From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA0C13B3BFF; Tue, 5 May 2026 04:32:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955544; cv=none; b=WEedr+Uq/D+jaJTzmKPviZfwMpU2eyYv1o2ON4eawalgT/nivT09dkPIa+o/iCrkikCVhKXavmLAzKb8O3vKsjq7ep1e00tySBOgrBev86xbI18F8PlNQVcVpEF7N3YqobKgccsQMEPlel5NwuYJLfRZgfecnuLZtSBV4JOWQIc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955544; c=relaxed/simple; bh=1gi+zs3XthfRNQGaModMGUpeL/7AfDaEbBL70XDXCW8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=F4a31RdAIqECFE4rlZhoA+0raudtAwn5unrWel2WOeCmlVS5PmnMQHmsvKgO9PX1gzLy4dzoGN1lY9jKF+grkcXjQ3VC6ZECsoDQ/bABLwQkJJAh3twyoLabK4NP+ipTISch46zfQ0I+I7F2twokfS3++QG+X96DJXuUF478lMM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=Oy/F78NB; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="Oy/F78NB" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 72A7E206DF; Tue, 5 May 2026 06:32:21 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aT4t_L7ZnBz3; Tue, 5 May 2026 06:32:21 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id E0565201E4; Tue, 5 May 2026 06:32:20 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com E0565201E4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955540; bh=et6qDI183ktudqUEuEapeDoiSm1aRWTOo4Y2EdChMvk=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=Oy/F78NBkKkUagWMF2iFAHT4YwqvO90Ospiew33lArmnNiYvEpwzgFUjzAQg1h458 vCD5KS0GXmmyTrRlb9nEYZN/sfPTPwS70bwL22102lXAzBRZIukpPXZjcUSUkYW/Jr KfDhIfoQdgQAQ7CY/SX0T/HvBd7hc1Fgfexu33xpij61d8c3frq+/eRv8AP4UJu5wZ 3N88PrwzKgVx6Bsnqzo9cgcGzmzsgdj8t+k/8zF1yKFrQsy3zE12nnItB33IiuiQjD reTqEmnz+PVUp3jSHqCdwBvI2oIW+4uUfLR2VvBbTzefBRCO4kfFKOFsJoMw1tL187 wD1+E5YlWs5Xw== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:32:17 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 01/14] xfrm: remove redundant assignments Date: Tue, 5 May 2026 06:31:28 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) These assignments are overwritten within the same function further down commit e8961c50ee9cc ("xfrm: Refactor migration setup during the cloning process") x->props.family =3D m->new_family; Which actually moved it in the commit e03c3bba351f9 ("xfrm: Fix xfrm migrate issues when address family ch= anges") And the initial commit 80c9abaabf428 ("[XFRM]: Extension for dynamic update of endpoint add= ress(es)") added x->props.saddr =3D orig->props.saddr; and memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); Signed-off-by: Antony Antony Reviewed-by: Sabrina Dubroca --- v1->v2: remove extra saddr copy, previous line --- net/xfrm/xfrm_state.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 1748d374abca..9417a025270c 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1980,8 +1980,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->props.mode =3D orig->props.mode; x->props.replay_window =3D orig->props.replay_window; x->props.reqid =3D orig->props.reqid; - x->props.family =3D orig->props.family; - x->props.saddr =3D orig->props.saddr; =20 if (orig->aalg) { x->aalg =3D xfrm_algo_auth_clone(orig->aalg); --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A6C3C386440; Tue, 5 May 2026 04:32:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955556; cv=none; b=bJRBeoak+5n9Ep0N3kqcT6tRE0M2Mnf+mQRz1C0RJxP72LeqwDuECwdBwL2O+ERb52m+LLXKoDo075goTSXh6OqyHSzc8A93AhtpbjWq22ssnvWSKEJtMIMuFOXV+76fRdMXJJ1nLGE0D9OV26L0LBvQ3yxJjLkaZvgn9icvceM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955556; c=relaxed/simple; bh=v0v+zISKNuP/nv5XzWz4Z8J8aXvWvQXXhXX4Sz2Nw+E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NIg9iwKKijf8Th5/hcRTRKIi0PzRONATQIZGnomTUoDqubrMwJMDiCk8rnCQrfFC4sH6KstzFYqwD4fKho2QYPFZJe3ZyB0HbyXR3XABIIDaZHfztg1eDUvCISo7j3SHqrHrp6iBTnbBFAk3n8taSPl31zGaHjcn47lyR47tjto= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=zzKTMntC; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="zzKTMntC" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 3B7E0206DF; Tue, 5 May 2026 06:32:33 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WtVGlcF6EcJw; Tue, 5 May 2026 06:32:32 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 71B15201E4; Tue, 5 May 2026 06:32:32 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 71B15201E4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955552; bh=reHrVhu2Zy7jSc3h+nfh/fBptMMgIZHh6fsQsnQ/yCw=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=zzKTMntCuQn4oGSnWWcq6zqzKWUX/BGTpO92RknWLE8FBrwrGwdWgyaUJVr/4jv7c EAfO9/v8BLhE38fFMLOkRpNVuwMHOoBqLQ68pnS6oElpeKkQ+AM2eJL5+hwiR8oi90 xhKOp8QQOb1whPTjineOoPNA1VHyWRwUj8zvcw69vpCQF7Mk021STrw1wVEO46rLEd CqY55GuAOtzvu7n3IINtRSIZ7H4mFBF9bYS/D/sT6VH+AJa79GnUnSPD8j+evuyvzM IXoSO/wGtyA/BBG6GhReDoFVeWR0crtM5zI30l9S8TOFMC58iHwMMEkzTnPiM2D0E4 Iy4Igcu2Yx9zg== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:32:30 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 02/14] xfrm: add extack to xfrm_init_state Date: Tue, 5 May 2026 06:32:19 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) Add a struct extack parameter to xfrm_init_state() and pass it through to __xfrm_init_state(). This allows validation errors detected during state initialization to propagate meaningful error messages back to userspace. xfrm_state_migrate_create() now passes extack so that errors from the XFRM_MSG_MIGRATE_STATE path are properly reported. Callers without an extack context (af_key, ipcomp4, ipcomp6) pass NULL, preserving their existing behaviour. Signed-off-by: Antony Antony Reviewed-by: Sabrina Dubroca --- v5->v6: added this patch --- include/net/xfrm.h | 2 +- net/ipv4/ipcomp.c | 2 +- net/ipv6/ipcomp6.c | 2 +- net/key/af_key.c | 2 +- net/xfrm/xfrm_state.c | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 10d3edde6b2f..0c035955d87d 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1774,7 +1774,7 @@ u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 ne= t_seq); int xfrm_init_replay(struct xfrm_state *x, struct netlink_ext_ack *extack); u32 xfrm_state_mtu(struct xfrm_state *x, int mtu); int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack= ); -int xfrm_init_state(struct xfrm_state *x); +int xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack); int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_typ= e); int xfrm_input_resume(struct sk_buff *skb, int nexthdr); int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb, diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index 9a45aed508d1..b1ea2d37e8c5 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c @@ -77,7 +77,7 @@ static struct xfrm_state *ipcomp_tunnel_create(struct xfr= m_state *x) memcpy(&t->mark, &x->mark, sizeof(t->mark)); t->if_id =3D x->if_id; =20 - if (xfrm_init_state(t)) + if (xfrm_init_state(t, NULL)) goto error; =20 atomic_set(&t->tunnel_users, 1); diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 8607569de34f..b340d67eb1d9 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c @@ -95,7 +95,7 @@ static struct xfrm_state *ipcomp6_tunnel_create(struct xf= rm_state *x) memcpy(&t->mark, &x->mark, sizeof(t->mark)); t->if_id =3D x->if_id; =20 - if (xfrm_init_state(t)) + if (xfrm_init_state(t, NULL)) goto error; =20 atomic_set(&t->tunnel_users, 1); diff --git a/net/key/af_key.c b/net/key/af_key.c index a166a88d8788..842bf5786e3f 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -1299,7 +1299,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struc= t net *net, } } =20 - err =3D xfrm_init_state(x); + err =3D xfrm_init_state(x, NULL); if (err) goto out; =20 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 9417a025270c..53d88b87bdbd 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2143,7 +2143,7 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_sta= te *x, if (!xc) return NULL; =20 - if (xfrm_init_state(xc) < 0) + if (xfrm_init_state(xc, extack) < 0) goto error; =20 /* configure the hardware if offload is requested */ @@ -3238,11 +3238,11 @@ int __xfrm_init_state(struct xfrm_state *x, struct = netlink_ext_ack *extack) =20 EXPORT_SYMBOL(__xfrm_init_state); =20 -int xfrm_init_state(struct xfrm_state *x) +int xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) { int err; =20 - err =3D __xfrm_init_state(x, NULL); + err =3D __xfrm_init_state(x, extack); if (err) return err; =20 --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 184FC3B6343; Tue, 5 May 2026 04:32:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955568; cv=none; b=Wb23ruYzZZwr6kvZLV+pLBno0on4BG+HYJP7WJbh5wGH18s8uG3DNiu8JAcX/S+k8tZZbhGbNxLamBB7ulm0jwkHJoP+s7zqijriu7qkR8UUlTxp7+C8XTRMza7ADC/vcOgOwPGfs4D4+bCmyANDtILM60DhATSmmRwz1xtElgc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955568; c=relaxed/simple; bh=49g84C5e27xWI5w57FSsl7o33PDeloPsZ3/EHnIpCXE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KdUVkZHHKzKYQ2SHresj2nU/ZO8mFXm+aaIASIpJLXH7r8CJ4wupqgByHLSxmT0MtyaE+DwQ9irprrVC6TiIUiP5YrvPu3+sytZqbLUzuracWW0sGvQnFyOYXQOIisSVMDcP8mkN7YgsF7vvXry1yPPqsrjypIIliD0Q/5GGAnc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=rIQOIJG/; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="rIQOIJG/" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 55E15201E4; Tue, 5 May 2026 06:32:45 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1pnPuBo3xkCL; Tue, 5 May 2026 06:32:44 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id C1F34201AE; Tue, 5 May 2026 06:32:44 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com C1F34201AE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955564; bh=7CqdPBhSulQ3gVqcaCWA5Os/krQsejXNpbAi0HmMp4w=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=rIQOIJG/ikhk3gmKrzCn4OVo05cVCOvHpjmgZY+PhGUJBKdoaS/xedc3LLGn/igqh DQM/DYBkzXs5q3Vb+PsSxMqCVmvCmj2XeASsUw5OuwNBcddQul/Kl+hrSETdMOI5FW EJvUaaHCLiYCG2rBRu5pwh7EKczNnYNPcEfQedUuE70WgYlKnMjwIyY4z5Tp2iyvHb KjkAa2SZmAObDaYEK/afgY7j3x//Rw6VFD1V5sz2OjQVw/iUv602SfSoaiVfy6vUvd a8e33FU6xaqDGbg+lrY/TABbItgrKaFizCaAl02AgV5YCW4ZOFHsH60QDLb7g60KfM +FBKeMZSrf8kA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:32:42 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 03/14] xfrm: allow migration from UDP encapsulated to non-encapsulated ESP Date: Tue, 5 May 2026 06:32:30 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) The current code prevents migrating an SA from UDP encapsulation to plain ESP. This is needed when moving from a NATed path to a non-NATed one, for example when switching from IPv4+NAT to IPv6. Only copy the existing encapsulation during migration if the encap attribute is explicitly provided. Note: PF_KEY's SADB_X_MIGRATE always passes encap=3DNULL and never supported encapsulation in migration. PF_KEY is deprecated and was in feature freeze when UDP encapsulation was added to xfrm. Signed-off-by: Antony Antony Tested-by: Yan Yan Reviewed-by: Sabrina Dubroca --- net/xfrm/xfrm_state.