* [PATCH 0/2] pull request (net): ipsec 2022-07-20
@ 2022-07-20 8:09 Steffen Klassert
2022-07-20 8:09 ` [PATCH 1/2] xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() Steffen Klassert
2022-07-20 8:09 ` [PATCH 2/2] net: ipv4: fix clang -Wformat warnings Steffen Klassert
0 siblings, 2 replies; 4+ messages in thread
From: Steffen Klassert @ 2022-07-20 8:09 UTC (permalink / raw)
To: David Miller, Jakub Kicinski; +Cc: Herbert Xu, Steffen Klassert, netdev
1) Fix a policy refcount imbalance in xfrm_bundle_lookup.
From Hangyu Hua.
2) Fix some clang -Wformat warnings.
Justin Stitt
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 9f4fc18bf285f20c1498f8fcfb586fa70a070fb5:
net: usb: qmi_wwan: Add support for Cinterion MV31 with new baseline (2022-06-01 18:09:34 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master
for you to fetch changes up to e79b9473e9b59e83e23db9b7411c6080b5a6826d:
net: ipv4: fix clang -Wformat warnings (2022-07-12 12:58:53 +0200)
----------------------------------------------------------------
Hangyu Hua (1):
xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
Justin Stitt (1):
net: ipv4: fix clang -Wformat warnings
net/ipv4/ah4.c | 2 +-
net/ipv4/esp4.c | 2 +-
net/xfrm/xfrm_policy.c | 5 ++++-
3 files changed, 6 insertions(+), 3 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
2022-07-20 8:09 [PATCH 0/2] pull request (net): ipsec 2022-07-20 Steffen Klassert
@ 2022-07-20 8:09 ` Steffen Klassert
2022-07-20 9:20 ` patchwork-bot+netdevbpf
2022-07-20 8:09 ` [PATCH 2/2] net: ipv4: fix clang -Wformat warnings Steffen Klassert
1 sibling, 1 reply; 4+ messages in thread
From: Steffen Klassert @ 2022-07-20 8:09 UTC (permalink / raw)
To: David Miller, Jakub Kicinski; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Hangyu Hua <hbh25y@gmail.com>
xfrm_policy_lookup() will call xfrm_pol_hold_rcu() to get a refcount of
pols[0]. This refcount can be dropped in xfrm_expand_policies() when
xfrm_expand_policies() return error. pols[0]'s refcount is balanced in
here. But xfrm_bundle_lookup() will also call xfrm_pols_put() with
num_pols == 1 to drop this refcount when xfrm_expand_policies() return
error.
This patch also fix an illegal address access. pols[0] will save a error
point when xfrm_policy_lookup fails. This lead to xfrm_pols_put to resolve
an illegal address in xfrm_bundle_lookup's error path.
Fix these by setting num_pols = 0 in xfrm_expand_policies()'s error path.
Fixes: 80c802f3073e ("xfrm: cache bundles instead of policies for outgoing flows")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_policy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index f1876ea61fdc..f1a0bab920a5 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2678,8 +2678,10 @@ static int xfrm_expand_policies(const struct flowi *fl, u16 family,
*num_xfrms = 0;
return 0;
}
- if (IS_ERR(pols[0]))
+ if (IS_ERR(pols[0])) {
+ *num_pols = 0;
return PTR_ERR(pols[0]);
+ }
*num_xfrms = pols[0]->xfrm_nr;
@@ -2694,6 +2696,7 @@ static int xfrm_expand_policies(const struct flowi *fl, u16 family,
if (pols[1]) {
if (IS_ERR(pols[1])) {
xfrm_pols_put(pols, *num_pols);
+ *num_pols = 0;
return PTR_ERR(pols[1]);
}
(*num_pols)++;
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] net: ipv4: fix clang -Wformat warnings
2022-07-20 8:09 [PATCH 0/2] pull request (net): ipsec 2022-07-20 Steffen Klassert
2022-07-20 8:09 ` [PATCH 1/2] xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() Steffen Klassert
@ 2022-07-20 8:09 ` Steffen Klassert
1 sibling, 0 replies; 4+ messages in thread
From: Steffen Klassert @ 2022-07-20 8:09 UTC (permalink / raw)
To: David Miller, Jakub Kicinski; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Justin Stitt <justinstitt@google.com>
When building with Clang we encounter these warnings:
| net/ipv4/ah4.c:513:4: error: format specifies type 'unsigned short' but
| the argument has type 'int' [-Werror,-Wformat]
| aalg_desc->uinfo.auth.icv_fullbits / 8);
-
| net/ipv4/esp4.c:1114:5: error: format specifies type 'unsigned short'
| but the argument has type 'int' [-Werror,-Wformat]
| aalg_desc->uinfo.auth.icv_fullbits / 8);
`aalg_desc->uinfo.auth.icv_fullbits` is a u16 but due to default
argument promotion becomes an int.
