcD7raaU9J+0hRk9RWH3i9Bn/ TswqFp+FU5uC0pcEfVY3m/VvopxGe1IHGlEtraiFSB/Y3QTY3QMWqCsnHML8hCGxfr QMUOUEFeRPXJg== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:21 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:20 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 208FA3180085; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 01/13] xfrm: Remove documentation WARN_ON to limit return values for offloaded SA Date: Tue, 10 Sep 2024 08:54:55 +0200 Message-ID: <20240910065507.2436394-2-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Patrisious Haddad The original idea to put WARN_ON() on return value from driver code was to make sure that packet offload doesn't have silent fallback to SW implementation, like crypto offload has. In reality, this is not needed as all *swan implementations followed this request and used explicit configuration style to make sure that "users will get what they ask". So instead of forcing drivers to make sure that even their internal flows don't return -EOPNOTSUPP, let's remove this WARN_ON. Signed-off-by: Patrisious Haddad Signed-off-by: Leon Romanovsky Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_device.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 9a44d363ba62..f123b7c9ec82 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -328,12 +328,8 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, /* User explicitly requested packet offload mode and configured * policy in addition to the XFRM state. So be civil to users, * and return an error instead of taking fallback path. - * - * This WARN_ON() can be seen as a documentation for driver - * authors to do not return -EOPNOTSUPP in packet offload mode. */ - WARN_ON(err == -EOPNOTSUPP && is_packet_offload); - if (err != -EOPNOTSUPP || is_packet_offload) { + if ((err != -EOPNOTSUPP && !is_packet_offload) || is_packet_offload) { NL_SET_ERR_MSG_WEAK(extack, "Device failed to offload this state"); return err; } From patchwork Tue Sep 10 06:54:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798002 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF7A817ADF8 for ; Tue, 10 Sep 2024 06:55:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951326; cv=none; b=H02yY/mV1lMCxqk1dsY6OvJ/bmXR8NJl+kkN1EkNkP3kdpElgceqQaZQKW4yWvAYNc/NzpVzsNhZVz/zVcXXa8smcG45gDrHC2sLiDcKF6loL9fKSfjUaHjEkQRMVG9XHBRLiTaoif09w0r0zanTbtJjPKV5FKSGYKBi5uLbTrI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951326; c=relaxed/simple; bh=C1sQJrysadKVov/BUFBcf14939hvnBcrKQJC1g+2+J4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DAH0nw4WzGeWnBOYHHv47NxgzhXY/veSb+dk010DW1t1xzpfx2cDY1UVB5G0xClOnPkCqZV8J82K1eN0xXxBdptDuuXVsPX14cN2MT4kSru1brt6ASS2ZpQ2lKVsO9k1z/+LPacAGD93rwoKYB9hTcg+J+wSvDbbRJdwBHs15Bg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=xbFimtHs; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="xbFimtHs" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 3F3CB20897; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rLMIj_M2iXp8; Tue, 10 Sep 2024 08:55:21 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 62F582087C; Tue, 10 Sep 2024 08:55:21 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 62F582087C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951321; bh=CH5HoGUf1QaFlflLthiElsDzEZn5T/jbEbFEUzZpNDw=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=xbFimtHsvPnJcXgAc9gbsXrE8bsDMn38G6oZXlo01vZU58iDnSHxn0+Ada8zO61+3 pP3uCI/TiIRq1ipNytnByXq6BHugwJKHq3arYAQY9ZLfh300wQuzPFpeUQBoJlLPWw 29R5BbFWARXpGH3q6kIrCWv33vcmTI8fqAIpx521fiZWN3pp7yeJmd+FBBj6mpmLDu B3yPCr4hpcU+goWuyLIk/Mfjc1gJN99HVx/kdm/GlJwOxK7CpDLxl1FTBwVD3hIjkv ghWZdOwQ6owNCv7TSu4t4T2SwFReXjqOIa0kLMm+xA7l73jr369XlPauRiVoJ9CY69 I3qGUNkZ7IZnA== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:21 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:20 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 28C62318008E; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 02/13] net: add copy from skb_seq_state to buffer function Date: Tue, 10 Sep 2024 08:54:56 +0200 Message-ID: <20240910065507.2436394-3-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Christian Hopps Add an skb helper function to copy a range of bytes from within an existing skb_seq_state. Signed-off-by: Christian Hopps Signed-off-by: Steffen Klassert --- include/linux/skbuff.h | 1 + net/core/skbuff.c | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 29c3ea5b6e93..a871533b8568 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -1433,6 +1433,7 @@ void skb_prepare_seq_read(struct sk_buff *skb, unsigned int from, unsigned int skb_seq_read(unsigned int consumed, const u8 **data, struct skb_seq_state *st); void skb_abort_seq_read(struct skb_seq_state *st); +int skb_copy_seq_read(struct skb_seq_state *st, int offset, void *to, int len); unsigned int skb_find_text(struct sk_buff *skb, unsigned int from, unsigned int to, struct ts_config *config); diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 83f8cd8aa2d1..fe4b2dc5c19b 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -4409,6 +4409,41 @@ void skb_abort_seq_read(struct skb_seq_state *st) } EXPORT_SYMBOL(skb_abort_seq_read); +/** + * skb_copy_seq_read() - copy from a skb_seq_state to a buffer + * @st: source skb_seq_state + * @offset: offset in source + * @to: destination buffer + * @len: number of bytes to copy + * + * Copy @len bytes from @offset bytes into the source @st to the destination + * buffer @to. `offset` should increase (or be unchanged) with each subsequent + * call to this function. If offset needs to decrease from the previous use `st` + * should be reset first. + * + * Return: 0 on success or -EINVAL if the copy ended early + */ +int skb_copy_seq_read(struct skb_seq_state *st, int offset, void *to, int len) +{ + const u8 *data; + u32 sqlen; + + for (;;) { + sqlen = skb_seq_read(offset, &data, st); + if (sqlen == 0) + return -EINVAL; + if (sqlen >= len) { + memcpy(to, data, len); + return 0; + } + memcpy(to, data, sqlen); + to += sqlen; + offset += sqlen; + len -= sqlen; + } +} +EXPORT_SYMBOL(skb_copy_seq_read); + #define TS_SKB_CB(state) ((struct skb_seq_state *) &((state)->cb)) static unsigned int skb_ts_get_next_block(unsigned int offset, const u8 **text, From patchwork Tue Sep 10 06:54:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13797999 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49BFE17ADE1 for ; Tue, 10 Sep 2024 06:55:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951325; cv=none; b=DKrkfIoMefvFgEOqXxyBboYcOyyWuBenHoIzNyVgspK6DiaxB2rvFSlmVKIiopGIW015exes9Ui5C0Amp0iMwC3Zpgnv2fDbUJWqY87UNRp05qLqFWImMDvKUZEUttY6AsravQqT5PmVU0M6r5Z6lkHsGI/RiyKcEqBXOEWxaEQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951325; c=relaxed/simple; bh=+SbKLY9ekWtvCpsoEeDJDea7E3dKxbOXJ6URsTJI7E0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tgcv/7qcRB1k9sEj0jEKehQkr3s+KVuyudvyAhEuf5w31hYdwoolcclhi9GfNFPDc1iyir7S1DIrc5gkPx4TQpVcKUMMJUkDdrzLHo66GplcNNynWca2Dr1dERFPdrJPkR0A0soXE7kZv6NtWF4IHTnhAOHboZLtaU1XYrStdZI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=qamaNpMH; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="qamaNpMH" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id EFCFE20894; Tue, 10 Sep 2024 08:55:21 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zwd8_cz2V3a1; Tue, 10 Sep 2024 08:55:21 