From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3839019067C; Sun, 12 Apr 2026 11:13:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992438; cv=none; b=myjhudreM05jpv8xnePeEIUbdHYdkQobLJ/csfsVp8RUAO8ftkHuvQUAzDtPPfNF1LYJsojx8bTvb7ZIv0w2W2nFbeZwC2xWYUG6MHVluJUmQqh146iHfYOClrys1E5imbqxVN1LGKQj8c7HGx0XqQ0TjYQdkjRHalYu4IYe1qo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992438; c=relaxed/simple; bh=njpPzO0I4NINQuUd3TXRel4fUwi8HQxwuXkW+uQWdmw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SZVRgkHm4yBRPEEGH0Y4CSQvylrFXhCH2pdOViB2T/IwNX3eSPKmnazDzHQh2Iw+3cMCuGpFytYnjV8Dm8IRvvNqIrhDQJOZ33/TuuB9rjHDhU6JL68EGhLTw9Ih4Qfq144lEnZLOf79wfe9zkGWdKNE9sVH1NbiZ/eRlUqu24Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=0ErTPBcw; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="0ErTPBcw" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 2769320799; Sun, 12 Apr 2026 13:13:54 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oeHULxhk0E0v; Sun, 12 Apr 2026 13:13:53 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 6ED412084B; Sun, 12 Apr 2026 13:13:53 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 6ED412084B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992433; bh=6rlJRpiY9QKBK7+Qr9FGrYyMXsvCl5MBxOaLAwh5Ptc=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=0ErTPBcwNXl+dbptndupjkB6b69ATU3XdhM7O6GcfTnttJkWwTszTSdgvrhCTMg/1 srGjbrEf9xwHiN3NGYhIhK5Vbwa/yVUxWofI6s3zr4RK10srqZyDeNXAb709PltE7B kgi6Dfk4xHL6rUoHHhxKgsi09022UZliNBa6XtFXzdfBub7deLFvoBDQDByKFwsOZT 4H+uJyvzZBG26Zh9jqDU64TufwE5Cm1yYxlutC9xtDpzUk4CwOxFOFG9JMPaXhWwLz 0G/6VXTDscEngyTJi9iQoA6xRqvYIvdL2aEzAqVSCcZPK9xHtoIWPuMkHMGC5YYIcw lG7p47+b0PaBg== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:13:51 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 01/14] xfrm: remove redundant assignments Date: Sun, 12 Apr 2026 13:13:41 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) These assignments are overwritten within the same function further down commit e8961c50ee9cc ("xfrm: Refactor migration setup during the cloning process") x->props.family =3D m->new_family; Which actually moved it in the commit e03c3bba351f9 ("xfrm: Fix xfrm migrate issues when address family ch= anges") And the initial commit 80c9abaabf428 ("[XFRM]: Extension for dynamic update of endpoint add= ress(es)") added x->props.saddr =3D orig->props.saddr; and memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); Signed-off-by: Antony Antony --- v1->v2: remove extra saddr copy, previous line --- net/xfrm/xfrm_state.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 98b362d51836..3ee92f93dbd2 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1980,8 +1980,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->props.mode =3D orig->props.mode; x->props.replay_window =3D orig->props.replay_window; x->props.reqid =3D orig->props.reqid; - x->props.family =3D orig->props.family; - x->props.saddr =3D orig->props.saddr; =20 if (orig->aalg) { x->aalg =3D xfrm_algo_auth_clone(orig->aalg); --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 605B1378D64; Sun, 12 Apr 2026 11:14:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992484; cv=none; b=BdiB2DSRRTuRyyJfZot0fu14HfwJI4UC/oiiCIoJh7vW0v6yMBNyVPdghNw493oh6Ev/wIYWl7/umpf89nyOU/nDEfbzMr4rkdWAe8/zvs8qITLOJWhmlKcsQkD4IvxhUnQJ5jHw9H+xAUVhtsyMOn326BHjvYmIbhPTHpuzfH0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992484; c=relaxed/simple; bh=lrfEvaSsd2ByZp/jAauV7VFzYguATGG5T1Ex0AXo3Uo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=H2jHPXRewj8G/ToOdij8UJMgoFKokQmBlBlGVoxHaLdLVQxikmdudqDhctcYwi0DF3DdarRW4bGpPTaUC8CTCjBYXoTh7Lq8UTJgLWt9Hqt4BP+iQ//r/hiPn301sVCWE9VUMtoHZ8vk44UXnUk/z21j3mdreALEoHiKdojI9wQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=nW+vF/Sa; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="nW+vF/Sa" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id CB0F720799; Sun, 12 Apr 2026 13:14:40 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pknzWdMBmSm2; Sun, 12 Apr 2026 13:14:40 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 2AB072076B; Sun, 12 Apr 2026 13:14:40 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 2AB072076B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992480; bh=Xdt1mQj6nHwR1//3+J3FJ92IKxFNQc96m9sJEc9JnNo=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=nW+vF/Sa37OHHVqz48eOu79lWqLGggzi15ig3FaeWFtvQSnPpwYdYTL2KwKzglMSU bvvzf9xAk18Wy6nm0F88TivVq763rJDmwavi15bHWlmcIxDAdWxNuoEYFSrfrZWg/u TBDr0nf2d+SYvXsk0HlyIA38sq0NRB6WK5fRNyo8//ouHLG7H6hKQSJZI1Iv5lntA1 fBU55tf0c9moANouHQFFm099Jcy91AXb9yP8kylXherV+aMrs1cXj0V9FkAPg/Wsrp jPptLhoIPTXOLL4s+YBjP607hSOnjOlPNuz33R4OpCPD4lVliU/shs2u7/mZagHXG7 PiVvz6F/jBs4g== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:14:38 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 02/14] xfrm: add extack to xfrm_init_state Date: Sun, 12 Apr 2026 13:13:53 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) Add a struct extack parameter to xfrm_init_state() and pass it through to __xfrm_init_state(). This allows validation errors detected during state initialization to propagate meaningful error messages back to userspace. xfrm_state_migrate_create() now passes extack so that errors from the XFRM_MSG_MIGRATE_STATE path are properly reported. Callers without an extack context (af_key, ipcomp4, ipcomp6) pass NULL, preserving their existing behaviour. Signed-off-by: Antony Antony --- v5->v6: added this patch --- include/net/xfrm.h | 2 +- net/ipv4/ipcomp.c | 2 +- net/ipv6/ipcomp6.c | 2 +- net/key/af_key.c | 2 +- net/xfrm/xfrm_state.c | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 10d3edde6b2f..0c035955d87d 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1774,7 +1774,7 @@ u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 ne= t_seq); int xfrm_init_replay(struct xfrm_state *x, struct netlink_ext_ack *extack); u32 xfrm_state_mtu(struct xfrm_state *x, int mtu); int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack= ); -int xfrm_init_state(struct xfrm_state *x); +int xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack); int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_typ= e); int xfrm_input_resume(struct sk_buff *skb, int nexthdr); int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb, diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index 9a45aed508d1..b1ea2d37e8c5 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c @@ -77,7 +77,7 @@ static struct xfrm_state *ipcomp_tunnel_create(struct xfr= m_state *x) memcpy(&t->mark, &x->mark, sizeof(t->mark)); t->if_id =3D x->if_id; =20 - if (xfrm_init_state(t)) + if (xfrm_init_state(t, NULL)) goto error; =20 atomic_set(&t->tunnel_users, 1); diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 8607569de34f..b340d67eb1d9 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c @@ -95,7 +95,7 @@ static struct xfrm_state *ipcomp6_tunnel_create(struct xf= rm_state *x) memcpy(&t->mark, &x->mark, sizeof(t->mark)); t->if_id =3D x->if_id; =20 - if (xfrm_init_state(t)) + if (xfrm_init_state(t, NULL)) goto error; =20 atomic_set(&t->tunnel_users, 1); diff --git a/net/key/af_key.c b/net/key/af_key.c index 571200433aa9..41afb9e82a58 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -1283,7 +1283,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struc= t net *net, } } =20 - err =3D xfrm_init_state(x); + err =3D xfrm_init_state(x, NULL); if (err) goto out; =20 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 3ee92f93dbd2..86f21a19a0ee 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2143,7 +2143,7 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_sta= te *x, if (!xc) return NULL; =20 - if (xfrm_init_state(xc) < 0) + if (xfrm_init_state(xc, extack) < 0) goto error; =20 /* configure the hardware if offload is requested */ @@ -3236,11 +3236,11 @@ int __xfrm_init_state(struct xfrm_state *x, struct = netlink_ext_ack *extack) =20 EXPORT_SYMBOL(__xfrm_init_state); =20 -int xfrm_init_state(struct xfrm_state *x) +int xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) { int err; =20 - err =3D __xfrm_init_state(x, NULL); + err =3D __xfrm_init_state(x, extack); if (err) return err; =20 --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D54AF2D7DDB; Sun, 12 Apr 2026 11:14:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992495; cv=none; b=bS91l40e5ZFGGDRx3AaaTZ1qif0/8uBjTmzVR8Q07PkVv0b4OeuNCTjFToa8m4dwdpK+w0LTJXbpqnSfFf0Et04YKPHhO1X+AIqXTVM2Hz6Oji/5731X7KnSupGNS6r+SKCiTwxoqR0nUwX/BzPbR1g5afWeN4JKAU4d9HiCvas= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992495; c=relaxed/simple; bh=j+k2tUcpHU32NYHbyKzX77TP2YHk4uwlRjIhKZUdEh4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rZGqnl6XJHMF79sJNE0VTaJSfEhvB60JCgL6RcFkilw3oAE6b6eTS8FURRc0D0BkANt08ZqPcXl2zKXMWR3Z7GbyEaEUK1ljNjY7lkej3Xt8tDVupBtvNax63gV1lKnpC5v8955HxNXT2E2vPuxD0XjYfM1ts/+4KGZBpZyrXRk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=IfHOngpg; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="IfHOngpg" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 1561420799; Sun, 12 Apr 2026 13:14:52 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o-rrfcj1yOrE; Sun, 12 Apr 2026 13:14:50 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 7C3582076B; Sun, 12 Apr 2026 13:14:50 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 7C3582076B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992490; bh=auB+c6mZikAg6O0+lm8xKRB2Ctm5ljZx2s/M/uCDQGw=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=IfHOngpgEeVGm4W+D6LQ2+ZqIejSbqBxeMry7FWycq3VxpypO9bDYSGObFKqKJpUb liR1PUzkoMMAOtL5Qo67sei4I27F+VYYmimFM5TMXqI3LCV4M6gp2zzOuSqHyfWImL 4CE78o/rzluNq0xO57X5SV7SECHNxB0OGTrrfVXwl42q4qXFG6Pyew0BCClVDr+zeS s9xqWTD4MaPp8WQlMJredMzMR0vfO74ZOJuGNfHmlWz7rtA/gVsrU4/waoPooj+/Ne njYD7MOTe/FxkovfVFjr8u63Q4fMf2PPCS8qBJQJJ7jgz4Ke+cuV2bXu3L6WFmGuHM HKA6DnyGxszCw== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:14:49 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 03/14] xfrm: allow migration from UDP encapsulated to non-encapsulated ESP Date: Sun, 12 Apr 2026 13:14:40 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) The current code prevents migrating an SA from UDP encapsulation to plain ESP. This is needed when moving from a NATed path to a non-NATed one, for example when switching from IPv4+NAT to IPv6. Only copy the existing encapsulation during migration if the encap attribute is explicitly provided. Note: PF_KEY's SADB_X_MIGRATE always passes encap=3DNULL and never supported encapsulation in migration. PF_KEY is deprecated and was in feature freeze when UDP encapsulation was added to xfrm. Signed-off-by: Antony Antony Tested-by: Yan Yan --- net/xfrm/xfrm_state.