Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom/net/xfrm?h=v6.13 2024-11-18T11:52:49Z 2024-11-18T11:52:49Z David S. Miller davem@davemloft.net 2024-11-18T11:52:49Z urn:sha1:296a681def3e105f8535c8b3cb0f37f22f710e62 Steffen Klassert says: ==================== ipsec-next-11-15 1) Add support for RFC 9611 per cpu xfrm state handling. 2) Add inbound and outbound xfrm state caches to speed up state lookups. 3) Convert xfrm to dscp_t. From Guillaume Nault. 4) Fix error handling in build_aevent. From Everest K.C. 5) Replace strncpy with strscpy_pad in copy_to_user_auth. From Daniel Yang. 6) Fix an uninitialized symbol during acquire state insertion. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 2024-11-15T06:25:14Z Steffen Klassert steffen.klassert@secunet.com 2024-11-14T11:06:56Z urn:sha1:a35672819f8d85e2ae38b80d40b923e3ef81e4ea A recent commit jumped over the dst hash computation and left the symbol uninitialized. Fix this by explicitly computing the dst hash before it is used. Fixes: 0045e3d80613 ("xfrm: Cache used outbound xfrm states at the policy.") Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2024-11-14T10:38:37Z Daniel Yang danielyangkang@gmail.com 2024-11-13T09:20:58Z urn:sha1:9e1a6db68e3ccc5c20fd2d6243285d1cc7215fe4 The function strncpy is deprecated since it does not guarantee the destination buffer is NULL terminated. Recommended replacement is strscpy. The padded version was used to remain consistent with the other strscpy_pad usage in the modified function. Signed-off-by: Daniel Yang <danielyangkang@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2024-11-14T07:23:15Z Everest K.C everestkc@everestkc.com.np 2024-11-12T23:36:06Z urn:sha1:9d287e70c51f1c141ac588add261ed2efdd6fc6b Error handling is missing when call to nla_put_u32() fails. Handle the error when the call to nla_put_u32() returns an error. The error was reported by Coverity Scan. Report: CID 1601525: (#1 of 1): Unused value (UNUSED_VALUE) returned_value: Assigning value from nla_put_u32(skb, XFRMA_SA_PCPU, x->pcpu_num) to err here, but that stored value is overwritten before it can be used Fixes: 1ddf9916ac09 ("xfrm: Add support for per cpu xfrm state handling.") Signed-off-by: Everest K.C. <everestkc@everestkc.com.np> Reviewed-by: Simon Horman <horms@kernel.org> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2024-11-11T18:32:06Z Johannes Berg johannes.berg@intel.com 2024-11-08T10:41:45Z urn:sha1:a885a6b2d37eaaae08323583bdb1928c8a2935fc Most of the original conversion is from the spatch below, but I edited some and left out other instances that were either buggy after conversion (where default values don't fit into the type) or just looked strange. @@ expression attr, def; expression val; identifier fn =~ "^nla_get_.*"; fresh identifier dfn = fn ## "_default"; @@ ( -if (attr) - val = fn(attr); -else - val = def; +val = dfn(attr, def); | -if (!attr) - val = def; -else - val = fn(attr); +val = dfn(attr, def); | -if (!attr) - return def; -return fn(attr); +return dfn(attr, def); | -attr ? fn(attr) : def +dfn(attr, def) | -!attr ? def : fn(attr) +dfn(attr, def) ) Signed-off-by: Johannes Berg <johannes.berg@intel.com> Reviewed-by: Toke Høiland-Jørgensen <toke@kernel.org> Link: https://patch.msgid.link/20241108114145.0580b8684e7f.I740beeaa2f70ebfc19bfca1045a24d6151992790@changeid Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2024-11-06T11:42:51Z Guillaume Nault gnault@redhat.com 2024-10-31T15:52:57Z urn:sha1:e57dfaa4b0a72f6a231a8eedb95d260045bbd8db Add type annotation to the "tos" field of struct xfrm_dst_lookup_params, to ensure that the ECN bits aren't mistakenly taken into account when doing route lookups. Rename that field (tos -> dscp) to make that change explicit. Signed-off-by: Guillaume Nault <gnault@redhat.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2024-11-06T11:42:42Z Guillaume Nault gnault@redhat.com 2024-10-31T15:52:49Z urn:sha1:3021a2a3403df0fe0b79af15071e5f6ee25461a4 Pass a dscp_t variable to xfrm_dst_lookup(), instead of an int, to prevent accidental setting of ECN bits in ->flowi4_tos. Only xfrm_bundle_create() actually calls xfrm_dst_lookup(). Since it already has a dscp_t variable to pass as parameter, we only need to remove the inet_dscp_to_dsfield() conversion. Signed-off-by: Guillaume Nault <gnault@redhat.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2024-11-06T11:42:34Z Guillaume Nault gnault@redhat.com 2024-10-31T15:52:43Z urn:sha1:01f61cbfc8b2cf89fe960ea3c1c67bba089dbdc5 Use a dscp_t variable to store the result of xfrm_get_dscp(). This prepares for the future conversion of xfrm_dst_lookup(). Signed-off-by: Guillaume Nault <gnault@redhat.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2024-11-06T11:42:16Z Guillaume Nault gnault@redhat.com 2024-10-31T15:52:36Z urn:sha1:766f532089afd202a537f44c09a88ab9912f07d7 Return a dscp_t variable to prepare for the future conversion of xfrm_bundle_create() to dscp_t. While there, rename the function "xfrm_get_dscp", to align its name with the new return type. Signed-off-by: Guillaume Nault <gnault@redhat.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2024-10-29T10:56:24Z Steffen Klassert steffen.klassert@secunet.com 2024-10-23T10:53:45Z urn:sha1:83dfce38c49f3242c7edf5baab5c79c9ec360ecc Reject the usage of XFRMA_SA_PCPU in xfrm netlink messages when it's not applicable. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Tested-by: Antony Antony <antony.antony@secunet.com> Tested-by: Tobias Brunner <tobias@strongswan.org>