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 53d88b87bdbd..933541bc9093 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2008,14 +2008,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, } x->props.calgo =3D orig->props.calgo; =20 - if (encap || orig->encap) { - if (encap) - x->encap =3D kmemdup(encap, sizeof(*x->encap), - GFP_KERNEL); - else - x->encap =3D kmemdup(orig->encap, sizeof(*x->encap), - GFP_KERNEL); - + if (encap) { + x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; } --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A947386440; Tue, 5 May 2026 04:32:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955580; cv=none; b=Diton7Bm+vg9OJpzy9AXXztBZCg6giKoYvn/pfskBQKXKHTMzsqE9+Wrc/7f5Sg6faG5/2sOic8L07UEyVsUDqBl/uaj72G4PBHMeCrhS9UTlBakHMlgcjCscvq/ICiw8C5syF5wy4jKuvzf1/lz99ch28MZds+hk6L3PLCTW+I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955580; c=relaxed/simple; bh=HyDMnLJW2aZ5ZbZEAqFAWkOXF7vivG+s6uuvXwtkhYA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Uf8V10nNksoHVitsb5gLMMjrGPZuxRssx0JfragNg3XYYXTJWeiYwH3+2UCSbyw9FLD2HfMeSuAdDkIAXJ945s4EV6zqXQ5E0xLfMIL2gkODY3cgRspub+a7+AxAVOPJ+CsfzCckQ2EPiJpcvxnHMbNcn4D3tR9XwDaDzVA7srw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=flJTHxuZ; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="flJTHxuZ" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 43A15201E4; Tue, 5 May 2026 06:32:58 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MbTQ-_t8irt9; Tue, 5 May 2026 06:32:57 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id ADD53201AE; Tue, 5 May 2026 06:32:57 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com ADD53201AE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955577; bh=mqxIfO+ITJwRyS4L4XcGdoeP6l/sa/6MoJ9GkmgCZzM=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=flJTHxuZGbmmuM5qkaDiDcurse/ZpEWKfUCmpPkMK3+S2eURxj9wQgsIohqzyxQv4 9QCeP2iukOFMDmfYb59Krk8oOPSTi5H8Zs89wVhSKs46DHA0msxTKJ52/l3erxIJsP F79RB7iKmZ9+HZPK8vKVLIPU6DMxlaKqeSH60uz4pMQ0UrN8N24bdi4G7cW54xbKwI GcY/VnS3xL53glJY89JfX5hLF067zbg3wbfnxmV72g2LeHZiVDJSfhCQFeZkXJ3gER gX3xPokmsdWSL6eKk14sUbE+ZDjRh6YdghWN44KT7qJaeGnDDuEM4f+pKUf89JiudC NigJWSITtl2/g== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:32:54 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 04/14] xfrm: fix NAT-related field inheritance in SA migration Date: Tue, 5 May 2026 06:32:43 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) During SA migration via xfrm_state_clone_and_setup(), nat_keepalive_interval was silently dropped and never copied to the new SA. mapping_maxage was unconditionally copied even when migrating to a non-encapsulated SA. Both fields are only meaningful when UDP encapsulation (NAT-T) is in use. Move mapping_maxage and add nat_keepalive_interval inside the existing if (encap) block, so both are inherited when migrating with encapsulation and correctly absent when migrating without it. Signed-off-by: Antony Antony Reviewed-by: Sabrina Dubroca --- v5->v6: added this patch --- net/xfrm/xfrm_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 933541bc9093..b9de931d84c1 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2012,6 +2012,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; + x->mapping_maxage =3D orig->mapping_maxage; + x->nat_keepalive_interval =3D orig->nat_keepalive_interval; } =20 if (orig->security) @@ -2046,7 +2048,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->km.seq =3D orig->km.seq; x->replay =3D orig->replay; x->preplay =3D orig->preplay; - x->mapping_maxage =3D orig->mapping_maxage; x->lastused =3D orig->lastused; x->new_mapping =3D 0; x->new_mapping_sport =3D 0; --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD92131F9BA; Tue, 5 May 2026 04:33:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955592; cv=none; b=LoARqD9q7ZiU5IGTae66r5y2t3XmM8S7bc5wio867rx1Ift9zJLkZFr969GZtWztkicq2WNEa0UJsX/EXSCuJqNX0cTvsSeJrc+tz+ErXHxadCbhTAR/UGzQ2iUTj42cXGi6sfN7pofddG3VdUW5xpirf7EqPC1H/x5ZHSNpcrM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955592; c=relaxed/simple; bh=r4hFjJGCOQ3H2tIbEfEClomCP23YzdPBlr41HX63Gao=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=VI3SvaaqSy173gCEtq791YqkDxcCCdypmkLrGBl0QcKaV1E+O83Tc+4F6jHIx9M3pRlYjO1hslIjez1Ck6iB0b4Ei7vrTpeqQwwWqzCJx8M+6hQm+oziE5J37iL4SVtVgCiWtSSw6vlETYcOCi9zfqCDaHJ1BLtXmoGYbjEZpSk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=g9LQxrLz; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="g9LQxrLz" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 5CA59201E4; Tue, 5 May 2026 06:33:09 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UC0Hkjc0ahzm; Tue, 5 May 2026 06:33:08 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id A6B44201AE; Tue, 5 May 2026 06:33:08 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com A6B44201AE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955588; bh=VndmE5aKA1c8Yxvg0TEdv6C7T34K3myq94Z7JC+XXHQ=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=g9LQxrLzjAU8ur0TX98RpOKtUutYQoqigfw8PnCYDldHJA4AyYIokG8NXJhoWWjMx UuoEzjNjyILdw5lwkCvPb9M1GNZehI+Kupn0/i0x/DZFftnEY4a+V7D9SvClkaZo8h BgGzCxc72xb6EmSxQSt3FEEHZ+QYs8sZKh1GpgYRoLKfuhHHetB5JaXdZNgsA+yk4t jihvUDYl/hY94rOhq6otvr1h1JSu7h9fuch9M1oLeaJSv+emkKdFMQhd3iNIZHhz5s LUv9vfFwg8n7nw5Row4+CpM1g659KdzD/zDXiMUykrVuB9zxVkUtPwDs8acYrCU3RX lUCzZ000IO5SA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:33:06 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 05/14] xfrm: rename reqid in xfrm_migrate Date: Tue, 5 May 2026 06:32:56 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) In preparation for a later patch in this series s/reqid/old_reqid/. No functional change. Signed-off-by: Antony Antony --- include/net/xfrm.h | 2 +- net/key/af_key.c | 10 +++++----- net/xfrm/xfrm_policy.c | 4 ++-- net/xfrm/xfrm_state.c | 6 +++--- net/xfrm/xfrm_user.c | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 0c035955d87d..368b1dc22e5c 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -685,7 +685,7 @@ struct xfrm_migrate { u8 proto; u8 mode; u16 reserved; - u32 reqid; + u32 old_reqid; u16 old_family; u16 new_family; }; diff --git a/net/key/af_key.c b/net/key/af_key.c index 842bf5786e3f..1f0201d97b4f 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -2554,7 +2554,7 @@ static int ipsecrequests_to_migrate(struct sadb_x_ips= ecrequest *rq1, int len, if ((mode =3D pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0) return -EINVAL; m->mode =3D mode; - m->reqid =3D rq1->sadb_x_ipsecrequest_reqid; + m->old_reqid =3D rq1->sadb_x_ipsecrequest_reqid; =20 return ((int)(rq1->sadb_x_ipsecrequest_len + rq2->sadb_x_ipsecrequest_len)); @@ -3655,15 +3655,15 @@ static int pfkey_send_migrate(const struct xfrm_sel= ector *sel, u8 dir, u8 type, if (mode < 0) goto err; if (set_ipsecrequest(skb, mp->proto, mode, - (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), - mp->reqid, mp->old_family, + (mp->old_reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), + mp->old_reqid, mp->old_family, &mp->old_saddr, &mp->old_daddr) < 0) goto err; =20 /* new ipsecrequest */ if (set_ipsecrequest(skb, mp->proto, mode, - (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), - mp->reqid, mp->new_family, + (mp->old_reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), + mp->old_reqid, mp->new_family, &mp->new_saddr, &mp->new_daddr) < 0) goto err; } diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index c944327ce66c..fd505adf080e 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4538,7 +4538,7 @@ static int migrate_tmpl_match(const struct xfrm_migra= te *m, const struct xfrm_tm int match =3D 0; =20 if (t->mode =3D=3D m->mode && t->id.proto =3D=3D m->proto && - (m->reqid =3D=3D 0 || t->reqid =3D=3D m->reqid)) { + (m->old_reqid =3D=3D 0 || t->reqid =3D=3D m->old_reqid)) { switch (t->mode) { case XFRM_MODE_TUNNEL: case XFRM_MODE_BEET: @@ -4632,7 +4632,7 @@ static int xfrm_migrate_check(const struct xfrm_migra= te *m, int num_migrate, sizeof(m[i].old_saddr)) && m[i].proto =3D=3D m[j].proto && m[i].mode =3D=3D m[j].mode && - m[i].reqid =3D=3D m[j].reqid && + m[i].old_reqid =3D=3D m[j].old_reqid && m[i].old_family =3D=3D m[j].old_family) { NL_SET_ERR_MSG(extack, "Entries in the MIGRATE attribute's list must b= e unique"); return -EINVAL; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index b9de931d84c1..5424f2becbaf 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2081,14 +2081,14 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n =20 spin_lock_bh(&net->xfrm.xfrm_state_lock); =20 - if (m->reqid) { + if (m->old_reqid) { h =3D xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr, - m->reqid, m->old_family); + m->old_reqid, m->old_family); hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net= ) + h, bydst) { if (x->props.mode !=3D m->mode || x->id.proto !=3D m->proto) continue; - if (m->reqid && x->props.reqid !=3D m->reqid) + if (m->old_reqid && x->props.reqid !=3D m->old_reqid) continue; if (if_id !=3D 0 && x->if_id !