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 86f21a19a0ee..20ebd10dbee5 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2008,14 +2008,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, } x->props.calgo =3D orig->props.calgo; =20 - if (encap || orig->encap) { - if (encap) - x->encap =3D kmemdup(encap, sizeof(*x->encap), - GFP_KERNEL); - else - x->encap =3D kmemdup(orig->encap, sizeof(*x->encap), - GFP_KERNEL); - + if (encap) { + x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; } --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B74692D7DDB; Sun, 12 Apr 2026 11:15:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992503; cv=none; b=p64DqCRgezXEeNwANuDJ/StU5vR5u2S7q5FNxDpRQgPiC99oH0aSIdqD4d98TOwhjFwQv8Zaubp2ldW1glhp7rTghqTS6MtkqiZH+egYKJ3DGp42M8bEyHZsFmOxLn8D5QkP29pKVVu5so92p8MKqB/nem+apqe5tajMxwlSn5M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992503; c=relaxed/simple; bh=MnUMFW3yB5md5HggxPzOjWXpUzTCNVW/fuYVKR5WfDw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hJQTwFEmWpalfKkh5HcsPBe4sL4eXBwo/C9W0kyY/vxqZDhqohDTH467l7Il10WMu+OZVeuu+h60ItUDye7zj6Os9N4sdx07pQ0S0B3yjKAEDb4HzvPzZz1XVyU8/F66ZMNZ2s7HnAMAIbHOza7oHn13CtrWKBcfW/o4yYCm5Co= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=yV4abdau; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="yV4abdau" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 631A520799; Sun, 12 Apr 2026 13:15:00 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ZVjR0kdvRiM; Sun, 12 Apr 2026 13:14:59 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id BF2AE2076B; Sun, 12 Apr 2026 13:14:59 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com BF2AE2076B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992499; bh=snKdOjQS6j21vtxOxNOcIxRHL0pQr/pATSQ92wMXZjw=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=yV4abdaueU10CIBiZXnuqjJX1dBn0QED6y8H8ZiG6mMeoUhKdtw3D4tUQk5eBtoAc CXaCheSioR9BNKL3rJmpOkQJRMHnS7NTQq6G2FVW7wC0lcsOxLzTp+Aw34I/sWUjt6 Z2B8n4uUSX41NLopNgcYANTynoyF3amd92dzJRcUNWkuRlLc5HrZWI6C9tlKNFMsxV 41ApNP4At5XKZvTmL8skgZAAjp+8HV6LLlsosNtenwTwb71Lw7eQxjVHiDm9ohxvRL s2awTHtIOANq1pp3OyRutyuUbTP/sSB9sz6r3D4UWOme2injK/LZ7jFbvJV60vZRfz McCSiK1yY8AYg== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:14:58 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 04/14] xfrm: fix NAT-related field inheritance in SA migration Date: Sun, 12 Apr 2026 13:14:50 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) During SA migration via xfrm_state_clone_and_setup(), nat_keepalive_interval was silently dropped and never copied to the new SA. mapping_maxage was unconditionally copied even when migrating to a non-encapsulated SA. Both fields are only meaningful when UDP encapsulation (NAT-T) is in use. Move mapping_maxage and add nat_keepalive_interval inside the existing if (encap) block, so both are inherited when migrating with encapsulation and correctly absent when migrating without it. Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 20ebd10dbee5..defa753b26ae 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2012,6 +2012,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; + x->mapping_maxage =3D orig->mapping_maxage; + x->nat_keepalive_interval =3D orig->nat_keepalive_interval; } =20 if (orig->security) @@ -2046,7 +2048,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->km.seq =3D orig->km.seq; x->replay =3D orig->replay; x->preplay =3D orig->preplay; - x->mapping_maxage =3D orig->mapping_maxage; x->lastused =3D orig->lastused; x->new_mapping =3D 0; x->new_mapping_sport =3D 0; --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C560A3750A7; Sun, 12 Apr 2026 11:15:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992512; cv=none; b=SX65D/R+ZqCzuhxcka2C9DWSxPWm6PPJIK7QEHUMKR3B7KTXdWjlRtePITKU7hgpxlNw2bQPaqkclR6xQZA921Wqjy3dIVRKterhBXNYOlTIJjqG4WMziivS5tkKKL9krkLI1RbD1/WCMCLMkyb8uM99a2gIopkZoa5+kIFirb8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992512; c=relaxed/simple; bh=yTnLmMxhluG10EaILObFK6k6M3SnjIojoKtVDUNH0CM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Bmmwl4Syg7lMnrFYuaCBz1dMa+UD3LjjeN9ozj23qbU0Em25ok1M1wxccm7F3XS7nlU6WOXZMsXyU8r6X//psRZBe0xR2gCqkJPq+OtEolTmMqUp3XwM4vuMIRHmJ7e9k5MO25Y/7tbu3sIGLRpUnFdNecFFEtZBiVYz1Wi91Kg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=INduc3cD; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="INduc3cD" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id D7CBE207D1; Sun, 12 Apr 2026 13:15:08 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FnAqmxBkxczg; Sun, 12 Apr 2026 13:15:08 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 139B62076B; Sun, 12 Apr 2026 13:15:08 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 139B62076B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992508; bh=taVqB4IizJNde/g8Inyr6QhLUJOg9IL3q04gMoOKDeQ=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=INduc3cDmK8X5m2TaT8xvlk5BaUdirjUGYBKXXZQ1M0w3iC7nQ3XTI0zMYZgy80zs 7OejAijixc1d+fjs7QrESwY1L6G0/9X/VdXDO/zrv3WTDlIXeNIxao1+xofy1JBdDL XpU4tjxRHz+rDE2NXl67qBx1P5X0qo3UFM2cW+9y6ujfOnyTJg+NZOaa029zvVZS39 irXCycBmR90nabRP8v3moZVrjOojBNXEwCMmcNOhFeSEBtJLf/2xyEAOCV+0YXTFM2 niM7TTGnUeQmekvXE/dJreR5OzNrsiEhc77TlzFHhR6up6vA7brP6a/tBaY+2XjLDS 6tOkVgk+91hjg== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:15:07 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 05/14] xfrm: rename reqid in xfrm_migrate Date: Sun, 12 Apr 2026 13:15:00 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) In preparation for a later patch in this series s/reqid/old_reqid/. No functional change. Signed-off-by: Antony Antony --- include/net/xfrm.h | 2 +- net/key/af_key.c | 10 +++++----- net/xfrm/xfrm_policy.c | 4 ++-- net/xfrm/xfrm_state.c | 6 +++--- net/xfrm/xfrm_user.c | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 0c035955d87d..368b1dc22e5c 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -685,7 +685,7 @@ struct xfrm_migrate { u8 proto; u8 mode; u16 reserved; - u32 reqid; + u32 old_reqid; u16 old_family; u16 new_family; }; diff --git a/net/key/af_key.c b/net/key/af_key.c index 41afb9e82a58..ccd2e2d65688 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -2538,7 +2538,7 @@ static int ipsecrequests_to_migrate(struct sadb_x_ips= ecrequest *rq1, int len, if ((mode =3D pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0) return -EINVAL; m->mode =3D mode; - m->reqid =3D rq1->sadb_x_ipsecrequest_reqid; + m->old_reqid =3D rq1->sadb_x_ipsecrequest_reqid; =20 return ((int)(rq1->sadb_x_ipsecrequest_len + rq2->sadb_x_ipsecrequest_len)); @@ -3634,15 +3634,15 @@ static int pfkey_send_migrate(const struct xfrm_sel= ector *sel, u8 dir, u8 type, if (mode < 0) goto err; if (set_ipsecrequest(skb, mp->proto, mode, - (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), - mp->reqid, mp->old_family, + (mp->old_reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), + mp->old_reqid, mp->old_family, &mp->old_saddr, &mp->old_daddr) < 0) goto err; =20 /* new ipsecrequest */ if (set_ipsecrequest(skb, mp->proto, mode, - (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), - mp->reqid, mp->new_family, + (mp->old_reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), + mp->old_reqid, mp->new_family, &mp->new_saddr, &mp->new_daddr) < 0) goto err; } diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 7bcb6583e84c..62218b52fd35 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4530,7 +4530,7 @@ static int migrate_tmpl_match(const struct xfrm_migra= te *m, const struct xfrm_tm int match =3D 0; =20 if (t->mode =3D=3D m->mode && t->id.proto =3D=3D m->proto && - (m->reqid =3D=3D 0 || t->reqid =3D=3D m->reqid)) { + (m->old_reqid =3D=3D 0 || t->reqid =3D=3D m->old_reqid)) { switch (t->mode) { case XFRM_MODE_TUNNEL: case XFRM_MODE_BEET: @@ -4624,7 +4624,7 @@ static int xfrm_migrate_check(const struct xfrm_migra= te *m, int num_migrate, sizeof(m[i].old_saddr)) && m[i].proto =3D=3D m[j].proto && m[i].mode =3D=3D m[j].mode && - m[i].reqid =3D=3D m[j].reqid && + m[i].old_reqid =3D=3D m[j].old_reqid && m[i].old_family =3D=3D m[j].old_family) { NL_SET_ERR_MSG(extack, "Entries in the MIGRATE attribute's list must b= e unique"); return -EINVAL; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index defa753b26ae..a94f82f1354e 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2081,14 +2081,14 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n =20 spin_lock_bh(&net->xfrm.xfrm_state_lock); =20 - if (m->reqid) { + if (m->old_reqid) { h =3D xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr, - m->reqid, m->old_family); + m->old_reqid, m->old_family); hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { if (x->props.mode !=3D m->mode || x->id.proto !=3D m->proto) continue; - if (m->reqid && x->props.reqid !=3D m->reqid) + if (m->old_reqid && x->props.reqid !=3D m->old_reqid) continue; if (if_id !=3D 0 && x->if_id !=3D if_id) continue; diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 403b5ecac2c5..26b82d94acc1 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3087,7 +3087,7 @@ static int copy_from_user_migrate(struct xfrm_migrate= *ma, =20 ma->proto =3D um->proto; ma->mode =3D um->mode; - ma->reqid =3D um->reqid; + ma->old_reqid =3D um->reqid; =20 ma->old_family =3D um->old_family; ma->new_family =3D um->new_family; @@ -3170,7 +3170,7 @@ static int copy_to_user_migrate(const struct xfrm_mig= rate *m, struct sk_buff *sk memset(&um, 0, sizeof(um)); um.proto =3D m->proto; um.mode =3D m->mode; - um.reqid =3D m->reqid; + um.reqid =3D m->old_reqid; um.old_family =3D m->old_family; memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E0FC2D7DDB; Sun, 12 Apr 2026 11:15:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992522; cv=none; b=Mfr16eV5HLiLscpNFb8th0dc4UYJciG7HX9iFVWuXiP8ezwL4n/K7+4IZZbkTwDtmoXPkx9mbmieWY6fyxTeMW8Tb/5bAlKrlmLEVWyCMvpU27F8y6AgwvzP6pg04O+V/mtteXqP4beISwogBnUk7U/ddL6PJPVE0B6Ce9dpSH8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992522; c=relaxed/simple; bh=UVVlfSo+h6RbiSiPmR71YzZf55eUbiHH9TWNrAzna+U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=aXnjph0M4S7GEZDT3fGHy8hiSidSQ4ksO4KWz8j00mxF8/oNgPNAIIuik1C5fw4EJAvZBEQ5RPo8kPNkUlu4PWCdRawxy7wlW/FPjTLzsNmxd+xJ7QWADRE+BiWozGFGQZXHaQWz8ptQ7r8mUCrGx/aCxbKbmbBqQFFDpTs8jkw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=aGEsvEsb; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="aGEsvEsb" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 301F4207D1; Sun, 12 Apr 2026 13:15:19 