From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5FE93BFAE2; Tue, 26 May 2026 19:06:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822370; cv=none; b=FLRwd1LP1ymFv6EiBiC7nc6xu/8qTD0aq/qNGFOK/FiOJuk0dty5eEy5du/jpb0fiCElEznVpt592JCX8NbxUuMNXD394OlKESBT2FkuNXBq8aaHrmQeOQJSjGuInWxGn/h3/sMDHF9xzqHeLTO7DoyVRt/FU4k2xowD93YzOH0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822370; c=relaxed/simple; bh=QF7U8fXeHmgiScXMxbtKzxy43UBWjd28mwPF1vniEZY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JgyQKedKchrGtZnsvq1JGtMBHD0TmIdm226BwnyduoF48KBSajxJt4suKJqQ5Q9hiQ+EqIRMmK0dRO4/mzP7BT2ZPQIH/f44Ym3Rjnv+XUwFiQxLCoOr2kNv7kjUJSE2cwQBrgjfcwiMH/VnBZ17EGKCBGyTTR7y47CfNsdiZaY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=DPo7ABGI; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="DPo7ABGI" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 681282069C; Tue, 26 May 2026 21:06:07 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8jcEFS79Ice4; Tue, 26 May 2026 21:06:06 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id CA946201A7; Tue, 26 May 2026 21:06:06 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com CA946201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822366; bh=/ZUxSZ9FiVoeisVVxOqMvDayIVH4bsjQQ5nyAqmfoOA=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=DPo7ABGIu8bdvSM0azHCqyemv+rPGIBGXe8uSNpAdzZS4QPkHg0M5A0Z2b4gZEhxk iTft+Ya517m90MWknTEuQCeXBSS2wfU6/2LSt/j1ykvhBg2vyJoTxpWXPA6ZLQHU1v A0BpCsiq2cuZO7HSk8VwfxiK2MOwDcOgZI+d+9UPhxNE2AXEEypYkD1VLQnJeORwn5 Gzm0mLdzDWMheWFrL+uWfKkQGmMvPgcx/pWAc/vls09cPgutHal3l9VwrIK+peQ/YZ VN5F04ZAA2NsbXxZ+ArrmGO94dTzcvcXlAX3AcahHkIANdjN/MrRuXbfdFYcF4sr5H d6JXM2qrBP0GA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:06:03 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 01/16] xfrm: remove redundant assignments Date: Tue, 26 May 2026 21:05:54 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) These assignments are overwritten within the same function further down commit e8961c50ee9cc ("xfrm: Refactor migration setup during the cloning process") x->props.family =3D m->new_family; Which actually moved it in the commit e03c3bba351f9 ("xfrm: Fix xfrm migrate issues when address family ch= anges") And the initial commit 80c9abaabf428 ("[XFRM]: Extension for dynamic update of endpoint add= ress(es)") added x->props.saddr =3D orig->props.saddr; and memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); Reviewed-by: Sabrina Dubroca Signed-off-by: Antony Antony --- v1->v2: remove extra saddr copy, previous line --- net/xfrm/xfrm_state.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 1748d374abca..9417a025270c 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1980,8 +1980,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->props.mode =3D orig->props.mode; x->props.replay_window =3D orig->props.replay_window; x->props.reqid =3D orig->props.reqid; - x->props.family =3D orig->props.family; - x->props.saddr =3D orig->props.saddr; =20 if (orig->aalg) { x->aalg =3D xfrm_algo_auth_clone(orig->aalg); --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA23B36BCC3; Tue, 26 May 2026 19:06:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822397; cv=none; b=czdmo4IoWnEn7rspdnuiqneSzk6FQM1Oz8YJnwi89IoGkVkE8gIVJhSUo2lHzMMnLqyCfoLIn98L4U9f7VXNL7K+0vORxOtO4h/HPjzXGfqSFUXZOVm3DmfavWo3NYll4Q1BFM5GYjEHm05mf+pM/9u93BVIc7CLhWn5pl1Rx1w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822397; c=relaxed/simple; bh=JjG0sV/r9G7WCAQbKlLWJl4n0RbXEWlFGpvamPWr6cM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=oX53tFGanMAuW5+9NuKd2UBMn2FFCON1uZz6X+61XAMbKDec27nC7MT+ea0EA8bskcJJ0KIJJzPm3uqi2QLNkx49j+bBI+iWfKKn1uTzmTEKB0kqNcT1f1adw781vt6KmoiW4Aw1MPlWOivQcqYrnrngyBDcHTHFibKN20mBwh8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=KH34JoSE; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="KH34JoSE" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 64F832069C; Tue, 26 May 2026 21:06:34 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NRj5iitQFDCN; Tue, 26 May 2026 21:06:33 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id A443D201A7; Tue, 26 May 2026 21:06:33 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com A443D201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822393; bh=5DZ5mGfrlrGyBA8mqpT4C25iXDChgqp2h3OJQ/ydUqo=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=KH34JoSEc2ql1OrdcswX81PfeXR8QqEBLgY+p3Isl7l788LmyKNHR7qGqC37RIWbk iLAGgOTj8COScrPx7a55+yFgFqzf9fGNN4Dimm1aOu/RiiqyMifxWFCsS8R2u4KDmu p8rWgt6DNrhTBmhq3YOU/Bgd3gVt3CyazRPDje/mz1Ccgr9BM6afdMsFKhEYfhMu7T nxnXu5pDcF73bR0YZSBPoPo8EEBq7KCqWiRteepNsq4bECt5f57yaBOopFEHmOzAut dTEjYmQdPRs1k1Rgri04uXKaCAf0O6WDJBaiD1PicDPriGLt9vL2/tUDMK3K23fNQO wGFj4qVlmKwBA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:06:30 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 02/16] xfrm: add extack to xfrm_init_state Date: Tue, 26 May 2026 21:06:06 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) Add a struct extack parameter to xfrm_init_state() and pass it through to __xfrm_init_state(). This allows validation errors detected during state initialization to propagate meaningful error messages back to userspace. xfrm_state_migrate() now passes extack so that errors from the XFRM_MSG_MIGRATE_STATE path are properly reported. Callers without an extack context (af_key, ipcomp4, ipcomp6) pass NULL, preserving their existing behaviour. Reviewed-by: Sabrina Dubroca Signed-off-by: Antony Antony --- v8->v9: fix commit message v5->v6: added this patch --- include/net/xfrm.h | 2 +- net/ipv4/ipcomp.c | 2 +- net/ipv6/ipcomp6.c | 2 +- net/key/af_key.c | 2 +- net/xfrm/xfrm_state.c | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 10d3edde6b2f..0c035955d87d 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1774,7 +1774,7 @@ u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 ne= t_seq); int xfrm_init_replay(struct xfrm_state *x, struct netlink_ext_ack *extack); u32 xfrm_state_mtu(struct xfrm_state *x, int mtu); int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack= ); -int xfrm_init_state(struct xfrm_state *x); +int xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack); int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_typ= e); int xfrm_input_resume(struct sk_buff *skb, int nexthdr); int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb, diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index 9a45aed508d1..b1ea2d37e8c5 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c @@ -77,7 +77,7 @@ static struct xfrm_state *ipcomp_tunnel_create(struct xfr= m_state *x) memcpy(&t->mark, &x->mark, sizeof(t->mark)); t->if_id =3D x->if_id; =20 - if (xfrm_init_state(t)) + if (xfrm_init_state(t, NULL)) goto error; =20 atomic_set(&t->tunnel_users, 1); diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 8607569de34f..b340d67eb1d9 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c @@ -95,7 +95,7 @@ static struct xfrm_state *ipcomp6_tunnel_create(struct xf= rm_state *x) memcpy(&t->mark, &x->mark, sizeof(t->mark)); t->if_id =3D x->if_id; =20 - if (xfrm_init_state(t)) + if (xfrm_init_state(t, NULL)) goto error; =20 atomic_set(&t->tunnel_users, 1); diff --git a/net/key/af_key.c b/net/key/af_key.c index a166a88d8788..842bf5786e3f 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -1299,7 +1299,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struc= t net *net, } } =20 - err =3D xfrm_init_state(x); + err =3D xfrm_init_state(x, NULL); if (err) goto out; =20 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 9417a025270c..53d88b87bdbd 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2143,7 +2143,7 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_sta= te *x, if (!xc) return NULL; =20 - if (xfrm_init_state(xc) < 0) + if (xfrm_init_state(xc, extack) < 0) goto error; =20 /* configure the hardware if offload is requested */ @@ -3238,11 +3238,11 @@ int __xfrm_init_state(struct xfrm_state *x, struct = netlink_ext_ack *extack) =20 EXPORT_SYMBOL(__xfrm_init_state); =20 -int xfrm_init_state(struct xfrm_state *x) +int xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) { int err; =20 - err =3D __xfrm_init_state(x, NULL); + err =3D __xfrm_init_state(x, extack); if (err) return err; =20 --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D4AA3B7B70; Tue, 26 May 2026 19:07:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822425; cv=none; b=jFp899y3lozJMnq9yocGFZGJHTE20i4jgaLInuvGndig1Qd+Cg8lADiAnxwJbG86LyTvbxoalMwxehgZ+d8HqJ55fQXAEmfH4WIJSSAwEgm79d2M10lxBrXWOJ3cnXwOOMfPLSXGzUJujXEbeqss5NtPP5iUvEbTVULY1Bx1xj8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822425; c=relaxed/simple; bh=eWRnNkxW/dCUz3e6iTLoXkR5WYW+YRRdKZL33V/gPBM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=L52+5gUAFJKwzYqwMdjSIItXb0VuVetHP0G5maddf0eBnpYzR+SBniG8Y/I+4KhdHZGnAWbj7LdDzDLbXD0QWq7vvrQnVImdWmhXbOsCDzQH4DFN0tVWYRtGMexE6vzgwvP2IzCvjXu301AAGFbtsCvPyNGxnm/8T5ZYNzXW7bs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=J0UWIOkG; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="J0UWIOkG" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 5171F2069C; Tue, 26 May 2026 21:07:01 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XIp98e_KFQQc; Tue, 26 May 2026 21:07:00 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id B87C4201A7; Tue, 26 May 2026 21:07:00 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com B87C4201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822420; bh=Xo+n9FvX/k1iwIGNwXdWnTZZSxwkt2rFyEh985rJuek=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=J0UWIOkGGSCsLlyUgN8zLgSPbMYTPIMU18HDSn6r0xFkSqRZvmU9y0lzDLywDwA/d 9AXqzCoenEchsWBzv65NPW2A/tA1SYIWiXy5fX8+phZyd6Yd05LaK7cNq0vuyl7G5D VTylWzBHA2AL7oPjYQg1tiO+IZ60ndRIRp+vI0ADM794cDLFKqsQyH+yhyEKQOqArX qpqMm5X0TBIDJ6+S0ukCFDpNZfFrDXYXLavTQOuJ//UTxkg0btVhvb+iKOxqnRWGgw uNEp2W6+m/sP7tofalp9V6XgSQQpt7yooar2WiXHKrMKm7TJaGVNsTuv1YjT6wjNR7 uwz97PtKCDijQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:06:47 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 03/16] xfrm: allow migration from UDP encapsulated to non-encapsulated ESP Date: Tue, 26 May 2026 21:06:33 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) The current code prevents migrating an SA from UDP encapsulation to plain ESP. This is needed when moving from a NATed path to a non-NATed one, for example when switching from IPv4+NAT to IPv6. Only copy the existing encapsulation during migration if the encap attribute is explicitly provided. Note: PF_KEY's SADB_X_MIGRATE always passes encap=3DNULL and never supported encapsulation in migration. PF_KEY is deprecated and was in feature freeze when UDP encapsulation was added to xfrm. Tested-by: Yan Yan Reviewed-by: Sabrina Dubroca Signed-off-by: Antony Antony --- net/xfrm/xfrm_state.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 53d88b87bdbd..933541bc9093 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2008,14 +2008,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, } x->props.calgo =3D orig->props.calgo; =20 - if (encap || orig->encap) { - if (encap) - x->encap =3D kmemdup(encap, sizeof(*x->encap), - GFP_KERNEL); - else - x->encap =3D kmemdup(orig->encap, sizeof(*x->encap), - GFP_KERNEL); - + if (encap) { + x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; } --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53EAE3C09F8; Tue, 26 May 2026 19:07:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822438; cv=none; b=uLp01jY6UvO26H3BZUde2rxtgS+KukghpFWbMac8D3I7uK3t/kPL8GHf2VFcqJ3Evg9ABCZSo7Cflae4bQQkXD2t3PjR0/wjQc339iNDJBQo3rlgle0E9oOyvLviVEV9BEEVwAdJpF35VHP/rZ2fNkYy93JmwLky4nQ8iLht6KQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822438; c=relaxed/simple; bh=HUEDUBANWsQgnxamHTD7XJd76K22xU9jWUHuQ4lx9y4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=E/kTsJAmZ+qqH1t8uaUuMaZJ/BINCSaIarf4d2nMjSnbxB95GlNM2nS9d9MEg0Td2XoboYzbBrUNpS0O+f7OXUYo/tfltA7UQMwwAUrwumQCTJrF76YGetla8raVO6tS6I60D8zKiBqBF04Pcwv9vICkaxAwM2IOgw+UkcPjosM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=RUrihvmN; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="RUrihvmN" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 166E02069C; Tue, 26 May 2026 21:07:16 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y6x3WLIoEtBn; Tue, 26 May 2026 21:07:15 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 7E9C9201A7; Tue, 26 May 2026 21:07:15 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 7E9C9201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822435; bh=DZycWyVpFQvWlj8RA8QGZetQ/3GzCUn8SZ6sDaM9GPI=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=RUrihvmN7N4xuZSA0VTf+cee19spN44c3GJjKvS0Crubu/r7tTUqVKGQu/Bx08xzX IKcXDsE1X5FrCid9f4ZSidheEp9Ft5iAdYyZVmEu4Crr6R7qpoMSi4i86S1fTEV/fH wtA0ekQEPp3x50MEW9gQocnEMzN2TrwQJqEP3QBvZrilvxL0FrBQ5ZKqmk+6PB9Z0x qZtrUBCCxyLD10MiEXlAhgzN+R0oBoVnppHaU8CzCxqplgm4fmYk7cIJ6xhs9tNePR DtDdCNP+YR1Ke9lv1CTQWPESF6i/eNOfsUyTnCcJZ85qnRGYRutg2zEqaK/IbwykLe VcoANkOLGCu3g== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:07:11 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 04/16] xfrm: fix NAT-related field inheritance in SA migration Date: Tue, 26 May 2026 21:07:01 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) During SA migration via xfrm_state_clone_and_setup(), nat_keepalive_interval was silently dropped and never copied to the new SA. mapping_maxage was unconditionally copied even when migrating to a non-encapsulated SA. Both fields are only meaningful when UDP encapsulation (NAT-T) is in use. Move mapping_maxage and add nat_keepalive_interval inside the existing if (encap) block, so both are inherited when migrating with encapsulation and correctly absent when migrating without it. Fixes: f531d13bdfe3 ("xfrm: support sending NAT keepalives in ESP in UDP st= ates") Reviewed-by: Sabrina Dubroca Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 933541bc9093..b9de931d84c1 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2012,6 +2012,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; + x->mapping_maxage =3D