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 40927207D1; Tue, 10 Sep 2024 08:55:21 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 40927207D1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951321; bh=9DxBnrBqrI1fauykSdDQbfNexO00HM31/1T7Fp35It4=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=qamaNpMH8WplFI6+oe8dTyUyXx6WL0q+pCNVAaWOCz6iM5M/Sw87gdfeaol0vOVmA qlf3hzrzi6ZXShg1TiKG4nav209v0ThnvwHQ0zaTyYIi6WUL4cHhYxcK0ZcvQ9ePIb q4iWg1WI2i2UD583IgWo3qKh8oDwQe+edNAK6wdSafJQfjJnr2pAJ0b8TksAeyLKz3 MUKYcvtEGTCqcsgch0CBRPRdKVHCJubOYynNqW4YUMJwkV6UALMVC11LJn70H6RgOF 1WcyyFIOYWTb0Rm17HYHBb8Fg+TztEjTVHqfMjuaE/ehPME4Jq+3tCUyrgR6zUslpn JLhHOfwJKBYCQ== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:21 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:20 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 4AAE53183D5C; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 03/13] xfrm: Correct spelling in xfrm.h Date: Tue, 10 Sep 2024 08:54:57 +0200 Message-ID: <20240910065507.2436394-4-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Simon Horman Correct spelling in xfrm.h. As reported by codespell. Signed-off-by: Simon Horman Signed-off-by: Steffen Klassert --- include/net/xfrm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 54cef89f6c1e..f7244ac4fa08 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -79,7 +79,7 @@ policy entry has list of up to XFRM_MAX_DEPTH transformations, described by templates xfrm_tmpl. Each template is resolved to a complete xfrm_state (see below) and we pack bundle of transformations - to a dst_entry returned to requestor. + to a dst_entry returned to requester. dst -. xfrm .-> xfrm_state #1 |---. child .-> dst -. xfrm .-> xfrm_state #2 @@ -1016,7 +1016,7 @@ void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev); struct xfrm_if_parms { int link; /* ifindex of underlying L2 interface */ - u32 if_id; /* interface identifyer */ + u32 if_id; /* interface identifier */ bool collect_md; }; From patchwork Tue Sep 10 06:54:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798003 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49BA017A924 for ; Tue, 10 Sep 2024 06:55:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951326; cv=none; b=XrNWflpd6MaPf7k8Nb1I2E2JKAC8i7I/rJNhXKF8/QKiHf1VpOBdw6evMOTNraVONORCQ53K+YA6vgeUilltBq5b5NwU3LWC+aprzMursJ3wwVeA3p9oLkykxGLPiD41bkNF5AU5KaPZUHSXy/WcKh1pFR0NQEJH3m/55a92+Pk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951326; c=relaxed/simple; bh=spbVtfa0Dr5cgnF2hpi5CTZymMhRHKxU/wSw2iiAnw8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=kT+hpf2YfTJH+lLg2t9s6ADnwKdr6igIAOGm/msRfnkfsiRPRuFRRKu4/vZIr3q1WNzq++xG6gq9Fu63tNk1ZdCGVOHUrjB1wDCBI/KW41zsPovKlnHKiILEwOw2nQBYJtdH+W5Psxz9EU9bb20W3wtc65r6lCIdSg1wu8a2q1E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=N2v389ax; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="N2v389ax" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id BD76420892; Tue, 10 Sep 2024 08:55:21 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gwovq_UsdWa8; Tue, 10 Sep 2024 08:55:21 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 18A362074B; Tue, 10 Sep 2024 08:55:21 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 18A362074B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951321; bh=EHOr8s/HBbtLH+uAsT9WukfOMwSiBwLTMomAdHJ77RE=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=N2v389axxC1VKoi6qtkFT1yJP7FIiOf5WQ5lRuAnDrM2LQoExUho5NWF7DWyECcbM mh7aflDtysl/3SE5rS+FdRav2H5MKMN6dBd4rxoJb0CevBNK8Vqa/BFdJz3f5a+j9N VYId9gnll/yDHsBUgYtIPzo3oYVA8Xr61S2egBEU+yba7SeabTNzdC2A7ml8uGUlSk t5ksZqaPd+DAmSrMMIcRavPsQReDkSPiNSe42Ohd812gLqOywkwBVnCJBkyVtEYKvD cevhauTzXPAT0ATaRS7ualX9JiSypN/TFb3de7R1FEzL9sAARE6y7tNntrbxNIyCWp +fFDks8tsmQWw== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:20 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:20 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 3B4393182C58; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 04/13] selftests: add xfrm policy insertion speed test script Date: Tue, 10 Sep 2024 08:54:58 +0200 Message-ID: <20240910065507.2436394-5-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Florian Westphal Nothing special, just test how long insertion of x policies takes. This should ideally show linear insertion speeds. Do not run this by default, it has little value, but it can be useful to check for insertion speed chahnges when altering the xfrm policy db implementation. Signed-off-by: Florian Westphal Signed-off-by: Steffen Klassert --- tools/testing/selftests/net/Makefile | 2 +- .../selftests/net/xfrm_policy_add_speed.sh | 83 +++++++++++++++++++ 2 files changed, 84 insertions(+), 1 deletion(-) create mode 100755 tools/testing/selftests/net/xfrm_policy_add_speed.sh diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile index 8eaffd7a641c..e127a80ff713 100644 --- a/tools/testing/selftests/net/Makefile +++ b/tools/testing/selftests/net/Makefile @@ -56,7 +56,7 @@ TEST_PROGS += ip_local_port_range.sh TEST_PROGS += rps_default_mask.sh TEST_PROGS += big_tcp.sh TEST_PROGS += netns-sysctl.sh -TEST_PROGS_EXTENDED := toeplitz_client.sh toeplitz.sh +TEST_PROGS_EXTENDED := toeplitz_client.sh toeplitz.sh xfrm_policy_add_speed.sh TEST_GEN_FILES = socket nettest TEST_GEN_FILES += psock_fanout psock_tpacket msg_zerocopy reuseport_addr_any TEST_GEN_FILES += tcp_mmap tcp_inq psock_snd txring_overwrite diff --git a/tools/testing/selftests/net/xfrm_policy_add_speed.sh b/tools/testing/selftests/net/xfrm_policy_add_speed.sh new file mode 100755 index 000000000000..2fab29d3cb91 --- /dev/null +++ b/tools/testing/selftests/net/xfrm_policy_add_speed.sh @@ -0,0 +1,83 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +source lib.sh + +timeout=4m +ret=0 +tmp=$(mktemp) +cleanup() { + cleanup_all_ns + rm -f "$tmp" +} + +trap cleanup EXIT + +maxpolicies=100000 +[ "$KSFT_MACHINE_SLOW" = "yes" ] && maxpolicies=10000 + +do_dummies4() { + local dir="$1" + local max="$2" + + local policies + local pfx + pfx=30 + policies=0 + + ip netns exec "$ns" ip xfrm policy flush + + for i in $(seq 1 100);do + local s + local d + for j in $(seq 1 255);do + s=$((i+0)) + d=$((i+100)) + + for a in $(seq 1 8 255); do + policies=$((policies+1)) + [ "$policies" -gt "$max" ] && return + echo xfrm policy add src 10.$s.$j.0/30 dst 10.$d.$j.$a/$pfx dir $dir action block + done + for a in $(seq 1 8 255); do + policies=$((policies+1)) + [ "$policies" -gt "$max" ] && return + echo xfrm policy add src 10.$s.$j.$a/30 dst 10.$d.