=3D if_id) continue; diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index ae144d1e4a65..273ea6fdb8ad 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3104,7 +3104,7 @@ static int copy_from_user_migrate(struct xfrm_migrate= *ma, =20 ma->proto =3D um->proto; ma->mode =3D um->mode; - ma->reqid =3D um->reqid; + ma->old_reqid =3D um->reqid; =20 ma->old_family =3D um->old_family; ma->new_family =3D um->new_family; @@ -3187,7 +3187,7 @@ static int copy_to_user_migrate(const struct xfrm_mig= rate *m, struct sk_buff *sk memset(&um, 0, sizeof(um)); um.proto =3D m->proto; um.mode =3D m->mode; - um.reqid =3D m->reqid; + um.reqid =3D m->old_reqid; um.old_family =3D m->old_family; memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CACDA34752A; Tue, 5 May 2026 04:33:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955603; cv=none; b=ccUEZ+8EeXhDn0mDot/Cikp3cgxFti/xh/eFQxSLEQTa1AWutzP3GGyVBdmvU75i1gPk16SvH8uwIdA5I/sNrJ4EwAC+/GFzvj5cnFafN9+JYutAxIbUBHYBNtu1PNcEv+fGOZcNsUiP2vV80iqjxBlX7i2iCAxG1XttsWqyCho= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955603; c=relaxed/simple; bh=wKHCa3bzLcQMdyJHZt3omtmRgPgPlS6xAZw+smRdK+8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RRUB/c9rM3HgoTKcRlnG7HcZWooGlPxnjaGKRi0rEebcszAyH4ybO12Dyo0DRyEOWFAw1Sef+Uj0zFPsTCajdrrZL7FOmLJJ4dVDaieGqPfdcQbFc31dCtg2Co/7qzu/tYgKsY7vIAnc9og3JQbxUNmdsGNH/SO+2wDhGXrGakE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=EFTuVUsT; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="EFTuVUsT" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 6DC7620704; Tue, 5 May 2026 06:33:20 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id msrx9Lke_nin; Tue, 5 May 2026 06:33:19 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id B9DD0206DF; Tue, 5 May 2026 06:33:19 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com B9DD0206DF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955599; bh=EEftmkh0AA0hNDdXkoOqGBPd7Nm1kViKllM7RMRfWNQ=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=EFTuVUsTTduqX55a0p1D+hUXR9ZiGyY0XdJU1DR2TJUtJZLyZw8dkzQi7VBH/4s62 3zSXDwomFHLAONMTqcfzxBrP6EKuOPk/L4eQ3qBWWVQZPFUYcm5Ca63jBLHBtFf849 PUpmJsH/JOoA8BsSRm6nisz/HI3EEPZKuiNLCPKi4YT/2EWu2a8JlTyny6gvoThUSA NqaT1d36GTMJ/YaJZs2T8NuELxVWx3fVmOiJJWW45vldJAO+g7ydDOJLCS9Mk6ijzW GDt0nYnv1X9kmKL8Jnci8VeKpRISd7lxOf9hKKzUJS4VTi59qknKRanY32HNeZmnOD QEh0+dkv/1itA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:33:17 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 06/14] xfrm: split xfrm_state_migrate into create and install functions Date: Tue, 5 May 2026 06:33:07 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) To prepare for subsequent patches, split xfrm_state_migrate() into two functions: - xfrm_state_migrate_create(): creates the migrated state - xfrm_state_migrate_install(): installs it into the state table splitting will help to avoid SN/IV reuse when migrating AEAD SA. And add const whenever possible. No functional change. Signed-off-by: Antony Antony Reviewed-by: Sabrina Dubroca --- v4->v5: - added this patch --- include/net/xfrm.h | 11 ++++++++ net/xfrm/xfrm_state.c | 73 +++++++++++++++++++++++++++++++++++++----------= ---- 2 files changed, 64 insertions(+), 20 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 368b1dc22e5c..4137986f15e2 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1895,6 +1895,17 @@ int km_migrate(const struct xfrm_selector *sel, u8 d= ir, u8 type, const struct xfrm_encap_tmpl *encap); struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct = net *net, u32 if_id); +struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, + const struct xfrm_migrate *m, + const struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack); +int xfrm_state_migrate_install(const struct xfrm_state *x, + struct xfrm_state *xc, + const struct xfrm_migrate *m, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, struct xfrm_encap_tmpl *encap, diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 5424f2becbaf..85fd80520184 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1966,8 +1966,8 @@ static inline int clone_security(struct xfrm_state *x= , struct xfrm_sec_ctx *secu } =20 static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *or= ig, - struct xfrm_encap_tmpl *encap, - struct xfrm_migrate *m) + const struct xfrm_encap_tmpl *encap, + const struct xfrm_migrate *m) { struct net *net =3D xs_net(orig); struct xfrm_state *x =3D xfrm_state_alloc(net); @@ -2125,12 +2125,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n } EXPORT_SYMBOL(xfrm_migrate_state_find); =20 -struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, - struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, - struct net *net, - struct xfrm_user_offload *xuo, - struct netlink_ext_ack *extack) +struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, + const struct xfrm_migrate *m, + const struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 @@ -2145,24 +2145,57 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_s= tate *x, if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) goto error; =20 - /* add state */ + return xc; +error: + xc->km.state =3D XFRM_STATE_DEAD; + xfrm_state_put(xc); + return NULL; +} +EXPORT_SYMBOL(xfrm_state_migrate_create); + +int xfrm_state_migrate_install(const struct xfrm_state *x, + struct xfrm_state *xc, + const struct xfrm_migrate *m, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) +{ if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { - /* a care is needed when the destination address of the - state is to be updated as it is a part of triplet */ + /* + * Care is needed when the destination address + * of the state is to be updated as it is a part of triplet. + */ xfrm_state_insert(xc); } else { - if (xfrm_state_add(xc) < 0) - goto error_add; + if (xfrm_state_add(xc) < 0) { + if (xuo) + xfrm_dev_state_delete(xc); + xc->km.state =3D XFRM_STATE_DEAD; + xfrm_state_put(xc); + return -EEXIST; + } } =20 + return 0; +} +EXPORT_SYMBOL(xfrm_state_migrate_install); + +struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, + struct xfrm_migrate *m, + struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) +{ + struct xfrm_state *xc; + + xc =3D xfrm_state_migrate_create(x, m, encap, net, xuo, extack); + if (!xc) + return NULL; + + if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) + return NULL; + return xc; -error_add: - if (xuo) - xfrm_dev_state_delete(xc); -error: - xc->km.state =3D XFRM_STATE_DEAD; - xfrm_state_put(xc); - return NULL; } EXPORT_SYMBOL(xfrm_state_migrate); #endif --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4032219C566; Tue, 5 May 2026 04:33:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955619; cv=none; b=XeZ4CqVy3+jbMVAEQX7bV29UPLc3mAk9uhk6sFJarajoRXTB324ejMPVZlq1o1jlfDdFmxkIvT7tKfDr3G7CY4flchtsOYXa5qvCFHRvhCYckThc9mZbUovChyMTN0mni7cNEAmurMeuKLJydE2mja5LUK28N1ZWE8fsBxVUj4w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955619; c=relaxed/simple; bh=+A0pHmpKmr7ukU57OfFtTMgWJ/z3IpbQtf5v4jCezrE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Ows1nrWXMdhq5FxqZqcwlgshrduu82f/7FHudmb1/kgxqknyVh6gXnrQzFfa2J6dpDku1v2IU05RtrJ3VR6ce0NcQxIK4vzmAjvixCUgaokVTjT340/GL8HmNOxlICFHpqcwiKfMgltKjvey7+wYbjTD20xdPPv93k5o5Qg1oAY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=Dgkpzr9P; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="Dgkpzr9P" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 0888A206E9; Tue, 5 May 2026 06:33:37 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KydiItjL--5r; Tue, 5 May 2026 06:33:36 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 736B0201E4; Tue, 5 May 2026 06:33:36 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 736B0201E4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955616; bh=c8Dc5CWAd/hhYJH7zXEnN9tyHw5JwEFT3yi77BMQmsw=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=Dgkpzr9PimX2BAe83WlN0oho5J8uIPnXG8TPWb7bkJmHxi/uOPv4XfLJyvi0/PzH+ 9VIUwJ+QAtncmA8EV24YbPtpFRtQ9tF7CRnmiF/U2hz7Hqb+KQkT8Te/cbX4KznLA5 ya2EgbVjXasVTFX5XaT3ILK3VfJntutQ7d9K37vvAF7D3ecZ96eZmT51GVM1osh7eF RgA8mXeOiP17GN75el0QPoLjM89M4T9UAZMKM57OSA2ODtFnEL38mYj+KGTtb+M+Sm B3FFlO2AZdGfj2XoZLa9kYEORFg4FRDbphVmcSXiMLkJSfMTBqDOIwTXoVEZ7gvX7U HFYjFbnCW2dBA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:33:32 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 07/14] xfrm: check family before comparing addresses in migrate Date: Tue, 5 May 2026 06:33:18 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) When migrating between different address families, xfrm_addr_equal() cannot meaningfully compare addresses, different lengths. Only call xfrm_addr_equal() when families match, and take the xfrm_state_insert() path when addresses are equal. Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint addr= ess(es)") Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_state.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 85fd80520184..327a855253e6 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2159,10 +2159,11 @@ int xfrm_state_migrate_install(const struct xfrm_st= ate *x, struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { - if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { + if (m->new_family =3D=3D m->old_family && + xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { /* - * Care is needed when the destination address - * of the state is to be updated as it is a part of triplet. + * Care is needed when the destination address of the state is + * to be updated as it is a part of triplet. */ xfrm_state_insert(xc); } else { --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 73E9B3C061F; Tue, 5 May 2026 04:33:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955636; cv=none; b=CU2erjSrvsdfGmDRk55rSvgrf8YP/FEO3rB9dyT2602xlFVXsBuqf39rOEV67pbsYm2NnUvAgBCkBwzczW+Q/D79QLsLtRya3czFdE28pyMc4PgLle7BlHx2adudefrc63WlUz8lfU7FWTgRlJN9XP4U4SJlD0ck7xQLMwBtlk8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955636; c=relaxed/simple; bh=/xOhxfAvktLqrl487vd1De5bZe22caKuH7jFjEXOwv4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QXZU9gTsVB4ViAS2qNcYCIbRj9cRii9jOWj9v86qEFLZ+BJltWtcwdyGM4tHFn3gx0+cXOIZW1ZHJFiLVu9uaiM7ODa5ihCfxoGU+hBnpMJrnw8JPkkvnQ13eWtgG1C3lzDd1caalXpXbRAj60kTK2KRkCP5iRFMPuRAQgaIl0c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=NXwALLLI; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="NXwALLLI" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id DBE59201E2; Tue, 5 May 2026 06:33:51 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZU03Cr5cb2KU; Tue, 5 May 2026 06:33:51 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 2942C20049; Tue, 5 May 2026 06:33:51 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 2942C20049 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955631; bh=qu6EWOPrCSZgNx/xfDQ43EMucg5M59PsSb5NL6DVhA0=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=NXwALLLI+vyURueV+v9Zopk5LWsOPZkyU8r1PNb3yKu6wmGw0XtxvRYbktDxM0gRT JRv3jFw6y3CAOVAnR3iR0032jS0WhoYZiQr5HJW0XxfAUCE3E6ufnAGbUilb/Ypb6c mWKruPB1s5d8IXOE/1iV10zq2B0euCzWXwlni3pPDkgUQcv6iBbf/+tdO400K6jKai D39fn9t3qDfazh6Ie2/37f2zUSeNVzE3QWutAdWSDHgU05yobmM1gInFD5QfKL1UbN +7NCkVrbdu+ZYomqGwu1yruMgEzCvmeBG0sr0eTqoCMr/svjgwqX84oL1RkFzdfjmN owiNAR5opJ7Ng== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:33:45 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 08/14] xfrm: add state synchronization after migration Date: Tue, 5 May 2026 06:33:34 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) Add xfrm_migrate_sync() to copy curlft and replay state from the old SA to the new one before installation. The function allocates no memory, so it can be called under a spinlock. In preparation for a subsequent patch in this series. A subsequent patch calls this under x->lock, atomically capturing the latest lifetime counters and replay state from the original SA and deleting it in the same critical section to prevent SN/IV reuse for XFRM_MSG_MIGRATE_STATE method. No functional change. Signed-off-by: Antony Antony --- v6->v7: - rephrase commit message v5->v6: - move the sync before install to