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yjgNs0GCx6Jy; Sun, 12 Apr 2026 13:15:18 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 710CB2076B; Sun, 12 Apr 2026 13:15:18 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 710CB2076B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992518; bh=kf5rie4HeabLnC18Wx99b3U67EXhtWHQ+x1M+D7p3/A=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=aGEsvEsbQ/uJZ2HiASoqEx0uWbUdeDpfR4e7nwp7QWu67ZS1EYXPFIguSXvNM7EK3 3kI1WaAx//csAecHXjAqU401quuwdAI0gWwN5QY293hTlVVaJoCG2eQD3iv0cXixQz DCqeHXF9b32+MlfUUsYGgbo++dtywj8NQsKf3u5TXlehMDapV78mw1AMSUbHNYIgbz BdF3TfLxEMm2NWxl51JsB415CRqXYWR1vG+5nv2yzuX3loa8XeSXEmqHqaUSDWBp+V Ibj+YjnrdAqyLPbG2TXIwT3RH9w9Fjw7kXB1Gbejon9wFXDTftlJk1z2LXZ6QOJZXT M9emUrF7NwZsA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:15:16 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 06/14] xfrm: split xfrm_state_migrate into create and install functions Date: Sun, 12 Apr 2026 13:15:08 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) To prepare for subsequent patches, split xfrm_state_migrate() into two functions: - xfrm_state_migrate_create(): creates the migrated state - xfrm_state_migrate_install(): installs it into the state table splitting will help to avoid SN/IV reuse when migrating AEAD SA. And add const whenever possible. No functional change. Signed-off-by: Antony Antony --- v4->v5: - added this patch --- include/net/xfrm.h | 11 ++++++++ net/xfrm/xfrm_state.c | 73 +++++++++++++++++++++++++++++++++++++----------= ---- 2 files changed, 64 insertions(+), 20 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 368b1dc22e5c..4137986f15e2 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1895,6 +1895,17 @@ int km_migrate(const struct xfrm_selector *sel, u8 d= ir, u8 type, const struct xfrm_encap_tmpl *encap); struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct = net *net, u32 if_id); +struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, + const struct xfrm_migrate *m, + const struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack); +int xfrm_state_migrate_install(const struct xfrm_state *x, + struct xfrm_state *xc, + const struct xfrm_migrate *m, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, struct xfrm_encap_tmpl *encap, diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index a94f82f1354e..9060a6c399fd 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1966,8 +1966,8 @@ static inline int clone_security(struct xfrm_state *x= , struct xfrm_sec_ctx *secu } =20 static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *or= ig, - struct xfrm_encap_tmpl *encap, - struct xfrm_migrate *m) + const struct xfrm_encap_tmpl *encap, + const struct xfrm_migrate *m) { struct net *net =3D xs_net(orig); struct xfrm_state *x =3D xfrm_state_alloc(net); @@ -2125,12 +2125,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n } EXPORT_SYMBOL(xfrm_migrate_state_find); =20 -struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, - struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, - struct net *net, - struct xfrm_user_offload *xuo, - struct netlink_ext_ack *extack) +struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, + const struct xfrm_migrate *m, + const struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 @@ -2145,24 +2145,57 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_s= tate *x, if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) goto error; =20 - /* add state */ + return xc; +error: + xc->km.state =3D XFRM_STATE_DEAD; + xfrm_state_put(xc); + return NULL; +} +EXPORT_SYMBOL(xfrm_state_migrate_create); + +int xfrm_state_migrate_install(const struct xfrm_state *x, + struct xfrm_state *xc, + const struct xfrm_migrate *m, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) +{ if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { - /* a care is needed when the destination address of the - state is to be updated as it is a part of triplet */ + /* + * Care is needed when the destination address + * of the state is to be updated as it is a part of triplet. + */ xfrm_state_insert(xc); } else { - if (xfrm_state_add(xc) < 0) - goto error_add; + if (xfrm_state_add(xc) < 0) { + if (xuo) + xfrm_dev_state_delete(xc); + xc->km.state =3D XFRM_STATE_DEAD; + xfrm_state_put(xc); + return -EEXIST; + } } =20 + return 0; +} +EXPORT_SYMBOL(xfrm_state_migrate_install); + +struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, + struct xfrm_migrate *m, + struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) +{ + struct xfrm_state *xc; + + xc =3D xfrm_state_migrate_create(x, m, encap, net, xuo, extack); + if (!xc) + return NULL; + + if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) + return NULL; + return xc; -error_add: - if (xuo) - xfrm_dev_state_delete(xc); -error: - xc->km.state =3D XFRM_STATE_DEAD; - xfrm_state_put(xc); - return NULL; } EXPORT_SYMBOL(xfrm_state_migrate); #endif --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A18901D5151; Sun, 12 Apr 2026 11:15:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992532; cv=none; b=LsQoMKwtoNfJjBHbnjtY7Ed+3DA7CwFsieQOrKWAmTVsuNB0MORmYJPZ2gbf3J+mM5qLLHGHPKmCrQnV1vmyv4LE7AbHfd7IfGAH/GsedkxpT3AYRHUOrn26CQDZ3oqyf2F97bkceH5lKyagj3Ol8/km9zYtGaHh/1wd3zROftM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992532; c=relaxed/simple; bh=ayOW9o7Sw9/oJFVdTZeVaFBLk0PidJHtnJqnf/BI/RI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=oEd9HQg+ond8G5gSmTOKv3IbbzgwZM6jEy+ktI91OZycTuPdYbUsOsJn7aX6zjwU5535aMRjqLjFmt324T6qAqs1FXBYina0yjDxPGQG/MHXNESZfvU32YV5cc9ZZ+lLBsQsBWa11/02U7DO/Iy3U8SbGa8PNrF5QrrkhLR2kXE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=rbs69uWI; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="rbs69uWI" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 584A0207D1; Sun, 12 Apr 2026 13:15:29 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G-CYKc72fSiJ; Sun, 12 Apr 2026 13:15:28 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id BBB422076B; Sun, 12 Apr 2026 13:15:28 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com BBB422076B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992528; bh=wml5vTZCX+fxsPTD5tWOoFg+ZWQuie8VSpcMlMbE8Lc=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=rbs69uWISrH4FW8RnJe2HgvbTPP6de59g4AA3smLMjStl8EqEZcnyocqHAt9xCDQu olaoV1GGHWSN3j3ZbEVqbY1wPQQKFfjmbYULPDtqBFJpYZfyWzCQsGlWEVbLR0qWXg y1GJAknUTGkAvzDL1u/jg3hizNxFAqiNqPAix+UlcZ6WfMIcKy8FPyNidtS5sCqEGi 71GVn6LaYrg5Z+OSUQUNh/TRMiEoRkCN9+y2x2/ADIkMe6UHhQreZ5FQUKo48J5/dE +7GAZlbmqhcorCu4Ar/JwIgIhzfzk25RQmJkAXYT4x2aa+dRcasf0XSQHGWgwYvCIF j/cK92rbpRGtQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:15:26 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 07/14] xfrm: check family before comparing addresses in migrate Date: Sun, 12 Apr 2026 13:15:18 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) When migrating between different address families, xfrm_addr_equal() cannot meaningfully compare addresses, different lengths. Only call xfrm_addr_equal() when families match, and take the xfrm_state_insert() path when addresses are equal. Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint addr= ess(es)") Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_state.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 9060a6c399fd..f7bcf1422358 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2159,10 +2159,11 @@ int xfrm_state_migrate_install(const struct xfrm_st= ate *x, struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { - if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { + if (m->new_family =3D=3D m->old_family && + xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { /* - * Care is needed when the destination address - * of the state is to be updated as it is a part of triplet. + * Care is needed when the destination address of the state is + * to be updated as it is a part of triplet. */ xfrm_state_insert(xc); } else { --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43A6D1D5151; Sun, 12 Apr 2026 11:15:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992542; cv=none; b=uMCjBv24D1DNbXFrf2BR0gLm7oVKD0aPjGJIdtee2eaY90GZrp0hEnbTGT+qsIW3PDMM98hddcukhX4oBfbg5vbIHvb2GHiEnzDg4ni5cOaiZaQ+xmC2YtDDQLp3IBLv5wOfvmFmu+P2IRLFqlcy4xGsvItWLH23zn22gn2njEw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992542; c=relaxed/simple; bh=qcdxIXFgX3WhaA3eZ8JEF3cL5xdTGl3uO17R5SZquqM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mkY0S1Iptl7eOHtoD8xX4HCssMoaDiKNSIBcUm2tTd6OYlpkwhvxykMHJWRL+nERW1mvntIaOj56+hYZlwnDXIGx3GFHI8HAyFedfMjG2s39vngTB8vYmu3wOLLdQadkECjofdb0c6UO2UEL1Gyg8VrDWCauqEbDiVSdakucS8Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=nbdG694I; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="nbdG694I" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id D73BC207D1; Sun, 12 Apr 2026 13:15:39 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oxMhGCG_HfYQ; Sun, 12 Apr 2026 13:15:39 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 1D2B62076B; Sun, 12 Apr 2026 13:15:39 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 1D2B62076B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992539; bh=VfvcS5tIyjmYMyFCwXJDcdVRGFseOwZRuEvl6PdSYnQ=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=nbdG694IW5X+I9d2Ju4aizXyesSnJmsSHJA3ZuKDbTJBma8LjBxVPJ2BSoxVReIJO 0LB/Rc+NFEUnztbNfsy98ocUnlsBHfvTfDBg16U+fTRggGNYo1+V0WbS/LaSAEEpG+ 7QvZ9ih38oNZaWn241gVziRGMyRRzl8W1EMLw/882/6umispUlFN+dTMHXuW4CVY0a PQEEUHLRsa0Eq7rZhy/E8NTPpWJjLFkdR7BFvTMx8/FOAiDx/DWpdawDQ02FRpFevW pfD2lMhOP1NvJc5Hu8vFZyh7PWYRoBK4yIAvrTz+wVYH+CIDhqxsNWmcIRakSdaJsS PzahlQjqaK5mA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:15:37 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 08/14] xfrm: add state synchronization after migration Date: Sun, 12 Apr 2026 13:15:29 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) Add xfrm_migrate_sync() to copy curlft and replay state from the old SA to the new one before installation. The function allocates no memory, so it can be called under a spinlock. In preparation for a subsequent patch in this series. A subsequent patch calls this under x->lock, atomically capturing the latest lifetime counters and replay state from the original SA and deleting it in the same critical section to prevent SN/IV reuse for XFRM_MSG_MIGRATE_STATE method. No functional change. Signed-off-by: Antony Antony --- v6->v7: - rephrase commit message v5->v6: - move the sync before install to avoid overwriting v4->v5: - added this patch --- include/net/xfrm.h | 46 +++++++++++++++++++++++++++++++++++++--------- net/xfrm/xfrm_state.c | 11 ++++------- 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4137986f15e2..be22c26e4661 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -2024,23 +2024,51 @@ static inline unsigned int xfrm_replay_state_esn_le= n(struct xfrm_replay_state_es =20 #ifdef CONFIG_XFRM_MIGRATE static inline int xfrm_replay_clone(struct xfrm_state *x, - struct xfrm_state *orig) + const struct xfrm_state *orig) { + /* Counters synced later in xfrm_replay_sync() */ =20 - x->replay_esn =3D kmemdup(orig->replay_esn, + x->replay =3D orig->replay; + x->preplay =3D orig->preplay; + + if (orig->replay_esn) { + x->replay_esn =3D kmemdup(orig->replay_esn, xfrm_replay_state_esn_len(orig->replay_esn), GFP_KERNEL); - if (!x->replay_esn) - return -ENOMEM; - x->preplay_esn =3D kmemdup(orig->preplay_esn, - xfrm_replay_state_esn_len(orig->preplay_esn), - GFP_KERNEL); - if (!x->preplay_esn) - return -ENOMEM; + if (!x->replay_esn) + return -ENOMEM; + x->preplay_esn =3D kmemdup(orig->preplay_esn, + xfrm_replay_state_esn_len(orig->preplay_esn), + GFP_KERNEL); + if (!x->preplay_esn) + return -ENOMEM; + } =20 return 0; } =20 +static inline void xfrm_replay_sync(struct xfrm_state *x, const struct xfr= m_state *orig) +{ + x->replay =3D orig->replay; + x->preplay =3D orig->preplay; + + if (orig->replay_esn) { + memcpy(x->replay_esn, orig->replay_esn, + xfrm_replay_state_esn_len(orig->replay_esn)); + + memcpy(x->preplay_esn, orig->preplay_esn, + xfrm_replay_state_esn_len(orig->preplay_esn)); + } +} + +static inline void xfrm_migrate_sync(struct xfrm_state *x, + const struct xfrm_state *orig) +{ + /* called under lock so no race conditions or mallocs allowed */ + memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft)); + xfrm_replay_sync(x, orig); +} + static inline struct xfrm_algo_aead *xfrm_algo_aead_clone(struct xfrm_algo= _aead *orig) { return kmemdup(orig, aead_len(orig), GFP_KERNEL); diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f7bcf1422358..8494c46118d9 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2027,10 +2027,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, goto error; } =20 - if (orig->replay_esn) { - if (xfrm_replay_clone(x, orig)) - goto error; - } + if (xfrm_replay_clone(x, orig)) + goto error; =20 memcpy(&x->mark, &orig->mark, sizeof(x->mark)); memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); @@ -2043,11 +2041,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, x->tfcpad =3D orig->tfcpad; x->replay_maxdiff =3D orig->replay_maxdiff; x->replay_maxage =3D orig->replay_maxage; - memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft)); x->km.state =3D orig->km.state; x->km.seq =3D orig->km.seq; - x->replay =3D orig->replay; - x->preplay =3D orig->preplay; x->lastused =3D orig->lastused; x->new_mapping =3D 0; x->new_mapping_sport =3D 0; @@ -2193,6 +2188,8 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_sta= te *x, if (!xc) return NULL; =20 + xfrm_migrate_sync(xc, x); + if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) return NULL; =20 --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 042F52D2488; Sun, 12 Apr 2026 11:15:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992551; cv=none; b=F26aUvCowXDQWimayZZozedDJItc6BW/WkTwgUezAuxIqsmerzW7sQ7sUG/58O/odODfIuzawqhXAcP9xRRKIKlU1D6eF9D9uAWMe52lG5o9kAFCzzxsP6jk2rvi+PhSdi86eXKhBWoQEJ8IvMCLRY3iv8VhMdXsWSQstAmJVnE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992551; c=relaxed/simple; bh=wsa7n6AiZkK0WuSe5K8/OI9qW8IqEiWJzkNpj6Xb0Bc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ZzdrPw7R0jsHrIK80oJzxq1tdVHTqIIJB0HG/M3qtVSBaP4NjjZIa6/Nwii/6Gcj4jjCw0Q3gKlMd7ToaQqLYXutNhdIvbmVw3fiLpiBVwIRY72BF9woyGiKW8QPSObd9iBwO65B7fnN+5pCbXrpRZJr3fKTG5xHuH6wm+yZU7s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=dPTLX6SH; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="dPTLX6SH" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id ACD57207D1; Sun, 12 Apr 2026 13:15:48 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VhHanJVXug3o; Sun, 12 Apr 2026 13:15:48 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 1B0012076B; Sun, 12 Apr 2026 13:15:48 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 1B0012076B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992548; bh=jQhXn4zoW93iPj7P3Jzmpn20X2zQoQ1PFEojR1TghM4=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=dPTLX6SHFOO2I0rfbH+YXj8H28+hIi9FmAYzK8F9OfeIr2UhI+wJnicxKyEuSs0VQ UK7e6CMg6IPAg2M038FkossmMobx6P6CTa3E1qEOsxPOG+r0mmrd2m0qfb2jQiM14S C3Hw9nj5SFLLtDY8ovfnn53s1OImaSPQsbYBBo5Dzst739vDTgGEb2Tp2HEszG6+WF 5AQ6vdGIGvoHHcGDUK0+UUnsm+ATka0AjtX4R+hPHV7/zeFh9dJgVUSF6Dye1DrGue cP/etFycUfNzXC8e4AxUKELXoD9hnQ4g/Cgqbs5wpBJduPDPs9M6JTBZ3j3LpbQT6X gKuoc+9SFtuGQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:15:47 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 09/14] xfrm: add error messages to state migration Date: Sun, 12 Apr 2026 13:15:39 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) Add descriptive(extack) error messages for all error paths in state migration. This improves diagnostics by providing clear feedback when migration fails. After xfrm_init_state() use NL_SET_ERR_MSG_WEAK() as fallback for error paths not yet propagating extack e.g. mode_cbs->init_state() No functional change. Signed-off-by: Antony Antony --- v5->v6: - in case dev_state_add() extack already set - after xfrm_init_state() use NL_SET_ERR_MSG_WEAK() as fallback v4->v5: - added this patch --- net/xfrm/xfrm_state.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 8494c46118d9..06ba8f03eab3 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2130,11 +2130,15 @@ struct xfrm_state *xfrm_state_migrate_create(struct= xfrm_state *x, struct xfrm_state *xc; =20 xc =3D xfrm_state_clone_and_setup(x, encap, m); - if (!xc) + if (!xc) { + NL_SET_ERR_MSG(extack, "Failed to clone and setup state"); return NULL; + } =20 - if (xfrm_init_state(xc, extack) < 0) + if (xfrm_init_state(xc, extack) < 0) { + NL_SET_ERR_MSG_WEAK(extack, "Failed to initialize migrated state"); goto error; + } =20 /* configure the hardware if offload is requested */ if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) @@ -2163,6 +2167,7 @@ int xfrm_state_migrate_install(const struct xfrm_stat= e *x, xfrm_state_insert(xc); } else { if (xfrm_state_add(xc) < 0) { + NL_SET_ERR_MSG(extack, "Failed to add migrated state"); if (xuo) xfrm_dev_state_delete(xc); xc->km.state =3D XFRM_STATE_DEAD; --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43D5F1CD2C; Sun, 12 Apr 2026 11:15:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992560; cv=none; b=mYcs3VFCBGthyUfTDkwI3rMWnMe9ZSmmKjXMkFRzw23zmnApdOY2CSsQgSh2NRMPlydHdNH+0UupH8g3191Wdnq7k97Qk41hiumCfxqx3vKXqzcPQtX8AgueADVedHaSZCgyf3xWHcIQxVL2YZyH5MW2usU+CaXTX3E9KyxByyU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992560; c=relaxed/simple; bh=A0EpAk3WjCZ1X6/fduseoxO1CnqR8fMdLUmiEIBSHgE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JYMa89rXhtGk/0xHOx59YOMk1kyzJjvrLUF4dcvlfTXrONO5uvTUaMfuWglAJXS60dAbMX63+ENvQCIC7jx77q+dbg4ieU3tcGWWCJm7MeaEw3Ka3Ldax7IRwR/PeXO7dNPnWRCbK00YSrtzC0HvoPjh4OA4tJ9fdLwLUJzWhyg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=RFBpOfVL; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="RFBpOfVL" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id B07A32084B; Sun, 12 Apr 2026 13:15:57 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sLzbCwd6Im3B; Sun, 12 Apr 2026 13:15:56 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id DA865207D1; Sun, 12 Apr 2026 13:15:56 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com DA865207D1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992556; bh=8bD2haGDmKE6PwhxzntN4r2BpdL/DO/nCv+phsiH2QA=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=RFBpOfVLCOMMASw/tzKZ59bUj7gbD+8EV6a9n4zWyFcFQku8wscCLvZVqauYEacsq OqgNAajo3AZaO+N7ACyWS1tiAs15RNhhC7bh6Q2MsnSAmREYlmPAaEsWHTqGMUIb/Q Lsdngpyj/Nftv6bww7GtQRR5O2dJkVtBBI1zqyfmFkaR7ZQ53w6+p5xpGHJ6xOvNNM q3JVCOFfKCoJkv+zdR4/pp3xEp3UbgcPYTGQgNrC/rrpK5+t9KYdo3wWYJdiRVXwhl YQ7hrF4Wsx48CWm87VRi/tius3Ml4lOjFRQ9RMklSRmHLKI1V4iWF53pXTUZqstxh1 9N8IomR8olwng== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:15:56 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 10/14] xfrm: move encap and xuo into struct xfrm_migrate Date: Sun, 12 Apr 2026 13:15:48 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) In preparation for an upcoming patch, move the xfrm_encap_tmpl and xfrm_user_offload pointers from separate parameters into struct xfrm_migrate, reducing the parameter count of xfrm_state_migrate_create(), xfrm_state_migrate_install(), and xfrm_state_migrate(). The fields are placed after the four xfrm_address_t members where the struct is naturally 8-byte aligned, avoiding padding. No functional change. Signed-off-by: Antony Antony --- v5->v6: added this patch. --- include/net/xfrm.h | 7 ++----- net/xfrm/xfrm_policy.c | 4 +++- net/xfrm/xfrm_state.c | 20 +++++++------------- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index be22c26e4661..4b29ab92c2a7 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -682,6 +682,8 @@ struct xfrm_migrate { xfrm_address_t old_saddr; xfrm_address_t new_daddr; xfrm_address_t new_saddr; + struct xfrm_encap_tmpl *encap; + struct xfrm_user_offload *xuo; u8 proto; u8 mode; u16 reserved; @@ -1897,20 +1899,15 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n u32 if_id); struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, const struct xfrm_migrate *m, - const struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_state_migrate_install(const struct xfrm_state *x, struct xfrm_state *xc, const struct xfrm_migrate *m, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 62218b52fd35..0b5c7b51183a 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4672,7 +4672,9 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, if ((x =3D xfrm_migrate_state_find(mp, net, if_id))) { x_cur[nx_cur] =3D x; nx_cur++; - xc =3D xfrm_state_migrate(x, mp, encap, net, xuo, extack); + mp->encap =3D encap; + mp->xuo =3D xuo; + xc =3D xfrm_state_migrate(x, mp, net, extack); if (xc) { x_new[nx_new] =3D xc; nx_new++; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 06ba8f03eab3..1ee114f8515d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1966,7 +1966,6 @@ static inline int clone_security(struct xfrm_state *x= , struct xfrm_sec_ctx *secu } =20 static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *or= ig, - const struct xfrm_encap_tmpl *encap, const struct xfrm_migrate *m) { struct net *net =3D xs_net(orig); @@ -2008,8 +2007,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, } x->props.calgo =3D orig->props.calgo; =20 - if (encap) { - x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); + if (m->encap) { + x->encap =3D kmemdup(m->encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; x->mapping_maxage =3D orig->mapping_maxage; @@ -2122,14 +2121,12 @@ EXPORT_SYMBOL(xfrm_migrate_state_find); =20 struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, const struct xfrm_migrate *m, - const struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 - xc =3D xfrm_state_clone_and_setup(x, encap, m); + xc =3D xfrm_state_clone_and_setup(x, m); if (!xc) { NL_SET_ERR_MSG(extack, "Failed to clone and setup state"); return NULL; @@ -2141,7 +2138,7 @@ struct xfrm_state *xfrm_state_migrate_create(struct x= frm_state *x, } =20 /* configure the hardware if offload is requested */ - if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) + if (m->xuo && xfrm_dev_state_add(net, xc, m->xuo, extack)) goto error; =20 return xc; @@ -2155,7 +2152,6 @@ EXPORT_SYMBOL(xfrm_state_migrate_create); int xfrm_state_migrate_install(const struct xfrm_state *x, struct xfrm_state *xc, const struct xfrm_migrate *m, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { if (m->new_family =3D=3D m->old_family && @@ -2168,7 +2164,7 @@ int xfrm_state_migrate_install(const struct xfrm_stat= e *x, } else { if (xfrm_state_add(xc) < 0) { NL_SET_ERR_MSG(extack, "Failed to add migrated state"); - if (xuo) + if (m->xuo) xfrm_dev_state_delete(xc); xc->km.state =3D XFRM_STATE_DEAD; xfrm_state_put(xc); @@ -2182,20 +2178,18 @@ EXPORT_SYMBOL(xfrm_state_migrate_install); =20 struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 - xc =3D xfrm_state_migrate_create(x, m, encap, net, xuo, extack); + xc =3D xfrm_state_migrate_create(x, m, net, extack); if (!xc) return NULL; =20 xfrm_migrate_sync(xc, x); =20 - if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) + if (xfrm_state_migrate_install(x, xc, m, extack) < 0) return NULL; =20 return xc; --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 541CB2D2488; Sun, 12 Apr 2026 11:16:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992575; cv=none; b=ooFvL1Yluw/VeJCFYqLR8UTgygQl+aqLT82sfT+wEoQH4xLvsKskOCX5SItbG6JqgR61eN0bq7jMFsd0D7IpCGoJzBH9HOaFw9+1+SrlsLF3yn1AKViUtkwOfXgrkp/MMasad19jQnwcC6xVY7MmU0N6oP1IIDMK1pQPgBYltMs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992575; c=relaxed/simple; bh=XGbVT5+MgmOrUWyIsLj3C2XbhobYyDSPIakykgdW9fs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ili9UyhUelRPQjlracmThGjh+0/FRnfsjoQwhzF0lP7X524p6K+kJ2l9XQW9hgORRb4oOpFf8y7oEUHWyiCr4GaLDDw1T8z5RAkFDgvOpS6onTT0t3x6ZwIV6TwWOocVVUuaL/ALFpsQ6Kb0H4KagAT/FBdvmWZZGpWoYxDO2qM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=TaBgN/to; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="TaBgN/to" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id F0FB720764; Sun, 12 Apr 2026 13:16:12 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4t8FCIJZpJ-1; Sun, 12 Apr 2026 13:16:12 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 5BC732074F; Sun, 12 Apr 2026 13:16:12 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 5BC732074F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992572; bh=acKr4mOZaJTSy0PfL+1ws1QiSPyE3W5VnkJOLxP/49Q=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=TaBgN/toH/LsX6ezYiP2a7mCnVZHsybSTGhxicZ5+YUsAMBK96DKVDDLRkhaITQxk LCEZ+zOc/Kwml7nM0BIGFVeVR4xt0Dq/4RGw3cIYCax1sv4rVo77GiuAixUFQm8n3T ABjYXmsOnNEamcgQgPxAlJgIN0J0zx7vRhKvuh47+2UPiW5t1a2nFmnqgrAGptjjRI m5Z96ZFQR+aQjFT3iZFxjHz20xVc3jEfaHFe1tkq1B7ZYs7mCjLf70RNuAPtkSwexL 55lWCK0FelcQUc4z1xpXqpLmiQE9j9S/aYbuFmneeH0WGeGjls3B2wxnw3KR+aFNT9 GW2yQVmmiBtbA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:16:10 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 11/14] xfrm: refactor XFRMA_MTIMER_THRESH validation into a helper Date: Sun, 12 Apr 2026 13:15:56 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) Extract verify_mtimer_thresh() to consolidate the XFRMA_MTIMER_THRESH validation logic shared between the add_sa and upcoming patch. Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_user.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 26b82d94acc1..fe0cf824f072 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -239,6 +239,22 @@ static inline int verify_replay(struct xfrm_usersa_inf= o *p, return 0; } =20 +static int verify_mtimer_thresh(bool has_encap, u8 dir, + struct netlink_ext_ack *extack) +{ + if (!has_encap) { + NL_SET_ERR_MSG(extack, + "MTIMER_THRESH requires encapsulation"); + return -EINVAL; + } + if (dir =3D=3D XFRM_SA_DIR_OUT) { + NL_SET_ERR_MSG(extack, + "MTIMER_THRESH should not be set on output SA"); + return -EINVAL; + } + return 0; +} + static int verify_newsa_info(struct xfrm_usersa_info *p, struct nlattr **attrs, struct netlink_ext_ack *extack) @@ -446,18 +462,9 @@ static int verify_newsa_info(struct xfrm_usersa_info *= p, err =3D 0; =20 if (attrs[XFRMA_MTIMER_THRESH]) { - if (!attrs[XFRMA_ENCAP]) { - NL_SET_ERR_MSG(extack, "MTIMER_THRESH attribute can only be set on ENCA= P states"); - err =3D -EINVAL; - goto out; - } - - if (sa_dir =3D=3D XFRM_SA_DIR_OUT) { - NL_SET_ERR_MSG(extack, - "MTIMER_THRESH attribute should not be set on output SA"); - err =3D -EINVAL; + err =3D verify_mtimer_thresh(!!attrs[XFRMA_ENCAP], sa_dir, extack); + if (err) goto out; - } } =20 if (sa_dir =3D=3D XFRM_SA_DIR_OUT) { --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B0C11D5151; Sun, 12 Apr 2026 11:16:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992588; cv=none; b=pIS14WO8iLLNNTYDntk2Lv564QIsCpfScVoTIC+mPjZMzu2Pw/PnNPTW5EZvX8fOMc1QyWixCZ6cF75rkzjkWIUiTsZ+3YOb8QEBhYsrUpp9bqyqmWcQbTW09wd0oKpHVmsO5Kjm/T/qBnJe4pvBnO+oBxt7qKK1g1LTqNUg4ZQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992588; c=relaxed/simple; bh=VHX+q1GKMuBaEydZlbjNIo4XPJsONPN+X9Z9Go23a9o=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DZPEvqP8eaGzuY4lxI9XMkraMxPhGdcrSVd47rmdoxNyaAycw7GlTMA5HtphiTdJL2s1XkauEiDvPdHvIx2sG1vVbWRQ3r3pRXYnC3xSYLEVF9jPsQuXlwXnVmcCIIz3lYuKhJL07CLzSzytNPvTQhw7skQH9PtIdVdtIigGrjY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=I8DViuZ9; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="I8DViuZ9" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 46B6A20764; Sun, 12 Apr 2026 13:16:25 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id noTLse6UxDR9; Sun, 12 Apr 2026 13:16:24 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id DE86B2074F; Sun, 12 Apr 2026 13:16:23 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com DE86B2074F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992583; bh=exT7lPwJU9Et6naG08TRpbLTVZcEOR6qY+KHeZX6ESU=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=I8DViuZ9GAwGGJ5folbUgaZRmdcEzzvuXsylN1TZphafHbXy70a00lOGtY3ZUNbW2 ap0SEHAr6Qxzn77HziiBJ0VzDp12J68mJMD6zEoVUD0GYoz1uOEo8AZ8X/YXIST2iW VV5XuE+6mKuJlLlFmnG4MVvDVsIoVKiVfDUCPtxwgVp1PojfG46Pwhusx6qApoPjqK x8nIDFsXn1zHgzZSZaq8G69IrMhovn2VpTNx1HwpgO859TirJtV44LX81U3b0jeyGv 9elu+CngeX2OvkZHAcEjtuAmct0qBb21oHw9T1VjG8iEmsDfq4rhMKny5pyTdJ9DSd oKPEwIxu/RjKQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:16:20 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 12/14] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration Date: Sun, 12 Apr 2026 13:16:12 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) Add a new netlink method to migrate a single xfrm_state. Unlike the existing migration mechanism (SA + policy), this supports migrating only the SA and allows changing the reqid. The SA is looked up via xfrm_usersa_id, which uniquely identifies it, so old_saddr is not needed. old_daddr is carried in xfrm_usersa_id.daddr. The reqid is invariant in the old migration. Signed-off-by: Antony Antony --- v6->v7: - add flags field to xfrm_user_migrate_state (based on Sabrina's fe= edback) - add XFRM_MIGRATE_STATE_NO_OFFLOAD (bit 0): suppresses offload - omit-to-inherit; mutually exclusive with XFRMA_OFFLOAD_DEV - zero-initialize struct xfrm_migrate m[XFRM_MAX_DEPTH] - add struct xfrm_selector new_sel to xfrm_user_migrate_state - add XFRM_MIGRATE_STATE_UPDATE_SEL: derive new selector from SA addresses when old selector is a single-host match v5->v6: - (Feedback from Sabrina's review) - reqid change: use xfrm_state_add, not xfrm_state_insert - encap and xuo: use nla_data() directly, no kmemdup needed - notification failure is non-fatal: set extack warning, return 0 - drop state direction, x->dir, check, not required - reverse xmas tree local variable ordering - use NL_SET_ERR_MSG_WEAK for clone failure message - fix implicit padding in xfrm_user_migrate_state uapi struct - support XFRMA_SET_MARK/XFRMA_SET_MARK_MASK in XFRM_MSG_MIGRATE_STATE v4->v5: - set portid, seq in XFRM_MSG_MIGRATE_STATE netlink notification - rename error label to out for clarity - add locking and synchronize after cloning - change some if(x) to if(!x) for clarity - call __xfrm_state_delete() inside the lock - return error from xfrm_send_migrate_state() instead of always returning= 0 v3->v4: preserve reqid invariant for each state migrated v2->v3: free the skb on the error path v1->v2: merged next patch here to fix use uninitialized value - removed unnecessary inline - added const when possible --- include/net/xfrm.h | 16 ++- include/uapi/linux/xfrm.h | 21 ++++ net/xfrm/xfrm_device.c | 2 +- net/xfrm/xfrm_policy.c | 19 +++ net/xfrm/xfrm_state.c | 29 +++-- net/xfrm/xfrm_user.c | 287 ++++++++++++++++++++++++++++++++++++++++= +++- security/selinux/nlmsgtab.c | 3 +- 7 files changed, 363 insertions(+), 14 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4b29ab92c2a7..e33e524cd909 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -684,12 +684,20 @@ struct xfrm_migrate { xfrm_address_t new_saddr; struct xfrm_encap_tmpl *encap; struct xfrm_user_offload *xuo; + struct xfrm_mark old_mark; + struct xfrm_mark *new_mark; + struct xfrm_mark smark; u8 proto; u8 mode; - u16 reserved; + u16 msg_type; /* XFRM_MSG_MIGRATE or XFRM_MSG_MIGRATE_STATE */ + u32 flags; u32 old_reqid; + u32 new_reqid; + u32 nat_keepalive_interval; + u32 mapping_maxage; u16 old_family; u16 new_family; + const struct xfrm_selector *new_sel; }; =20 #define XFRM_KM_TIMEOUT 30 @@ -2104,7 +2112,7 @@ void xfrm_dev_resume(struct sk_buff *skb); void xfrm_dev_backlog(struct softnet_data *sd); struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t = features, bool *again); int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, - struct xfrm_user_offload *xuo, + const struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_dev_policy_add(struct net *net, struct xfrm_policy *xp, struct xfrm_user_offload *xuo, u8 dir, @@ -2175,7 +2183,9 @@ static inline struct sk_buff *validate_xmit_xfrm(stru= ct sk_buff *skb, netdev_fea return skb; } =20 -static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x= , struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) +static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, + const struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) { return 0; } diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h index a23495c0e0a1..34d8ad5c4818 100644 --- a/include/uapi/linux/xfrm.h +++ b/include/uapi/linux/xfrm.h @@ -227,6 +227,9 @@ enum { #define XFRM_MSG_SETDEFAULT XFRM_MSG_SETDEFAULT XFRM_MSG_GETDEFAULT, #define XFRM_MSG_GETDEFAULT XFRM_MSG_GETDEFAULT + + XFRM_MSG_MIGRATE_STATE, +#define XFRM_MSG_MIGRATE_STATE XFRM_MSG_MIGRATE_STATE __XFRM_MSG_MAX }; #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) @@ -507,6 +510,24 @@ struct xfrm_user_migrate { __u16 new_family; }; =20 +struct xfrm_user_migrate_state { + struct xfrm_usersa_id id; + xfrm_address_t new_daddr; + xfrm_address_t new_saddr; + struct xfrm_mark old_mark; + struct xfrm_selector new_sel; + __u32 new_reqid; + __u32 flags; + __u16 new_family; + __u16 reserved; +}; + +/* Flags for xfrm_user_migrate_state.flags */ +enum xfrm_migrate_state_flags { + XFRM_MIGRATE_STATE_NO_OFFLOAD =3D 1, /* do not inherit offload from exist= ing SA */ + XFRM_MIGRATE_STATE_UPDATE_SEL =3D 2, /* update host-to-host selector from= saddr and daddr */ +}; + struct xfrm_user_mapping { struct xfrm_usersa_id id; __u32 reqid; diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 52ae0e034d29..9d4c1addb98f 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -229,7 +229,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb,= netdev_features_t featur EXPORT_SYMBOL_GPL(validate_xmit_xfrm); =20 int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, - struct xfrm_user_offload *xuo, + const struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { int err; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 0b5c7b51183a..3d6c778d8645 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4635,6 +4635,22 @@ static int xfrm_migrate_check(const struct xfrm_migr= ate *m, int num_migrate, return 0; } =20 +/* + * Fill migrate fields that are invariant in XFRM_MSG_MIGRATE: inherited + * from the existing SA unchanged. XFRM_MSG_MIGRATE_STATE can update these. + */ +static void xfrm_migrate_copy_old(struct xfrm_migrate *mp, + const struct xfrm_state *x, + struct xfrm_mark *new_mark_buf) +{ + mp->smark =3D x->props.smark; + mp->new_reqid =3D x->props.reqid; + mp->nat_keepalive_interval =3D x->nat_keepalive_interval; + mp->mapping_maxage =3D x->mapping_maxage; + *new_mark_buf =3D x->mark; + mp->new_mark =3D new_mark_buf; +} + int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_migrate, struct xfrm_kmaddress *k, struct net *net, @@ -4642,6 +4658,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, struct netlink_ext_ack *extack, struct xfrm_user_offload *xuo) { int i, err, nx_cur =3D 0, nx_new =3D 0; + struct xfrm_mark new_marks[XFRM_MAX_DEPTH] =3D {}; struct xfrm_policy *pol =3D NULL; struct xfrm_state *x, *xc; struct xfrm_state *x_cur[XFRM_MAX_DEPTH]; @@ -4674,6 +4691,8 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, nx_cur++; mp->encap =3D encap; mp->xuo =3D xuo; + xfrm_migrate_copy_old(mp, x, &new_marks[i]); + xc =3D xfrm_state_migrate(x, mp, net, extack); if (xc) { x_new[nx_new] =3D xc; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 1ee114f8515d..25d54c44fd94 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1974,11 +1974,25 @@ static struct xfrm_state *xfrm_state_clone_and_setu= p(struct xfrm_state *orig, goto out; =20 memcpy(&x->id, &orig->id, sizeof(x->id)); - memcpy(&x->sel, &orig->sel, sizeof(x->sel)); + if (m->msg_type =3D=3D XFRM_MSG_MIGRATE_STATE) { + if (m->flags & XFRM_MIGRATE_STATE_UPDATE_SEL) { + u8 prefixlen =3D (m->new_family =3D=3D AF_INET6) ? 128 : 32; + + memcpy(&x->sel, &orig->sel, sizeof(x->sel)); + x->sel.family =3D m->new_family; + x->sel.prefixlen_d =3D prefixlen; + x->sel.prefixlen_s =3D prefixlen; + memcpy(&x->sel.daddr, &m->new_daddr, sizeof(x->sel.daddr)); + memcpy(&x->sel.saddr, &m->new_saddr, sizeof(x->sel.saddr)); + } else { + x->sel =3D *m->new_sel; + } + } else { + memcpy(&x->sel, &orig->sel, sizeof(x->sel)); + } memcpy(&x->lft, &orig->lft, sizeof(x->lft)); x->props.mode =3D orig->props.mode; x->props.replay_window =3D orig->props.replay_window; - x->props.reqid =3D orig->props.reqid; =20 if (orig->aalg) { x->aalg =3D xfrm_algo_auth_clone(orig->aalg); @@ -2011,8 +2025,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->encap =3D kmemdup(m->encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; - x->mapping_maxage =3D orig->mapping_maxage; - x->nat_keepalive_interval =3D orig->nat_keepalive_interval; + x->mapping_maxage =3D m->mapping_maxage; + x->nat_keepalive_interval =3D m->nat_keepalive_interval; } =20 if (orig->security) @@ -2029,8 +2043,9 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, if (xfrm_replay_clone(x, orig)) goto error; =20 - memcpy(&x->mark, &orig->mark, sizeof(x->mark)); - memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); + x->mark =3D m->new_mark ? *m->new_mark : m->old_mark; + + x->props.smark =3D m->smark; =20 x->props.flags =3D orig->props.flags; x->props.extra_flags =3D orig->props.extra_flags; @@ -2053,7 +2068,7 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, goto error; } =20 - + x->props.reqid =3D m->new_reqid; x->props.family =3D m->new_family; memcpy(&x->id.daddr, &m->new_daddr, sizeof(x->id.daddr)); memcpy(&x->props.saddr, &m->new_saddr, sizeof(x->props.saddr)); diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index fe0cf824f072..46e506548122 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1318,7 +1318,7 @@ static int copy_to_user_encap(struct xfrm_encap_tmpl = *ep, struct sk_buff *skb) return 0; } =20 -static int xfrm_smark_put(struct sk_buff *skb, struct xfrm_mark *m) +static int xfrm_smark_put(struct sk_buff *skb, const struct xfrm_mark *m) { int ret =3D 0; =20 @@ -3059,6 +3059,25 @@ static int xfrm_add_acquire(struct sk_buff *skb, str= uct nlmsghdr *nlh, } =20 #ifdef CONFIG_XFRM_MIGRATE +static void copy_from_user_migrate_state(struct xfrm_migrate *ma, + const struct xfrm_user_migrate_state *um) +{ + memcpy(&ma->old_daddr, &um->id.daddr, sizeof(ma->old_daddr)); + memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); + memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); + + ma->proto =3D um->id.proto; + ma->new_reqid =3D um->new_reqid; + + ma->old_family =3D um->id.family; + ma->new_family =3D um->new_family; + + ma->old_mark =3D um->old_mark; + ma->flags =3D um->flags; + ma->new_sel =3D &um->new_sel; + ma->msg_type =3D XFRM_MSG_MIGRATE_STATE; +} + static int copy_from_user_migrate(struct xfrm_migrate *ma, struct xfrm_kmaddress *k, struct nlattr **attrs, int *num, @@ -3098,6 +3117,7 @@ static int copy_from_user_migrate(struct xfrm_migrate= *ma, =20 ma->old_family =3D um->old_family; ma->new_family =3D um->new_family; + ma->msg_type =3D XFRM_MSG_MIGRATE; } =20 *num =3D i; @@ -3108,7 +3128,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struc= t nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { struct xfrm_userpolicy_id *pi =3D nlmsg_data(nlh); - struct xfrm_migrate m[XFRM_MAX_DEPTH]; + struct xfrm_migrate m[XFRM_MAX_DEPTH] =3D {}; struct xfrm_kmaddress km, *kmp; u8 type; int err; @@ -3161,7 +3181,268 @@ static int xfrm_do_migrate(struct sk_buff *skb, str= uct nlmsghdr *nlh, kfree(xuo); return err; } + +static int build_migrate_state(struct sk_buff *skb, + const struct xfrm_user_migrate_state *um, + const struct xfrm_migrate *m, + u8 dir, u32 portid, u32 seq) +{ + int err; + struct nlmsghdr *nlh; + struct xfrm_user_migrate_state *hdr; + + nlh =3D nlmsg_put(skb, portid, seq, XFRM_MSG_MIGRATE_STATE, + sizeof(struct xfrm_user_migrate_state), 0); + if (!nlh) + return -EMSGSIZE; + + hdr =3D nlmsg_data(nlh); + *hdr =3D *um; + hdr->new_sel =3D *m->new_sel; + + if (m->encap) { + err =3D nla_put(skb, XFRMA_ENCAP, sizeof(*m->encap), m->encap); + if (err) + goto out_cancel; + } + + if (m->xuo) { + err =3D nla_put(skb, XFRMA_OFFLOAD_DEV, sizeof(*m->xuo), m->xuo); + if (err) + goto out_cancel; + } + + if (m->new_mark) { + err =3D nla_put(skb, XFRMA_MARK, sizeof(*m->new_mark), + m->new_mark); + if (err) + goto out_cancel; + } + + err =3D xfrm_smark_put(skb, &m->smark); + if (err) + goto out_cancel; + + if (m->mapping_maxage) { + err =3D nla_put_u32(skb, XFRMA_MTIMER_THRESH, m->mapping_maxage); + if (err) + goto out_cancel; + } + + if (m->nat_keepalive_interval) { + err =3D nla_put_u32(skb, XFRMA_NAT_KEEPALIVE_INTERVAL, + m->nat_keepalive_interval); + if (err) + goto out_cancel; + } + + if (dir) { + err =3D nla_put_u8(skb, XFRMA_SA_DIR, dir); + if (err) + goto out_cancel; + } + + nlmsg_end(skb, nlh); + return 0; + +out_cancel: + nlmsg_cancel(skb, nlh); + return err; +} + +static unsigned int xfrm_migrate_state_msgsize(const struct xfrm_migrate *= m, + u8 dir) +{ + return NLMSG_ALIGN(sizeof(struct xfrm_user_migrate_state)) + + (m->encap ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0) + + (m->xuo ? nla_total_size(sizeof(struct xfrm_user_offload)) : 0) + + (m->new_mark ? nla_total_size(sizeof(struct xfrm_mark)) : 0) + + (m->smark.v ? nla_total_size(sizeof(u32)) * 2 : 0) + /* SET_MARK + SET_M= ARK_MASK */ + (m->mapping_maxage ? nla_total_size(sizeof(u32)) : 0) + + (m->nat_keepalive_interval ? nla_total_size(sizeof(u32)) : 0) + + (dir ? nla_total_size(sizeof(u8)) : 0); /* XFRMA_SA_DIR */ +} + +static int xfrm_send_migrate_state(const struct xfrm_user_migrate_state *u= m, + const struct xfrm_migrate *m, + u8 dir, u32 portid, u32 seq) +{ + int err; + struct sk_buff *skb; + struct net *net =3D &init_net; + + skb =3D nlmsg_new(xfrm_migrate_state_msgsize(m, dir), GFP_ATOMIC); + if (!skb) + return -ENOMEM; + + err =3D build_migrate_state(skb, um, m, dir, portid, seq); + if (err < 0) { + kfree_skb(skb); + return err; + } + + return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE); +} + +static int xfrm_do_migrate_state(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr **attrs, struct netlink_ext_ack *extack) +{ + struct xfrm_user_migrate_state *um =3D nlmsg_data(nlh); + struct net *net =3D sock_net(skb->sk); + struct xfrm_user_offload xuo =3D {}; + struct xfrm_migrate m =3D {}; + struct xfrm_state *xc; + struct xfrm_state *x; + int err; + + if (!um->id.spi) { + NL_SET_ERR_MSG(extack, "Invalid SPI 0x0"); + return -EINVAL; + } + + if (um->reserved) { + NL_SET_ERR_MSG(extack, "Reserved field must be zero"); + return -EINVAL; + } + + if (um->flags & ~(XFRM_MIGRATE_STATE_NO_OFFLOAD | + XFRM_MIGRATE_STATE_UPDATE_SEL)) { + NL_SET_ERR_MSG(extack, "Unknown flags in XFRM_MSG_MIGRATE_STATE"); + return -EINVAL; + } + + if ((um->flags & XFRM_MIGRATE_STATE_NO_OFFLOAD) && + attrs[XFRMA_OFFLOAD_DEV]) { + NL_SET_ERR_MSG(extack, + "XFRM_MIGRATE_STATE_NO_OFFLOAD and XFRMA_OFFLOAD_DEV are mutuall= y exclusive"); + return -EINVAL; + } + + copy_from_user_migrate_state(&m, um); + + x =3D xfrm_state_lookup(net, m.old_mark.v & m.old_mark.m, + &um->id.daddr, um->id.spi, + um->id.proto, um->id.family); + if (!x) { + NL_SET_ERR_MSG(extack, "Can not find state"); + return -ESRCH; + } + + if (um->flags & XFRM_MIGRATE_STATE_UPDATE_SEL) { + u8 prefixlen =3D (x->sel.family =3D=3D AF_INET6) ? 