$j.0/$pfx dir $dir action block + done + done + done +} + +setup_ns ns + +do_bench() +{ + local max="$1" + + start=$(date +%s%3N) + do_dummies4 "out" "$max" > "$tmp" + if ! timeout "$timeout" ip netns exec "$ns" ip -batch "$tmp";then + echo "WARNING: policy insertion cancelled after $timeout" + ret=1 + fi + stop=$(date +%s%3N) + + result=$((stop-start)) + + policies=$(wc -l < "$tmp") + printf "Inserted %-06s policies in $result ms\n" $policies + + have=$(ip netns exec "$ns" ip xfrm policy show | grep "action block" | wc -l) + if [ "$have" -ne "$policies" ]; then + echo "WARNING: mismatch, have $have policies, expected $policies" + ret=1 + fi +} + +p=100 +while [ $p -le "$maxpolicies" ]; do + do_bench "$p" + p="${p}0" +done + +exit $ret From patchwork Tue Sep 10 06:54:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798006 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8CA4117C20F for ; Tue, 10 Sep 2024 06:55:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; cv=none; b=hB8ZT0YYcgn5nVrx5EqKryrOTx+spu/2z2aFbHefnMyTjoUbKtThUP7i70INw7LWkXpNXcAHqOJsGPT5htAQ0Ja9aZULPV2fhq2R4UWtjez1tJtB4+qbk1m9WVumezWuXgGfNf0x0mOJNGcRxfkNR6sN88tAwC+CggIV3xuEANE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; c=relaxed/simple; bh=aWmP1tM9bDGK+sevcyJ/NTvAN8rkJWnWsKn6RP+8JBI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RyDtx60kD0aOlY+dYcjpCjPStLkCwiFMyaW8rTYOJNKBh4WJPrE61jeNa48qT4GBzsCNed1R2yotlR77pWxTTrIks09an05tt70PfFTXB7o/sCrGssht8taeAuw/AJlQzxYma5HCMeiKoyqfJ4nnTIIuhXcIMEOvSlFPHIH6azI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=lUuKh6Wr; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="lUuKh6Wr" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 068882087C; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCaEbJXoPNIA; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 363B420893; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 363B420893 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951322; bh=EKEcU6AWwiNeURiwiIW/JhbB4t6pOvMFvj+xdRwGUh4=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=lUuKh6Wr3AbsDadyM4h7ukrxKdSjBuUlMHcRMNZBqvV5PyxVosyVnWxdQ/LajTKwx Tw8S3pyslKjx6oqRTSWcY6GaMNfbo3FGofoWhgHziWYXQj22ynzINuuwiVIn6jIws6 IvpE8s1ney8TWbGxXLpguBrKiOYqVSCKMpgUVtw+CPyXQTZ61U+YGb1QgRKugyw0dZ Iqs3SXVdWzOITcA6Pij5NY3wg6XDVTfY3cKgKxt4solVlMEM81p5Q3H2yc7eJSsoAD 6OWwLoUL/V7ZDe77IDXtoXd9A591UgmIP8b648GzinMEuw/GqtVb6fQPkH90ux7zMQ wwUq55HNCQBIA== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:22 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:20 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 628623184092; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 05/13] xfrm: policy: don't iterate inexact policies twice at insert time Date: Tue, 10 Sep 2024 08:54:59 +0200 Message-ID: <20240910065507.2436394-6-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-02.secunet.de (10.53.40.202) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Florian Westphal Since commit 6be3b0db6db8 ("xfrm: policy: add inexact policy search tree infrastructure") policy lookup no longer walks a list but has a set of candidate lists. This set has to be searched for the best match. In case there are several matches, the priority wins. If the priority is also the same, then the historic behaviour with a single list was to return the first match (first-in-list). With introduction of serval lists, this doesn't work and a new 'pos' member was added that reflects the xfrm_policy structs position in the list. This value is not exported to userspace and it does not need to be the 'position in the list', it just needs to make sure that a->pos < b->pos means that a was added to the lists more recently than b. This re-walk is expensive when many inexact policies are in use. Speed this up: when appending the policy to the end of the walker list, then just take the ->pos value of the last entry made and add 1. Add a slowpath version to prevent overflow, if we'd assign UINT_MAX then iterate the entire list and fix the ordering. While this speeds up insertion considerably finding the insertion spot in the inexact list still requires a partial list walk. This is addressed in followup patches. Before: ./xfrm_policy_add_speed.sh Inserted 1000 policies in 72 ms Inserted 10000 policies in 1540 ms Inserted 100000 policies in 334780 ms After: Inserted 1000 policies in 68 ms Inserted 10000 policies in 1137 ms Inserted 100000 policies in 157307 ms Reported-by: Noel Kuntze Cc: Tobias Brunner Signed-off-by: Florian Westphal Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 59 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 53 insertions(+), 6 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index c56c61b0c12e..423d1eb24f31 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1237,6 +1237,17 @@ xfrm_policy_inexact_insert(struct xfrm_policy *policy, u8 dir, int excl) return delpol; } +static bool xfrm_policy_is_dead_or_sk(const struct xfrm_policy *policy) +{ + int dir; + + if (policy->walk.dead) + return true; + + dir = xfrm_policy_id2dir(policy->index); + return dir >= XFRM_POLICY_MAX; +} + static void xfrm_hash_rebuild(struct work_struct *work) { struct net *net = container_of(work, struct net, @@ -1524,7 +1535,6 @@ static void xfrm_policy_insert_inexact_list(struct hlist_head *chain, { struct xfrm_policy *pol, *delpol = NULL; struct hlist_node *newpos = NULL; - int i = 0; hlist_for_each_entry(pol, chain, bydst_inexact_list) { if (pol->type == policy->type && @@ -1548,11 +1558,6 @@ static void xfrm_policy_insert_inexact_list(struct hlist_head *chain, hlist_add_behind_rcu(&policy->bydst_inexact_list, newpos); else hlist_add_head_rcu(&policy->bydst_inexact_list, chain); - - hlist_for_each_entry(pol, chain, bydst_inexact_list) { - pol->pos = i; - i++; - } } static struct xfrm_policy *xfrm_policy_insert_list(struct hlist_head *chain, @@ -2294,10 +2299,52 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, return pol; } +static u32 xfrm_gen_pos_slow(struct net *net) +{ + struct xfrm_policy *policy; + u32 i = 0; + + /* oldest entry is last in list */ + list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) { + if (!xfrm_policy_is_dead_or_sk(policy)) + policy->pos = ++i; + } + + return i; +} + +static u32 xfrm_gen_pos(struct net *net) +{ + const struct xfrm_policy *policy; + u32 i = 0; + + /* most recently added policy is at the head of the list */ + list_for_each_entry(policy, &net->xfrm.policy_all, walk.all) { + if (xfrm_policy_is_dead_or_sk(policy)) + continue; + + if (policy->pos == UINT_MAX) + return xfrm_gen_pos_slow(net); + + i = policy->pos + 1; + break; + } + + return i; +} + static void __xfrm_policy_link(struct xfrm_policy *pol, int dir) { struct net *net = xp_net(pol); + switch (dir) { + case XFRM_POLICY_IN: + case XFRM_POLICY_FWD: + case XFRM_POLICY_OUT: + pol->pos = xfrm_gen_pos(net); + break; + } + list_add(&pol->walk.all, &net->xfrm.policy_all); net->xfrm.policy_count[dir]++; xfrm_pol_hold(pol); From patchwork Tue Sep 10 06:55:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798004 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6EFEF17BED0 for ; Tue, 10 Sep 2024 06:55:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; cv=none; b=UPiMb73cu/DKtFxS9yJ7OuPYjHO/R0gEDskprRs4MWt1oqe4NNu9C+9TUX3HTHaIad+UTCIOmmEdR/n44grNbEuOWnzQ505mpD8ZfGtoY/ytxTRLybPwJ+KFTLo9UJF+6QiDDc/sUV/2M3JBW3eoousFC91OCuS6H0JvDrD5XoE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; c=relaxed/simple; bh=ujIP0vZmhqESPXmTbdk3/RgX+QUkces8LqEttPXUpKE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=sDu9lrT4v2HAuGB4xpNFbxvCyS7YLvCcZ71tg+xuJ27t1EuO5IqCVqmZs10J+A1oT9BeQoYhPbet0ixXA1qwnYNSLk35oTCumGaVp6UoLaeFXadD7K8V2elruj12AUl7NV+g42YzovB/pacFFpZMYzPpiDj4RGcUdzDADU7TgcQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=cAq/wpdP; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="cAq/wpdP" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 741FD208A6; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtINiBtFyfYm; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 5FC7120870; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 5FC7120870 