orig->mapping_maxage; + x->nat_keepalive_interval =3D orig->nat_keepalive_interval; } =20 if (orig->security) @@ -2046,7 +2048,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->km.seq =3D orig->km.seq; x->replay =3D orig->replay; x->preplay =3D orig->preplay; - x->mapping_maxage =3D orig->mapping_maxage; x->lastused =3D orig->lastused; x->new_mapping =3D 0; x->new_mapping_sport =3D 0; --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A5803C09E9; Tue, 26 May 2026 19:07:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822454; cv=none; b=TBsYIl6RXOrApim+LO4zSAhxjkjGxygEmO8IVzmGwI1eGxGItfM8JGcgcD7dzCeJtWSe3ulegZ5v/Dt2Q6k75EucEn0kzAJBAwMPSnXW15mR2H8Jkf8a4jlEJRh8w4jLWDMIrc3M2BAW0+nH7L8w4zMR2csQ1+II7OIq7IyT7hU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822454; c=relaxed/simple; bh=r4hFjJGCOQ3H2tIbEfEClomCP23YzdPBlr41HX63Gao=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=X62xsG0hBIvXh6fffb1dKjbNu06PZlPZIknkbsZbtGmE981GiUw+djIlL2LiW76RIvKyi4xF00YOPYuvFWKGUKAfbd5mVI23iQpuj8aAiEE36Ry+tq3TlVeLeRjQhLJCDgPr+1x6UUdQyKf3PparQxdw+3nMlQHRW6Y5uvkb10A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=LcSOkN5X; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="LcSOkN5X" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id DB732201E4; Tue, 26 May 2026 21:07:31 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7eRVCOh7PcIi; Tue, 26 May 2026 21:07:31 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 2C307201A7; Tue, 26 May 2026 21:07:31 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 2C307201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822451; bh=VndmE5aKA1c8Yxvg0TEdv6C7T34K3myq94Z7JC+XXHQ=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=LcSOkN5XSrQwiXaub47UaDh8qqDaFg33EZSysmWm/tmdaDDlSPqehUp9c7iY7wV5y eTFA9gU/SZew02oN+Cj5QMH+LahW465IVBCDoQQdJIMeJQII+Dck9Vl4JGSpmuk6Vt mg9nJ7v2kCLQnvaN0J8lq16SlqsMBCmuvBSzOz24wDwGK7Dbo2tIJXgskWk010Lprt 5pBq6y8xODOpXqcRmszfAjTxVsjK0IqrQt8CJtDa+bqOZA3ksFnQQNw6hrZG0WBXih J1d1xdQxAn+c55W9uyUAQD+/ufAuq45qB0jEoiTt+uJGLQPokHhVp7CSrkwPfy4JuQ Wyh6IBcuX4WiQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:07:26 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 05/16] xfrm: rename reqid in xfrm_migrate Date: Tue, 26 May 2026 21:07:15 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) In preparation for a later patch in this series s/reqid/old_reqid/. No functional change. Signed-off-by: Antony Antony --- include/net/xfrm.h | 2 +- net/key/af_key.c | 10 +++++----- net/xfrm/xfrm_policy.c | 4 ++-- net/xfrm/xfrm_state.c | 6 +++--- net/xfrm/xfrm_user.c | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 0c035955d87d..368b1dc22e5c 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -685,7 +685,7 @@ struct xfrm_migrate { u8 proto; u8 mode; u16 reserved; - u32 reqid; + u32 old_reqid; u16 old_family; u16 new_family; }; diff --git a/net/key/af_key.c b/net/key/af_key.c index 842bf5786e3f..1f0201d97b4f 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -2554,7 +2554,7 @@ static int ipsecrequests_to_migrate(struct sadb_x_ips= ecrequest *rq1, int len, if ((mode =3D pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0) return -EINVAL; m->mode =3D mode; - m->reqid =3D rq1->sadb_x_ipsecrequest_reqid; + m->old_reqid =3D rq1->sadb_x_ipsecrequest_reqid; =20 return ((int)(rq1->sadb_x_ipsecrequest_len + rq2->sadb_x_ipsecrequest_len)); @@ -3655,15 +3655,15 @@ static int pfkey_send_migrate(const struct xfrm_sel= ector *sel, u8 dir, u8 type, if (mode < 0) goto err; if (set_ipsecrequest(skb, mp->proto, mode, - (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), - mp->reqid, mp->old_family, + (mp->old_reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), + mp->old_reqid, mp->old_family, &mp->old_saddr, &mp->old_daddr) < 0) goto err; =20 /* new ipsecrequest */ if (set_ipsecrequest(skb, mp->proto, mode, - (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), - mp->reqid, mp->new_family, + (mp->old_reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), + mp->old_reqid, mp->new_family, &mp->new_saddr, &mp->new_daddr) < 0) goto err; } diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index c944327ce66c..fd505adf080e 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4538,7 +4538,7 @@ static int migrate_tmpl_match(const struct xfrm_migra= te *m, const struct xfrm_tm int match =3D 0; =20 if (t->mode =3D=3D m->mode && t->id.proto =3D=3D m->proto && - (m->reqid =3D=3D 0 || t->reqid =3D=3D m->reqid)) { + (m->old_reqid =3D=3D 0 || t->reqid =3D=3D m->old_reqid)) { switch (t->mode) { case XFRM_MODE_TUNNEL: case XFRM_MODE_BEET: @@ -4632,7 +4632,7 @@ static int xfrm_migrate_check(const struct xfrm_migra= te *m, int num_migrate, sizeof(m[i].old_saddr)) && m[i].proto =3D=3D m[j].proto && m[i].mode =3D=3D m[j].mode && - m[i].reqid =3D=3D m[j].reqid && + m[i].old_reqid =3D=3D m[j].old_reqid && m[i].old_family =3D=3D m[j].old_family) { NL_SET_ERR_MSG(extack, "Entries in the MIGRATE attribute's list must b= e unique"); return -EINVAL; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index b9de931d84c1..5424f2becbaf 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2081,14 +2081,14 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n =20 spin_lock_bh(&net->xfrm.xfrm_state_lock); =20 - if (m->reqid) { + if (m->old_reqid) { h =3D xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr, - m->reqid, m->old_family); + m->old_reqid, m->old_family); hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net= ) + h, bydst) { if (x->props.mode !=3D m->mode || x->id.proto !=3D m->proto) continue; - if (m->reqid && x->props.reqid !=3D m->reqid) + if (m->old_reqid && x->props.reqid !=3D m->old_reqid) continue; if (if_id !=3D 0 && x->if_id !=3D if_id) continue; diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index ae144d1e4a65..273ea6fdb8ad 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3104,7 +3104,7 @@ static int copy_from_user_migrate(struct xfrm_migrate= *ma, =20 ma->proto =3D um->proto; ma->mode =3D um->mode; - ma->reqid =3D um->reqid; + ma->old_reqid =3D um->reqid; =20 ma->old_family =3D um->old_family; ma->new_family =3D um->new_family; @@ -3187,7 +3187,7 @@ static int copy_to_user_migrate(const struct xfrm_mig= rate *m, struct sk_buff *sk memset(&um, 0, sizeof(um)); um.proto =3D m->proto; um.mode =3D m->mode; - um.reqid =3D m->reqid; + um.reqid =3D m->old_reqid; um.old_family =3D m->old_family; memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2CFC3C09E9; Tue, 26 May 2026 19:07:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822468; cv=none; b=G8/8x0zzWe2gGTDgfVS5nYbXyxW3gjRHMyOk/xho0J20ljM5Ot5lg4Ex30kLrFoKrQvc4rQigyUs5iquMcwi+Miczpyi59hxPIGLUI8NGi2G4/SUOPqp+0MRNcNbH67Dhg3yyxXvP+9tkL150Uu8sP1xEzJl6E6QxBCIcJUb7Y4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822468; c=relaxed/simple; bh=Q4NHhl9ZAEwg4p0tFeYbLxM4xJad4JGgfbz9Dvgy3S8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=GAi8AqH79mlAtA6/bOUV6Cr4poWgGkSUCDPMuLbhdK6YPM4vN7LpOiOf/pxNcXEhqsOmesDUiPyHJ4b/X3QE4ry55yoaTixF1CWLHwYNDvsOxyz6Q7zuMT23mwhP22nnuUn5s75+Bz/ueszw8ggm5X5Qa1EmZIqMp8087UzyLmo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=I3qHY1Qr; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="I3qHY1Qr" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 