* [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it
@ 2013-11-10 14:25 baker.kernel
2013-11-10 19:03 ` Sergei Shtylyov
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: baker.kernel @ 2013-11-10 14:25 UTC (permalink / raw)
To: herbert, davem, steffen.klassert; +Cc: netdev, baker.zhang
From: "baker.zhang" <baker.kernel@gmail.com>
Signed-off-by: baker.zhang <baker.kernel@gmail.com>
---
For current kernel source, there is no problem.
In our vpn product, we need a xfrm_km in kernel module
to monitor the xfrm state change.
thus, the 'acquire' and 'compile_policy' may be NULL.
So I think we should do the check before use it.
net/xfrm/xfrm_state.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b9c3f9e..541f684 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1679,9 +1679,11 @@ int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {
- acqret = km->acquire(x, t, pol);
- if (!acqret)
- err = acqret;
+ if (km->acquire) {
+ acqret = km->acquire(x, t, pol);
+ if (!acqret)
+ err = acqret;
+ }
}
rcu_read_unlock();
return err;
@@ -1783,10 +1785,12 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
err = -EINVAL;
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {
- pol = km->compile_policy(sk, optname, data,
- optlen, &err);
- if (err >= 0)
- break;
+ if (km->compile_policy) {
+ pol = km->compile_policy(sk, optname, data,
+ optlen, &err);
+ if (err >= 0)
+ break;
+ }
}
rcu_read_unlock();
--
1.8.3.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it
2013-11-10 14:25 [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it baker.kernel
@ 2013-11-10 19:03 ` Sergei Shtylyov
2013-11-10 23:31 ` [PATCH V2 " baker.kernel
` (2 subsequent siblings)
3 siblings, 0 replies; 10+ messages in thread
From: Sergei Shtylyov @ 2013-11-10 19:03 UTC (permalink / raw)
To: baker.kernel, herbert, davem, steffen.klassert; +Cc: netdev
Hello.
On 10-11-2013 18:25, baker.kernel@gmail.com wrote:
> From: "baker.zhang" <baker.kernel@gmail.com>
> Signed-off-by: baker.zhang <baker.kernel@gmail.com>
> ---
> For current kernel source, there is no problem.
> In our vpn product, we need a xfrm_km in kernel module
> to monitor the xfrm state change.
> thus, the 'acquire' and 'compile_policy' may be NULL.
> So I think we should do the check before use it.
> net/xfrm/xfrm_state.c | 18 +++++++++++-------
> 1 file changed, 11 insertions(+), 7 deletions(-)
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index b9c3f9e..541f684 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
[...]
> @@ -1783,10 +1785,12 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
> err = -EINVAL;
> rcu_read_lock();
> list_for_each_entry_rcu(km, &xfrm_km_list, list) {
> - pol = km->compile_policy(sk, optname, data,
> - optlen, &err);
> - if (err >= 0)
> - break;
> + if (km->compile_policy) {
> + pol = km->compile_policy(sk, optname, data,
> + optlen, &err);
According the networking coding style, the continuation line should start
right under 'sk' on the previous line.
WBR, Sergei
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH V2 net-next] xfrm: check function pointer of xfrm_mgr before use it
2013-11-10 14:25 [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it baker.kernel
2013-11-10 19:03 ` Sergei Shtylyov
@ 2013-11-10 23:31 ` baker.kernel
2013-11-11 5:09 ` David Miller
2013-11-11 6:39 ` baker.kernel
2013-11-11 18:52 ` [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it Stephen Hemminger
3 siblings, 1 reply; 10+ messages in thread
From: baker.kernel @ 2013-11-10 23:31 UTC (permalink / raw)
To: herbert, davem, steffen.klassert; +Cc: netdev, baker.zhang
From: "baker.zhang" <baker.kernel@gmail.com>
Signed-off-by: baker.zhang <baker.kernel@gmail.com>
---
V1:
For current kernel source, there is no problem.
In our vpn product, we need a xfrm_km in kernel module
to monitor the xfrm state change.
thus, the 'acquire' and 'compile_policy' may be NULL.
So I think we should do the check before use it.
