diff mbox series

[1/2] xfrm: interface with if_id 0 should return error

Message ID 0bfebd4e5f317cbf301750d5dd5cc706d4385d7f.1639064087.git.antony.antony@secunet.com (mailing list archive)
State Awaiting Upstream
Delegated to: Netdev Maintainers
Headers show
Series [1/2] xfrm: interface with if_id 0 should return error | expand

Checks

Context Check Description
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers success CCed 5 of 5 maintainers
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 30 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

Antony Antony Dec. 9, 2021, 3:35 p.m. UTC 
xfrm interface if_id = 0 would cause xfrm policy lookup errors since
commit 9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")

Now fail to create an xfrm interface when if_id = 0

With this commit:
 ip link add ipsec0  type xfrm dev lo  if_id 0
 Error: if_id must be non zero.

Signed-off-by: Antony Antony <antony.antony@secunet.com>
---
 net/xfrm/xfrm_interface.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

Comments

Eyal Birger Dec. 10, 2021, 5:22 p.m. UTC | #1 
On Thu, Dec 9, 2021 at 5:36 PM Antony Antony <antony.antony@secunet.com> wrote:
>
> xfrm interface if_id = 0 would cause xfrm policy lookup errors since
> commit 9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")
>
> Now fail to create an xfrm interface when if_id = 0
>
> With this commit:
>  ip link add ipsec0  type xfrm dev lo  if_id 0
>  Error: if_id must be non zero.
>
> Signed-off-by: Antony Antony <antony.antony@secunet.com>
> ---
>  net/xfrm/xfrm_interface.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
> index 41de46b5ffa9..57448fc519fc 100644
> --- a/net/xfrm/xfrm_interface.c
> +++ b/net/xfrm/xfrm_interface.c
> @@ -637,11 +637,16 @@ static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
>                         struct netlink_ext_ack *extack)
>  {
>         struct net *net = dev_net(dev);
> -       struct xfrm_if_parms p;
> +       struct xfrm_if_parms p = {};
>         struct xfrm_if *xi;
>         int err;
>
>         xfrmi_netlink_parms(data, &p);
> +       if (!p.if_id) {
> +               NL_SET_ERR_MSG(extack, "if_id must be non zero");
> +               return -EINVAL;
> +       }
> +
>         xi = xfrmi_locate(net, &p);
>         if (xi)
>                 return -EEXIST;
> @@ -666,7 +671,12 @@ static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
>  {
>         struct xfrm_if *xi = netdev_priv(dev);
>         struct net *net = xi->net;
> -       struct xfrm_if_parms p;
> +       struct xfrm_if_parms p = {};
> +
> +       if (!p.if_id) {
> +               NL_SET_ERR_MSG(extack, "if_id must be non zero");
> +               return -EINVAL;
> +       }
>
>         xfrmi_netlink_parms(data, &p);
>         xi = xfrmi_locate(net, &p);

Looks good. Maybe this needs a "Fixes:" tag?

Reviewed-by: Eyal Birger <eyal.birger@gmail.com>

Thanks,
Eyal.

> --
> 2.30.2
>
Antony Antony Dec. 12, 2021, 10:33 a.m. UTC | #2 
On Fri, Dec 10, 2021 at 19:22:35 +0200, Eyal Birger wrote:
> On Thu, Dec 9, 2021 at 5:36 PM Antony Antony <antony.antony@secunet.com> wrote:
> >
> > xfrm interface if_id = 0 would cause xfrm policy lookup errors since
> > commit 9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")
> >
> > Now fail to create an xfrm interface when if_id = 0
> >
> > With this commit:
> >  ip link add ipsec0  type xfrm dev lo  if_id 0
> >  Error: if_id must be non zero.
> >
> > Signed-off-by: Antony Antony <antony.antony@secunet.com>
> > ---
> >  net/xfrm/xfrm_interface.c | 14 ++++++++++++--
> >  1 file changed, 12 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
> > index 41de46b5ffa9..57448fc519fc 100644
> > --- a/net/xfrm/xfrm_interface.c
> > +++ b/net/xfrm/xfrm_interface.c
> > @@ -637,11 +637,16 @@ static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
> >                         struct netlink_ext_ack *extack)
> >  {
> >         struct net *net = dev_net(dev);
> > -       struct xfrm_if_parms p;
> > +       struct xfrm_if_parms p = {};
> >         struct xfrm_if *xi;
> >         int err;
> >
> >         xfrmi_netlink_parms(data, &p);
> > +       if (!p.if_id) {
> > +               NL_SET_ERR_MSG(extack, "if_id must be non zero");
> > +               return -EINVAL;
> > +       }
> > +
> >         xi = xfrmi_locate(net, &p);
> >         if (xi)
> >                 return -EEXIST;
> > @@ -666,7 +671,12 @@ static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
> >  {
> >         struct xfrm_if *xi = netdev_priv(dev);
> >         struct net *net = xi->net;
> > -       struct xfrm_if_parms p;
> > +       struct xfrm_if_parms p = {};
> > +
> > +       if (!p.if_id) {
> > +               NL_SET_ERR_MSG(extack, "if_id must be non zero");
> > +               return -EINVAL;
> > +       }
> >
> >         xfrmi_netlink_parms(data, &p);
> >         xi = xfrmi_locate(net, &p);
> 
> Looks good. Maybe this needs a "Fixes:" tag?

I assumed this patch is not ideal for stable releases!
There is a small chance someone was depending old semi broken behavior? And they would find this patch as surprise? So I preferred not add "Fixes: " tag.

Now I notice 9f8550e4bd9d is already in stable/linux-4.19.y. So I think
Fixes tag would be fine.
I will send out a v2 with "Fixes:" tag and let Steffen choose:)

> Reviewed-by: Eyal Birger <eyal.birger@gmail.com>

thanks Eyal.
-antony
diff mbox series

Patch

diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index 41de46b5ffa9..57448fc519fc 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -637,11 +637,16 @@  static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
 			struct netlink_ext_ack *extack)
 {
 	struct net *net = dev_net(dev);
-	struct xfrm_if_parms p;
+	struct xfrm_if_parms p = {};
 	struct xfrm_if *xi;
 	int err;
 
 	xfrmi_netlink_parms(data, &p);
+	if (!p.if_id) {
+		NL_SET_ERR_MSG(extack, "if_id must be non zero");
+		return -EINVAL;
+	}
+
 	xi = xfrmi_locate(net, &p);
 	if (xi)
 		return -EEXIST;
@@ -666,7 +671,12 @@  static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
 {
 	struct xfrm_if *xi = netdev_priv(dev);
 	struct net *net = xi->net;
-	struct xfrm_if_parms p;
+	struct xfrm_if_parms p = {};
+
+	if (!p.if_id) {
+		NL_SET_ERR_MSG(extack, "if_id must be non zero");
+		return -EINVAL;
+	}
 
 	xfrmi_netlink_parms(data, &p);
 	xi = xfrmi_locate(net, &p);