* pull request (net-next): ipsec-next 2013-08-22
@ 2013-08-22 11:12 Steffen Klassert
2013-08-22 11:12 ` [PATCH 1/6] xfrm: constify mark argument of xfrm_find_acq() Steffen Klassert
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Steffen Klassert @ 2013-08-22 11:12 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
1) Some constifications, from Mathias Krause.
2) Catch bugs if a hold timer is still active when xfrm_policy_destroy()
is called, from Fan Du.
3) Remove a redundant address family checking, from Fan Du.
4) Make xfrm_state timer monotonic to be independent of system clock changes,
from Fan Du.
5) Remove an outdated comment on returning -EREMOTE in the xfrm_lookup(),
from Rami Rosen.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 5ca5461c3ee8b306c04ac833e5eacb5755b85d88:
vxlan: fix rcu related warning (2013-08-04 18:47:14 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
for you to fetch changes up to e3fec5a1c5a1ab4a85ca3f4e41c626fb953ce162:
xfrm: remove irrelevant comment in xfrm_input(). (2013-08-19 12:45:16 +0200)
----------------------------------------------------------------
Fan Du (3):
xfrm: Delete hold_timer when destroy policy
xfrm: Remove rebundant address family checking
xfrm: Make xfrm_state timer monotonic
Mathias Krause (2):
xfrm: constify mark argument of xfrm_find_acq()
af_key: constify lookup tables
Rami Rosen (1):
xfrm: remove irrelevant comment in xfrm_input().
include/net/xfrm.h | 2 +-
net/key/af_key.c | 14 +++-----------
net/xfrm/xfrm_policy.c | 4 +---
net/xfrm/xfrm_state.c | 15 +++++++++------
4 files changed, 14 insertions(+), 21 deletions(-)
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/6] xfrm: constify mark argument of xfrm_find_acq()
2013-08-22 11:12 pull request (net-next): ipsec-next 2013-08-22 Steffen Klassert
@ 2013-08-22 11:12 ` Steffen Klassert
2013-08-22 11:12 ` [PATCH 2/6] af_key: constify lookup tables Steffen Klassert
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Steffen Klassert @ 2013-08-22 11:12 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Mathias Krause <minipli@googlemail.com>
The mark argument is read only, so constify it. Also make dummy_mark in
af_key const -- only used as dummy argument for this very function.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
include/net/xfrm.h | 2 +-
net/key/af_key.c | 2 +-
net/xfrm/xfrm_state.c | 12 +++++++-----
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 94ce082..89d3d8a 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1548,7 +1548,7 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32
int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
u32 xfrm_get_acqseq(void);
extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
-struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark,
+struct xfrm_state *xfrm_find_acq(struct net *net, const struct xfrm_mark *mark,
u8 mode, u32 reqid, u8 proto,
const xfrm_address_t *daddr,
const xfrm_address_t *saddr, int create,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index ab8bd2c..4089a21 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -45,7 +45,7 @@ struct netns_pfkey {
static DEFINE_MUTEX(pfkey_mutex);
#define DUMMY_MARK 0
-static struct xfrm_mark dummy_mark = {0, 0};
+static const struct xfrm_mark dummy_mark = {0, 0};
struct pfkey_sock {
/* struct sock must be the first member of struct pfkey_sock */
struct sock sk;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 78f66fa..b2cd806 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -990,11 +990,13 @@ void xfrm_state_insert(struct xfrm_state *x)
EXPORT_SYMBOL(xfrm_state_insert);
/* xfrm_state_lock is held */
-static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m,
+static struct xfrm_state *__find_acq_core(struct net *net,
+ const struct xfrm_mark *m,
unsigned short family, u8 mode,
u32 reqid, u8 proto,
const xfrm_address_t *daddr,
- const xfrm_address_t *saddr, int create)
+ const xfrm_address_t *saddr,
+ int create)
{
unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
struct xfrm_state *x;
@@ -1399,9 +1401,9 @@ xfrm_state_lookup_byaddr(struct net *net, u32 mark,
EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
struct xfrm_state *
-xfrm_find_acq(struct net *net, struct xfrm_mark *mark, u8 mode, u32 reqid, u8 proto,
- const xfrm_address_t *daddr, const xfrm_address_t *saddr,
- int create, unsigned short family)
+xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid,
+ u8 proto, const xfrm_address_t *daddr,
+ const xfrm_address_t *saddr, int create, unsigned short family)
{
struct xfrm_state *x;
--
1.7.9.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/6] af_key: constify lookup tables
2013-08-22 11:12 pull request (net-next): ipsec-next 2013-08-22 Steffen Klassert
2013-08-22 11:12 ` [PATCH 1/6] xfrm: constify mark argument of xfrm_find_acq() Steffen Klassert
@ 2013-08-22 11:12 ` Steffen Klassert