V2:
Align the continuation line according the networking coding style.
net/xfrm/xfrm_state.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b9c3f9e..d716031 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1679,9 +1679,11 @@ int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {
- acqret = km->acquire(x, t, pol);
- if (!acqret)
- err = acqret;
+ if (km->acquire) {
+ acqret = km->acquire(x, t, pol);
+ if (!acqret)
+ err = acqret;
+ }
}
rcu_read_unlock();
return err;
@@ -1783,10 +1785,12 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
err = -EINVAL;
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {
- pol = km->compile_policy(sk, optname, data,
- optlen, &err);
- if (err >= 0)
- break;
+ if (km->compile_policy) {
+ pol = km->compile_policy(sk, optname, data,
+ optlen, &err);
+ if (err >= 0)
+ break;
+ }
}
rcu_read_unlock();
--
1.8.3.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH V2 net-next] xfrm: check function pointer of xfrm_mgr before use it
2013-11-10 23:31 ` [PATCH V2 " baker.kernel
@ 2013-11-11 5:09 ` David Miller
0 siblings, 0 replies; 10+ messages in thread
From: David Miller @ 2013-11-11 5:09 UTC (permalink / raw)
To: baker.kernel; +Cc: herbert, steffen.klassert, netdev
From: baker.kernel@gmail.com
Date: Mon, 11 Nov 2013 07:31:57 +0800
> From: "baker.zhang" <baker.kernel@gmail.com>
>
> Signed-off-by: baker.zhang <baker.kernel@gmail.com>
It is not valid to register a key manager that does not implement
these callbacks.
I'm not applying this patch, sorry. Although I would apply a patch
that validates that all the callbacks are non-NULL at register time.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager
2013-11-10 14:25 [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it baker.kernel
@ 2013-11-11 6:39 ` baker.kernel
2013-11-10 23:31 ` [PATCH V2 " baker.kernel
` (2 subsequent siblings)
3 siblings, 0 replies; 10+ messages in thread
From: baker.kernel @ 2013-11-11 6:39 UTC (permalink / raw)
To: davem, herbert, steffen.klassert; +Cc: netdev, linux-kernel, Baker Zhang
From: Baker Zhang <Baker.kernel@gmail.com>
"acquire" and "compile_policy" callbacks are necessary for a key manager.
Signed-off-by: Baker Zhang <Baker.kernel@gmail.com>
---
Thanks for all reply.
V1:
For current kernel source, there is no problem.
In our vpn product, we need a xfrm_km in kernel module
to monitor the xfrm state change.
thus, the 'acquire' and 'compile_policy' may be NULL.
So I think we should do the check before use it.
V2:
Align the continuation line according the networking coding style.
V3:
Add check to prevent un-complete key manager at register time.
net/xfrm/xfrm_state.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b9c3f9e..178283e 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1806,6 +1806,9 @@ static DEFINE_SPINLOCK(xfrm_km_lock);
int xfrm_register_km(struct xfrm_mgr *km)
{
+ if (km->acquire == NULL || km->compile_policy == NULL)
+ return -EINVAL;
+
spin_lock_bh(&xfrm_km_lock);
list_add_tail_rcu(&km->list, &xfrm_km_list);
spin_unlock_bh(&xfrm_km_lock);
--
1.8.3.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager
@ 2013-11-11 6:39 ` baker.kernel
0 siblings, 0 replies; 10+ messages in thread
From: baker.kernel @ 2013-11-11 6:39 UTC (permalink / raw)
To: davem, herbert, steffen.klassert; +Cc: netdev, linux-kernel, Baker Zhang
From: Baker Zhang <Baker.kernel@gmail.com>
"acquire" and "compile_policy" callbacks are necessary for a key manager.
Signed-off-by: Baker Zhang <Baker.kernel@gmail.com>
---
Thanks for all reply.
V1:
For current kernel source, there is no problem.
In our vpn product, we need a xfrm_km in kernel module
to monitor the xfrm state change.
thus, the 'acquire' and 'compile_policy' may be NULL.
So I think we should do the check before use it.
V2:
Align the continuation line according the networking coding style.
V3:
Add check to prevent un-complete key manager at register time.
net/xfrm/xfrm_state.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b9c3f9e..178283e 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1806,6 +1806,9 @@ static DEFINE_SPINLOCK(xfrm_km_lock);
int xfrm_register_km(struct xfrm_mgr *km)
{
+ if (km->acquire == NULL || km->compile_policy == NULL)
+ return -EINVAL;
+
spin_lock_bh(&xfrm_km_lock);
list_add_tail_rcu(&km->list, &xfrm_km_list);
spin_unlock_bh(&xfrm_km_lock);
--
1.8.3.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager
2013-11-11 6:39 ` baker.kernel
(?)
@ 2013-11-11 7:11 ` Fan Du
-1 siblings, 0 replies; 10+ messages in thread
From: Fan Du @ 2013-11-11 7:11 UTC (permalink / raw)
To: baker.kernel; +Cc: davem, herbert, steffen.klassert, netdev, linux-kernel
On 2013年11月11日 14:39, baker.kernel@gmail.com wrote:
> From: Baker Zhang<Baker.kernel@gmail.com>
>
> "acquire" and "compile_policy" callbacks are necessary for a key manager.