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951322; bh=0UdvoizZu0Eu3M9eTqpxPaAVMgJFwNH2IeCqh0vMK2U=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=cAq/wpdPAT2rZdcUo27c6UXkW0gizbhiB2JGqsRj6yV51t4/pstFY0p/go0Z2zgbv 1xY1a++8jGUZ2loB/GhqK/Y+ymKLIS2Q40A9mdPTwvGR+jGUOkQkcCNPEKAyFYV9u9 lIDX3P1cdmEWv8gLay5hj7d1vPPTIMQ3odduFMTRVmo9xYROt7Ik12Gf8vx2CQPBiZ oKy/kECkxfwA9OoMf/q82gjJfQx8hK7A/XpJVtm+lu/jBKPZER30oLknSCPikS5nPE KiuKziPVh8whJyPbxmRZPWb/kTTtRTY5LFgbVX524P5CG/0F1NcONirQ+ZYTtMr9Rk clOpWoqC0S7wA== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:22 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:20 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 602853183072; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 06/13] xfrm: switch migrate to xfrm_policy_lookup_bytype Date: Tue, 10 Sep 2024 08:55:00 +0200 Message-ID: <20240910065507.2436394-7-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Florian Westphal XFRM_MIGRATE still uses the old lookup method: first check the bydst hash table, then search the list of all the other policies. Switch MIGRATE to use the same lookup function as the packetpath. This is done to remove the last remaining users of the pernet xfrm.policy_inexact lists with the intent of removing this list. After this patch, policies are still added to the list on insertion and they are rehashed as-needed but no single API makes use of these anymore. This change is compile tested only. Cc: Tobias Brunner Signed-off-by: Florian Westphal Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 106 +++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 67 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 423d1eb24f31..d2feee60bb62 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1252,13 +1252,10 @@ static void xfrm_hash_rebuild(struct work_struct *work) { struct net *net = container_of(work, struct net, xfrm.policy_hthresh.work); - unsigned int hmask; struct xfrm_policy *pol; struct xfrm_policy *policy; struct hlist_head *chain; - struct hlist_head *odst; struct hlist_node *newpos; - int i; int dir; unsigned seq; u8 lbits4, rbits4, lbits6, rbits6; @@ -1322,23 +1319,7 @@ static void xfrm_hash_rebuild(struct work_struct *work) goto out_unlock; } - /* reset the bydst and inexact table in all directions */ for (dir = 0; dir < XFRM_POLICY_MAX; dir++) { - struct hlist_node *n; - - hlist_for_each_entry_safe(policy, n, - &net->xfrm.policy_inexact[dir], - bydst_inexact_list) { - hlist_del_rcu(&policy->bydst); - hlist_del_init(&policy->bydst_inexact_list); - } - - hmask = net->xfrm.policy_bydst[dir].hmask; - odst = net->xfrm.policy_bydst[dir].table; - for (i = hmask; i >= 0; i--) { - hlist_for_each_entry_safe(policy, n, odst + i, bydst) - hlist_del_rcu(&policy->bydst); - } if ((dir & XFRM_POLICY_MASK) == XFRM_POLICY_OUT) { /* dir out => dst = remote, src = local */ net->xfrm.policy_bydst[dir].dbits4 = rbits4; @@ -1363,6 +1344,10 @@ static void xfrm_hash_rebuild(struct work_struct *work) /* skip socket policies */ continue; } + + hlist_del_rcu(&policy->bydst); + hlist_del_init(&policy->bydst_inexact_list); + newpos = NULL; chain = policy_hash_bysel(net, &policy->selector, policy->family, dir); @@ -4484,63 +4469,50 @@ EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete); #endif #ifdef CONFIG_XFRM_MIGRATE -static bool xfrm_migrate_selector_match(const struct xfrm_selector *sel_cmp, - const struct xfrm_selector *sel_tgt) -{ - if (sel_cmp->proto == IPSEC_ULPROTO_ANY) { - if (sel_tgt->family == sel_cmp->family && - xfrm_addr_equal(&sel_tgt->daddr, &sel_cmp->daddr, - sel_cmp->family) && - xfrm_addr_equal(&sel_tgt->saddr, &sel_cmp->saddr, - sel_cmp->family) && - sel_tgt->prefixlen_d == sel_cmp->prefixlen_d && - sel_tgt->prefixlen_s == sel_cmp->prefixlen_s) { - return true; - } - } else { - if (memcmp(sel_tgt, sel_cmp, sizeof(*sel_tgt)) == 0) { - return true; - } - } - return false; -} - static struct xfrm_policy *xfrm_migrate_policy_find(const struct xfrm_selector *sel, u8 dir, u8 type, struct net *net, u32 if_id) { struct xfrm_policy *pol, *ret = NULL; - struct hlist_head *chain; - u32 priority = ~0U; + struct flowi fl; - spin_lock_bh(&net->xfrm.xfrm_policy_lock); - chain = policy_hash_direct(net, &sel->daddr, &sel->saddr, sel->family, dir); - hlist_for_each_entry(pol, chain, bydst) { - if ((if_id == 0 || pol->if_id == if_id) && - xfrm_migrate_selector_match(sel, &pol->selector) && - pol->type == type) { - ret = pol; - priority = ret->priority; - break; - } - } - chain = &net->xfrm.policy_inexact[dir]; - hlist_for_each_entry(pol, chain, bydst_inexact_list) { - if ((pol->priority >= priority) && ret) - break; + memset(&fl, 0, sizeof(fl)); - if ((if_id == 0 || pol->if_id == if_id) && - xfrm_migrate_selector_match(sel, &pol->selector) && - pol->type == type) { - ret = pol; + fl.flowi_proto = sel->proto; + + switch (sel->family) { + case AF_INET: + fl.u.ip4.saddr = sel->saddr.a4; + fl.u.ip4.daddr = sel->daddr.a4; + if (sel->proto == IPSEC_ULPROTO_ANY) break; - } + fl.u.flowi4_oif = sel->ifindex; + fl.u.ip4.fl4_sport = sel->sport; + fl.u.ip4.fl4_dport = sel->dport; + break; + case AF_INET6: + fl.u.ip6.saddr = sel->saddr.in6; + fl.u.ip6.daddr = sel->daddr.in6; + if (sel->proto == IPSEC_ULPROTO_ANY) + break; + fl.u.flowi6_oif = sel->ifindex; + fl.u.ip6.fl4_sport = sel->sport; + fl.u.ip6.fl4_dport = sel->dport; + break; + default: + return ERR_PTR(-EAFNOSUPPORT); } - xfrm_pol_hold(ret); + rcu_read_lock(); - spin_unlock_bh(&net->xfrm.xfrm_policy_lock); + pol = xfrm_policy_lookup_bytype(net, type, &fl, sel->family, dir, if_id); + if (IS_ERR_OR_NULL(pol)) + goto out_unlock; - return ret; + if (!xfrm_pol_hold_rcu(ret)) + pol = NULL; +out_unlock: + rcu_read_unlock(); + return pol; } static int migrate_tmpl_match(const struct xfrm_migrate *m, const struct xfrm_tmpl *t) @@ -4677,9 +4649,9 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, /* Stage 1 - find policy */ pol = xfrm_migrate_policy_find(sel, dir, type, net, if_id); - if (!pol) { + if (IS_ERR_OR_NULL(pol)) { NL_SET_ERR_MSG(extack, "Target policy not found"); - err = -ENOENT; + err = IS_ERR(pol) ? PTR_ERR(pol) : -ENOENT; goto out; } From patchwork Tue Sep 10 06:55:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798010 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8CA8C17C210 for ; Tue, 10 Sep 2024 06:55:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951329; cv=none; b=Oy5ehwZyyJ1/kCjKk7Nb1OeFhjJ7aXyDs/d9/wR1S3AJTB6f/H0JZ6NKUXJJith/VKI9oFYwUGBulL3+t/VISQIjYpMfJlCKKPUda8Eq1R6bygqLYHxaE0aondygLK8Eujp7c3KYaNf2fjqIL6G+Pmy/qnSbP6XBt/f1dEAPJAI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951329; c=relaxed/simple; bh=0TST6cxqOzGGpTqTkGXpBgzChHanW4rbJG1BD8aLbu8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RGzcZP7mfLWEfSJwTOcGY/0zKS98dsS8yX8cUzTyueuDtG/Ws/wUbSyUMgDQE7HsKOksp2cVQCiyFPwV88dirsTTbtsqb3vtfz8iRw8uaZc6tuXWLv1YF5zhRwduytSamoWyfGXgPJtJyYP1FIYYdgKMRlbm8eoyE+BsX0Zmwk8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=tLeqx+Fu; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="tLeqx+Fu" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id D090B208A2; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6h4NYGLUT-tw; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 0BC78207D1; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 