avoid overwriting v4->v5: - added this patch --- include/net/xfrm.h | 46 +++++++++++++++++++++++++++++++++++++--------- net/xfrm/xfrm_state.c | 11 ++++------- 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4137986f15e2..be22c26e4661 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -2024,23 +2024,51 @@ static inline unsigned int xfrm_replay_state_esn_le= n(struct xfrm_replay_state_es =20 #ifdef CONFIG_XFRM_MIGRATE static inline int xfrm_replay_clone(struct xfrm_state *x, - struct xfrm_state *orig) + const struct xfrm_state *orig) { + /* Counters synced later in xfrm_replay_sync() */ =20 - x->replay_esn =3D kmemdup(orig->replay_esn, + x->replay =3D orig->replay; + x->preplay =3D orig->preplay; + + if (orig->replay_esn) { + x->replay_esn =3D kmemdup(orig->replay_esn, xfrm_replay_state_esn_len(orig->replay_esn), GFP_KERNEL); - if (!x->replay_esn) - return -ENOMEM; - x->preplay_esn =3D kmemdup(orig->preplay_esn, - xfrm_replay_state_esn_len(orig->preplay_esn), - GFP_KERNEL); - if (!x->preplay_esn) - return -ENOMEM; + if (!x->replay_esn) + return -ENOMEM; + x->preplay_esn =3D kmemdup(orig->preplay_esn, + xfrm_replay_state_esn_len(orig->preplay_esn), + GFP_KERNEL); + if (!x->preplay_esn) + return -ENOMEM; + } =20 return 0; } =20 +static inline void xfrm_replay_sync(struct xfrm_state *x, const struct xfr= m_state *orig) +{ + x->replay =3D orig->replay; + x->preplay =3D orig->preplay; + + if (orig->replay_esn) { + memcpy(x->replay_esn, orig->replay_esn, + xfrm_replay_state_esn_len(orig->replay_esn)); + + memcpy(x->preplay_esn, orig->preplay_esn, + xfrm_replay_state_esn_len(orig->preplay_esn)); + } +} + +static inline void xfrm_migrate_sync(struct xfrm_state *x, + const struct xfrm_state *orig) +{ + /* called under lock so no race conditions or mallocs allowed */ + memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft)); + xfrm_replay_sync(x, orig); +} + static inline struct xfrm_algo_aead *xfrm_algo_aead_clone(struct xfrm_algo= _aead *orig) { return kmemdup(orig, aead_len(orig), GFP_KERNEL); diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 327a855253e6..fcf6f0c6400d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2027,10 +2027,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, goto error; } =20 - if (orig->replay_esn) { - if (xfrm_replay_clone(x, orig)) - goto error; - } + if (xfrm_replay_clone(x, orig)) + goto error; =20 memcpy(&x->mark, &orig->mark, sizeof(x->mark)); memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); @@ -2043,11 +2041,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, x->tfcpad =3D orig->tfcpad; x->replay_maxdiff =3D orig->replay_maxdiff; x->replay_maxage =3D orig->replay_maxage; - memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft)); x->km.state =3D orig->km.state; x->km.seq =3D orig->km.seq; - x->replay =3D orig->replay; - x->preplay =3D orig->preplay; x->lastused =3D orig->lastused; x->new_mapping =3D 0; x->new_mapping_sport =3D 0; @@ -2193,6 +2188,8 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_sta= te *x, if (!xc) return NULL; =20 + xfrm_migrate_sync(xc, x); + if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) return NULL; =20 --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89F5F35F5FE; Tue, 5 May 2026 04:34:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955649; cv=none; b=WgZ5ZGEYdmnCsYLFHtpiufY7RhcQvsUVtg+QAGJQcBBAy7cWuhk6ZgJ9xi63eRhfctvVv4ttfV6bw1fE51jmOJV5GimpkBdSQu5AncPQAaHfjZocxVF4DAHSETdQTzTzepkrH0v+p2/kDFlQFU/AFfbUFHrSpyHeXyG8AyNPi4k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955649; c=relaxed/simple; bh=GEgcwQSivjEmA9c1faw8oiTdUx0iQD86pdf1wqOTzRE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HTPJxmlNyTV/DJeycMvGvTyNI1Rf7DHoN/Q0gZK189MWUvxynXYNy9hKIFfEY6s1DFo5bFpLZOBq74B4yp1gzIwm2qTGpdZpBLCtn3BJEmiZ7ztD/u9citUHQrFjSyuWR0JkIn6E3+esibpN/gOTR5ncSpuAvzKq+KBvSI2VsW0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=NDjb75bT; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="NDjb75bT" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 41C31206E9; Tue, 5 May 2026 06:34:06 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZpULGyUdYY8; Tue, 5 May 2026 06:34:05 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 9E75020049; Tue, 5 May 2026 06:34:05 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 9E75020049 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955645; bh=apXyL2JPhsOMYPnDTtlAKoQzmWK51ZwYMi27gCWRk3Y=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=NDjb75bT/I0u07S5Pt10j7ny+4VOrXMtnjRFZyXhKYBkB4dwWbrCxJ7Ci9jVcq7xR ona+TrNCEwkAcp1gvxhPnzGJ2Is8zsR4NZshbq9AGkXzJTbcoJzy1Ce6det8KENJzn XxI7FxMu5hFR/N6kJhWcveZH0yk3PSt4GGzO6KGOI660vgjlnkXhlrx0dibHf777m4 BDRHFwlpToEMl5Si2EYRNkVG1/EmngbOc0ezxa4lizujPjoiUFCQeiR/BtO0vhgSlj H6V0ej2JkYwt6pDcu4V3U84+zLuihZ/uygRjNH35ZOPdL44kwGPf23c3UO5ZBDgfJG U0XTebjaYSc8w== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:34:01 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 09/14] xfrm: add error messages to state migration Date: Tue, 5 May 2026 06:33:49 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) Add descriptive(extack) error messages for all error paths in state migration. This improves diagnostics by providing clear feedback when migration fails. After xfrm_init_state() use NL_SET_ERR_MSG_WEAK() as fallback for error paths not yet propagating extack e.g. mode_cbs->init_state() No functional change. Signed-off-by: Antony Antony Reviewed-by: Sabrina Dubroca --- v5->v6: - in case dev_state_add() extack already set - after xfrm_init_state() use NL_SET_ERR_MSG_WEAK() as fallback v4->v5: - added this patch --- net/xfrm/xfrm_state.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index fcf6f0c6400d..1db48ecda80d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2130,11 +2130,15 @@ struct xfrm_state *xfrm_state_migrate_create(struct= xfrm_state *x, struct xfrm_state *xc; =20 xc =3D xfrm_state_clone_and_setup(x, encap, m); - if (!xc) + if (!xc) { + NL_SET_ERR_MSG(extack, "Failed to clone and setup state"); return NULL; + } =20 - if (xfrm_init_state(xc, extack) < 0) + if (xfrm_init_state(xc, extack) < 0) { + NL_SET_ERR_MSG_WEAK(extack, "Failed to initialize migrated state"); goto error; + } =20 /* configure the hardware if offload is requested */ if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) @@ -2163,6 +2167,7 @@ int xfrm_state_migrate_install(const struct xfrm_stat= e *x, xfrm_state_insert(xc); } else { if (xfrm_state_add(xc) < 0) { + NL_SET_ERR_MSG(extack, "Failed to add migrated state"); if (xuo) xfrm_dev_state_delete(xc); xc->km.state =3D XFRM_STATE_DEAD; --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E840C1CBEB9; Tue, 5 May 2026 04:34:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955662; cv=none; b=guFLcrWUkls6ZhppSgxBqgfYqTpGjrbX2oZpvdkIP8TMWiMyz4+geNTeIf/gmJqAyj9vZHooGcI2mV5snjL6FUiMXAQKTAiYeQ1vvMMEH9sbJE0rjO2ElnY+2nDkPZmxqWHy8dweVO/BT8GzQFonsIvN5gFadmKppEf5oaBclIg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955662; c=relaxed/simple; bh=ROkQQjcozTbH+lK7rLa25VipnO9Von+LUjerRQL3oyA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=R/OEDOoFjuwQ+UipLU0sd+635kLu64h0X5uWUihhu7O6za1S2yEW/J+5XIXfMVOPXm2XyiuF6KBnVkgBIMtSuVFK11jPzdGuBHDJXRnb7FeTNJY2zBRN5OBMirQ8YG+5/pVhQWe+KV+/uiUkltzZw4WNZb623+l3eZzUoC4UTls= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=XJNvbzE6; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="XJNvbzE6" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id A1624206E9; Tue, 5 May 2026 06:34:19 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ObDISX7Pz7Eh; Tue, 5 May 2026 06:34:19 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id E1E2420049; Tue, 5 May 2026 06:34:18 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com E1E2420049 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955658; bh=emxtaJ2lESUwFih2fmaeQMZoNrIPoa8WZifNsod9eig=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=XJNvbzE66d4zgEtS3FcRlSBC1l2dnk/g3h54axH2piqr3yaIOwUxKF5az5/WaPAyL dL05LnQWHZqAdBUSGQmz9fvbUDnVGrHGQSviNv4N7OuVsB0IV++ZzFfzEOXarI8UnG 3CjCZpTbm1J6gGmydokbCG7kxAH1o+ieh+K+qNNByLBZ9ydXOaPBTfy1tVEdJuRRlt h7iet9B5pSpor2wph7ZVzivre869kQFcSd7ZRRymlMd3o+2dR05yv5/OfZbL3Suyxc Bay+qPa1d1Vqe7PbLxZZTMs2VgtnrGgsLku2XyZrXOGntw0xHKRQoxC/A9NPS3O89X 2xko8gSmsLJXA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:34:15 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 10/14] xfrm: move encap and xuo into struct xfrm_migrate Date: Tue, 5 May 2026 06:34:04 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) In preparation for an upcoming patch, move the xfrm_encap_tmpl and xfrm_user_offload pointers from separate parameters into struct xfrm_migrate, reducing the parameter count of xfrm_state_migrate_create(), xfrm_state_migrate_install(), and xfrm_state_migrate(). The fields are placed after the four xfrm_address_t members where the struct is naturally 8-byte aligned, avoiding padding. No functional change. Signed-off-by: Antony Antony Reviewed-by: Sabrina Dubroca --- v5->v6: added this patch. --- include/net/xfrm.h | 7 ++----- net/xfrm/xfrm_policy.c | 4 +++- net/xfrm/xfrm_state.c | 20 +++++++------------- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index be22c26e4661..4b29ab92c2a7 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -682,6 +682,8 @@ struct xfrm_migrate { xfrm_address_t old_saddr; xfrm_address_t new_daddr; xfrm_address_t new_saddr; + struct xfrm_encap_tmpl *encap; + struct xfrm_user_offload *xuo; u8 proto; u8 mode; u16 reserved; @@ -1897,20 +1899,15 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n u32 if_id); struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, const struct xfrm_migrate *m, - const struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_state_migrate_install(const struct xfrm_state *x, struct xfrm_state *xc, const struct xfrm_migrate *m, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index fd505adf080e..cf05d778e2dd 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4680,7 +4680,9 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, if ((x =3D xfrm_migrate_state_find(mp, net, if_id))) { x_cur[nx_cur] =3D x; nx_cur++; - xc =3D xfrm_state_migrate(x, mp, encap, net, xuo, extack); + mp->encap =3D encap; + mp->xuo =3D xuo; + xc =3D xfrm_state_migrate(x, mp, net, extack); if (xc) { x_new[nx_new] =3D xc; nx_new++; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 1db48ecda80d..043e573c4f32 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1966,7 +1966,6 @@ static inline int clone_security(struct xfrm_state *x= , struct xfrm_sec_ctx *secu } =20 