51683206B1; Tue, 26 May 2026 21:07:45 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XqqCRniUrAeh; Tue, 26 May 2026 21:07:44 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 8E1FD201A7; Tue, 26 May 2026 21:07:44 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 8E1FD201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822464; bh=nFBV3Hh9bYsWTBcJDt3K+jDQ7Biwup3fJVaFus+8pOU=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=I3qHY1QrYqOTKJSfwjl5a5cfqWk18wZ52NvIPBDg2ZE9/hLrV4Gl0I8zvDqcdeerd NIxEBgq+RKuss4gdG2JpI6nRfiGd7H7QNwUdbbHGI7MYFNmfEGIDrWN+pFMZSUUlzv Du1/mysa7Hbrjm2SezH/Ij1geI4o+h8WLB5R3SMJ5e6h7x8gOJXULPTfyXC3cEaG95 g6DV5i8p8j6K4N540kjTQMHk+LyGC9ZjulUGv9itgdxkyOmekiFdAZa5hfEwkt/DLV KrRcrg3QJzAh6aBIg+xJ4tWMEEjLxKUNYQ5wA+0YlEDnsbip3Emy5HS95PAANwh1vP E65j78a9LX4cw== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:07:42 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 06/16] xfrm: split xfrm_state_migrate into create and install functions Date: Tue, 26 May 2026 21:07:30 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) To prepare for subsequent patches, split xfrm_state_migrate() into two functions: - xfrm_state_migrate_create(): creates the migrated state - xfrm_state_migrate_install(): installs it into the state table splitting will help to avoid SN/IV reuse when migrating AEAD SA. And add const whenever possible. No functional change. Reviewed-by: Sabrina Dubroca Signed-off-by: Antony Antony --- v8->v9: move comment reflow into this patch (Sabrina) v4->v5: added this patch --- include/net/xfrm.h | 11 ++++++++ net/xfrm/xfrm_state.c | 73 +++++++++++++++++++++++++++++++++++++----------= ---- 2 files changed, 64 insertions(+), 20 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 368b1dc22e5c..4137986f15e2 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1895,6 +1895,17 @@ int km_migrate(const struct xfrm_selector *sel, u8 d= ir, u8 type, const struct xfrm_encap_tmpl *encap); struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct = net *net, u32 if_id); +struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, + const struct xfrm_migrate *m, + const struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack); +int xfrm_state_migrate_install(const struct xfrm_state *x, + struct xfrm_state *xc, + const struct xfrm_migrate *m, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, struct xfrm_encap_tmpl *encap, diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 5424f2becbaf..85fd80520184 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1966,8 +1966,8 @@ static inline int clone_security(struct xfrm_state *x= , struct xfrm_sec_ctx *secu } =20 static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *or= ig, - struct xfrm_encap_tmpl *encap, - struct xfrm_migrate *m) + const struct xfrm_encap_tmpl *encap, + const struct xfrm_migrate *m) { struct net *net =3D xs_net(orig); struct xfrm_state *x =3D xfrm_state_alloc(net); @@ -2125,12 +2125,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n } EXPORT_SYMBOL(xfrm_migrate_state_find); =20 -struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, - struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, - struct net *net, - struct xfrm_user_offload *xuo, - struct netlink_ext_ack *extack) +struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, + const struct xfrm_migrate *m, + const struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 @@ -2145,24 +2145,57 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_s= tate *x, if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) goto error; =20 - /* add state */ + return xc; +error: + xc->km.state =3D XFRM_STATE_DEAD; + xfrm_state_put(xc); + return NULL; +} +EXPORT_SYMBOL(xfrm_state_migrate_create); + +int xfrm_state_migrate_install(const struct xfrm_state *x, + struct xfrm_state *xc, + const struct xfrm_migrate *m, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) +{ if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { - /* a care is needed when the destination address of the - state is to be updated as it is a part of triplet */ + /* + * Care is needed when the destination address + * of the state is to be updated as it is a part of triplet. + */ xfrm_state_insert(xc); } else { - if (xfrm_state_add(xc) < 0) - goto error_add; + if (xfrm_state_add(xc) < 0) { + if (xuo) + xfrm_dev_state_delete(xc); + xc->km.state =3D XFRM_STATE_DEAD; + xfrm_state_put(xc); + return -EEXIST; + } } =20 + return 0; +} +EXPORT_SYMBOL(xfrm_state_migrate_install); + +struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, + struct xfrm_migrate *m, + struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) +{ + struct xfrm_state *xc; + + xc =3D xfrm_state_migrate_create(x, m, encap, net, xuo, extack); + if (!xc) + return NULL; + + if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) + return NULL; + return xc; -error_add: - if (xuo) - xfrm_dev_state_delete(xc); -error: - xc->km.state =3D XFRM_STATE_DEAD; - xfrm_state_put(xc); - return NULL; } EXPORT_SYMBOL(xfrm_state_migrate); #endif --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AE7E33C0A11; Tue, 26 May 2026 19:08:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822500; cv=none; b=f5Le/RixGbgUNM/kEaJwPs71KEmF6IwHfjvhQiuuivjBwmO+S+vAeZbL8nImmjvyCxVrbURjfZ9nmheIBlicLbVENkPWtLrbuxSV3thZWoE7c6YE5NaeG1PFcKHns4zkWsfc4HecN9VWx8Km17e3yblgtXATgS97IehVobUWS+w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822500; c=relaxed/simple; bh=ZVU6BMMyLsMwEL3kp4Mh9bfYUhXA+tt043PdfGzDCW4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YRgrLMB0UjWqcNbSe455b+t99J2BfXf3/FhdEnJ1Bn5/Gd1wz95W4PbGtX7E1F3guTNXv3jJW6ax3aVBJ0d7H6lwo636cl0BAJzNjlK3qI7h3Do7TC+IAIC7ODtB4t2VS5oqEHc9r3MEjR5fIjWS9OI6EebMBEQ0BtKmDGUMxJU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=vCrvoO4v; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="vCrvoO4v" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 8A2FB201E4; Tue, 26 May 2026 21:08:17 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfymSei_Q92h; Tue, 26 May 2026 21:08:17 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 0250E201A7; Tue, 26 May 2026 21:08:17 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 0250E201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822497; bh=iEM84ja9LZz8SPIA1eC0292mPOIeL9QVu+IHxo9TP0w=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=vCrvoO4vKJk8i82lZuch6IveoC8OlTu5qUD7K2IlFBxHjbIsYn43k9Rt4WIvQX793 2TxCs0iz0b523ekJ8cYXC/+2QBrvXZAE14G5q3ZcyH7WhbG+LwS84S3leRJqWVIUYE NmGBrYvfjUbn6QkQnElIgHw50zEWnaGv6/T6l2y5pj4/xMGNj90MyJpvpLVtrYVGYt 9sVNNHIp2s3xpu3CHTHSoaNVXmaSae2swb2pj8sbb+geTRLeJdj0BAUBGiYozfbSA0 psellgTqhDBEbGEs66IgQ6FZx3gA1NsS1oegtVeWh8gxPGYzIs0TK0FgizjnaRM4vD vndfSVJD2t7jA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:08:02 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 07/16] xfrm: check family before comparing addresses in migrate Date: Tue, 26 May 2026 21:07:43 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) When migrating between different address families, xfrm_addr_equal() cannot meaningfully compare addresses, different lengths. Only call xfrm_addr_equal() when families match, and take the xfrm_state_insert() path when addresses are equal. Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint addr= ess(es)") Signed-off-by: Antony Antony --- v8->v9: remove comment reflow, moved to previous patch (Sabrina) v5->v6: added this patch --- net/xfrm/xfrm_state.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 85fd80520184..327a855253e6 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2159,10 +2159,11 @@ int xfrm_state_migrate_install(const struct xfrm_st= ate *x, struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { - if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { + if (m->new_family =3D=3D m->old_family && + xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { /* - * Care is needed when the destination address - * of the state is to be updated as it is a part of triplet. + * Care is needed when the destination address of the state is + * to be updated as it is a part of triplet. */ xfrm_state_insert(xc); } else { --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 45A073C09F8; Tue, 26 May 2026 19:08:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822513; cv=none; b=FaVl8oLSeDV9sBU95wKNc31lm6MB0cUC4tI46vIXo0/HHjm7cL8bDWtGXGUVCbMfIU1l2Gt0oDl1bsmDqTqYic3ZVfM8OY+dSerucTxnR9jSwPPwmxstHXMuio5RjVzmLQBsUsgCy4A3ZZGBVB4lrtA8EDNncMFgGhVVNYmD2No= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822513; c=relaxed/simple; bh=/xOhxfAvktLqrl487vd1De5bZe22caKuH7jFjEXOwv4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RfsgultMlWCqiCMonck3wekeIDGsvkQ//wSljNauA06nz6bYXFdGZF0iWoYEBWnCYZ2/JlNCNqDfMKv/PKFkyU8Q69+zluaKYXS/RcNYgxzOSwzo+Bnly5SnWJvUbxxnJFPiwGmKgA4d4lc/VYnOmiQkj9jF+BpT2nCLquCHJ5s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=IUkgnfQT; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="IUkgnfQT" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 08BDF201E4; Tue, 26 May 2026 21:08:31 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12cvxuDGD8cR; Tue, 26 May 2026 21:08:30 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 41A66201A7; Tue, 26 May 2026 21:08:30 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 41A66201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822510; bh=qu6EWOPrCSZgNx/xfDQ43EMucg5M59PsSb5NL6DVhA0=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=IUkgnfQTzM+o+DcWKNcwziNnjLyy1z/DJ52GzqqE5Ayi/mjzyZT84lPAFGe7xajed 8k/mOIT8SS9MxtoxqAOpAAWh5BcTrYiezF4QDMMW1w2mzhfxVnQc4Jtb3lHkA6VTc/ LqDzxOEg+JMeu9NdZDtSr7XTMgr+G9+q1qrysfmaof8vJIhAfsmj90fIiij2WElfkn dZ86xuh1DqUCpV8FCaExjsxT7WHvH4aRstfNIgfnQ4fI0dvd1see2lGZ4AcDtOshhR v09S/AEV9dDpcALGM5jpvvDLJpznz+FPF8b1pf5IVyd+5/SF8tS8EuiCDXZaWv8gda KdwKOWmWpCvEg== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:08:27 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 08/16] xfrm: add state synchronization after migration Date: Tue, 26 May 2026 21:08:17 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) Add xfrm_migrate_sync() to copy curlft and replay state from the old SA to the new one before installation. The function allocates no memory, so it can be called under a spinlock. In preparation for a subsequent patch in this series. A subsequent patch calls this under x->lock, atomically capturing the latest lifetime counters and replay state from the original SA and deleting it in the same critical section to prevent SN/IV reuse for XFRM_MSG_MIGRATE_STATE method. No functional change. Signed-off-by: Antony Antony --- v6->v7: - rephrase commit message v5->v6: - move the sync before install to avoid overwriting v4->v5: - added this patch --- include/net/xfrm.h | 46 +++++++++++++++++++++++++++++++++++++--------- net/xfrm/xfrm_state.c | 11 ++++------- 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4137986f15e2..be22c26e4661 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -2024,23 +2024,51 @@ static inline unsigned int xfrm_replay_state_esn_le= n(struct xfrm_replay_state_es =20 #ifdef CONFIG_XFRM_MIGRATE static inline int xfrm_replay_clone(struct xfrm_state *x, - struct xfrm_state *orig) + const struct xfrm_state *orig) { + /* Counters synced later in xfrm_replay_sync() */ =20 - x->replay_esn =3D kmemdup(orig->replay_esn, + x->replay =3D orig->replay; + x->preplay =3D orig->preplay; + + if (orig->replay_esn) { + x->replay_esn =3D kmemdup(orig->replay_esn, xfrm_replay_state_esn_len(orig->replay_esn), GFP_KERNEL); - if (!x->replay_esn) - return -ENOMEM; - x->preplay_esn =3D kmemdup(orig->preplay_esn, - xfrm_replay_state_esn_len(orig->preplay_esn), - GFP_KERNEL); - if (!x->preplay_esn) - return -ENOMEM; + if (!x->replay_esn) + return -ENOMEM; + x->preplay_esn =3D kmemdup(orig->preplay_esn, + xfrm_replay_state_esn_len(orig->preplay_esn), + GFP_KERNEL); + if (!x->preplay_esn) + return -ENOMEM; + } =20 return 0; } =20 +static inline void xfrm_replay_sync(struct xfrm_state *x, const struct xfr= m_state *orig) +{ + x->replay =3D orig->replay; + x->preplay =3D orig->preplay; + + if (orig->replay_esn) { + memcpy(x->replay_esn, orig->replay_esn, + xfrm_replay_state_esn_len(orig->replay_esn)); + + memcpy(x->preplay_esn, orig->preplay_esn, + xfrm_replay_state_esn_len(orig->preplay_esn)); + } +} + +static inline void xfrm_migrate_sync(struct xfrm_state *x, + const struct xfrm_state *orig) +{ + /* called under lock so no race conditions or mallocs allowed */ + memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft)); + xfrm_replay_sync(x, orig); +} + static inline struct xfrm_algo_aead *xfrm_algo_aead_clone(struct xfrm_algo= _aead *orig) { return kmemdup(orig, aead_len(orig), GFP_KERNEL); diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 327a855253e6..fcf6f0c6400d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2027,10 +2027,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, goto error; } =20 - if (orig->replay_esn) { - if (xfrm_replay_clone(x, orig)) - goto error; - } + if (xfrm_replay_clone(x, orig)) + goto error; =20 memcpy(&x->mark, &orig->mark, sizeof(x->mark)); memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); @@ -2043,11 +2041,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, x->tfcpad =3D orig->tfcpad; x->replay_maxdiff =3D orig->replay_maxdiff; x->replay_maxage =3D orig->replay_maxage; - memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft)); x->km.state =3D orig->km.state; x->km.seq =3D orig->km.seq; - x->replay =3D orig->replay; - x->preplay =3D orig->preplay; x->lastused =3D orig->lastused; x->new_mapping =3D 0; x->new_mapping_sport =3D 0; @@ -2193,6 +2188,8 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_sta= te *x, if (!xc) return NULL; =20 + xfrm_migrate_sync(xc, x); + if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) return NULL; =20 --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BE093C09E9; Tue, 26 May 2026 19:08:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822529; cv=none; b=DoZQhpwiSogJvQe3vNQ/5BpyOlHPxE8UpY19Xja2pSsVvTn5PSdnBfLYvB5UCVCdiM1qu4QRalb7v42GKuYviSaSdFP+XKV2WfmUcv3konny+JZU2UEvHzOMPxpOhSsm9oCzkMZwfcy5i5VjIXJx7b4pYC1OVOqXXTsRVrp2jj8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822529; c=relaxed/simple; bh=qVIMtFwXwYDocepA3+PVGiSO21SwkfhHvSToTF0QboA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dwjxvVFy7XxRZ9mMYeBrwF08mHXNBxak0xOcnco5sxXEYFcTg6aHh0fmijson53Aqul4upktrRtiv2CvEDi4ci3OeSTyPhkf1/4o3AaNlXdRjkhg9ItBiJNePWLRasCVrszf3iqfdt47/y6KWK7ybDt3GJiYRkzB9uIjbGK/U6w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=JlkxaO5u; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="JlkxaO5u" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 0C904201E4; Tue, 26 May 2026 21:08:47 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MhxqY0SGATXv; Tue, 26 May 2026 21:08:46 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 75299201A7; Tue, 26 May 2026 21:08:46 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 75299201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822526; bh=BV8GxDiIawzrv8Vy3v1rmPvKOQeKFEpIv8exqz4d6J8=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=JlkxaO5uabYCqy4q/rYj6V1S7zbMSYfNI0dEnIsGCdu0GqaUZW5o2QDgNxadh0oIP scfcQ0P5xcPfoZWSzOAdgf/dcwvH5aLt3gmVvYfUp6oNcTTSLCPFAewo+cHlcGuxxF hhfiQJREv+EO1E+UhchmnZ867WyyrobrLXdzgHvd+/MHRPoY/7P54v6iStE2mnsDnB z8aYAVeobwgdt3ccw5v3gbzIEqjDYZvsvXuMcazpVX4gLOzGLtQn8MWsdW72bw2Uzl 4w/ROrKHDhLXBXL0WaOrHgqDnVE/AxiPBhow/ZkVd2MD7zSv0vOUtgNrYHX7lBrQRv YJoAEeutAB7eA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:08:43 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 09/16] xfrm: add error messages to state migration Date: Tue, 26 May 2026 21:08:29 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) Add descriptive(extack) error messages for all error paths in state migration. This improves diagnostics by providing clear feedback when migration fails. After xfrm_init_state() use NL_SET_ERR_MSG_WEAK() as fallback for error paths not yet propagating extack e.g. mode_cbs->init_state() No functional change. Reviewed-by: Sabrina Dubroca Signed-off-by: Antony Antony --- v5->v6: - in case dev_state_add() extack already set - after xfrm_init_state() use NL_SET_ERR_MSG_WEAK() as fallback v4->v5: - added this patch --- net/xfrm/xfrm_state.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index fcf6f0c6400d..1db48ecda80d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2130,11 +2130,15 @@ struct xfrm_state *xfrm_state_migrate_create(struct= xfrm_state *x, struct xfrm_state *xc; =20 xc =3D xfrm_state_clone_and_setup(x, encap, m); - if (!xc) + if (!xc) { + NL_SET_ERR_MSG(extack, "Failed to clone and setup state"); return NULL; + } =20 - if (xfrm_init_state(xc, extack) < 0) + if (xfrm_init_state(xc, extack) < 0) { + NL_SET_ERR_MSG_WEAK(extack, "Failed to initialize migrated state"); goto error; + } =20 /* configure the hardware if offload is requested */ if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) @@ -2163,6 +2167,7 @@ int xfrm_state_migrate_install(const struct xfrm_stat= e *x, xfrm_state_insert(xc); } else { if (xfrm_state_add(xc) < 0) { + NL_SET_ERR_MSG(extack, "Failed to add migrated state"); if (xuo) xfrm_dev_state_delete(xc); xc->km.state =3D XFRM_STATE_DEAD; --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B00DB3C09F2; Tue, 26 May 2026 19:09:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822542; cv=none; b=hjpjy25M5yq2ue0nnigKBNrUkT183b8CTL29Frgy9o5E7wyXh1k8UY99Gu7WSbKoLKeM6gTOfywZbgacUBoeu9H0F3HJ68ydazvfCDW7xZvcozJbtZ6MsjL0gKHYSG8vjOmysluWTg5pyZX9GsoBVpa71RRfMIuSM2uPEvB/NzY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822542; c=relaxed/simple; bh=NTAch4D5jBFSMySVvg+WDaVb0K/DxovDszZRCDtxKuI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QTdMGkIgP854gKNx2HTqc630Vq308hDvBnResKgdxRRVCgDi+2QSEGGe6Mfju8xWXL7suiVabeGOVvmM+HwCbxS1VMVZTl/XmfycZmteG58ElnIyjVrKMjI+1kjJQ/lMXF9HGz+MKC9c68CxxlLwDQgOgh/EkXdwclx3JL3iB1o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=KvMX2ei3; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="KvMX2ei3" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 8B577201A7; Tue, 26 May 2026 21:08:59 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id atYQEA5oQPyw; Tue, 26 May 2026 21:08:58 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id C7B69201E4; Tue, 26 May 2026 21:08:58 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com C7B69201E4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822538; bh=JHWI0Q9M2gs80xBuCSI66Hkv6tF6WuTEW+YBHqZguGE=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=KvMX2ei33lXwEv7p8hnzVp+apZwng5nQ3E/f+A0gisE2aH8lg6N5W68c5ncXavwIb Am3/5Eip2oqPMt2FC+xADrBoI7piQJd1C6vRflzIVWCml8dD71FqoKLlXuIgWuoErR gLKCAHyT0gasr2QiUPCy9lfKwnLPGBuJQcq0//nMzr4b2W8lXTTw2pWq5PZGyeJFAT cFHI8XgW5EA4FtbOD59JWVtzuZeGWO1qWw0OpX+Q2BYFtCDgtBHFeXDy+u/pcVVybo W0Q6L8ogi4fDfy2+4WMQFy7+lSV1WfRTxSjInKdKWyLRGMPBc41cuULxmhkbKfF/uL NKxxwE6jp647g== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:08:56 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 10/16] xfrm: move encap and xuo into struct xfrm_migrate Date: Tue, 26 May 2026 21:08:46 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) In preparation for an upcoming patch, move the xfrm_encap_tmpl and xfrm_user_offload pointers from separate parameters into struct xfrm_migrate, reducing the parameter count of xfrm_state_migrate_create(), xfrm_state_migrate_install() and xfrm_state_migrate() The fields are placed after the four xfrm_address_t members where the struct is naturally 8-byte aligned, avoiding padding. No functional change. Reviewed-by: Sabrina Dubroca Signed-off-by: Antony Antony --- v8->v9: fixed the commit message v5->v6: added this patch. --- include/net/xfrm.h | 7 ++----- net/xfrm/xfrm_policy.c | 4 +++- net/xfrm/xfrm_state.c | 20 +++++++------------- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index be22c26e4661..4b29ab92c2a7 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -682,6 +682,8 @@ struct xfrm_migrate { xfrm_address_t old_saddr; xfrm_address_t new_daddr; xfrm_address_t new_saddr; + struct xfrm_encap_tmpl *encap; + struct xfrm_user_offload *xuo; u8 proto; u8 mode; u16 reserved; @@ -1897,20 +1899,15 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n u32 if_id); struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, const struct xfrm_migrate *m, - const struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_state_migrate_install(const struct xfrm_state *x, struct xfrm_state *xc, const struct xfrm_migrate *m, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index fd505adf080e..cf05d778e2dd 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4680,7 +4680,9 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, if ((x =3D xfrm_migrate_state_find(mp, net, if_id))) { x_cur[nx_cur] =3D x; nx_cur++; - xc =3D