128 : 32; + + if (x->sel.prefixlen_s !=3D x->sel.prefixlen_d || + x->sel.prefixlen_d !=3D prefixlen || + !xfrm_addr_equal(&x->sel.daddr, &x->id.daddr, x->sel.family) || + !xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->sel.family)) { + NL_SET_ERR_MSG(extack, + "SA selector is not a single-host match for SA addresses"); + err =3D -EINVAL; + goto out; + } + } + + if (attrs[XFRMA_ENCAP]) { + m.encap =3D nla_data(attrs[XFRMA_ENCAP]); + if (m.encap->encap_type =3D=3D 0) { + m.encap =3D NULL; /* sentinel: remove encap */ + } else if (m.encap->encap_type !=3D UDP_ENCAP_ESPINUDP) { + NL_SET_ERR_MSG(extack, "Unsupported encapsulation type"); + err =3D -EINVAL; + goto out; + } + } else { + m.encap =3D x->encap; /* omit-to-inherit */ + } + + if (attrs[XFRMA_MTIMER_THRESH]) { + err =3D verify_mtimer_thresh(!!m.encap, x->dir, extack); + if (err) + goto out; + } + + if (attrs[XFRMA_NAT_KEEPALIVE_INTERVAL] && + nla_get_u32(attrs[XFRMA_NAT_KEEPALIVE_INTERVAL]) && !m.encap) { + NL_SET_ERR_MSG(extack, + "NAT_KEEPALIVE_INTERVAL requires encapsulation"); + err =3D -EINVAL; + goto out; + } + + if (attrs[XFRMA_OFFLOAD_DEV]) { + m.xuo =3D nla_data(attrs[XFRMA_OFFLOAD_DEV]); + } else if (!(um->flags & XFRM_MIGRATE_STATE_NO_OFFLOAD) && x->xso.dev) { + xuo.ifindex =3D x->xso.dev->ifindex; + if (x->xso.dir =3D=3D XFRM_DEV_OFFLOAD_IN) + xuo.flags =3D XFRM_OFFLOAD_INBOUND; + if (x->xso.type =3D=3D XFRM_DEV_OFFLOAD_PACKET) + xuo.flags |=3D XFRM_OFFLOAD_PACKET; + m.xuo =3D &xuo; + } + + if (attrs[XFRMA_MARK]) + m.new_mark =3D nla_data(attrs[XFRMA_MARK]); + + if (attrs[XFRMA_SET_MARK]) + xfrm_smark_init(attrs, &m.smark); + else + m.smark =3D x->props.smark; + + m.mapping_maxage =3D attrs[XFRMA_MTIMER_THRESH] ? + nla_get_u32(attrs[XFRMA_MTIMER_THRESH]) : x->mapping_maxage; + m.nat_keepalive_interval =3D attrs[XFRMA_NAT_KEEPALIVE_INTERVAL] ? + nla_get_u32(attrs[XFRMA_NAT_KEEPALIVE_INTERVAL]) : + x->nat_keepalive_interval; + + xc =3D xfrm_state_migrate_create(x, &m, net, extack); + if (!xc) { + NL_SET_ERR_MSG_WEAK(extack, "State migration clone failed"); + err =3D -EINVAL; + goto out; + } + + spin_lock_bh(&x->lock); + xfrm_migrate_sync(xc, x); /* to prevent SN/IV reuse */ + __xfrm_state_delete(x); + spin_unlock_bh(&x->lock); + + err =3D xfrm_state_migrate_install(x, xc, &m, extack); + if (err < 0) { + /* + * In this rare case both the old SA and the new SA + * will disappear. + * Alternatives risk duplicate SN/IV usage which must not occur. + * Userspace must handle this error, -EEXIST. + */ + goto out; + } + + /* Restore encap cleared by sentinel (type=3D0) during migration. */ + if (attrs[XFRMA_ENCAP]) + m.encap =3D nla_data(attrs[XFRMA_ENCAP]); + + m.new_sel =3D &xc->sel; + + err =3D xfrm_send_migrate_state(um, &m, xc->dir, + nlh->nlmsg_pid, nlh->nlmsg_seq); + if (err < 0) { + NL_SET_ERR_MSG(extack, "Failed to send migration notification"); + err =3D 0; + } + +out: + xfrm_state_put(x); + return err; +} + #else +static int xfrm_do_migrate_state(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr **attrs, struct netlink_ext_ack *extack) +{ + NL_SET_ERR_MSG(extack, "XFRM_MSG_MIGRATE_STATE is not supported"); + return -ENOPROTOOPT; +} + static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { @@ -3314,6 +3595,7 @@ const int xfrm_msg_min[XFRM_NR_MSGTYPES] =3D { [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] =3D sizeof(u32), [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_userpolicy_defau= lt), [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_userpolicy_defau= lt), + [XFRM_MSG_MIGRATE_STATE - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_user_migrate_s= tate), }; EXPORT_SYMBOL_GPL(xfrm_msg_min); =20 @@ -3407,6 +3689,7 @@ static const struct xfrm_link { [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] =3D { .doit =3D xfrm_get_spdinfo = }, [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] =3D { .doit =3D xfrm_set_default = }, [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] =3D { .doit =3D xfrm_get_default = }, + [XFRM_MSG_MIGRATE_STATE - XFRM_MSG_BASE] =3D { .doit =3D xfrm_do_migrate_= state }, }; =20 static int xfrm_reject_unused_attr(int type, struct nlattr **attrs, diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 2c0b07f9fbbd..655d2616c9d2 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -128,6 +128,7 @@ static const struct nlmsg_perm nlmsg_xfrm_perms[] =3D { { XFRM_MSG_MAPPING, NETLINK_XFRM_SOCKET__NLMSG_READ }, { XFRM_MSG_SETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, { XFRM_MSG_GETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_READ }, + { XFRM_MSG_MIGRATE_STATE, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, }; =20 static const struct nlmsg_perm nlmsg_audit_perms[] =3D { @@ -203,7 +204,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u3= 2 *perm) * structures at the top of this file with the new mappings * before updating the BUILD_BUG_ON() macro! */ - BUILD_BUG_ON(XFRM_MSG_MAX !=3D XFRM_MSG_GETDEFAULT); + BUILD_BUG_ON(XFRM_MSG_MAX !=3D XFRM_MSG_MIGRATE_STATE); =20 if (selinux_policycap_netlink_xperm()) { *perm =3D NETLINK_XFRM_SOCKET__NLMSG; --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 708F82E541F; Sun, 12 Apr 2026 11:16:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992598; cv=none; b=WLCaQQEC69YsDkKJLTDBq5aSJQ8xLYeXqkKh9Ek6HkD81PIzaQ4QZ4hMDot/ReBQ4lI1Kjkfpfp95Exs+Kpos6Rd7wnrnM9fo0F//EUShKPJ1Mo41x6d3t5caiwwmAPxxUFi/5slH2w72ivyE3eqQyzEyEAW7iAnqAIGQOoVQ+g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992598; c=relaxed/simple; bh=9UP0ivJiXVoIUA4UAXZ3wNxBHW41WQJJ8XoG15ng/PA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=VwBAtzFYpioFg294UYx4ju//V/pgncJjEaB/P+jkciRjPxqpuKkUnlOOzcufQssYPmKqbKcp0I0Dsq1i6+Ce/wETISXIPBeSnrPqnFUrkb7aUBuf2yZoJCr5To+hodGz9KK1Zozr83q4R+R5xmPyXNbUXxDEsyzvCOs6/U8sr1A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=ZlbNjtYY; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="ZlbNjtYY" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id E0A0B207D8; Sun, 12 Apr 2026 13:16:35 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q1YEEGcIWrYR; Sun, 12 Apr 2026 13:16:35 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 57F032074F; Sun, 12 Apr 2026 13:16:35 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 57F032074F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992595; bh=jjCd3da9hgLQSsx/QglDZN06ukOTwGx0csWrPYcumTI=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=ZlbNjtYY0wqVcmx6vAPzhQE6HhOc127EmH1ygmwguxtxx5dNeg3v1mxtxqrf6yPb4 Dm7364ruNjWvl3fyTr0ajdZW4OYH/MWoRk+DNQbCWI5PGYbwtpV4P+9B/kRaLGHVYE eyRLR0DhdPjrK7gRKKSf7t7JLZlSiKzLRdomUL/2wobbzu362CJx4rlGbproD0sdAP NHsxsHEG7e5lGNYBUrTeBv9k+j8DFsS8fiqVNUzetzSCwvSmbfI73qmfPWbL6TqymX G6a/Sn6drWINxVX5RZV0A5e3tu8kneGfVeIXCfaFebTcszE2DLiHnOFC3j4Qia4dbm buZPaQ1dUooBg== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:16:34 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 13/14] xfrm: restrict netlink attributes for XFRM_MSG_MIGRATE_STATE Date: Sun, 12 Apr 2026 13:16:23 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) Only accept XFRMA used in this method, reject the rest. Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_user.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 46e506548122..441e6b1fed10 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3721,6 +3721,30 @@ static int xfrm_reject_unused_attr(int type, struct = nlattr **attrs, } } =20 + if (type =3D=3D XFRM_MSG_MIGRATE_STATE) { + int i; + + for (i =3D 0; i <=3D XFRMA_MAX; i++) { + if (!attrs[i]) + continue; + + switch (i) { + case XFRMA_MARK: + case XFRMA_ENCAP: + case XFRMA_OFFLOAD_DEV: + case XFRMA_SET_MARK: + case XFRMA_SET_MARK_MASK: + case XFRMA_MTIMER_THRESH: + case XFRMA_NAT_KEEPALIVE_INTERVAL: + break; + default: + NL_SET_ERR_MSG_ATTR(extack, attrs[i], + "Unsupported attribute in XFRM_MSG_MIGRATE_STATE"); + return -EINVAL; + } + } + } + return 0; } =20 --=20 2.47.3 From nobody Mon Apr 13 02:40:12 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACCA630C60D; Sun, 12 Apr 2026 11:16:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992614; cv=none; b=O0sUQ+77QqbloqEOdcf3QRl8zFbRtrm0bzxOsEekgL9rKIjYloTuaVGB+SkjkuQVBBHC42YVMbXmlRQkE3KV1oYSeRtb73uOKGEVrA4uuHltU33Fnd+kfcmNuCAHtxTuCLrpu+oCfb++2jXadHZLgGSz91dhesKQTYm/VdWuvU0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775992614; c=relaxed/simple; bh=4SK4L5ZBlXIjK3hbHpn7iLXhAfkBxcT/3rJ7R2C6qQU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YRn8lqAbnb7VpBaZYemKncjAFRh09okEvX/xlGcYnlpqqQ7Hn36raGkTSJkAbbuksHwn3gKXLAndc9YbL30FmxHTasIqPAIqu+4YVfh4b1V+6PagiBBcC3s/Vd3Xyl8CGOQg7JTG9JTeU90ycebB0EFu4jh7DtsFtIwEDRKAGro= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=vrifku4H; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="vrifku4H" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 4C022207D8; Sun, 12 Apr 2026 13:16:51 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Pq40GCWNR7D; Sun, 12 Apr 2026 13:16:50 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 3E8532074F; Sun, 12 Apr 2026 13:16:50 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 3E8532074F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1775992610; bh=S+xNQLVMxug0PHKeYUJHgYcAfS/vGB0i0PgUjI62pdg=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=vrifku4HMZ2ynmAfOjdgmMY3Zbw87kxDytJhGXOuwm37N3MXC+s7a/9+dc8DDfwlQ AQCCB4JGxSVeYfvdUUqq+gnfFXtP/c27yv1dheRZ5S/q3pyyhkpmRP0f11P6t95foC 3BRY/ETzOMVK7W++kHFWGNxPokUwpClpOZr+CGlH8PkEwtSt8Cuo42lhUroK8H2VCu cebD2MJWZhBbJqTrdX11Imk+rX9PQnnTr96JsrgQfU9I4R2/HbWQO8x7EzKw4GCoJr DovSbSY7fXiYLuY7pQFquaymSsk2N7qruxzOARXc4ED+UU+HXdK71SvJDz3A69zy/S