git.fsl.cs.sunysb.edu Git - wrapfs-4.14.y.git/commit

author	Xin Long <lucien.xin@gmail.com>
	Mon, 22 Jun 2020 08:40:29 +0000 (16:40 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 20 Apr 2022 07:08:31 +0000 (09:08 +0200)
commit	94c291577f5071c7189c6e5a9f9bf91a0daf9e1c
tree	c5334b9e7f31701b2801b353b2819a07dd0d04a8	tree \| snapshot
parent	2337c8257cd2a4f01bef92288458483955605bd1	commit \| diff

xfrm: policy: match with both mark and mask on user interfaces

commit 4f47e8ab6ab796b5380f74866fa5287aca4dcc58 upstream.

In commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"),
it would take 'priority' to make a policy unique, and allow duplicated
policies with different 'priority' to be added, which is not expected
by userland, as Tobias reported in strongswan.

To fix this duplicated policies issue, and also fix the issue in
commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"),
when doing add/del/get/update on user interfaces, this patch is to change
to look up a policy with both mark and mask by doing:

  mark.v == pol->mark.v && mark.m == pol->mark.m

and leave the check:

  (mark & pol->mark.m) == pol->mark.v

for tx/rx path only.

As the userland expects an exact mark and mask match to manage policies.

v1->v2:
  - make xfrm_policy_mark_match inline and fix the changelog as
    Tobias suggested.

Fixes: 295fae568885 ("xfrm: Allow user space manipulation of SPD mark")
Fixes: ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list")
Reported-by: Tobias Brunner <tobias@strongswan.org>
Tested-by: Tobias Brunner <tobias@strongswan.org>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

include/net/xfrm.h		diff \| blob \| history
net/key/af_key.c		diff \| blob \| history
net/xfrm/xfrm_policy.c		diff \| blob \| history
net/xfrm/xfrm_user.c		diff \| blob \| history