Variadic functions (printf-like) undergo default argument promotion.
Documentation/core-api/printk-formats.rst specifically recommends using
the promoted-to-type's format flag.
As per C11 6.3.1.1:
(https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1548.pdf) `If an int
can represent all values of the original type ..., the value is
converted to an int; otherwise, it is converted to an unsigned int.
These are called the integer promotions.` Thus it makes sense to change
%hu to %d not only to follow this standard but to suppress the warning
as well.
Link: https://github.com/ClangBuiltLinux/linux/issues/378
Signed-off-by: Justin Stitt <justinstitt@google.com>
Suggested-by: Joe Perches <joe@perches.com>
Suggested-by: Nathan Chancellor <nathan@kernel.org>
Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/ipv4/ah4.c | 2 +-
net/ipv4/esp4.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index 6eea1e9e998d..f8ad04470d3a 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -507,7 +507,7 @@ static int ah_init_state(struct xfrm_state *x)
if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
crypto_ahash_digestsize(ahash)) {
- pr_info("%s: %s digestsize %u != %hu\n",
+ pr_info("%s: %s digestsize %u != %u\n",
__func__, x->aalg->alg_name,
crypto_ahash_digestsize(ahash),
aalg_desc->uinfo.auth.icv_fullbits / 8);
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index b21238df3301..b694f352ce7a 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -1108,7 +1108,7 @@ static int esp_init_authenc(struct xfrm_state *x)
err = -EINVAL;
if (aalg_desc->uinfo.auth.icv_fullbits / 8 !=
crypto_aead_authsize(aead)) {
- pr_info("ESP: %s digestsize %u != %hu\n",
+ pr_info("ESP: %s digestsize %u != %u\n",
x->aalg->alg_name,
crypto_aead_authsize(aead),
aalg_desc->uinfo.auth.icv_fullbits / 8);
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
2022-07-20 8:09 ` [PATCH 1/2] xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() Steffen Klassert
@ 2022-07-20 9:20 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-07-20 9:20 UTC (permalink / raw)
To: Steffen Klassert; +Cc: davem, kuba, herbert, netdev
Hello:
This series was applied to netdev/net.git (master)
by Steffen Klassert <steffen.klassert@secunet.com>:
On Wed, 20 Jul 2022 10:09:11 +0200 you wrote:
> From: Hangyu Hua <hbh25y@gmail.com>
>
> xfrm_policy_lookup() will call xfrm_pol_hold_rcu() to get a refcount of
> pols[0]. This refcount can be dropped in xfrm_expand_policies() when
> xfrm_expand_policies() return error. pols[0]'s refcount is balanced in
> here. But xfrm_bundle_lookup() will also call xfrm_pols_put() with
> num_pols == 1 to drop this refcount when xfrm_expand_policies() return
> error.
>
> [...]
Here is the summary with links:
- [1/2] xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
https://git.kernel.org/netdev/net/c/f85daf0e7253
- [2/2] net: ipv4: fix clang -Wformat warnings
https://git.kernel.org/netdev/net/c/e79b9473e9b5
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-07-20 9:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-20 8:09 [PATCH 0/2] pull request (net): ipsec 2022-07-20 Steffen Klassert
2022-07-20 8:09 ` [PATCH 1/2] xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() Steffen Klassert
2022-07-20 9:20 ` patchwork-bot+netdevbpf
2022-07-20 8:09 ` [PATCH 2/2] net: ipv4: fix clang -Wformat warnings Steffen Klassert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).