0BC78207D1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951322; bh=vorJ3V1CsURCiWLfS0xBx3s7lc9k2WC3MGLw4OwzGi0=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=tLeqx+Fud8mpY17jdhk+G0GvJC1OYdErEpN9FGFfEsnBntDT3u4iGIwiidXV2VujO Qo1DbGhMqHl1FXzAJZiqYvHGWdLV6tMn7iw6f9V9PVY3usJK10wqrUX/Z4PXCvdLtK UvFvH4vP8JQhdA9yvW3Ecqq01w376WfAHp2PX76mPgLdzowAwu6ELnQ1BitH0Lr7Ud 4ifmueJ5stTYgQkHaC509i/a7Vbr8xPznuTejwbMlm6xA4BBsxlAz2G7msIW04Jqdv sCKOmrLSpjOInYsRat28brU9ByoWEo53V6aNtWVtsrp3l4oRbafvJGam+fFf15yV53 SdZKgqU56Xvug== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:21 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:20 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 65AFC318423A; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 07/13] xfrm: policy: remove remaining use of inexact list Date: Tue, 10 Sep 2024 08:55:01 +0200 Message-ID: <20240910065507.2436394-8-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Florian Westphal No consumers anymore, remove it. After this, insertion of policies no longer require list walk of all inexact policies but only those that are reachable via the candidate sets. This gives almost linear insertion speeds provided the inserted policies are for non-overlapping networks. Before: Inserted 1000 policies in 70 ms Inserted 10000 policies in 1155 ms Inserted 100000 policies in 216848 ms After: Inserted 1000 policies in 56 ms Inserted 10000 policies in 478 ms Inserted 100000 policies in 4580 ms Insertion of 1m entries takes about ~40s after this change on my test vm. Cc: Noel Kuntze Cc: Tobias Brunner Signed-off-by: Florian Westphal Signed-off-by: Steffen Klassert --- include/net/xfrm.h | 1 - net/xfrm/xfrm_policy.c | 38 -------------------------------------- 2 files changed, 39 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index f7244ac4fa08..1fa2da22a49e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -555,7 +555,6 @@ struct xfrm_policy { u16 family; struct xfrm_sec_ctx *security; struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; - struct hlist_node bydst_inexact_list; struct rcu_head rcu; struct xfrm_dev_offload xdo; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index d2feee60bb62..b79ac453ea37 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -196,8 +196,6 @@ xfrm_policy_inexact_lookup_rcu(struct net *net, static struct xfrm_policy * xfrm_policy_insert_list(struct hlist_head *chain, struct xfrm_policy *policy, bool excl); -static void xfrm_policy_insert_inexact_list(struct hlist_head *chain, - struct xfrm_policy *policy); static bool xfrm_policy_find_inexact_candidates(struct xfrm_pol_inexact_candidates *cand, @@ -410,7 +408,6 @@ struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp) if (policy) { write_pnet(&policy->xp_net, net); INIT_LIST_HEAD(&policy->walk.all); - INIT_HLIST_NODE(&policy->bydst_inexact_list); INIT_HLIST_NODE(&policy->bydst); INIT_HLIST_NODE(&policy->byidx); rwlock_init(&policy->lock); @@ -1228,9 +1225,6 @@ xfrm_policy_inexact_insert(struct xfrm_policy *policy, u8 dir, int excl) return ERR_PTR(-EEXIST); } - chain = &net->xfrm.policy_inexact[dir]; - xfrm_policy_insert_inexact_list(chain, policy); - if (delpol) __xfrm_policy_inexact_prune_bin(bin, false); @@ -1346,7 +1340,6 @@ static void xfrm_hash_rebuild(struct work_struct *work) } hlist_del_rcu(&policy->bydst); - hlist_del_init(&policy->bydst_inexact_list); newpos = NULL; chain = policy_hash_bysel(net, &policy->selector, @@ -1515,36 +1508,6 @@ static const struct rhashtable_params xfrm_pol_inexact_params = { .automatic_shrinking = true, }; -static void xfrm_policy_insert_inexact_list(struct hlist_head *chain, - struct xfrm_policy *policy) -{ - struct xfrm_policy *pol, *delpol = NULL; - struct hlist_node *newpos = NULL; - - hlist_for_each_entry(pol, chain, bydst_inexact_list) { - if (pol->type == policy->type && - pol->if_id == policy->if_id && - !selector_cmp(&pol->selector, &policy->selector) && - xfrm_policy_mark_match(&policy->mark, pol) && - xfrm_sec_ctx_match(pol->security, policy->security) && - !WARN_ON(delpol)) { - delpol = pol; - if (policy->priority > pol->priority) - continue; - } else if (policy->priority >= pol->priority) { - newpos = &pol->bydst_inexact_list; - continue; - } - if (delpol) - break; - } - - if (newpos && policy->xdo.type != XFRM_DEV_OFFLOAD_PACKET) - hlist_add_behind_rcu(&policy->bydst_inexact_list, newpos); - else - hlist_add_head_rcu(&policy->bydst_inexact_list, chain); -} - static struct xfrm_policy *xfrm_policy_insert_list(struct hlist_head *chain, struct xfrm_policy *policy, bool excl) @@ -2346,7 +2309,6 @@ static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol, /* Socket policies are not hashed. */ if (!hlist_unhashed(&pol->bydst)) { hlist_del_rcu(&pol->bydst); - hlist_del_init(&pol->bydst_inexact_list); hlist_del(&pol->byidx); } From patchwork Tue Sep 10 06:55:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798007 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D27B617C224 for ; Tue, 10 Sep 2024 06:55:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; cv=none; b=AHY/GJIYo+QbC3C77Adb7W6TecM3BlCLhZuNt89g2Zktm0l2F+2uwxuVHmOvVLvo3NV5VB2bxf0bPrUJNpCqveMfGzgRv57BF1iuQ+apF9RE4oBUGT3q+WeCzePPfMWC1GjY1gl+OlBn2tnnIzdBDKVbrsop8aPo/pr0x0wDJLk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; c=relaxed/simple; bh=2SuLeyuFJWDHA7U8do1vJwuS3h5Z2OFpGils9N3eHWc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Y58MrYMbJ7m2pyM1ysQC/+2zdTY37GmDsz2qE+tTNrUevZ+0hhosZ3uRio5CbZ8OHf45/qautd5I36c6Xg0SBg2vYbg7vJCEYvIs4NITByk7aiWT0vERYhWN0UiSiix3cwWiId249sWU0KVLkSlvQPgZHVbYokgGsm4SLy2YiyQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=J2MMgUM+; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="J2MMgUM+" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id E3F892074B; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FebjWKBDbsl4; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id ACC1B2089F; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com ACC1B2089F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951322; bh=8csKfYlaZqHzHjNFu6MP3D+sydLQSCMkZgGnTdb3vrU=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=J2MMgUM+jTl5ZcjdH6zvWJP6/jPg+vYL4yiUUZ3eJc4/pYWTD1j7DzIQFwhg3B4U6 Ei43li5zpIjaDVhFLbvhVteYybroiHRj7iE7yYZHcv5NOIa3NHR6n/iJe4gY9KvIzQ P50JwrdOp2dSKSs73OnIYP/zSG5d6z5dToge+JYFuQHgNgEPnUpTDXeFNusTcrzbWI wkW69g2Dx1nmjGcbm2h84grtAQuvIeRNWyLRgYECDukWuxgHMqakjbaUf3Ii8C6gLm 9sbEdXbCb+0smzj/DLf0ssMCvFYzgeoAlK4N1bakRAnDVjF46c4LL/s5Iq5GZpq95+ laRyog8Bk6b6A== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:22 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:20 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 69C1E31842E6; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 08/13] xfrm: add SA information to the offloaded packet Date: Tue, 10 Sep 2024 08:55:02 +0200 Message-ID: <20240910065507.2436394-9-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-02.secunet.de (10.53.40.202) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: wangfe In packet offload mode, append Security Association (SA) information to each packet, replicating the crypto offload implementation. The XFRM_XMIT flag is set to enable packet to be returned immediately from the validate_xmit_xfrm function, thus aligning with the existing code path for packet offload mode. This SA info helps HW offload match packets to their correct security policies. The XFRM interface ID is included, which is crucial in setups with multiple XFRM interfaces where source/destination addresses alone can't pinpoint the right policy. Signed-off-by: wangfe Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_output.