xfrm_state_migrate(x, mp, encap, net, xuo, extack); + mp->encap =3D encap; + mp->xuo =3D xuo; + xc =3D xfrm_state_migrate(x, mp, net, extack); if (xc) { x_new[nx_new] =3D xc; nx_new++; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 1db48ecda80d..043e573c4f32 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1966,7 +1966,6 @@ static inline int clone_security(struct xfrm_state *x= , struct xfrm_sec_ctx *secu } =20 static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *or= ig, - const struct xfrm_encap_tmpl *encap, const struct xfrm_migrate *m) { struct net *net =3D xs_net(orig); @@ -2008,8 +2007,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, } x->props.calgo =3D orig->props.calgo; =20 - if (encap) { - x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); + if (m->encap) { + x->encap =3D kmemdup(m->encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; x->mapping_maxage =3D orig->mapping_maxage; @@ -2122,14 +2121,12 @@ EXPORT_SYMBOL(xfrm_migrate_state_find); =20 struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, const struct xfrm_migrate *m, - const struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 - xc =3D xfrm_state_clone_and_setup(x, encap, m); + xc =3D xfrm_state_clone_and_setup(x, m); if (!xc) { NL_SET_ERR_MSG(extack, "Failed to clone and setup state"); return NULL; @@ -2141,7 +2138,7 @@ struct xfrm_state *xfrm_state_migrate_create(struct x= frm_state *x, } =20 /* configure the hardware if offload is requested */ - if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) + if (m->xuo && xfrm_dev_state_add(net, xc, m->xuo, extack)) goto error; =20 return xc; @@ -2155,7 +2152,6 @@ EXPORT_SYMBOL(xfrm_state_migrate_create); int xfrm_state_migrate_install(const struct xfrm_state *x, struct xfrm_state *xc, const struct xfrm_migrate *m, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { if (m->new_family =3D=3D m->old_family && @@ -2168,7 +2164,7 @@ int xfrm_state_migrate_install(const struct xfrm_stat= e *x, } else { if (xfrm_state_add(xc) < 0) { NL_SET_ERR_MSG(extack, "Failed to add migrated state"); - if (xuo) + if (m->xuo) xfrm_dev_state_delete(xc); xc->km.state =3D XFRM_STATE_DEAD; xfrm_state_put(xc); @@ -2182,20 +2178,18 @@ EXPORT_SYMBOL(xfrm_state_migrate_install); =20 struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 - xc =3D xfrm_state_migrate_create(x, m, encap, net, xuo, extack); + xc =3D xfrm_state_migrate_create(x, m, net, extack); if (!xc) return NULL; =20 xfrm_migrate_sync(xc, x); =20 - if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) + if (xfrm_state_migrate_install(x, xc, m, extack) < 0) return NULL; =20 return xc; --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 246923C0A1D; Tue, 26 May 2026 19:09:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822554; cv=none; b=EOKTGrLiWeCpgwyTdQfyO4K8ZfQV/5AB9ag4JykWiqzg2pulFyWvi/K2FTBoIE+vVx0NQZBhWp8yDYJYMVmNvxrVnDzANU3hUYb630dt06bOUa3NVb+10dh/EgiG2L4Jvw2rhggVcG4HkFl2L4Z1m/vdF4dyLfnq7nwSIIN46K4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822554; c=relaxed/simple; bh=mNC+qFCIm3S+Cqcjrl1alQUoBlH4etYwZGdgmKgRD5k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=cAnXzpqC178qaBUobTnd+GGiGmnv4l3CArT1bqBohVBZWAyjSdd0rqHN9Lm5qi4yK/7sRGkQh+9fJ7+JZP6kdkL1Wy/S9b80gsQLsFcg2qMylgY0ugShpdtkfrv5f5Xt4eGCY9EurTTGRF50M7Hd8cyX/BH1Thk0JbJGSSUzUf4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=xwgukfVH; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="xwgukfVH" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id C6BFC201E4; Tue, 26 May 2026 21:09:11 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JAq4uVN8dKe; Tue, 26 May 2026 21:09:11 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 3FCD4201A7; Tue, 26 May 2026 21:09:11 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 3FCD4201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822551; bh=OHxEm3OzaP2lf7ce9tWGy8l3TbqkgIeNjP3xVUN5uOQ=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=xwgukfVHN1Y/JampL/LE49AbQvJI63T4tQOALXDo3o0Zbx6aEBM8wLot0EhhmNSA4 oHFhUvcX4fbeKjHhQnEptKJKu33koSXVAc6i8hIdcKHMcAgOvUY7CoDK9pn7VNFfJd pLMyE8KVEY4pbSd4gF+3F9J5P6VU48HWGXJV1uBMHcNGyEM0wHKGBdcucohkhF9nxt yDnNTjvfO90T2CMYNQW6uoJYHxyU20JxsuHwuU9fjsESepXEy6E1FFC0WMdEzm2HH1 R8dQK4LLBN1E+kTK7V3iBsyoXtxau86ck3wKcYF06xvvso78vbsjQganPO0Eg1pDBP M16pZXkwWW7Sg== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:09:08 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 11/16] xfrm: refactor XFRMA_MTIMER_THRESH validation into a helper Date: Tue, 26 May 2026 21:08:58 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) Extract verify_mtimer_thresh() to consolidate the XFRMA_MTIMER_THRESH validation logic shared between the add_sa and upcoming patch. Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_user.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 273ea6fdb8ad..03fa4cabf601 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -248,6 +248,22 @@ static inline int verify_replay(struct xfrm_usersa_inf= o *p, return 0; } =20 +static int verify_mtimer_thresh(bool has_encap, u8 dir, + struct netlink_ext_ack *extack) +{ + if (!has_encap) { + NL_SET_ERR_MSG(extack, + "MTIMER_THRESH requires encapsulation"); + return -EINVAL; + } + if (dir =3D=3D XFRM_SA_DIR_OUT) { + NL_SET_ERR_MSG(extack, + "MTIMER_THRESH should not be set on output SA"); + return -EINVAL; + } + return 0; +} + static int verify_newsa_info(struct xfrm_usersa_info *p, struct nlattr **attrs, struct netlink_ext_ack *extack) @@ -455,18 +471,9 @@ static int verify_newsa_info(struct xfrm_usersa_info *= p, err =3D 0; =20 if (attrs[XFRMA_MTIMER_THRESH]) { - if (!attrs[XFRMA_ENCAP]) { - NL_SET_ERR_MSG(extack, "MTIMER_THRESH attribute can only be set on ENCA= P states"); - err =3D -EINVAL; - goto out; - } - - if (sa_dir =3D=3D XFRM_SA_DIR_OUT) { - NL_SET_ERR_MSG(extack, - "MTIMER_THRESH attribute should not be set on output SA"); - err =3D -EINVAL; + err =3D verify_mtimer_thresh(!!attrs[XFRMA_ENCAP], sa_dir, extack); + if (err) goto out; - } } =20 if (sa_dir =3D=3D XFRM_SA_DIR_OUT) { --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1673C3C0A02; Tue, 26 May 2026 19:09:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822578; cv=none; b=WNxjlhc+z5ZFGCwykv0Gu4qBvIUdANSQWS3/gitbSw3+Q0AgYXwtKlDhAeNrmkWCK2J2K//n1jj3op4prt6JfeeiJUxsWtyCpwIhkYfGPn3Y6rhoRtFNeknK8QArsCNNskbNA5nRuwn0h87GhdT8/dEHkUvjDLmN4K1fu8dYOf0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822578; c=relaxed/simple; bh=Vd++UfMYvfaF6t5n1K1xAA3H7hqr8weRMZwjufIPc/o=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=t1JBmiheUFz79N6D3gTfofdBue6xDDrdrtIadt7UyDu0ts71dD+JuGtVBKSxxXJYBMAc2k9TmYr20SQoDncsVZdw5sL1qMG2x8TaEZ+rOkgPk9echzpvNSPRP0IXDmIpn7959v5cyAGw8cOiaXfUMdHJXj4WemUnukTCRy4rZZM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=vRmAqqkG; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="vRmAqqkG" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id E2A2B201E4; Tue, 26 May 2026 21:09:35 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g4rNe8x33Rvj; Tue, 26 May 2026 21:09:35 