2013-08-22 11:12 ` [PATCH 3/6] xfrm: Delete hold_timer when destroy policy Steffen Klassert
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Steffen Klassert @ 2013-08-22 11:12 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Mathias Krause <minipli@googlemail.com>
The lookup tables for minimum sizes of extensions and for the pfkey
handler functions are read only, therefore can be const.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/key/af_key.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 4089a21..d49f676 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -338,7 +338,7 @@ static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
return 0;
}
-static u8 sadb_ext_min_len[] = {
+static const u8 sadb_ext_min_len[] = {
[SADB_EXT_RESERVED] = (u8) 0,
[SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
[SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
@@ -2737,7 +2737,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sad
typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
const struct sadb_msg *hdr, void * const *ext_hdrs);
-static pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
+static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
[SADB_RESERVED] = pfkey_reserved,
[SADB_GETSPI] = pfkey_getspi,
[SADB_UPDATE] = pfkey_add,
--
1.7.9.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/6] xfrm: Delete hold_timer when destroy policy
2013-08-22 11:12 pull request (net-next): ipsec-next 2013-08-22 Steffen Klassert
2013-08-22 11:12 ` [PATCH 1/6] xfrm: constify mark argument of xfrm_find_acq() Steffen Klassert
2013-08-22 11:12 ` [PATCH 2/6] af_key: constify lookup tables Steffen Klassert
@ 2013-08-22 11:12 ` Steffen Klassert
2013-08-22 11:12 ` [PATCH 4/6] xfrm: Remove rebundant address family checking Steffen Klassert
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Steffen Klassert @ 2013-08-22 11:12 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Fan Du <fan.du@windriver.com>
Both policy timer and hold_timer need to be deleted when destroy policy
Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_policy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index d8da6b8..f7078eb 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -308,7 +308,7 @@ void xfrm_policy_destroy(struct xfrm_policy *policy)
{
BUG_ON(!policy->walk.dead);
- if (del_timer(&policy->timer))
+ if (del_timer(&policy->timer) || del_timer(&policy->polq.hold_timer))
BUG();
security_xfrm_policy_free(policy->security);
--
1.7.9.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 4/6] xfrm: Remove rebundant address family checking
2013-08-22 11:12 pull request (net-next): ipsec-next 2013-08-22 Steffen Klassert
` (2 preceding siblings ...)
2013-08-22 11:12 ` [PATCH 3/6] xfrm: Delete hold_timer when destroy policy Steffen Klassert
@ 2013-08-22 11:12 ` Steffen Klassert
2013-08-22 11:12 ` [PATCH 5/6] xfrm: Make xfrm_state timer monotonic Steffen Klassert
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Steffen Klassert @ 2013-08-22 11:12 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Fan Du <fan.du@windriver.com>
present_and_same_family has checked addresses family validness for both
SADB_EXT_ADDRESS_SRC and SADB_EXT_ADDRESS_DST in the beginning.
Thereafter pfkey_sadb_addr2xfrm_addr doesn't need to do the checking again.
Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/key/af_key.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index d49f676..9d58537 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1196,10 +1196,6 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
&x->props.saddr);
- if (!x->props.family) {
- err = -EAFNOSUPPORT;
- goto out;
- }
pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
&x->id.daddr);
@@ -2205,10 +2201,6 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_
sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
- if (!xp->family) {
- err = -EINVAL;
- goto out;
- }
xp->selector.family = xp->family;
xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
--
1.7.9.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 5/6] xfrm: Make xfrm_state timer monotonic
2013-08-22 11:12 pull request (net-next): ipsec-next 2013-08-22 Steffen Klassert
` (3 preceding siblings ...)
2013-08-22 11:12 ` [PATCH 4/6] xfrm: Remove rebundant address family checking Steffen Klassert
@ 2013-08-22 11:12 ` Steffen Klassert
2013-08-22 11:12 ` [PATCH 6/6] xfrm: remove irrelevant comment in xfrm_input() Steffen Klassert
2013-08-22 23:05 ` pull request (net-next): ipsec-next 2013-08-22 David Miller
6 siblings, 0 replies; 8+ messages in thread
From: Steffen Klassert @ 2013-08-22 11:12 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Fan Du <fan.du@windriver.com>
xfrm_state timer should be independent of system clock change,
so switch to CLOCK_BOOTTIME base which is not only monotonic but
also counting suspend time.