static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *or= ig, - const struct xfrm_encap_tmpl *encap, const struct xfrm_migrate *m) { struct net *net =3D xs_net(orig); @@ -2008,8 +2007,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, } x->props.calgo =3D orig->props.calgo; =20 - if (encap) { - x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); + if (m->encap) { + x->encap =3D kmemdup(m->encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; x->mapping_maxage =3D orig->mapping_maxage; @@ -2122,14 +2121,12 @@ EXPORT_SYMBOL(xfrm_migrate_state_find); =20 struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, const struct xfrm_migrate *m, - const struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 - xc =3D xfrm_state_clone_and_setup(x, encap, m); + xc =3D xfrm_state_clone_and_setup(x, m); if (!xc) { NL_SET_ERR_MSG(extack, "Failed to clone and setup state"); return NULL; @@ -2141,7 +2138,7 @@ struct xfrm_state *xfrm_state_migrate_create(struct x= frm_state *x, } =20 /* configure the hardware if offload is requested */ - if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) + if (m->xuo && xfrm_dev_state_add(net, xc, m->xuo, extack)) goto error; =20 return xc; @@ -2155,7 +2152,6 @@ EXPORT_SYMBOL(xfrm_state_migrate_create); int xfrm_state_migrate_install(const struct xfrm_state *x, struct xfrm_state *xc, const struct xfrm_migrate *m, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { if (m->new_family =3D=3D m->old_family && @@ -2168,7 +2164,7 @@ int xfrm_state_migrate_install(const struct xfrm_stat= e *x, } else { if (xfrm_state_add(xc) < 0) { NL_SET_ERR_MSG(extack, "Failed to add migrated state"); - if (xuo) + if (m->xuo) xfrm_dev_state_delete(xc); xc->km.state =3D XFRM_STATE_DEAD; xfrm_state_put(xc); @@ -2182,20 +2178,18 @@ EXPORT_SYMBOL(xfrm_state_migrate_install); =20 struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 - xc =3D xfrm_state_migrate_create(x, m, encap, net, xuo, extack); + xc =3D xfrm_state_migrate_create(x, m, net, extack); if (!xc) return NULL; =20 xfrm_migrate_sync(xc, x); =20 - if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) + if (xfrm_state_migrate_install(x, xc, m, extack) < 0) return NULL; =20 return xc; --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C334F378D9C; Tue, 5 May 2026 04:34:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955674; cv=none; b=PFyCWFmWvAv3sUMQh1JwlnuPJXZsXGw5MqQ1hnTmICkOikXpWN0IcD0PTPUS45avzWT6/KngcR+PKnA6e0yXu7xiTqq826LqTBoiny43ZWo+hqBS3agd0lO7Jm07niZSc7lAOyP9MMqg1qNF/mFRPAaVznrd1WocQtU5yFTUUjA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955674; c=relaxed/simple; bh=mNC+qFCIm3S+Cqcjrl1alQUoBlH4etYwZGdgmKgRD5k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QyX/VeSki3Y7hfYUhxPjbtxsSRl0VfxYg6CDjDKQ6qIUBRp1PCL3tYVwdZr+S6wKfW0NFdhHIvovV+ADJ3CmtZ6SM0EK6+30Ni1ehhfDKfTUvWErgrGo4SFQFzoTubbyrUHor4KHoDwaWwrGwhUdLOf0CWtWgDukz24LI5RnytU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=uAEjy5R5; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="uAEjy5R5" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id A623520719; Tue, 5 May 2026 06:34:31 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CRuK3EZHryJS; Tue, 5 May 2026 06:34:30 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id ABA23206E9; Tue, 5 May 2026 06:34:30 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com ABA23206E9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955670; bh=OHxEm3OzaP2lf7ce9tWGy8l3TbqkgIeNjP3xVUN5uOQ=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=uAEjy5R56Ja8ZhLNhmBTxvGZrBbqgphtF6QLWLXg+WD6uEHeuoA1u8Ku0iJeCBB7Y H4cXt+/a4HOy8cyqHE8ydXkEKoQL2z8pW6un8ryRsu5IhOkGsbpemXpjucJR7Eokes 1rBu86veikPpO/1jHgZLfhr+Ivi0msHalaQQM480AgS6XZMob2E+KXYtd3+GfFh/UE WP8hFoUmgYiMSJyxdbKK7bwHdZwzdyfvGzVmRkWQVwC5zsqG9EZMMt/iZKa7F+lOJT t4LYTMnD1F9M6FAWE2WwLpai/c53H05zNW7j9mh2e0FaGho51+3fAYxvthjhvVB/0L RiXzJ95nCrf2A== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:34:28 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 11/14] xfrm: refactor XFRMA_MTIMER_THRESH validation into a helper Date: Tue, 5 May 2026 06:34:17 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) Extract verify_mtimer_thresh() to consolidate the XFRMA_MTIMER_THRESH validation logic shared between the add_sa and upcoming patch. Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_user.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 273ea6fdb8ad..03fa4cabf601 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -248,6 +248,22 @@ static inline int verify_replay(struct xfrm_usersa_inf= o *p, return 0; } =20 +static int verify_mtimer_thresh(bool has_encap, u8 dir, + struct netlink_ext_ack *extack) +{ + if (!has_encap) { + NL_SET_ERR_MSG(extack, + "MTIMER_THRESH requires encapsulation"); + return -EINVAL; + } + if (dir =3D=3D XFRM_SA_DIR_OUT) { + NL_SET_ERR_MSG(extack, + "MTIMER_THRESH should not be set on output SA"); + return -EINVAL; + } + return 0; +} + static int verify_newsa_info(struct xfrm_usersa_info *p, struct nlattr **attrs, struct netlink_ext_ack *extack) @@ -455,18 +471,9 @@ static int verify_newsa_info(struct xfrm_usersa_info *= p, err =3D 0; =20 if (attrs[XFRMA_MTIMER_THRESH]) { - if (!attrs[XFRMA_ENCAP]) { - NL_SET_ERR_MSG(extack, "MTIMER_THRESH attribute can only be set on ENCA= P states"); - err =3D -EINVAL; - goto out; - } - - if (sa_dir =3D=3D XFRM_SA_DIR_OUT) { - NL_SET_ERR_MSG(extack, - "MTIMER_THRESH attribute should not be set on output SA"); - err =3D -EINVAL; + err =3D verify_mtimer_thresh(!!attrs[XFRMA_ENCAP], sa_dir, extack); + if (err) goto out; - } } =20 if (sa_dir =3D=3D XFRM_SA_DIR_OUT) { --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1E36346E46; Tue, 5 May 2026 04:34:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955689; cv=none; b=nXQ7KXz4xlbP3SRYV4Ye2TFe1OPHXo2LTRhljSvAc0PcKAoVOWiVjRXbc7Zx3yzwW7oInOEehicQkT7evnWGJvKZpLT3jGnn3Fxhmnc0pt3AembK4iIDtIwhjsSRQOJHs80W2TkSROsJZqTuhIW8M5wFKlumNVjPygRLUwQRDx0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955689; c=relaxed/simple; bh=Wi6d3S6vVAzM+JdFH9D3bmRRXwOm1biF0mTgLOU2Bh8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AExwiPF9OyKMLAisFju2kKaWmBhCAZlYwTQ6pMTLAfVGbGfjazaRSHAjEh4SACgCbi2aKbafnIAvuX7zXNGb/SxNZCfA6v86dtMlhwj9KpnyulctuGgflwJ0Tjx2mMUC41Kz759RB98JsQ5Y0WDjPLGCzeXAuZNxt7vuWmKFxnU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=Fq+Eq1pt; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="Fq+Eq1pt" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 7EC80206E9; Tue, 5 May 2026 06:34:45 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7qFC_5zuzKiN; Tue, 5 May 2026 06:34:44 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 197D720049; Tue, 5 May 2026 06:34:44 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 197D720049 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955684; bh=dqM2ESYjP8RyXx75ROolDwDloX5s4XapvWLm8lQ0rMg=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=Fq+Eq1ptU9Jjt0yF9no7SVVln/EKv83pRX0GB65HSsJ7+hynfDMN5GjlA2+5qWO/k Ex6qnW689Rw/zl3P+yzdpO0VrrvBDkXx5OFzQsWAbElfNUxI7yB4UC4vl4M9ExqvSP +KaYIKvt4J9lSf6VJrVYYxdw07QE9LHBBy9C1CqLf53Ic7NiODLH1v59LuukuhETH8 g9FGmzUHao4jTH2vV3BLTnBoR91w0Nam8xYQ1fBPFJ/+5K7sJmF4bvCw6sLvgPi1up ZeV14ahnlkkUszMSf4FnE2auqA/SML0FXn9de0bDfJW5p7NHiNcjztWQqQQkIfEyf8 CL+yM8z5S+bPw== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:34:41 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 12/14] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration Date: Tue, 5 May 2026 06:34:29 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) Add a new netlink method to migrate a single xfrm_state. Unlike the existing migration mechanism (SA + policy), this supports migrating only the SA and allows changing the reqid. The SA is looked up via xfrm_usersa_id, which uniquely identifies it, so old_saddr is not needed. old_daddr is carried in xfrm_usersa_id.daddr. The reqid is invariant in the old migration. Signed-off-by: Antony Antony --- v7->v8: - removed the unknown-flags validation block v6->v7: - add flags field to xfrm_user_migrate_state (based on Sabrina's fe= edback) - add XFRM_MIGRATE_STATE_NO_OFFLOAD (bit 0): suppresses offload - omit-to-inherit; mutually exclusive with XFRMA_OFFLOAD_DEV - zero-initialize struct xfrm_migrate m[XFRM_MAX_DEPTH] - add struct xfrm_selector new_sel to xfrm_user_migrate_state - add XFRM_MIGRATE_STATE_UPDATE_SEL: derive new selector from SA addresses when old selector is a single-host match v5->v6: - (Feedback from Sabrina's review) - reqid change: use xfrm_state_add, not xfrm_state_insert - encap and xuo: use nla_data() directly, no kmemdup needed - notification failure is non-fatal: set extack warning, return 0 - drop state direction, x->dir, check, not required - reverse xmas tree local variable ordering - use NL_SET_ERR_MSG_WEAK for clone failure message - fix implicit padding in xfrm_user_migrate_state uapi struct - support XFRMA_SET_MARK/XFRMA_SET_MARK_MASK in XFRM_MSG_MIGRATE_STATE v4->v5: - set portid, seq in XFRM_MSG_MIGRATE_STATE netlink notification - rename error label to out for clarity - add locking and synchronize after cloning - change some if(x) to if(!x) for clarity - call __xfrm_state_delete() inside the lock - return error from xfrm_send_migrate_state() instead of always returning= 0 v3->v4: preserve reqid invariant for each state migrated v2->v3: free the skb on the error path v1->v2: merged next patch here to fix use uninitialized value - removed unnecessary inline - added const when possible --- include/net/xfrm.h | 16 ++- include/uapi/linux/xfrm.h | 21 ++++ net/xfrm/xfrm_device.c | 2 +- net/xfrm/xfrm_policy.c | 19 +++ net/xfrm/xfrm_state.c | 29 +++-- net/xfrm/xfrm_user.c | 281 ++++++++++++++++++++++++++++++++++++++++= +++- security/selinux/nlmsgtab.c | 3 +- 7 files changed, 357 insertions(+), 14 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4b29ab92c2a7..e33e524cd909 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -684,12 +684,20 @@ struct xfrm_migrate { xfrm_address_t new_saddr; struct xfrm_encap_tmpl *encap; struct xfrm_user_offload *xuo; + struct xfrm_mark old_mark; + struct xfrm_mark *new_mark; + struct xfrm_mark smark; u8 proto; u8 mode; - u16 reserved; + u16 msg_type; /* XFRM_MSG_MIGRATE or XFRM_MSG_MIGRATE_STATE */ + u32 flags; u32 old_reqid; + u32 new_reqid; + u32 nat_keepalive_interval; + u32 mapping_maxage; u16 old_family; u16 new_family; + const struct xfrm_selector *new_sel; }; =20 #define XFRM_KM_TIMEOUT 30 @@ -2104,7 +2112,7 @@ void xfrm_dev_resume(struct sk_buff *skb); void xfrm_dev_backlog(struct softnet_data *sd); struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t = features, bool *again); int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, - struct xfrm_user_offload *xuo, + const struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_dev_policy_add(struct net *net, struct xfrm_policy *xp, struct xfrm_user_offload *xuo, u8 dir, @@ -2175,7 +2183,9 @@ static inline struct sk_buff *validate_xmit_xfrm(stru= ct sk_buff *skb, netdev_fea return skb; } =20 -static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x= , struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) +static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, + const struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) { return 0; } diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h index a23495c0e0a1..34d8ad5c4818 100644 --- a/include/uapi/linux/xfrm.h +++ b/include/uapi/linux/xfrm.h @@ -227,6 +227,9 @@ enum { #define XFRM_MSG_SETDEFAULT XFRM_MSG_SETDEFAULT XFRM_MSG_GETDEFAULT, #define XFRM_MSG_GETDEFAULT XFRM_MSG_GETDEFAULT + + XFRM_MSG_MIGRATE_STATE, +#define XFRM_MSG_MIGRATE_STATE XFRM_MSG_MIGRATE_STATE __XFRM_MSG_MAX }; #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) @@ -507,6 +510,24 @@ struct xfrm_user_migrate { __u16 new_family; }; =20 +struct xfrm_user_migrate_state { + struct xfrm_usersa_id id; + xfrm_address_t new_daddr; + xfrm_address_t new_saddr; + struct xfrm_mark old_mark; + struct xfrm_selector new_sel; + __u32 new_reqid; + __u32 flags; + __u16 new_family; + __u16 reserved; +}; + +/* Flags for xfrm_user_migrate_state.flags */ +enum xfrm_migrate_state_flags { + XFRM_MIGRATE_STATE_NO_OFFLOAD =3D 1, /* do not inherit offload from exist= ing SA */ + XFRM_MIGRATE_STATE_UPDATE_SEL =3D 2, /* update host-to-host selector from= saddr and daddr */ +}; + struct xfrm_user_mapping { struct xfrm_usersa_id id; __u32 reqid; diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 550457e4c4f0..630f3dd31cc5 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -229,7 +229,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb,= netdev_features_t featur EXPORT_SYMBOL_GPL(validate_xmit_xfrm); =20 int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, - struct xfrm_user_offload *xuo, + const struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { int err; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index cf05d778e2dd..9ecc4c8ba693 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4643,6 +4643,22 @@ static int xfrm_migrate_check(const struct xfrm_migr= ate *m, int num_migrate, return 0; } =20 +/* + * Fill migrate fields that are invariant in XFRM_MSG_MIGRATE: inherited + * from the existing SA unchanged. XFRM_MSG_MIGRATE_STATE can update these. + */ +static void xfrm_migrate_copy_old(struct xfrm_migrate *mp, + const struct xfrm_state *x, + struct xfrm_mark *new_mark_buf) +{ + mp->smark =3D x->props.smark; + mp->new_reqid =3D x->props.reqid; + mp->nat_keepalive_interval =3D x->nat_keepalive_interval; + mp->mapping_maxage =3D x->mapping_maxage; + *new_mark_buf =3D x->mark; + mp->new_mark =3D new_mark_buf; +} + int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_migrate, struct xfrm_kmaddress *k, struct net *net, @@ -4650,6 +4666,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, struct netlink_ext_ack *extack, struct xfrm_user_offload *xuo) { int i, err, nx_cur =3D 0, nx_new =3D 0; + struct xfrm_mark new_marks[XFRM_MAX_DEPTH] =3D {}; struct xfrm_policy *pol =3D NULL; struct xfrm_state *x, *xc; struct xfrm_state *x_cur[XFRM_MAX_DEPTH]; @@ -4682,6 +4699,8 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, nx_cur++; mp->encap =3D encap; mp->xuo =3D xuo; + xfrm_migrate_copy_old(mp, x, &new_marks[i]); + xc =3D xfrm_state_migrate(x, mp, net, extack); if (xc) { x_new[nx_new] =3D xc; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 043e573c4f32..44244bd323ea 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1974,11 +1974,25 @@ static struct xfrm_state *xfrm_state_clone_and_setu= p(struct xfrm_state *orig, goto out; =20 memcpy(&x->id, &orig->id, sizeof(x->id)); - memcpy(&x->sel, &orig->sel, sizeof(x->sel)); + if (m->msg_type =3D=3D XFRM_MSG_MIGRATE_STATE) { + if (m->flags & XFRM_MIGRATE_STATE_UPDATE_SEL) { + u8 prefixlen =3D (m->new_family =3D=3D AF_INET6) ? 128 : 32; + + memcpy(&x->sel, &orig->sel, sizeof(x->sel)); + x->sel.family =3D m->new_family; + x->sel.prefixlen_d =3D prefixlen; + x->sel.prefixlen_s =3D prefixlen; + memcpy(&x->sel.daddr, &m->new_daddr, sizeof(x->sel.daddr)); + memcpy(&x->sel.saddr, &m->new_saddr, sizeof(x->sel.saddr)); + } else { + x->sel =3D *m->new_sel; + } + } else { + memcpy(&x->sel, &orig->sel, sizeof(x->sel)); + } memcpy(&x->lft, &orig->lft, sizeof(x->lft)); x->props.mode =3D orig->props.mode; x->props.replay_window =3D orig->props.replay_window; - x->props.reqid =3D orig->props.reqid; =20 if (orig->aalg) { x->aalg =3D xfrm_algo_auth_clone(orig->aalg); @@ -2011,8 +2025,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->encap =3D kmemdup(m->encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; - x->mapping_maxage =3D orig->mapping_maxage; - x->nat_keepalive_interval =3D orig->nat_keepalive_interval; + x->mapping_maxage =3D m->mapping_maxage; + x->nat_keepalive_interval =3D m->nat_keepalive_interval; } =20 if (orig->security) @@ -2029,8 +2043,9 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, if (xfrm_replay_clone(x, orig)) goto error; =20 - memcpy(&x->mark, &orig->mark, sizeof(x->mark)); - memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); + x->mark =3D m->new_mark ? *m->new_mark : m->old_mark; + + x->props.smark =3D m->smark; =20 x->props.flags =3D orig->props.flags; x->props.extra_flags =3D orig->props.extra_flags; @@ -2053,7 +2068,7 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, goto error; } =20 - + x->props.reqid =3D m->new_reqid; x->props.family =3D m->new_family; memcpy(&x->id.daddr, &m->new_daddr, sizeof(x->id.daddr)); memcpy(&x->props.saddr, &m->new_saddr, sizeof(x->props.saddr)); diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 03fa4cabf601..a49edf7d6f78 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1327,7 +1327,7 @@ static int copy_to_user_encap(struct xfrm_encap_tmpl = *ep, struct sk_buff *skb) return 0; } =20 -static int xfrm_smark_put(struct sk_buff *skb, struct xfrm_mark *m) +static int xfrm_smark_put(struct sk_buff *skb, const struct xfrm_mark *m) { int ret =3D 0; =20 @@ -3076,6 +3076,25 @@ static int xfrm_add_acquire(struct sk_buff *skb, str= uct nlmsghdr *nlh, } =20 #ifdef CONFIG_XFRM_MIGRATE +static void copy_from_user_migrate_state(struct xfrm_migrate *ma, + const struct xfrm_user_migrate_state *um) +{ + memcpy(&ma->old_daddr, &um->id.daddr, sizeof(ma->old_daddr)); + memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); + memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); + + ma->proto =3D um->id.proto; + ma->new_reqid =3D um->new_reqid; + + ma->old_family =3D um->id.family; + ma->new_family =3D um->new_family; + + ma->old_mark =3D um->old_mark; + ma->flags =3D um->flags; + ma->new_sel =3D &um->new_sel; + ma->msg_type =3D XFRM_MSG_MIGRATE_STATE; +} + static int copy_from_user_migrate(struct xfrm_migrate *ma, struct xfrm_kmaddress *k, struct nlattr **attrs, int *num, @@ -3115,6 +3134,7 @@ static int copy_from_user_migrate(struct xfrm_migrate= *ma, =20 ma->old_family =3D um->old_family; ma->new_family =3D um->new_family; + ma->msg_type =3D XFRM_MSG_MIGRATE; } =20 *num =3D i; @@ -3125,7 +3145,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struc= t nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { struct xfrm_userpolicy_id *pi =3D nlmsg_data(nlh); - struct xfrm_migrate m[XFRM_MAX_DEPTH]; + struct xfrm_migrate m[XFRM_MAX_DEPTH] =3D {}; struct xfrm_kmaddress km, *kmp; u8 type; int err; @@ -3178,7 +3198,262 @@ static int xfrm_do_migrate(struct sk_buff *skb, str= uct nlmsghdr *nlh, kfree(xuo); return err; } + +static int build_migrate_state(struct sk_buff *skb, + const struct xfrm_user_migrate_state *um, + const struct xfrm_migrate *m, + u8 dir, u32 portid, u32 seq) +{ + int err; + struct nlmsghdr *nlh; + struct xfrm_user_migrate_state *hdr; + + nlh =3D nlmsg_put(skb, portid, seq, XFRM_MSG_MIGRATE_STATE, + sizeof(struct xfrm_user_migrate_state), 0); + if (!nlh) + return -EMSGSIZE; + + hdr =3D nlmsg_data(nlh); + *hdr =3D *um; + hdr->new_sel =3D *m->new_sel; + + if (m->encap) { + err =3D nla_put(skb, XFRMA_ENCAP, sizeof(*m->encap), m->encap); + if (err) + goto out_cancel; + } + + if (m->xuo) { + err =3D nla_put(skb, XFRMA_OFFLOAD_DEV, sizeof(*m->xuo), m->xuo); + if (err) + goto out_cancel; + } + + if (m->new_mark) { + err =3D nla_put(skb, XFRMA_MARK, sizeof(*m->new_mark), + m->new_mark); + if (err) + goto out_cancel; + } + + err =3D xfrm_smark_put(skb, &m->smark); + if (err) + goto out_cancel; + + if (m->mapping_maxage) { + err =3D nla_put_u32(skb, XFRMA_MTIMER_THRESH, m->mapping_maxage); + if (err) + goto out_cancel; + } + + if (m->nat_keepalive_interval) { + err =3D nla_put_u32(skb, XFRMA_NAT_KEEPALIVE_INTERVAL, + m->nat_keepalive_interval); + if (err) + goto out_cancel; + } + + if (dir) { + err =3D nla_put_u8(skb, XFRMA_SA_DIR, dir); + if (err) + goto out_cancel; + } + + nlmsg_end(skb, nlh); + return 0; + +out_cancel: + nlmsg_cancel(skb, nlh); + return err; +} + +static unsigned int xfrm_migrate_state_msgsize(const struct xfrm_migrate *= m, + u8 dir) +{ + return NLMSG_ALIGN(sizeof(struct xfrm_user_migrate_state)) + + (m->encap ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0) + + (m->xuo ? nla_total_size(sizeof(struct xfrm_user_offload)) : 0) + + (m->new_mark ? nla_total_size(sizeof(struct xfrm_mark)) : 0) + + (m->smark.v ? nla_total_size(sizeof(u32)) * 2 : 0) + /* SET_MARK + SET_M= ARK_MASK */ + (m->mapping_maxage ? nla_total_size(sizeof(u32)) : 0) + + (m->nat_keepalive_interval ? nla_total_size(sizeof(u32)) : 0) + + (dir ? nla_total_size(sizeof(u8)) : 0); /* XFRMA_SA_DIR */ +} + +static int xfrm_send_migrate_state(const struct xfrm_user_migrate_state *u= m, + const struct xfrm_migrate *m, + u8 dir, u32 portid, u32 seq) +{ + int err; + struct sk_buff *skb; + struct net *net =3D &init_net; + + skb =3D nlmsg_new(xfrm_migrate_state_msgsize(m, dir), GFP_ATOMIC); + if (!skb) + return -ENOMEM; + + err =3D build_migrate_state(skb, um, m, dir, portid, seq); + if (err < 0) { + kfree_skb(skb); + return err; + } + + return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE); +} + +static int xfrm_do_migrate_state(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr **attrs, struct netlink_ext_ack *extack) +{ + struct xfrm_user_migrate_state *um =3D nlmsg_data(nlh); + struct net *net =3D sock_net(skb->sk); + struct xfrm_user_offload xuo =3D {}; + struct xfrm_migrate m =3D {}; + struct xfrm_state *xc; + struct xfrm_state *x; + int err; + + if (!um->id.spi) { + NL_SET_ERR_MSG(extack, "Invalid SPI 0x0"); + return -EINVAL; + } + + if (um->reserved) { + NL_SET_ERR_MSG(extack, "Reserved field must be zero"); + return -EINVAL; + } + + if ((um->flags & XFRM_MIGRATE_STATE_NO_OFFLOAD) && + attrs[XFRMA_OFFLOAD_DEV]) { + NL_SET_ERR_MSG(extack, + "XFRM_MIGRATE_STATE_NO_OFFLOAD and XFRMA_OFFLOAD_DEV are mutuall= y exclusive"); + return -EINVAL; + } + + copy_from_user_migrate_state(&m, um); + + x =3D xfrm_state_lookup(net, m.old_mark.v & m.old_mark.m, + &um->id.daddr, um->id.spi, + um->id.proto, um->id.family); + if (!x) { + NL_SET_ERR_MSG(extack, "Can not find state"); + return -ESRCH; + } + + if (um->flags & XFRM_MIGRATE_STATE_UPDATE_SEL) { + u8 prefixlen =3D (x->sel.family =3D=3D AF_INET6) ? 