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index e5722c95b8bb..a12588e7b060 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c @@ -706,6 +706,8 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) struct xfrm_state *x = skb_dst(skb)->xfrm; int family; int err; + struct xfrm_offload *xo; + struct sec_path *sp; family = (x->xso.type != XFRM_DEV_OFFLOAD_PACKET) ? x->outer_mode.family : skb_dst(skb)->ops->family; @@ -728,6 +730,25 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) kfree_skb(skb); return -EHOSTUNREACH; } + sp = secpath_set(skb); + if (!sp) { + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR); + kfree_skb(skb); + return -ENOMEM; + } + + sp->olen++; + sp->xvec[sp->len++] = x; + xfrm_state_hold(x); + + xo = xfrm_offload(skb); + if (!xo) { + secpath_reset(skb); + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR); + kfree_skb(skb); + return -EINVAL; + } + xo->flags |= XFRM_XMIT; return xfrm_output_resume(sk, skb, 0); } From patchwork Tue Sep 10 06:55:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798005 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F02F517ADF1 for ; Tue, 10 Sep 2024 06:55:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; cv=none; b=HfMMTitT/rWsVdCS81EjbssC1mWznVxblh1bBVSysj22CUVto4bITHjMsFx5n5CfAqLEOA4v62Wy1xxdo8KMjSAue1GxZZNBquQMiutHUVARlgC0UgxQBtbbXTM0IQFhSbIuSELScGKlLfiru/4iPXq2kSSE4yJK97WAxsoLwhg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; c=relaxed/simple; bh=Bi0NMSlf6zlssucmrCb/QC0rm0UiTgkYPcN00FHDo9Y=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TeV9zWWKl1icgLddJKTR/DFB+4HdPd3lgNhiNccazwr0ifIck2mxJOhFrKizej4x+yESDmE98HaQcXxuH+wcPYW/9WkmwN5FOSjfSNpGcNIK++LJ2zbYMgMOcEEUaTF0jY3j76JV8vNDrC29vKIuZUwR31NwIavr2kU3RpwBifg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=JUJh2ZBr; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="JUJh2ZBr" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 065A52089F; Tue, 10 Sep 2024 08:55:24 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bYlZC1GMTHvJ; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id D7514207D1; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com D7514207D1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951322; bh=bGQ+4xuS0cvDaxcLzjHoz2pwl86J785OV6C4+40GuPk=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=JUJh2ZBr8gcItXaWbN4hDuIF6v+lxFo0H7EwE4QEU5drNg9HjSsSjbXpStKUNPOj8 efv2mRi8yu1NtSFiZkszV+xl3EfFXYtWQOoTAijo0s6HbZGYvoq3NmuOMImARF4o/V Ejkj4wHkm3hKB4qZZF8PzvZt4Y5Czx8RSzVqnKgSGpfuiF1MwlEVZQ+LxuaX+gxopn FgBsbO+wnNSp/9C1FRGDehnlD5zuGddo6peFF+NYrpD8lPqgHS58YtX+L9765LxpeM xwQ9BWXk+gInvStMXc+jT5is++0/s2UY2KKDDjiY/0fG8PM02COIIjNS6BTEL1ONzw HsPx90cugBS7w== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:22 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:21 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 6DA173184319; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 09/13] xfrm: policy: use recently added helper in more places Date: Tue, 10 Sep 2024 08:55:03 +0200 Message-ID: <20240910065507.2436394-10-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Florian Westphal No logical change intended. Signed-off-by: Florian Westphal Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index b79ac453ea37..94859b2182ec 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1276,11 +1276,7 @@ static void xfrm_hash_rebuild(struct work_struct *work) struct xfrm_pol_inexact_bin *bin; u8 dbits, sbits; - if (policy->walk.dead) - continue; - - dir = xfrm_policy_id2dir(policy->index); - if (dir >= XFRM_POLICY_MAX) + if (xfrm_policy_is_dead_or_sk(policy)) continue; if ((dir & XFRM_POLICY_MASK) == XFRM_POLICY_OUT) { @@ -1331,13 +1327,8 @@ static void xfrm_hash_rebuild(struct work_struct *work) /* re-insert all policies by order of creation */ list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) { - if (policy->walk.dead) - continue; - dir = xfrm_policy_id2dir(policy->index); - if (dir >= XFRM_POLICY_MAX) { - /* skip socket policies */ + if (xfrm_policy_is_dead_or_sk(policy)) continue; - } hlist_del_rcu(&policy->bydst); From patchwork Tue Sep 10 06:55:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798008 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F036F17C227 for ; Tue, 10 Sep 2024 06:55:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; cv=none; b=bP2N33pUkTZkmBaXn4vwrVJbyATxvi1etGCKL4LPqAapUQKEl/081iOvtENYCiv6E3ZFvtujt0gQhjvHado6cTXPY0U6qkAktoNza89CjkIA0aQClY9KK0zcOdEu1O0GQPQbz/yqLEpAV5U6KPIAA3qjfPvu5kvXEAk65wUVcus= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951328; c=relaxed/simple; bh=URTURclBVdQcez9mixmYuVg7DFMGeYsrGKGcnQDeJeY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=inDSNQsAyCmXMcQt80gqrT7owAvzA53AKu0rbyqkNI17Tdm/yWRcGNkMhEOAgYWB+qr0SajzVkpaOZ3BSkPSiqo2qjgVvuP9c2RBO9DdEx+I4fvQbeBb+KwT7lUYWdgDPVkMZcD0u8Le4v/qumaUduZIZb6SxMnV68YslqeY3AY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=TBJ6ZCmB; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="TBJ6ZCmB" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 914E420870; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vItPsauCr5mP; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 841072074B; Tue, 10 Sep 2024 08:55:22 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 841072074B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951322; bh=SUXX6W209WXnD2onP37BeprLdsQqyr4EtrH5uqJlzLA=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=TBJ6ZCmBSZWAogQ9mQKkGAH2GumBtWi751FMFmm6iykgwS70lUTLetvz7mEaUtwdg 2B8MG5aXRaUtiZeVyENI9DRoGUhKu5sa60WjqEPdDz4RH80oyZRPeOy6KQaXP6q9RY zMErdUW24h0BCwSlkaTBy+Fjj0QH4JzQVoCdgaqtw8taK6ycuxWLLAtB5/OPjeo1XF Q7PQyWT06+unIevnY0dPX+q0yPMwzzJs8R4rgmYJjmhvOevr5Ij9tqxqBH7rBeJPDM bouDMEBpVTVe/+YZi2kS+cUqfnsRr/9Fs2CP7rnSat7eaFbq974hoNB2r/8qh0cNQu ecMurkdsQ470A== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:22 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:21 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 71790318431A; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 10/13] xfrm: minor update to sdb and xfrm_policy comments Date: Tue, 10 Sep 2024 08:55:04 +0200 Message-ID: <20240910065507.2436394-11-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-02.secunet.de (10.53.40.202) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Florian Westphal The spd is no longer maintained as a linear list. We also haven't been caching bundles in the xfrm_policy struct since 2010. While at it, add kdoc style comments for the xfrm_policy structure and extend the description of the current rbtree based search to mention why it needs to search the candidate set. Signed-off-by: Florian Westphal Signed-off-by: Steffen Klassert --- include/net/xfrm.h | 40 +++++++++++++++++++++++++++++++++++----- net/xfrm/xfrm_policy.c | 6 +++++- 2 files changed, 40 insertions(+), 6 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 1fa2da22a49e..b6bfdc6416c7 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -67,13 +67,15 @@ - instance of a transformer, struct xfrm_state (=SA) - template to clone xfrm_state, struct xfrm_tmpl - SPD is plain linear list of xfrm_policy rules, ordered by priority. + SPD is organized as hash table (for policies that meet minimum address prefix + length setting, net->xfrm.policy_hthresh). Other policies are stored in + lists, sorted into rbtree ordered by destination and source address networks. + See net/xfrm/xfrm_policy.c for details. + (To be compatible with existing pfkeyv2 implementations, many rules with priority of 0x7fffffff are allowed to exist and such rules are ordered in an unpredictable way, thanks to bsd folks.) - Lookup is plain linear search until the first match with selector. - If "action" is "block", then we prohibit the flow, otherwise: if "xfrms_nr" is zero, the flow passes untransformed. Otherwise, policy entry has list of up to XFRM_MAX_DEPTH transformations, @@ -86,8 +88,6 @@ |---. child .