diff mbox

[net-next,2/2] xfrm: Fix unaligned access in xfrm_notify_sa() for DELSA

Message ID 65f37efeff5af105c89493dda4f38c61e4cd495f.1445286755.git.sowmini.varadhan@oracle.com (mailing list archive)
State Not Applicable
Delegated to: Herbert Xu
Headers show

Commit Message

Sowmini Varadhan Oct. 19, 2015, 9:23 p.m. UTC 
On sparc, deleting established SAs (e.g., by restarting ipsec
at the peer) results in unaligned access messages via
xfrm_del_sa -> km_state_notify -> xfrm_send_state_notify().
Use an aligned pointer to xfrm_usersa_info for this case.

Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
---
 net/xfrm/xfrm_user.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Steffen Klassert Oct. 21, 2015, 6:57 a.m. UTC | #1 
On Mon, Oct 19, 2015 at 05:23:29PM -0400, Sowmini Varadhan wrote:
> On sparc, deleting established SAs (e.g., by restarting ipsec
> at the peer) results in unaligned access messages via
> xfrm_del_sa -> km_state_notify -> xfrm_send_state_notify().
> Use an aligned pointer to xfrm_usersa_info for this case.
> 
> Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
> ---
>  net/xfrm/xfrm_user.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
> index a8de9e3..158ef4a 100644
> --- a/net/xfrm/xfrm_user.c
> +++ b/net/xfrm/xfrm_user.c
> @@ -2659,7 +2659,7 @@ static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c)
>  		if (attr == NULL)
>  			goto out_free_skb;
>  
> -		p = nla_data(attr);
> +		p = PTR_ALIGN(nla_data(attr), __alignof__(*p));

Hm, this breaks userspace notifications on 64-bit systems.
Userspace expects this to be aligned to 4, with your patch
it is aligned to 8 on 64-bit.

Without your patch I get the correct notification when deleting a SA:

ip x m

Deleted src 172.16.0.2 dst 172.16.0.1
        proto esp spi 0x00000002 reqid 2 mode tunnel
        replay-window 32
        auth-trunc hmac(sha1) 0x31323334353637383930 96
        enc cbc(aes) 0x31323334353637383930313233343536
        sel src 10.0.0.0/24 dst 192.168.0.0/24

With your patch I get for the same SA:

ip x m

Deleted src 50.0.0.0 dst 0.0.0.0
        proto 0 reqid 0 mode transport
        replay-window 0 flag decap-dscp
        auth-trunc hmac(sha1) 0x31323334353637383930 96
        enc cbc(aes) 0x31323334353637383930313233343536
        sel src 0.0.0.0/0 dst 0.234.255.255/0 proto igmp

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Sowmini Varadhan Oct. 21, 2015, 10:54 a.m. UTC | #2 
On (10/21/15 08:57), Steffen Klassert wrote:
> > --- a/net/xfrm/xfrm_user.c
> > +++ b/net/xfrm/xfrm_user.c
> > @@ -2659,7 +2659,7 @@ static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c)
> >  		if (attr == NULL)
> >  			goto out_free_skb;
> >  
> > -		p = nla_data(attr);
> > +		p = PTR_ALIGN(nla_data(attr), __alignof__(*p));
> 
> Hm, this breaks userspace notifications on 64-bit systems.
> Userspace expects this to be aligned to 4, with your patch
> it is aligned to 8 on 64-bit.
> 
> Without your patch I get the correct notification when deleting a SA:
> 

But __alignof__(*p) is 8 on sparc, and without the patch I get
all types of unaligned access. So what do you suggest as the fix?

(and openswan/pluto dont flag any errors with the patch, which is
a separate bug).

--Sowmini

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller Oct. 21, 2015, 1:10 p.m. UTC | #3 
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Wed, 21 Oct 2015 08:57:04 +0200

> On Mon, Oct 19, 2015 at 05:23:29PM -0400, Sowmini Varadhan wrote:
>> On sparc, deleting established SAs (e.g., by restarting ipsec
>> at the peer) results in unaligned access messages via
>> xfrm_del_sa -> km_state_notify -> xfrm_send_state_notify().
>> Use an aligned pointer to xfrm_usersa_info for this case.
>> 
>> Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
>> ---
>>  net/xfrm/xfrm_user.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>> 
>> diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
>> index a8de9e3..158ef4a 100644
>> --- a/net/xfrm/xfrm_user.c
>> +++ b/net/xfrm/xfrm_user.c
>> @@ -2659,7 +2659,7 @@ static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c)
>>  		if (attr == NULL)
>>  			goto out_free_skb;
>>  
>> -		p = nla_data(attr);
>> +		p = PTR_ALIGN(nla_data(attr), __alignof__(*p));
> 
> Hm, this breaks userspace notifications on 64-bit systems.
> Userspace expects this to be aligned to 4, with your patch
> it is aligned to 8 on 64-bit.

That's correct, netlink attributes are fundamentally only 4 byte
aligned and this cannot be changed.  nla_data() is exactly
where the attribute must be placed, aligned or not.

The only workaround is, when designing netlink attributes.  Various
netlink libraries have workarounds for accessing, for example, 64-bit
stats which are going to be unaligned in netlink messages.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller Oct. 21, 2015, 1:17 p.m. UTC | #4 
From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Date: Wed, 21 Oct 2015 06:54:42 -0400

> On (10/21/15 08:57), Steffen Klassert wrote:
>> > --- a/net/xfrm/xfrm_user.c
>> > +++ b/net/xfrm/xfrm_user.c
>> > @@ -2659,7 +2659,7 @@ static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c)
>> >  		if (attr == NULL)
>> >  			goto out_free_skb;
>> >  
>> > -		p = nla_data(attr);
>> > +		p = PTR_ALIGN(nla_data(attr), __alignof__(*p));
>> 
>> Hm, this breaks userspace notifications on 64-bit systems.
>> Userspace expects this to be aligned to 4, with your patch
>> it is aligned to 8 on 64-bit.
>> 
>> Without your patch I get the correct notification when deleting a SA:
>> 
> 
> But __alignof__(*p) is 8 on sparc, and without the patch I get
> all types of unaligned access. So what do you suggest as the fix?

The accesses have to be done using something like get_unaligned() and
put_unaligned().

Sorry, but the protocol is set in stone and this is unfortunately how
it is.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index a8de9e3..158ef4a 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2659,7 +2659,7 @@  static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c)
 		if (attr == NULL)
 			goto out_free_skb;
 
-		p = nla_data(attr);
+		p = PTR_ALIGN(nla_data(attr), __alignof__(*p));
 	}
 	err = copy_to_user_state_extra(x, p, skb);
 	if (err)