Thus issue reported in commit: 9e0d57fd6dad37d72a3ca6db00ca8c76f2215454
("xfrm: SAD entries do not expire correctly after suspend-resume")
could ALSO be avoided.
v2: Use CLOCK_BOOTTIME to count suspend time, but still monotonic.
Signed-off-by: Fan Du <fan.du@windriver.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_state.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b2cd806..4f8ace8 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -499,7 +499,8 @@ struct xfrm_state *xfrm_state_alloc(struct net *net)
INIT_HLIST_NODE(&x->bydst);
INIT_HLIST_NODE(&x->bysrc);
INIT_HLIST_NODE(&x->byspi);
- tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler, CLOCK_REALTIME, HRTIMER_MODE_ABS);
+ tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler,
+ CLOCK_BOOTTIME, HRTIMER_MODE_ABS);
setup_timer(&x->rtimer, xfrm_replay_timer_handler,
(unsigned long)x);
x->curlft.add_time = get_seconds();
--
1.7.9.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 6/6] xfrm: remove irrelevant comment in xfrm_input().
2013-08-22 11:12 pull request (net-next): ipsec-next 2013-08-22 Steffen Klassert
` (4 preceding siblings ...)
2013-08-22 11:12 ` [PATCH 5/6] xfrm: Make xfrm_state timer monotonic Steffen Klassert
@ 2013-08-22 11:12 ` Steffen Klassert
2013-08-22 23:05 ` pull request (net-next): ipsec-next 2013-08-22 David Miller
6 siblings, 0 replies; 8+ messages in thread
From: Steffen Klassert @ 2013-08-22 11:12 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Rami Rosen <ramirose@gmail.com>
This patch removes a comment in xfrm_input() which became irrelevant
due to commit 2774c13, "xfrm: Handle blackhole route creation via afinfo".
That commit removed returning -EREMOTE in the xfrm_lookup() method when the
packet should be discarded and also removed the correspoinding -EREMOTE
handlers. This was replaced by calling the make_blackhole() method. Therefore
the comment about -EREMOTE is not relevant anymore.
Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_policy.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index f7078eb..ad8cc7b 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2132,8 +2132,6 @@ restart:
* have the xfrm_state's. We need to wait for KM to
* negotiate new SA's or bail out with error.*/
if (net->xfrm.sysctl_larval_drop) {
- /* EREMOTE tells the caller to generate
- * a one-shot blackhole route. */
dst_release(dst);
xfrm_pols_put(pols, drop_pols);
XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
--
1.7.9.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: pull request (net-next): ipsec-next 2013-08-22
2013-08-22 11:12 pull request (net-next): ipsec-next 2013-08-22 Steffen Klassert
` (5 preceding siblings ...)
2013-08-22 11:12 ` [PATCH 6/6] xfrm: remove irrelevant comment in xfrm_input() Steffen Klassert
@ 2013-08-22 23:05 ` David Miller
6 siblings, 0 replies; 8+ messages in thread
From: David Miller @ 2013-08-22 23:05 UTC (permalink / raw)
To: steffen.klassert; +Cc: herbert, netdev
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Thu, 22 Aug 2013 13:12:04 +0200
> 1) Some constifications, from Mathias Krause.
>
> 2) Catch bugs if a hold timer is still active when xfrm_policy_destroy()
> is called, from Fan Du.
>
> 3) Remove a redundant address family checking, from Fan Du.
>
> 4) Make xfrm_state timer monotonic to be independent of system clock changes,
> from Fan Du.
>
> 5) Remove an outdated comment on returning -EREMOTE in the xfrm_lookup(),
> from Rami Rosen.
>
> Please pull or let me know if there are problems.
Pulled, thanks Steffen.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2013-08-22 23:05 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-22 11:12 pull request (net-next): ipsec-next 2013-08-22 Steffen Klassert
2013-08-22 11:12 ` [PATCH 1/6] xfrm: constify mark argument of xfrm_find_acq() Steffen Klassert
2013-08-22 11:12 ` [PATCH 2/6] af_key: constify lookup tables Steffen Klassert
2013-08-22 11:12 ` [PATCH 3/6] xfrm: Delete hold_timer when destroy policy Steffen Klassert
2013-08-22 11:12 ` [PATCH 4/6] xfrm: Remove rebundant address family checking Steffen Klassert
2013-08-22 11:12 ` [PATCH 5/6] xfrm: Make xfrm_state timer monotonic Steffen Klassert
2013-08-22 11:12 ` [PATCH 6/6] xfrm: remove irrelevant comment in xfrm_input() Steffen Klassert
2013-08-22 23:05 ` pull request (net-next): ipsec-next 2013-08-22 David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.