-> dst -. xfrm .-> xfrm_state #3 |---. child .-> NULL - Bundles are cached at xrfm_policy struct (field ->bundles). - Resolution of xrfm_tmpl ----------------------- @@ -526,6 +526,36 @@ struct xfrm_policy_queue { unsigned long timeout; }; +/** + * struct xfrm_policy - xfrm policy + * @xp_net: network namespace the policy lives in + * @bydst: hlist node for SPD hash table or rbtree list + * @byidx: hlist node for index hash table + * @lock: serialize changes to policy structure members + * @refcnt: reference count, freed once it reaches 0 + * @pos: kernel internal tie-breaker to determine age of policy + * @timer: timer + * @genid: generation, used to invalidate old policies + * @priority: priority, set by userspace + * @index: policy index (autogenerated) + * @if_id: virtual xfrm interface id + * @mark: packet mark + * @selector: selector + * @lft: liftime configuration data + * @curlft: liftime state + * @walk: list head on pernet policy list + * @polq: queue to hold packets while aqcuire operaion in progress + * @bydst_reinsert: policy tree node needs to be merged + * @type: XFRM_POLICY_TYPE_MAIN or _SUB + * @action: XFRM_POLICY_ALLOW or _BLOCK + * @flags: XFRM_POLICY_LOCALOK, XFRM_POLICY_ICMP + * @xfrm_nr: number of used templates in @xfrm_vec + * @family: protocol family + * @security: SELinux security label + * @xfrm_vec: array of templates to resolve state + * @rcu: rcu head, used to defer memory release + * @xdo: hardware offload state + */ struct xfrm_policy { possible_net_t xp_net; struct hlist_node bydst; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 94859b2182ec..6336baa8a93c 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -109,7 +109,11 @@ struct xfrm_pol_inexact_node { * 4. saddr:any list from saddr tree * * This result set then needs to be searched for the policy with - * the lowest priority. If two results have same prio, youngest one wins. + * the lowest priority. If two candidates have the same priority, the + * struct xfrm_policy pos member with the lower number is used. + * + * This replicates previous single-list-search algorithm which would + * return first matching policy in the (ordered-by-priority) list. */ struct xfrm_pol_inexact_key { From patchwork Tue Sep 10 06:55:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798011 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2A9817C7C9 for ; Tue, 10 Sep 2024 06:55:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951329; cv=none; b=Is99hhT6ItrVxFfWXGaW5EfDT4N2mdh+7juz3u08xFYtZICLjamds7/84DrbAhMU332bHeMrW7JFX/l37nHVLNiPbQHHoUUqodNXNs+PcmH4oH4hgO06Ogok9YvH3vrBvRaBFMTmiNYWCsJDKVxOmdDqtSq4F9SX4DHCF9EnNbM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951329; c=relaxed/simple; bh=SIPd6Z5aL3Lp3FYnctyiQ1dGGqnXaoxXXLIn+8qspZw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=MjBX2+PRLZIki1bLy912QPE1a/4d5zIUI2JmG/mSFL9hMhvUEiA4kFX3k+IUJDEZWa16ernsplWcojjg5jCQHpGM55E/+ea1SOd7TyMlS3PmKCpaOKUXl/mz1ZR0eL5BV9zQaqduDEkOfnRhfU5DvVSMmqBXh0TLqRvdAVqqtbY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=S6OZlice; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="S6OZlice" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 59F7C207D1; Tue, 10 Sep 2024 08:55:24 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0-QUMzQNRnX; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 03E6A208A4; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 03E6A208A4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951323; bh=tMEEwy5Cmg7N/evH9gbiuV98BtUYHX/bTp8srDZmoB4=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=S6OZlicey80vbyOZzT+PInzfZTmc/jB6/t3oIw1Ft9Bey0d76LuV3/ud7gOw+7Jh3 pAWGWeWiybqF2Byr7NpqUlhEvbaCZgYdgsZP8snTvlc//rvTKNuh2hdgaktrFWfyjn AoXhD694730t6JgK0YHTNrrQ4vv0rxrf4r1hN8zUgm3CBOZ+YT7NYgbYq1J97KV6s2 0Gs+tvQO2mYbkk+lmvXiEP0YUO89cZqVRRpEH86sKXqjA5dTrgy//R7jj93mylUT3s XFoiNVyNjpavlTlnzjldnWf4tTZGQWNaRdnIuQ7nHTM3w5SwNWSAeJt8wSHeYcz4d5 8mpugCOc4v6yQ== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:22 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:21 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 78B303184084; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 11/13] Revert "xfrm: add SA information to the offloaded packet" Date: Tue, 10 Sep 2024 08:55:05 +0200 Message-ID: <20240910065507.2436394-12-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-02.secunet.de (10.53.40.202) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org This reverts commit e7cd191f83fd899c233dfbe7dc6d96ef703dcbbd. While supporting xfrm interfaces in the packet offload API is needed, this patch does not do the right thing. There are more things to do to really support xfrm interfaces, so revert it for now. Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_output.c | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index a12588e7b060..e5722c95b8bb 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c @@ -706,8 +706,6 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) struct xfrm_state *x = skb_dst(skb)->xfrm; int family; int err; - struct xfrm_offload *xo; - struct sec_path *sp; family = (x->xso.type != XFRM_DEV_OFFLOAD_PACKET) ? x->outer_mode.family : skb_dst(skb)->ops->family; @@ -730,25 +728,6 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) kfree_skb(skb); return -EHOSTUNREACH; } - sp = secpath_set(skb); - if (!sp) { - XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR); - kfree_skb(skb); - return -ENOMEM; - } - - sp->olen++; - sp->xvec[sp->len++] = x; - xfrm_state_hold(x); - - xo = xfrm_offload(skb); - if (!xo) { - secpath_reset(skb); - XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR); - kfree_skb(skb); - return -EINVAL; - } - xo->flags |= XFRM_XMIT; return xfrm_output_resume(sk, skb, 0); } From patchwork Tue Sep 10 06:55:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798009 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8825617C7C2 for ; Tue, 10 Sep 2024 06:55:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951329; cv=none; b=eoxZSOo6DCUVcL4JFLGBjepykxn8EQSOCCvVMq6QmxSJz+C5IXU5nmti9X7eQrX4cP4k1B90PoAS/G+NERe16C70W+6ES37U9kLoGhOp+WKQ3jWv1G2/rVenM7RNM0ZZopwglQJkOPUOJQ01J3AOH5MiqCJyAD9wLb0V6dzryN4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951329; c=relaxed/simple; bh=o+mxtvuoEYe7IxCiOxq+4IDAUuc9qZ5NfLRRguOA30A=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=cLW5hFlAkg+2nrq4GFGdJYde88fdeT56atQJSYLEwNAfXV5OwXn8/vxSsI5xpgSuPi5TWpcrThoAjDplUtGHwM3JnZ0kYiDDXCkVsUAa+1ie+LA0cdVG8fSEKxZjo/yuxmE0r5AHshaUvNci3SF63yGqNUu4kOTSkf1rLn2PQJk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=h/XCXpUc; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="h/XCXpUc" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id BC568208A3; Tue, 10 Sep 2024 08:55:24 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zJH7tK_hNm9W; Tue, 10 Sep 2024 08:55:24 +0200 (CEST) Received: from cas-essen-02.secunet.de (rl2.secunet.de [10.53.40.