>
> Signed-off-by: Baker Zhang<Baker.kernel@gmail.com>
> ---
> Thanks for all reply.
>
> V1:
> For current kernel source, there is no problem.
>
> In our vpn product, we need a xfrm_km in kernel module
> to monitor the xfrm state change.
> thus, the 'acquire' and 'compile_policy' may be NULL.
>
> So I think we should do the check before use it.
>
> V2:
> Align the continuation line according the networking coding style.
>
> V3:
> Add check to prevent un-complete key manager at register time.
>
> net/xfrm/xfrm_state.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index b9c3f9e..178283e 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
> @@ -1806,6 +1806,9 @@ static DEFINE_SPINLOCK(xfrm_km_lock);
>
> int xfrm_register_km(struct xfrm_mgr *km)
> {
> + if (km->acquire == NULL || km->compile_policy == NULL)
"acquire" is a MUST, "compile_policy" is not a necessity.
From the fist commit log, you probably add functionality providing SA state changes
in your private key manager, which current implementation does not. Maybe it's worthwhile
to elaborate the missing functionality than add those checking, because both key manage
(pfkeyv2/netlink) in use has "acquire" and "compile_policy" at the same time.
--
浮沉随浪只记今朝笑
--fan
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it
2013-11-10 14:25 [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it baker.kernel
` (2 preceding siblings ...)
2013-11-11 6:39 ` baker.kernel
@ 2013-11-11 18:52 ` Stephen Hemminger
3 siblings, 0 replies; 10+ messages in thread
From: Stephen Hemminger @ 2013-11-11 18:52 UTC (permalink / raw)
To: baker.kernel; +Cc: herbert, davem, steffen.klassert, netdev
On Sun, 10 Nov 2013 22:25:56 +0800
baker.kernel@gmail.com wrote:
> For current kernel source, there is no problem.
>
> In our vpn product, we need a xfrm_km in kernel module
> to monitor the xfrm state change.
> thus, the 'acquire' and 'compile_policy' may be NULL.
>
> So I think we should do the check before use it
The upstream kernel does not accept or make changes to accommodate code that
is not part of the kernel source.
The only way this change would be considered would be as part of a submission
of the kernel module. I.e. part 1 of N.
So if you are willing to submit your module upstream under GPLv2, then
it will be reviewed an possibly accepted. If you just want this change to
make your product easier, then sorry no.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager
2013-11-11 6:39 ` baker.kernel
@ 2013-11-11 19:04 ` David Miller
-1 siblings, 0 replies; 10+ messages in thread
From: David Miller @ 2013-11-11 19:04 UTC (permalink / raw)
To: baker.kernel; +Cc: herbert, steffen.klassert, netdev, linux-kernel
From: baker.kernel@gmail.com
Date: Mon, 11 Nov 2013 14:39:11 +0800
> + if (km->acquire == NULL || km->compile_policy == NULL)
> + return -EINVAL;
There are 7 function pointer methods that must be fully implemented
in an xfrm_mgr object, not just two.
And really we absolutely do not care at all about your out-of-tree
product, it has no bearing upon what should happen here.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager
@ 2013-11-11 19:04 ` David Miller
0 siblings, 0 replies; 10+ messages in thread
From: David Miller @ 2013-11-11 19:04 UTC (permalink / raw)
To: baker.kernel; +Cc: herbert, steffen.klassert, netdev, linux-kernel
From: baker.kernel@gmail.com
Date: Mon, 11 Nov 2013 14:39:11 +0800
> + if (km->acquire == NULL || km->compile_policy == NULL)
> + return -EINVAL;
There are 7 function pointer methods that must be fully implemented
in an xfrm_mgr object, not just two.
And really we absolutely do not care at all about your out-of-tree
product, it has no bearing upon what should happen here.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2013-11-11 19:04 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-10 14:25 [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it baker.kernel
2013-11-10 19:03 ` Sergei Shtylyov
2013-11-10 23:31 ` [PATCH V2 " baker.kernel
2013-11-11 5:09 ` David Miller
2013-11-11 6:39 ` [PATCH v3 net-next] xfrm: Add check to prevent un-complete key manager baker.kernel
2013-11-11 6:39 ` baker.kernel
2013-11-11 7:11 ` Fan Du
2013-11-11 19:04 ` David Miller
2013-11-11 19:04 ` David Miller
2013-11-11 18:52 ` [PATCH net-next] xfrm: check function pointer of xfrm_mgr before use it Stephen Hemminger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.