128 : 32; + + if (x->sel.prefixlen_s !=3D x->sel.prefixlen_d || + x->sel.prefixlen_d !=3D prefixlen || + !xfrm_addr_equal(&x->sel.daddr, &x->id.daddr, x->sel.family) || + !xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->sel.family)) { + NL_SET_ERR_MSG(extack, + "SA selector is not a single-host match for SA addresses"); + err =3D -EINVAL; + goto out; + } + } + + if (attrs[XFRMA_ENCAP]) { + m.encap =3D nla_data(attrs[XFRMA_ENCAP]); + if (m.encap->encap_type =3D=3D 0) { + m.encap =3D NULL; /* sentinel: remove encap */ + } else if (m.encap->encap_type !=3D UDP_ENCAP_ESPINUDP) { + NL_SET_ERR_MSG(extack, "Unsupported encapsulation type"); + err =3D -EINVAL; + goto out; + } + } else { + m.encap =3D x->encap; /* omit-to-inherit */ + } + + if (attrs[XFRMA_MTIMER_THRESH]) { + err =3D verify_mtimer_thresh(!!m.encap, x->dir, extack); + if (err) + goto out; + } + + if (attrs[XFRMA_NAT_KEEPALIVE_INTERVAL] && + nla_get_u32(attrs[XFRMA_NAT_KEEPALIVE_INTERVAL]) && !m.encap) { + NL_SET_ERR_MSG(extack, + "NAT_KEEPALIVE_INTERVAL requires encapsulation"); + err =3D -EINVAL; + goto out; + } + + if (attrs[XFRMA_OFFLOAD_DEV]) { + m.xuo =3D nla_data(attrs[XFRMA_OFFLOAD_DEV]); + } else if (!(um->flags & XFRM_MIGRATE_STATE_NO_OFFLOAD) && x->xso.dev) { + xuo.ifindex =3D x->xso.dev->ifindex; + if (x->xso.dir =3D=3D XFRM_DEV_OFFLOAD_IN) + xuo.flags =3D XFRM_OFFLOAD_INBOUND; + if (x->xso.type =3D=3D XFRM_DEV_OFFLOAD_PACKET) + xuo.flags |=3D XFRM_OFFLOAD_PACKET; + m.xuo =3D &xuo; + } + + if (attrs[XFRMA_MARK]) + m.new_mark =3D nla_data(attrs[XFRMA_MARK]); + + if (attrs[XFRMA_SET_MARK]) + xfrm_smark_init(attrs, &m.smark); + else + m.smark =3D x->props.smark; + + m.mapping_maxage =3D attrs[XFRMA_MTIMER_THRESH] ? + nla_get_u32(attrs[XFRMA_MTIMER_THRESH]) : x->mapping_maxage; + m.nat_keepalive_interval =3D attrs[XFRMA_NAT_KEEPALIVE_INTERVAL] ? + nla_get_u32(attrs[XFRMA_NAT_KEEPALIVE_INTERVAL]) : + x->nat_keepalive_interval; + + xc =3D xfrm_state_migrate_create(x, &m, net, extack); + if (!xc) { + NL_SET_ERR_MSG_WEAK(extack, "State migration clone failed"); + err =3D -EINVAL; + goto out; + } + + spin_lock_bh(&x->lock); + xfrm_migrate_sync(xc, x); /* to prevent SN/IV reuse */ + __xfrm_state_delete(x); + spin_unlock_bh(&x->lock); + + err =3D xfrm_state_migrate_install(x, xc, &m, extack); + if (err < 0) { + /* + * In this rare case both the old SA and the new SA + * will disappear. + * Alternatives risk duplicate SN/IV usage which must not occur. + * Userspace must handle this error, -EEXIST. + */ + goto out; + } + + /* Restore encap cleared by sentinel (type=3D0) during migration. */ + if (attrs[XFRMA_ENCAP]) + m.encap =3D nla_data(attrs[XFRMA_ENCAP]); + + m.new_sel =3D &xc->sel; + + err =3D xfrm_send_migrate_state(um, &m, xc->dir, + nlh->nlmsg_pid, nlh->nlmsg_seq); + if (err < 0) { + NL_SET_ERR_MSG(extack, "Failed to send migration notification"); + err =3D 0; + } + +out: + xfrm_state_put(x); + return err; +} + #else +static int xfrm_do_migrate_state(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr **attrs, struct netlink_ext_ack *extack) +{ + NL_SET_ERR_MSG(extack, "XFRM_MSG_MIGRATE_STATE is not supported"); + return -ENOPROTOOPT; +} + static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { @@ -3331,6 +3606,7 @@ const int xfrm_msg_min[XFRM_NR_MSGTYPES] =3D { [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] =3D sizeof(u32), [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_userpolicy_defau= lt), [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_userpolicy_defau= lt), + [XFRM_MSG_MIGRATE_STATE - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_user_migrate_s= tate), }; EXPORT_SYMBOL_GPL(xfrm_msg_min); =20 @@ -3424,6 +3700,7 @@ static const struct xfrm_link { [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] =3D { .doit =3D xfrm_get_spdinfo = }, [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] =3D { .doit =3D xfrm_set_default = }, [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] =3D { .doit =3D xfrm_get_default = }, + [XFRM_MSG_MIGRATE_STATE - XFRM_MSG_BASE] =3D { .doit =3D xfrm_do_migrate_= state }, }; =20 static int xfrm_reject_unused_attr(int type, struct nlattr **attrs, diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 2c0b07f9fbbd..655d2616c9d2 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -128,6 +128,7 @@ static const struct nlmsg_perm nlmsg_xfrm_perms[] =3D { { XFRM_MSG_MAPPING, NETLINK_XFRM_SOCKET__NLMSG_READ }, { XFRM_MSG_SETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, { XFRM_MSG_GETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_READ }, + { XFRM_MSG_MIGRATE_STATE, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, }; =20 static const struct nlmsg_perm nlmsg_audit_perms[] =3D { @@ -203,7 +204,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u3= 2 *perm) * structures at the top of this file with the new mappings * before updating the BUILD_BUG_ON() macro! */ - BUILD_BUG_ON(XFRM_MSG_MAX !=3D XFRM_MSG_GETDEFAULT); + BUILD_BUG_ON(XFRM_MSG_MAX !=3D XFRM_MSG_MIGRATE_STATE); =20 if (selinux_policycap_netlink_xperm()) { *perm =3D NETLINK_XFRM_SOCKET__NLMSG; --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04C59346E46; Tue, 5 May 2026 04:34:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955700; cv=none; b=HEmRR8CXZ5MsCjpG1xtUuPfbnD1WsPIhpcytgpKueLilOKCUGTecGy/FHBNiYxbueJE7PIkVfuP+8C3XqroPwz7cQWyPdiXDkHbG0oW7bsLWk4Ipx/KLWw79KM6ohX9iu6MQYSndoGyrwAGYOMNk5Qa4+/dYWGGZElRPukWaRNA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955700; c=relaxed/simple; bh=96mtuYIFRTeZX9HF3rTuCTVsf72VznZCp7FaTUFzSVU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pS0BG3p2pEP+23heYqeeGq4/AuDB0sTOu9D9erIdf7dElBeeTgnH/ThzLu5RBkq1EkiH3GC49k9tkkije3BBICmcumBxovealYWCx7phJdgPGaseD/13AV3AVqb3JU01/Absz01SuucqlgzdLMPjKzIgzy/0zmw0GpBNDva0cOY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=e/WyhNPJ; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="e/WyhNPJ" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id C64E2206E9; Tue, 5 May 2026 06:34:57 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzqxlekOVGTq; Tue, 5 May 2026 06:34:57 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 438B420049; Tue, 5 May 2026 06:34:57 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 438B420049 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955697; bh=g94DFxxa+IyEIpYIttt1VwXxX6GZXpH/cnNFqSxf65w=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=e/WyhNPJ0f4Eouv/XZeXXALsf1/fmChB5T1N3GQVU4qnim7mYYP5MRyJRqWXXqYTs MEohULpjnh6qdVKjJ+Iu2zV2hAkXFnqY11Ucx+WiNIVH7tBg7UvoobR/j1oX7lwPpA M7f6NRe2UNrs8UHIBYqwkLc/FTiGquZxT3snQngQ1Roh/ceFaC6P1Esq8Zd5voHpqX kxRlJFkHh///mCVcjIZ2Sx2qzmohI63E3BkL6snMqEkU89qGkcdSoVtvc9oAiBJnXH tzC3RDj88tOTlUvdpn0qWbZfWS7fhtAdt/d/nvlUJXAfMuC1l/LhnrhamnMc5N/9Ea d2VFosHoAPx6A== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:34:54 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 13/14] xfrm: restrict netlink attributes for XFRM_MSG_MIGRATE_STATE Date: Tue, 5 May 2026 06:34:42 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) Only accept XFRMA used in this method, reject the rest. Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_user.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index a49edf7d6f78..c435b38f25bd 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3732,6 +3732,30 @@ static int xfrm_reject_unused_attr(int type, struct = nlattr **attrs, } } =20 + if (type =3D=3D XFRM_MSG_MIGRATE_STATE) { + int i; + + for (i =3D 0; i <=3D XFRMA_MAX; i++) { + if (!attrs[i]) + continue; + + switch (i) { + case XFRMA_MARK: + case XFRMA_ENCAP: + case XFRMA_OFFLOAD_DEV: + case XFRMA_SET_MARK: + case XFRMA_SET_MARK_MASK: + case XFRMA_MTIMER_THRESH: + case XFRMA_NAT_KEEPALIVE_INTERVAL: + break; + default: + NL_SET_ERR_MSG_ATTR(extack, attrs[i], + "Unsupported attribute in XFRM_MSG_MIGRATE_STATE"); + return -EINVAL; + } + } + } + return 0; } =20 --=20 2.47.3 From nobody Sat Jun 20 07:01:46 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2F253B27F7; Tue, 5 May 2026 04:35:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955713; cv=none; b=CEydlmz3up7iANCFz24Hg7FbpcA6rjZuwNO2/gI9MJPkTZB6jPDLR5svAj9TR4jUpr2pEtCy/2kNdJgp3HuLZ4ro5j5DP/xoOf3EZt4CZVDNivm75qzgjmdok43xIJAN26fNyOfjaU1tSDiltNkeHNTBWxkMRUHfOo/9xGmauDA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777955713; c=relaxed/simple; bh=k85Lb0EkJOE7jCBRZ3O3D0QyYLanbcAFDOkK4FNDVDI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Nuk5zz2coev+b0qfyjUKKkPrWsjuyYwW7JXVqJQwriF8OvSU6p/ikNIAngbSFvt/bw6tGoUjq0SBUI16aUK0R1ychJ0Do3PWS53XvD8mZ/vSllRIeEy0nktr6PIAziEihEsAwHb9DhS1VU0toJ2EbbAy5xZit3DNHDtGlCfwKV4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=SwGIwIIg; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="SwGIwIIg" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 422F820049; Tue, 5 May 2026 06:35:10 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvDsNgVKF_VW; Tue, 5 May 2026 06:35:09 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 5303F2053D; Tue, 5 May 2026 06:35:08 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 5303F2053D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1777955708; bh=ZGPyCivM/hHNN3pgtXPz4zcSVYr/zXmtyGyPKyRcWLI=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=SwGIwIIga/XcmSoinoiVzf/TTS1BMYMpHGV/sO4oxMkAD692xRt8FnnIHx77Man2a Ykwv5RUPyLwFMQBsC+Rr4qffd7mJd790P0gsZRK5iUI5eZwztgX0MvL7U9bbK+3zxe getFBipYypr64rdMnU6hQmgZrRXnurv3rEyKMkZpORVo2TT5gDcW3KY+fUMFRXtaaB tNkIFkvXMagN8JTPC11O/DKczK/Omy8tA63d6eNe9S6VBZ9ZPvcmV5dPDSFdE5DoYs STJBWX90An5i0nBjQlu6j7h4aMljk3YITp0HUHauvYxR+yTJ/tGslZuaou7XIsSn6z +CIQ89GdIqLdA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 06:35:06 