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 2C50020893; Tue, 10 Sep 2024 08:55:23 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 2C50020893 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951323; bh=8mPIfE8lEMmWMT/wY1yfBpIKylIzisJ1p7evUIA5jDc=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=h/XCXpUcIWmH4EU4XwkrbHO5z/143lybZy2JSqDpDpH9PVwYtrvzJvzGNwJeFV6XH GC8pFzVk/+ePlWGivANAYQmU/CYMp9xhs04ogNaF5v5PNzo+06TdKboC59onj8Mol8 WrWjAfnV93LtOae/Clh7kiIcict0vA1oZOeDBKClixX/7fXgHM49BsNHN+On2Zpa9+ sQIJV4K4nKguRUhkhT6VEyd2ToJTySkhKrjznVdsXjSGJ23lekr34zmpLNEgBpfAM3 tdrhQmuVQRxItTprHx8jt7C44tc5L5jHATgsDAgcYxFfI25NZdHerBYSp2Mp1ngogg jGFGTmvO8ZfMg== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:22 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 08:55:21 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 8A7843184335; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 12/13] xfrm: policy: fix null dereference Date: Tue, 10 Sep 2024 08:55:06 +0200 Message-ID: <20240910065507.2436394-13-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-02.secunet.de (10.53.40.202) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Florian Westphal Julian Wiedmann says: > + if (!xfrm_pol_hold_rcu(ret)) Coverity spotted that ^^^ needs a s/ret/pol fix-up: > CID 1599386: Null pointer dereferences (FORWARD_NULL) > Passing null pointer "ret" to "xfrm_pol_hold_rcu", which dereferences it. Ditch the bogus 'ret' variable. Fixes: 563d5ca93e88 ("xfrm: switch migrate to xfrm_policy_lookup_bytype") Reported-by: Julian Wiedmann Closes: https://lore.kernel.org/netdev/06dc2499-c095-4bd4-aee3-a1d0e3ec87c4@gmail.com/ Signed-off-by: Florian Westphal Reviewed-by: Simon Horman Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 6336baa8a93c..31c14457fdaf 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4429,7 +4429,7 @@ EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete); static struct xfrm_policy *xfrm_migrate_policy_find(const struct xfrm_selector *sel, u8 dir, u8 type, struct net *net, u32 if_id) { - struct xfrm_policy *pol, *ret = NULL; + struct xfrm_policy *pol; struct flowi fl; memset(&fl, 0, sizeof(fl)); @@ -4465,7 +4465,7 @@ static struct xfrm_policy *xfrm_migrate_policy_find(const struct xfrm_selector * if (IS_ERR_OR_NULL(pol)) goto out_unlock; - if (!xfrm_pol_hold_rcu(ret)) + if (!xfrm_pol_hold_rcu(pol)) pol = NULL; out_unlock: rcu_read_unlock(); From patchwork Tue Sep 10 06:55:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 13798018 X-Patchwork-Delegate: kuba@kernel.org Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7335E17BB1A for ; Tue, 10 Sep 2024 07:03:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951824; cv=none; b=Ck+CBj/X2UWKzrKoIESPQuUZj+oS/U8wFlg36+YNA3ZWkJUG64gDoZBDqUF3NsmhJ5Cst6K/IXY+z/Pvgs4+U2sdo4UVZcRibhlqCkGDybE6TXjwfD35d/Qncmz2dnrJGe9Mqhg26FsLe34RcE5y+wxrk2j+N7RM+Shm8RoUgAk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725951824; c=relaxed/simple; bh=eD9zwrp3FBb4Bn/H//ewP27Nixi906eUjV1POHPlr08=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XdXOZUOeLjyH+fLIAPtfr8a7Xf4c/UxTp4bv5JkTQbgnekbG8tftQQaCg4TsA2DZDllCE9zvrSfecDwuFvU3CO1HJUtzKX6IbMWVqWHMTma0a/kZZFa5mPU48nFGYCzHRwTESFRrXhhgwdqGWMFueQ71jemP/ub7s7McYrvmsfc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=tvhwhcLK; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="tvhwhcLK" Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 9BBF4207D1; Tue, 10 Sep 2024 09:03:39 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Us6JRL9fKQmh; Tue, 10 Sep 2024 09:03:39 +0200 (CEST) Received: from cas-essen-01.secunet.de (rl1.secunet.de [10.53.40.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 162D620799; Tue, 10 Sep 2024 09:03:39 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 162D620799 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1725951819; bh=pptXSAW1jGMA4twPxCr0BaJ5AvPPtsqVG4VFxC7hPj4=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=tvhwhcLKybQifVivx9DCPpF8eSNRiUnTPAq2YmSXnEhnFwGy6wmmNlkWghw5bhsw4 jEeemZVy6nTUlYEQvg9ZAEeyrQ3JcTH6MldpI3KSD5SMf3O0ByvDsGb3JpqSFsDxay i5Ts/ZaF+zwNb65qs1hO+mNQ++huv3+LidXxxKKnAa4jBgKhrG3caYkmyLU3zuz6rF vp6mRY5O/G3x59JBbQVHUiJl2gMwB0CeRptWuhusGQdgoqpOQX3r/BbNwvaPQa2Y2w 9BZser1b65SZce5Y0cWOktNcvOholtfJhCqDNtnMEk1AlkI9W3wMLkT0PF1vxRXAwP X6HWBAIxVabbg== Received: from mbx-essen-02.secunet.de (10.53.40.198) by cas-essen-01.secunet.de (10.53.40.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 09:03:38 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 10 Sep 2024 09:03:37 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 9931F31843BF; Tue, 10 Sep 2024 08:55:20 +0200 (CEST) From: Steffen Klassert To: David Miller , Jakub Kicinski CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 13/13] xfrm: policy: Restore dir assignments in xfrm_hash_rebuild() Date: Tue, 10 Sep 2024 08:55:07 +0200 Message-ID: <20240910065507.2436394-14-steffen.klassert@secunet.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240910065507.2436394-1-steffen.klassert@secunet.com> References: <20240910065507.2436394-1-steffen.klassert@secunet.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: cas-essen-02.secunet.de (10.53.40.202) To mbx-essen-02.secunet.de (10.53.40.198) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Patchwork-Delegate: kuba@kernel.org From: Nathan Chancellor Clang warns (or errors with CONFIG_WERROR): net/xfrm/xfrm_policy.c:1286:8: error: variable 'dir' is uninitialized when used here [-Werror,-Wuninitialized] 1286 | if ((dir & XFRM_POLICY_MASK) == XFRM_POLICY_OUT) { | ^~~ net/xfrm/xfrm_policy.c:1257:9: note: initialize the variable 'dir' to silence this warning 1257 | int dir; | ^ | = 0 1 error generated. A recent refactoring removed some assignments to dir because xfrm_policy_is_dead_or_sk() has a dir assignment in it. However, dir is used elsewhere in xfrm_hash_rebuild(), including within loops where it needs to be reloaded for each policy. Restore the assignments before the first use of dir to fix the warning and ensure dir is properly initialized throughout the function. Fixes: 08c2182cf0b4 ("xfrm: policy: use recently added helper in more places") Acked-by: Florian Westphal Signed-off-by: Nathan Chancellor Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 31c14457fdaf..428ee83fe298 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1283,6 +1283,7 @@ static void xfrm_hash_rebuild(struct work_struct *work) if (xfrm_policy_is_dead_or_sk(policy)) continue; + dir = xfrm_policy_id2dir(policy->index); if ((dir & XFRM_POLICY_MASK) == XFRM_POLICY_OUT) { if (policy->family == AF_INET) { dbits = rbits4; @@ -1337,6 +1338,7 @@ static void xfrm_hash_rebuild(struct work_struct *work) hlist_del_rcu(&policy->bydst); newpos = NULL; + dir = xfrm_policy_id2dir(policy->index); chain = policy_hash_bysel(net, &policy->selector, policy->family, dir);