Commit cc7e2f59 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 



Steffen Klassert says:

====================
pull request (net): ipsec 2022-03-09

1) Fix IPv6 PMTU discovery for xfrm interfaces.
   From Lina Wang.

2) Revert failing for policies and states that are
   configured with XFRMA_IF_ID 0. It broke a
   user configuration. From Kai Lueke.

3) Fix a possible buffer overflow in the ESP output path.

4) Fix ESP GSO for tunnel and BEET mode on inter address
   family tunnels.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 71171ac8 23c7f8d7

include/linux/netdevice.h

+2 −0
Original line number Diff line number Diff line
@@ -4602,6 +4602,8 @@ int skb_csum_hwoffload_help(struct sk_buff *skb, 


struct sk_buff *__skb_gso_segment(struct sk_buff *skb,

				  netdev_features_t features, bool tx_path);

struct sk_buff *skb_eth_gso_segment(struct sk_buff *skb,

				    netdev_features_t features, __be16 type);

struct sk_buff *skb_mac_gso_segment(struct sk_buff *skb,

				    netdev_features_t features);

include/net/esp.h

+2 −0
Original line number Diff line number Diff line
@@ -4,6 +4,8 @@ 


#include <linux/skbuff.h>



#define ESP_SKB_FRAG_MAXSIZE (PAGE_SIZE << SKB_FRAG_PAGE_ORDER)



struct ip_esp_hdr;



static inline struct ip_esp_hdr *ip_esp_hdr(const struct sk_buff *skb)

net/core/gro.c

+25 −0
Original line number Diff line number Diff line
@@ -92,6 +92,31 @@ void dev_remove_offload(struct packet_offload *po) 
}

EXPORT_SYMBOL(dev_remove_offload);



/**

 *	skb_eth_gso_segment - segmentation handler for ethernet protocols.

 *	@skb: buffer to segment

 *	@features: features for the output path (see dev->features)

 *	@type: Ethernet Protocol ID

 */

struct sk_buff *skb_eth_gso_segment(struct sk_buff *skb,

				    netdev_features_t features, __be16 type)

{

	struct sk_buff *segs = ERR_PTR(-EPROTONOSUPPORT);

	struct packet_offload *ptype;



	rcu_read_lock();

	list_for_each_entry_rcu(ptype, &offload_base, list) {

		if (ptype->type == type && ptype->callbacks.gso_segment) {

			segs = ptype->callbacks.gso_segment(skb, features);

			break;

		}

	}

	rcu_read_unlock();



	return segs;

}

EXPORT_SYMBOL(skb_eth_gso_segment);



/**

 *	skb_mac_gso_segment - mac layer segmentation handler.

 *	@skb: buffer to segment

net/ipv4/esp4.c

+5 −0
Original line number Diff line number Diff line
@@ -446,6 +446,7 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * 
	struct page *page;

	struct sk_buff *trailer;

	int tailen = esp->tailen;

	unsigned int allocsz;



	/* this is non-NULL only with TCP/UDP Encapsulation */

	if (x->encap) {
@@ -455,6 +456,10 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * 
			return err;

	}



	allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES);

	if (allocsz > ESP_SKB_FRAG_MAXSIZE)

		goto cow;



	if (!skb_cloned(skb)) {

		if (tailen <= skb_tailroom(skb)) {

			nfrags = 1;

net/ipv4/esp4_offload.c

+4 −2
Original line number Diff line number Diff line
@@ -110,8 +110,7 @@ static struct sk_buff *xfrm4_tunnel_gso_segment(struct xfrm_state *x, 
						struct sk_buff *skb,

						netdev_features_t features)

{

	__skb_push(skb, skb->mac_len);

	return skb_mac_gso_segment(skb, features);

	return skb_eth_gso_segment(skb, features, htons(ETH_P_IP));

}



static struct sk_buff *xfrm4_transport_gso_segment(struct xfrm_state *x,
@@ -160,6 +159,9 @@ static struct sk_buff *xfrm4_beet_gso_segment(struct xfrm_state *x, 
			skb_shinfo(skb)->gso_type |= SKB_GSO_TCPV4;

	}



	if (proto == IPPROTO_IPV6)

		skb_shinfo(skb)->gso_type |= SKB_GSO_IPXIP4;



	__skb_pull(skb, skb_transport_offset(skb));

	ops = rcu_dereference(inet_offloads[proto]);

	if (likely(ops && ops->callbacks.gso_segment))