From nobody Sun Jun 14 02:38:16 2026 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4290C3DEAED for ; Mon, 4 May 2026 14:27:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777904863; cv=none; b=eMjEHHxIV8fh7KzF5UHVZHorVEGKASP6LoNWYKWkOR9z2lJbJUo3c21BgHebid2MSKr1MQkcAvVjNBznxMXn/+GPECe1XV2AcR9H7jppgdenpFfGrS/SR9sv5leLDtFfNLs0wWZTL3NlabvMCtnJGxjVmN5Fjb2it2xmPMEjJoM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777904863; c=relaxed/simple; bh=vvEh2bcJjDHTEu49dfPKRZ5OIW+CAt6wUr8DC1l33J8=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=lOwUWZN5L1S+vcI0eVt4sji+Kmo1vWRnoFMb/zVdMUNsmPRfXbjM+g1zCvaHtT7wHc4fCmEiGDqU3ohVXXABy1Wthhi//NHRIc1lhv8E9s2V5gaicyApJw8EM8dbgiA+2YeJc4MO62vXIW8gURxPF+yNInA0QNd/g9CgVqgo2PA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CetqyqCd; arc=none smtp.client-ip=209.85.210.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CetqyqCd" Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-8353dfdad62so1024666b3a.1 for ; Mon, 04 May 2026 07:27:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777904862; x=1778509662; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Y14fsCh2hvBLp5LgfY7vOJDAXfPr7uBAgs7IcUtTCWQ=; b=CetqyqCdIyuPHcO6ZRKCTX2uOO6A6oWWo/X2dnpQDer4EgNxgYel3idMhtjZGE0NX7 ipN8CRXUPgAGfF1qdiQ/wnI7f9rx0f+bJL5wlLdvBldPggUGZGjufHE7CNOKq2jclhuV Ap1XWtqHGWI6iPVu6BsBDZLsmG6d9AaZj9sH3Up52MsV4lRxeDnFzc53tk2GSTaxZ19o iAIN2SanULeKl+3d/yHdQVTf/Z9yykGZn7qze8JNZqKArDtA3E2oivBbeUj2he9iiAKQ i/cJW02G54YY2rYEJOGnnyAKUpLXyl9xgif3m1uhvOaKOp41Fg+6AalVYe3QA2Kkd1im DcuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777904862; x=1778509662; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Y14fsCh2hvBLp5LgfY7vOJDAXfPr7uBAgs7IcUtTCWQ=; b=q5LT3oCNAu0ykMjW15vxQBJHuncY+CebBwoEmmXDenngrme+y+QAnq0s5Hk+OPAJ7t a7ry9JT1+FnvwGiyZTVjy7LX12AYyuU3UJwy7SIZVzg5CDFKzWGqQcUszQZtXIS3DGgq jP8EfNrYELFDsQGVxyZrPuk9GkKv+BX3ezm/v2scZCE7bM1XPO7/io6pNAHwMe6UFm/b t4GZoQ5SMPd7Uvle7zULVLU9mijIyeJDRnpZMH8fOHDl92Wg1mp3u8w6p1bKgf61bASu Ri6O6HXGzZdEpgu0hvV7FJyt0faBi0dKb46+qK6Dn7bTZJ7O5MtrAZGqRVBZfUPL3K3a 0sIw== X-Forwarded-Encrypted: i=1; AFNElJ8cfqzdy2av9YLH+4/3inPh0yT1gq3Evav6gU3UGI9ZEJMck8BuP7lz+P9lNBY5jB+BhULJE4JdwUbHo4I=@vger.kernel.org X-Gm-Message-State: AOJu0Yxg/NXY6QKHGnkSKPCssF8GSv6xuqVFQ06ii6wLi5E1hgLWNR53 OIyX4G6odCaCucL+V5EeqStEZTTv/qvZmopCmuN62p9/8TbOKrpQqbAF X-Gm-Gg: AeBDievRiCPHIxKOf3l4shY25QSRQvcPQhsnQFQHACJy4DptrBryj6j70cuS2wjryOj FPiulvyzUpo3jXlR56zgXoGl1BhZ9eL6w2r6TTcNr9siUPRmyf8xwcXn+5+gNolZxn8pjKI7e3x CquGYz5pVEQ7+AW6Teuiu9vSJkfyiQn/wVw5Lx39HSVmRxoJI7ZFOLzuPAA3REr8vLo07nVl2bs U5ZHhLidyAAvrGLBgmrOdMG9UaRe66sLGu5Bj1r2pw7UoDcOFb2y1pzLBhLylyc6+B3g+1b17a7 GeUJJ3PUt+0uO8VRWXcC/mRfKo9N/eujfOTWk5uHf8Ki3iASMldAhjop9pbK0WWcAfoyUCE6bfB 27ot6b4R9IXWMaS8RyEkC/utsOWICpD+9t0RF6byYSFBC+iP1HHy5hRyyWjaxEAkKeGNbmPkSr0 xIAlLAi/e0UV6tnfAnj07jbRJWxrlA0ZHhJSJEHt15phc0wmgevgUvbW58 X-Received: by 2002:a05:6a00:1748:b0:832:e65:ddcd with SMTP id d2e1a72fcca58-8352d2ac0a2mr9386999b3a.45.1777904861465; Mon, 04 May 2026 07:27:41 -0700 (PDT) Received: from csl-conti-dell7858.ntu.edu.sg ([155.69.195.57]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-835293f022asm9111662b3a.45.2026.05.04.07.27.