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v8 14/14] xfrm: add documentation for XFRM_MSG_MIGRATE_STATE Date: Tue, 5 May 2026 06:34:55 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) Add documentation for the new XFRM_MSG_MIGRATE_STATE netlink message, which migrates a single SA identified by SPI and mark without involving policies. The document covers the motivation and design differences from the existing XFRM_MSG_MIGRATE, the SA lookup mechanism, supported attributes with their omit-to-inherit semantics, and usage examples. Signed-off-by: Antony Antony --- v7->v8: unknown flags ignored v6->v7: update docs to reflect the flags v5->v6: added this patch --- Documentation/networking/xfrm/index.rst | 1 + .../networking/xfrm/xfrm_migrate_state.rst | 231 +++++++++++++++++= ++++ 2 files changed, 232 insertions(+) diff --git a/Documentation/networking/xfrm/index.rst b/Documentation/networ= king/xfrm/index.rst index 7d866da836fe..90191848f8db 100644 --- a/Documentation/networking/xfrm/index.rst +++ b/Documentation/networking/xfrm/index.rst @@ -9,5 +9,6 @@ XFRM Framework =20 xfrm_device xfrm_proc + xfrm_migrate_state xfrm_sync xfrm_sysctl diff --git a/Documentation/networking/xfrm/xfrm_migrate_state.rst b/Documen= tation/networking/xfrm/xfrm_migrate_state.rst new file mode 100644 index 000000000000..66e7f2e729d8 --- /dev/null +++ b/Documentation/networking/xfrm/xfrm_migrate_state.rst @@ -0,0 +1,231 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +XFRM SA Migrate State +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Overview +=3D=3D=3D=3D=3D=3D=3D=3D + +``XFRM_MSG_MIGRATE_STATE`` migrates a single SA, looked up using SPI and +mark, without involving policies. Unlike ``XFRM_MSG_MIGRATE``, which coupl= es +SA and policy migration and allows migrating multiple SAs in one call, this +interface identifies the SA unambiguously via SPI and supports changing +the reqid, addresses, encapsulation, selector, and offload. + +Because IKE daemons such as *wan manage policies independently of +the kernel, this interface allows precise per-SA migration without +requiring policy involvement. Optional netlink attributes follow an +omit-to-inherit model: omitting an attribute preserves the value from +the old SA. The ``flags`` field controls two exceptions: hardware offload +is inherited by default and can be suppressed with +``XFRM_MIGRATE_STATE_NO_OFFLOAD`` or overridden with ``XFRMA_OFFLOAD_DEV``; +the new selector is taken from ``new_sel`` by default and can instead be +derived from the new addresses with ``XFRM_MIGRATE_STATE_UPDATE_SEL``. + +SA Identification +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The struct is defined in ``include/uapi/linux/xfrm.h``. The SA is looked +up using ``xfrm_state_lookup()`` with ``id.spi``, +``id.daddr``, ``id.proto``, ``id.family``, and +``old_mark.v & old_mark.m`` as the mark key:: + + struct xfrm_user_migrate_state { + struct xfrm_usersa_id id; /* spi, daddr, proto, family */ + xfrm_address_t new_daddr; + xfrm_address_t new_saddr; + struct xfrm_mark old_mark; /* SA lookup: key =3D v & m */ + struct xfrm_selector new_sel; /* new selector (see Flags) */ + __u32 new_reqid; + __u32 flags; /* XFRM_MIGRATE_STATE_* */ + __u16 new_family; + __u16 reserved; + }; + +Supported Attributes +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The following fields in ``xfrm_user_migrate_state`` are always explicit +and are not inherited from the existing SA. Passing zero is not equivalent +to "keep unchanged" =E2=80=94 zero is used as-is: + +- ``new_daddr`` - new destination address +- ``new_saddr`` - new source address +- ``new_family`` - new address family +- ``new_reqid`` - new reqid (0 =3D no reqid) +- ``new_sel`` - new selector; used when ``XFRM_MIGRATE_STATE_UPDATE_SEL`` = is + not set (see `Flags`_ below) +- ``flags`` - bitmask of ``XFRM_MIGRATE_STATE_*`` flags (see `Flags`_ belo= w) + +The following netlink attributes are also accepted. Omitting an attribute +inherits the value from the existing SA (omit-to-inherit). + +.. list-table:: + :widths: 30 70 + :header-rows: 1 + + * - Attribute + - Description + * - ``XFRMA_MARK`` + - Mark on the migrated SA (``struct xfrm_mark``). Absent inherits + ``old_mark``. To use no mark on the new SA, send ``XFRMA_MARK`` + with ``{0, 0}``. + * - ``XFRMA_ENCAP`` + - UDP encapsulation template; only ``UDP_ENCAP_ESPINUDP`` is supporte= d. + Set ``encap_type=3D0`` to remove encap. + * - ``XFRMA_OFFLOAD_DEV`` + - Hardware offload configuration (``struct xfrm_user_offload``). Abse= nt + copies offload from the existing SA. When + ``XFRM_MIGRATE_STATE_NO_OFFLOAD`` is set in ``flags``, the new SA h= as + no offload; this flag is mutually exclusive with ``XFRMA_OFFLOAD_DE= V`` + and sending both returns ``-EINVAL``. + * - ``XFRMA_SET_MARK`` + - Output mark on the migrated SA; pair with ``XFRMA_SET_MARK_MASK``. + Send 0 to clear. + * - ``XFRMA_NAT_KEEPALIVE_INTERVAL`` + - NAT keepalive interval in seconds. Requires encap. Send 0 to clear. + Automatically cleared when encap is removed; setting a non-zero + value without encap returns ``-EINVAL``. + * - ``XFRMA_MTIMER_THRESH`` + - Mapping maxage threshold. Requires encap. Send 0 to clear. + Automatically cleared when encap is removed; setting a non-zero + value without encap returns ``-EINVAL``. + +The following SA properties are immutable and cannot be changed via +``XFRM_MSG_MIGRATE_STATE``: algorithms (``XFRMA_ALG_*``), replay state, +direction (``XFRMA_SA_DIR``), and security context (``XFRMA_SEC_CTX``). + +Flags +=3D=3D=3D=3D=3D + +The ``flags`` field in ``xfrm_user_migrate_state`` controls optional +migration behaviour. Unknown flag bits are ignored. + +.. list-table:: + :widths: 40 60 + :header-rows: 1 + + * - Flag + - Description + * - ``XFRM_MIGRATE_STATE_NO_OFFLOAD`` + - When set, the new SA has no hardware offload even when + ``XFRMA_OFFLOAD_DEV`` is absent. Without this flag, omitting + ``XFRMA_OFFLOAD_DEV`` copies the existing offload to the new SA. + Mutually exclusive with ``XFRMA_OFFLOAD_DEV``; sending both + returns ``-EINVAL``. + * - ``XFRM_MIGRATE_STATE_UPDATE_SEL`` + - When set, the kernel validates that the existing SA selector is a + single-host entry matching the SA addresses (``prefixlen_s =3D=3D + prefixlen_d`` equal to 32 for IPv4 or 128 for IPv6, and addresses + matching ``id.daddr`` and ``props.saddr``). If the check passes, + the new selector is derived from ``new_daddr`` and ``new_saddr`` + with the single-host mask for ``new_family``. A mismatch returns + ``-EINVAL``. When this flag is not set, ``new_sel`` is used as-is + for the migrated SA. + +Migration Steps +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +#. Install a block policy to drop traffic on the affected selector. +#. Remove the old policy. +#. Call ``XFRM_MSG_MIGRATE_STATE`` for each SA. +#. Reinstall the policies. +#. Remove the block policy. + +Block Policy and IV Safety +-------------------------- + +Installing a block policy before migration is required to prevent +traffic leaks and IV reuse in counter mode. + +AES-GCM IV uniqueness is critical: reusing a (key, IV) pair allows +an attacker to recover the authentication subkey and forge +authentication tags, breaking both confidentiality and integrity. + +``XFRM_MSG_MIGRATE_STATE`` atomically copies the sequence number and +replay window from the old SA to the new SA and deletes the old SA. +The block policy ensures no outgoing packets are sent in the migration +window, preventing IV reuse under the same key. + +Feature Detection +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Userspace can probe for kernel support by sending a minimal +``XFRM_MSG_MIGRATE_STATE`` message with a non-existent SPI: + +- ``-ENOPROTOOPT``: not supported (``CONFIG_XFRM_MIGRATE`` not enabled) +- any other error: supported + +Userspace Notification on Success +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D + +On successful migration the kernel multicasts an +``XFRM_MSG_MIGRATE_STATE`` message to the ``XFRMNLGRP_MIGRATE`` group. +The fixed header is ``struct xfrm_user_migrate_state`` copied from the +request, followed by the same set of netlink attributes that are +accepted as input, with the differences noted below. + +Differences from the request +----------------------------- + +.. list-table:: + :widths: 25 75 + :header-rows: 1 + + * - Field / Attribute + - Difference + * - ``new_sel`` + - Contains the actual selector of the newly installed SA, not the + ``new_sel`` from the request. When + ``XFRM_MIGRATE_STATE_UPDATE_SEL`` is set the kernel derives the + selector from ``new_daddr`` / ``new_saddr``; the caller's + ``new_sel`` field is ignored in that case. The notification + always carries the real selector of the new SA. + * - ``XFRMA_SA_DIR`` + - Present in the notification (set from the direction of the new + SA) but **not accepted as input** =E2=80=94 direction is immutable. + * - ``flags`` + - Echoed back as-is. ``XFRM_MIGRATE_STATE_NO_OFFLOAD`` and + ``XFRM_MIGRATE_STATE_UPDATE_SEL`` describe the request that was + made, not a property of the resulting SA. + +Attributes in the notification +------------------------------- + +.. list-table:: + :widths: 30 70 + :header-rows: 1 + + * - Attribute + - Description + * - ``XFRMA_ENCAP`` + - UDP encapsulation template, if configured on the new SA. + * - ``XFRMA_OFFLOAD_DEV`` + - Hardware offload configuration, if active on the new SA. + * - ``XFRMA_MARK`` + - Mark on the new SA, if set. + * - ``XFRMA_SET_MARK`` + - Output mark on the new SA, if set. + * - ``XFRMA_SET_MARK_MASK`` + - Output mark mask, present together with ``XFRMA_SET_MARK``. + * - ``XFRMA_MTIMER_THRESH`` + - Mapping maxage threshold, if non-zero. + * - ``XFRMA_NAT_KEEPALIVE_INTERVAL`` + - NAT keepalive interval, if non-zero. + * - ``XFRMA_SA_DIR`` + - Direction of the new SA. + +Error Handling +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +If the target SA tuple (daddr, SPI, proto, family) is occupied by an exist= ing +unrelated SA, the operation returns ``-EEXIST``. In this case both the old= and +the new SA are gone. The old SA cannot be restored as doing so would risk +duplicate sequence number and IV reuse, which must not occur. Userspace sh= ould +handle ``-EEXIST``, for example by re-establishing the SA at the IKE level. + +If the multicast notification (``XFRMNLGRP_MIGRATE``) fails to send, +the migration itself has already completed successfully and the new SA +is installed. The operation returns success, 0, with an extack warning, +but listeners will not receive the migration event. --=20 2.47.3