zGKLNNz5Ms6Fw== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Sun, 12 Apr 2026 13:16:49 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v7 14/14] xfrm: add documentation for XFRM_MSG_MIGRATE_STATE Date: Sun, 12 Apr 2026 13:16:35 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) Add documentation for the new XFRM_MSG_MIGRATE_STATE netlink message, which migrates a single SA identified by SPI and mark without involving policies. The document covers the motivation and design differences from the existing XFRM_MSG_MIGRATE, the SA lookup mechanism, supported attributes with their omit-to-inherit semantics, and usage examples. Signed-off-by: Antony Antony --- v6->v7: update docs to reflect the flags v5->v6: added this patch --- Documentation/networking/xfrm/index.rst | 1 + .../networking/xfrm/xfrm_migrate_state.rst | 230 +++++++++++++++++= ++++ 2 files changed, 231 insertions(+) diff --git a/Documentation/networking/xfrm/index.rst b/Documentation/networ= king/xfrm/index.rst index 7d866da836fe..90191848f8db 100644 --- a/Documentation/networking/xfrm/index.rst +++ b/Documentation/networking/xfrm/index.rst @@ -9,5 +9,6 @@ XFRM Framework =20 xfrm_device xfrm_proc + xfrm_migrate_state xfrm_sync xfrm_sysctl diff --git a/Documentation/networking/xfrm/xfrm_migrate_state.rst b/Documen= tation/networking/xfrm/xfrm_migrate_state.rst new file mode 100644 index 000000000000..1e0d77f0e043 --- /dev/null +++ b/Documentation/networking/xfrm/xfrm_migrate_state.rst @@ -0,0 +1,230 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +XFRM SA Migrate State +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Overview +=3D=3D=3D=3D=3D=3D=3D=3D + +``XFRM_MSG_MIGRATE_STATE`` migrates a single SA, looked up using SPI and +mark, without involving policies. Unlike ``XFRM_MSG_MIGRATE``, which coupl= es +SA and policy migration and allows migrating multiple SAs in one call, this +interface identifies the SA unambiguously via SPI and supports changing +the reqid, addresses, encapsulation, selector, and offload. + +Because IKE daemons such as *wan manage policies independently of +the kernel, this interface allows precise per-SA migration without +requiring policy involvement. Optional XFRM attributes follow an +omit-to-inherit model: omitting an attribute preserves the value from +the old SA. Hardware offload is an exception. It is inherited by default +but can be disabled with the ``XFRM_MIGRATE_STATE_NO_OFFLOAD`` +flag or set to a new offload configuration with the +``XFRMA_OFFLOAD_DEV`` attribute. + +SA Identification +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The struct is defined in ``include/uapi/linux/xfrm.h``. The SA is looked +up using ``xfrm_state_lookup()`` with ``id.spi``, +``id.daddr``, ``id.proto``, ``id.family``, and +``old_mark.v & old_mark.m`` as the mark key:: + + struct xfrm_user_migrate_state { + struct xfrm_usersa_id id; /* spi, daddr, proto, family */ + xfrm_address_t new_daddr; + xfrm_address_t new_saddr; + struct xfrm_mark old_mark; /* SA lookup: key =3D v & m */ + struct xfrm_selector new_sel; /* new selector (see Flags) */ + __u32 new_reqid; + __u32 flags; /* XFRM_MIGRATE_STATE_* */ + __u16 new_family; + __u16 reserved; + }; + +Supported Attributes +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The following fields in ``xfrm_user_migrate_state`` are always explicit +and are not inherited from the existing SA. Passing zero is not equivalent +to "keep unchanged" =E2=80=94 zero is used as-is: + +- ``new_daddr`` - new destination address +- ``new_saddr`` - new source address +- ``new_family`` - new address family +- ``new_reqid`` - new reqid (0 =3D no reqid) +- ``new_sel`` - new selector; used when ``XFRM_MIGRATE_STATE_UPDATE_SEL`` = is + not set (see `Flags`_ below) +- ``flags`` - bitmask of ``XFRM_MIGRATE_STATE_*`` flags (see `Flags`_ belo= w) + +The following netlink attributes are also accepted. Omitting an attribute +inherits the value from the existing SA (omit-to-inherit). + +.. list-table:: + :widths: 30 70 + :header-rows: 1 + + * - Attribute + - Description + * - ``XFRMA_MARK`` + - Mark on the migrated SA (``struct xfrm_mark``). Absent inherits + ``old_mark``. To use no mark on the new SA, send ``XFRMA_MARK`` + with ``{0, 0}``. + * - ``XFRMA_ENCAP`` + - UDP encapsulation template; only ``UDP_ENCAP_ESPINUDP`` is supporte= d. + Set ``encap_type=3D0`` to remove encap. + * - ``XFRMA_OFFLOAD_DEV`` + - Hardware offload configuration (``struct xfrm_user_offload``). Abse= nt + copies offload from the existing SA. When + ``XFRM_MIGRATE_STATE_NO_OFFLOAD`` is set in ``flags``, the new SA h= as + no offload; this flag is mutually exclusive with ``XFRMA_OFFLOAD_DE= V`` + and sending both returns ``-EINVAL``. + * - ``XFRMA_SET_MARK`` + - Output mark on the migrated SA; pair with ``XFRMA_SET_MARK_MASK``. + Send 0 to clear. + * - ``XFRMA_NAT_KEEPALIVE_INTERVAL`` + - NAT keepalive interval in seconds. Requires encap. Send 0 to clear. + Automatically cleared when encap is removed; setting a non-zero + value without encap returns ``-EINVAL``. + * - ``XFRMA_MTIMER_THRESH`` + - Mapping maxage threshold. Requires encap. Send 0 to clear. + Automatically cleared when encap is removed; setting a non-zero + value without encap returns ``-EINVAL``. + +The following SA properties are immutable and cannot be changed via +``XFRM_MSG_MIGRATE_STATE``: algorithms (``XFRMA_ALG_*``), replay state, +direction (``XFRMA_SA_DIR``), and security context (``XFRMA_SEC_CTX``). + +Flags +=3D=3D=3D=3D=3D + +The ``flags`` field in ``xfrm_user_migrate_state`` controls optional +migration behaviour. Unknown flag bits are rejected with ``-EINVAL``. + +.. list-table:: + :widths: 40 60 + :header-rows: 1 + + * - Flag + - Description + * - ``XFRM_MIGRATE_STATE_NO_OFFLOAD`` + - When set, the new SA has no hardware offload even when + ``XFRMA_OFFLOAD_DEV`` is absent. Without this flag, omitting + ``XFRMA_OFFLOAD_DEV`` copies the existing offload to the new SA. + Mutually exclusive with ``XFRMA_OFFLOAD_DEV``; sending both + returns ``-EINVAL``. + * - ``XFRM_MIGRATE_STATE_UPDATE_SEL`` + - When set, the kernel validates that the existing SA selector is a + single-host entry matching the SA addresses (``prefixlen_s =3D=3D + prefixlen_d`` equal to 32 for IPv4 or 128 for IPv6, and addresses + matching ``id.daddr`` and ``props.saddr``). If the check passes, + the new selector is derived from ``new_daddr`` and ``new_saddr`` + with the single-host mask for ``new_family``. A mismatch returns + ``-EINVAL``. When this flag is not set, ``new_sel`` is used as-is + for the migrated SA. + +Migration Steps +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +#. Install a block policy to drop traffic on the affected selector. +#. Remove the old policy. +#. Call ``XFRM_MSG_MIGRATE_STATE`` for each SA. +#. Reinstall the policies. +#. Remove the block policy. + +Block Policy and IV Safety +-------------------------- + +Installing a block policy before migration is required to prevent +traffic leaks and IV reuse. + +AES-GCM IV uniqueness is critical: reusing a (key, IV) pair allows +an attacker to recover the authentication subkey and forge +authentication tags, breaking both confidentiality and integrity. + +``XFRM_MSG_MIGRATE_STATE`` atomically copies the sequence number and +replay window from the old SA to the new SA and deletes the old SA. +The block policy ensures no outgoing packets are sent in the migration +window, preventing IV reuse under the same key. + +Feature Detection +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Userspace can probe for kernel support by sending a minimal +``XFRM_MSG_MIGRATE_STATE`` message with a non-existent SPI: + +- ``-ENOPROTOOPT``: not supported (``CONFIG_XFRM_MIGRATE`` not enabled) +- any other error: supported + +Userspace Notification on Success +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D + +On successful migration the kernel multicasts an +``XFRM_MSG_MIGRATE_STATE`` message to the ``XFRMNLGRP_MIGRATE`` group. +The fixed header is ``struct xfrm_user_migrate_state`` copied from the +request, followed by the same set of netlink attributes that are +accepted as input, with the differences noted below. + +Differences from the request +----------------------------- + +.. list-table:: + :widths: 25 75 + :header-rows: 1 + + * - Field / Attribute + - Difference + * - ``new_sel`` + - Contains the actual selector of the newly installed SA, not the + ``new_sel`` from the request. When + ``XFRM_MIGRATE_STATE_UPDATE_SEL`` is set the kernel derives the + selector from ``new_daddr`` / ``new_saddr``; the caller's + ``new_sel`` field is ignored in that case. The notification + always carries the real selector of the new SA. + * - ``XFRMA_SA_DIR`` + - Present in the notification (set from the direction of the new + SA) but **not accepted as input** =E2=80=94 direction is immutable. + * - ``flags`` + - Echoed back as-is. ``XFRM_MIGRATE_STATE_NO_OFFLOAD`` and + ``XFRM_MIGRATE_STATE_UPDATE_SEL`` describe the request that was + made, not a property of the resulting SA. + +Attributes in the notification +------------------------------- + +.. list-table:: + :widths: 30 70 + :header-rows: 1 + + * - Attribute + - Description + * - ``XFRMA_ENCAP`` + - UDP encapsulation template, if configured on the new SA. + * - ``XFRMA_OFFLOAD_DEV`` + - Hardware offload configuration, if active on the new SA. + * - ``XFRMA_MARK`` + - Mark on the new SA, if set. + * - ``XFRMA_SET_MARK`` + - Output mark on the new SA, if set. + * - ``XFRMA_SET_MARK_MASK`` + - Output mark mask, present together with ``XFRMA_SET_MARK``. + * - ``XFRMA_MTIMER_THRESH`` + - Mapping maxage threshold, if non-zero. + * - ``XFRMA_NAT_KEEPALIVE_INTERVAL`` + - NAT keepalive interval, if non-zero. + * - ``XFRMA_SA_DIR`` + - Direction of the new SA. + +Error Handling +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +If the target SA tuple (daddr, SPI, proto, family) is occupied by an exist= ing +unrelated SA, the operation returns ``-EEXIST``. In this case both the old= and +the new SA are gone. The old SA cannot be restored as doing so would risk +duplicate sequence number and IV reuse, which must not occur. Userspace sh= ould +handle ``-EEXIST``, for example by re-establishing the SA at the IKE level. + +If the multicast notification (``XFRMNLGRP_MIGRATE``) fails to send, +the migration itself has already completed successfully and the new SA +is installed. The operation returns success, 0, with an extack warning, +but listeners will not receive the migration event. --=20 2.47.3