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 07:27:40 -0700 (PDT) From: Maoyi Xie X-Google-Original-From: Maoyi Xie To: steffen.klassert@secunet.com, herbert@gondor.apana.org.au Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, edumazet@google.com, horms@kernel.org, antony.antony@secunet.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH net] xfrm: route MIGRATE notifications to caller's netns Date: Mon, 4 May 2026 22:27:36 +0800 Message-Id: <20260504142736.1228425-1-maoyi.xie@ntu.edu.sg> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" xfrm_send_migrate() in net/xfrm/xfrm_user.c and pfkey_send_migrate() in net/key/af_key.c both hardcode &init_net for the multicast that announces a successful XFRM_MSG_MIGRATE / SADB_X_MIGRATE. XFRM_MSG_MIGRATE arrives on a per-netns NETLINK_XFRM socket, and the rest of the xfrm/af_key netlink path was made netns-aware in 2008. The other 14 multicast paths in xfrm_user.c route their event using xs_net(x), xp_net(xp) or sock_net(skb->sk); only the migrate path was missed. Two consequences of the init_net hardcoding: 1. The notification (selector, old/new endpoint addresses, and the km_address) is delivered to listeners on init_net's XFRMNLGRP_MIGRATE / pfkey BROADCAST_ALL groups rather than on the issuing netns. An IKE daemon running in init_net therefore receives migration notifications originating from any other netns on the host. 2. An IKE daemon running inside a non-init netns and subscribed to its own XFRMNLGRP_MIGRATE / pfkey groups never receives the notification of its own migration. IKEv2 MOBIKE / address-update handling inside a netns is silently broken. Thread struct net through km_migrate() and the xfrm_mgr.migrate function pointer, drop the &init_net override in xfrm_send_migrate() and pfkey_send_migrate(), and pass the caller's net (already in scope in xfrm_migrate() via sock_net(skb->sk)) all the way down. struct xfrm_mgr is in-tree only and not exported as a stable API, so the function-pointer signature change is internal. pfkey_broadcast() is already netns-aware via net_generic(net, pfkey_net_id) since the pernet conversion. The five other pfkey_broadcast() callers in af_key.c already pass xs_net(x), sock_net(sk) or a per-netns net, so this only removes the &init_net outlier. Fixes: 5c79de6e79cd ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE") Cc: stable@vger.kernel.org # v5.15+ Signed-off-by: Maoyi Xie --- include/net/xfrm.h | 3 ++- net/key/af_key.c | 6 +++--- net/xfrm/xfrm_policy.c | 2 +- net/xfrm/xfrm_state.c | 4 ++-- net/xfrm/xfrm_user.c | 5 ++--- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 10d3edde6..874409127 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -715,6 +715,7 @@ struct xfrm_mgr { const struct xfrm_migrate *m, int num_bundles, const struct xfrm_kmaddress *k, + struct net *net, const struct xfrm_encap_tmpl *encap); bool (*is_alive)(const struct km_event *c); }; @@ -1891,7 +1892,7 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, s= truct xfrm_policy *pol); #ifdef CONFIG_XFRM_MIGRATE int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, const struct xfrm_migrate *m, int num_bundles, - const struct xfrm_kmaddress *k, + const struct xfrm_kmaddress *k, struct net *net, const struct xfrm_encap_tmpl *encap); struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct = net *net, u32 if_id); diff --git a/net/key/af_key.c b/net/key/af_key.c index a166a88d8..9cffeef18 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -3564,7 +3564,7 @@ static int set_ipsecrequest(struct sk_buff *skb, #ifdef CONFIG_NET_KEY_MIGRATE static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 = type, const struct xfrm_migrate *m, int num_bundles, - const struct xfrm_kmaddress *k, + const struct xfrm_kmaddress *k, struct net *net, const struct xfrm_encap_tmpl *encap) { int i; @@ -3669,7 +3669,7 @@ static int pfkey_send_migrate(const struct xfrm_selec= tor *sel, u8 dir, u8 type, } =20 /* broadcast migrate message to sockets */ - pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net); + pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, net); =20 return 0; =20 @@ -3680,7 +3680,7 @@ static int pfkey_send_migrate(const struct xfrm_selec= tor *sel, u8 dir, u8 type, #else static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 = type, const struct xfrm_migrate *m, int num_bundles, - const struct xfrm_kmaddress *k, + const struct xfrm_kmaddress *k, struct net *net, const struct xfrm_encap_tmpl *encap) { return -ENOPROTOOPT; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index c944327ce..59968dcba 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4703,7 +4703,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, } =20 /* Stage 5 - announce */ - km_migrate(sel, dir, type, m, num_migrate, k, encap); + km_migrate(sel, dir, type, m, num_migrate, k, net, encap); =20 xfrm_pol_put(pol); =20 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 1748d374a..8f1379681 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2837,7 +2837,7 @@ EXPORT_SYMBOL(km_policy_expired); #ifdef CONFIG_XFRM_MIGRATE int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, const struct xfrm_migrate *m, int num_migrate, - const struct xfrm_kmaddress *k, + const struct xfrm_kmaddress *k, struct net *net, const struct xfrm_encap_tmpl *encap) { int err =3D -EINVAL; @@ -2848,7 +2848,7 @@ int km_migrate(const struct xfrm_selector *sel, u8 di= r, u8 type, list_for_each_entry_rcu(km, &xfrm_km_list, list) { if (km->migrate) { ret =3D km->migrate(sel, dir, type, m, num_migrate, k, - encap); + net, encap); if (!ret) err =3D ret; } diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index d56450f61..b39c33276 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3271,10 +3271,9 @@ static int build_migrate(struct sk_buff *skb, const = struct xfrm_migrate *m, =20 static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 t= ype, const struct xfrm_migrate *m, int num_migrate, - const struct xfrm_kmaddress *k, + const struct xfrm_kmaddress *k, struct net *net, const struct xfrm_encap_tmpl *encap) { - struct net *net =3D &init_net; struct sk_buff *skb; int err; =20 @@ -3292,7 +3291,7 @@ static int xfrm_send_migrate(const struct xfrm_select= or *sel, u8 dir, u8 type, #else static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 t= ype, const struct xfrm_migrate *m, int num_migrate, - const struct xfrm_kmaddress *k, + const struct xfrm_kmaddress *k, struct net *net, const struct xfrm_encap_tmpl *encap) { return -ENOPROTOOPT; base-commit: bd3a4795d5744f59a1f485379f1303e5e606f377 --=20 2.34.1