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 41E02201A7; Tue, 26 May 2026 21:09:35 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 41E02201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822575; bh=7DPq9/2B4vF3MKSp537Hr2VkAQP5UgbFFSDcpUOeuA4=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=vRmAqqkGPhT1N1KtLT7quo+XEkfZ6SKrPFE/YG6Nq3KWWet+STT5VOtntGvYmcLwd iFujROPs4eMNKba9UGJeaaBBXKWSha+7Ge8b5eewDxNQ6lEufKvC2Ap2UZV97qV61c Vbs16sTkOre0VP88BUTQUHpnqiRY0XlmpJREHkEQ+1vR/2m+LvCN4hS+Vnr82shRjM XDWm6X0R+FrAujBw0+gBN7OWYtlb3W7AErJBPeVXKnh2cJV6V3Dpn6yMEpISIZkHlf Rlkq41oKQ/QkfZaN7aRIWPrgsaX62iuvlsBqXQ4oz1DDv29TDy6KNR4sQwG0rfM0n7 TSiv73/sccTaQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:09:23 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 12/16] xfrm: extract address family and selector validation helpers Date: Tue, 26 May 2026 21:09:10 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) Extract verify_xfrm_family() and verify_selector_prefixlen() from verify_newsa_info() to allow reuse by other netlink handlers. verify_xfrm_family() validates that a given address family is AF_INET or AF_INET6 (with CONFIG_IPV6 guard). verify_selector_prefixlen() validates that the selector prefix lengths are within the bounds for the given address family. No functional change. Signed-off-by: Antony Antony --- v8->v9: added this patch --- net/xfrm/xfrm_user.c | 80 +++++++++++++++++++++++++++++-------------------= ---- 1 file changed, 44 insertions(+), 36 deletions(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 03fa4cabf601..c7ae670212a9 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -264,66 +264,74 @@ static int verify_mtimer_thresh(bool has_encap, u8 di= r, return 0; } =20 -static int verify_newsa_info(struct xfrm_usersa_info *p, - struct nlattr **attrs, - struct netlink_ext_ack *extack) +static int verify_xfrm_family(u16 family, struct netlink_ext_ack *extack) { - int err; - u8 sa_dir =3D nla_get_u8_default(attrs[XFRMA_SA_DIR], 0); - u16 family =3D p->sel.family; - - err =3D -EINVAL; - switch (p->family) { + switch (family) { case AF_INET: - break; - + return 0; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) - break; + return 0; #else - err =3D -EAFNOSUPPORT; NL_SET_ERR_MSG(extack, "IPv6 support disabled"); - goto out; + return -EAFNOSUPPORT; #endif - default: NL_SET_ERR_MSG(extack, "Invalid address family"); - goto out; + return -EINVAL; } +} =20 - if (!family && !(p->flags & XFRM_STATE_AF_UNSPEC)) - family =3D p->family; - +static int verify_selector_prefixlen(u16 family, + const struct xfrm_selector *sel, + struct netlink_ext_ack *extack) +{ switch (family) { case AF_UNSPEC: - break; - + return 0; case AF_INET: - if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) { - NL_SET_ERR_MSG(extack, "Invalid prefix length in selector (must be <=3D= 32 for IPv4)"); - goto out; + if (sel->prefixlen_d > 32 || sel->prefixlen_s > 32) { + NL_SET_ERR_MSG(extack, + "Invalid prefix length in selector (must be <=3D 32 for IPv4)"); + return -EINVAL; } - - break; - + return 0; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) - if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) { - NL_SET_ERR_MSG(extack, "Invalid prefix length in selector (must be <=3D= 128 for IPv6)"); - goto out; + if (sel->prefixlen_d > 128 || sel->prefixlen_s > 128) { + NL_SET_ERR_MSG(extack, + "Invalid prefix length in selector (must be <=3D 128 for IPv6)"= ); + return -EINVAL; } - - break; + return 0; #else NL_SET_ERR_MSG(extack, "IPv6 support disabled"); - err =3D -EAFNOSUPPORT; - goto out; + return -EAFNOSUPPORT; #endif - default: NL_SET_ERR_MSG(extack, "Invalid address family in selector"); - goto out; + return -EINVAL; } +} + +static int verify_newsa_info(struct xfrm_usersa_info *p, + struct nlattr **attrs, + struct netlink_ext_ack *extack) +{ + int err; + u8 sa_dir =3D nla_get_u8_default(attrs[XFRMA_SA_DIR], 0); + u16 family =3D p->sel.family; + + err =3D verify_xfrm_family(p->family, extack); + if (err) + goto out; + + if (!family && !(p->flags & XFRM_STATE_AF_UNSPEC)) + family =3D p->family; + + err =3D verify_selector_prefixlen(family, &p->sel, extack); + if (err) + goto out; =20 err =3D -EINVAL; switch (p->id.proto) { --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04E142868A7; Tue, 26 May 2026 19:09:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822595; cv=none; b=RlgpjsWFtioDdHiWfKCk1VSFh4StjQKahzCsyitQVUQiueT650OzqD6uK9TN2p9AiqRibQ0nU6l5DKzVaGf9oVHPkVPl5aFuv1k1yuyJdD9bzghmCNvbgjETUEVC0J3CcQl3kBDFAVt9eFGOxjKonOOCPSuR6A6124SDkDf5Ka8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822595; c=relaxed/simple; bh=SouvUScu2PCbbpV9Hns0wg8JBsGgSXV8hSDzyx9TX2k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Ha+Q+3dD7bdgoJiMKBLPFnVTKr9HyWtbp+LEGlriOumD4xBmEPujjm0I6Ah6NcLllY01MUN1Epm2fARiKPxpKCGBe1aJWKoANOEbuE0M0Tbjy+NMzSVoPiNAqgcmnr1EjXHOre20Uk33x4ziOHHETlsKF4ZfOtzEXQNBbSVErHU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=NzCkMfF7; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="NzCkMfF7" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 8A802201E4; Tue, 26 May 2026 21:09:52 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ug9bajcQjoPx; Tue, 26 May 2026 21:09:52 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 02F34201A7; Tue, 26 May 2026 21:09:52 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 02F34201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822592; bh=MpdTDbyzRfDw9Bco0ldUvXvBd41GjVNe/9C4O6DG+Nc=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=NzCkMfF7YkuMiIHzWAQPcGpmq6idG4n8Osmaz1br5CbotHNFPmIncG4vsK40+6Mbs 6z46G48wFoZTo9m9Lw2J1ysFvSn0FMST3nSfhWWaSJJBZNNnflazj6zbPx+qm1qxWG jY2Xbdvnxycg5lZv636xx2qbwy1JHuNAtDHyhI804+RGYZTRtSS3Q1jzGgcOBvHeLJ msetf1a8kL1SpYGAHZ4ad53w7HR5iqCEXNUsyrgy98/4V//t2h8OVYlg322RzPEN2s kwVh0uH3AFGg+CSZ+rqrg6d4SEOA1yPTDsBtVYsgBGFOeVBqoWptIQqEujrwZUABk/ 8yZFLzPNnbVmw== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:09:46 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 13/16] xfrm: make xfrm_dev_state_add xuo parameter const Date: Tue, 26 May 2026 21:09:35 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) The xuo pointer is not modified by xfrm_dev_state_add(); make it const. Signed-off-by: Antony Antony --- v8->v9 : added this patch --- include/net/xfrm.h | 6 ++++-- net/xfrm/xfrm_device.c | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4b29ab92c2a7..5515c7b10020 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -2104,7 +2104,7 @@ void xfrm_dev_resume(struct sk_buff *skb); void xfrm_dev_backlog(struct softnet_data *sd); struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t = features, bool *again); int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, - struct xfrm_user_offload *xuo, + const struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_dev_policy_add(struct net *net, struct xfrm_policy *xp, struct xfrm_user_offload *xuo, u8 dir, @@ -2175,7 +2175,9 @@ static inline struct sk_buff *validate_xmit_xfrm(stru= ct sk_buff *skb, netdev_fea return skb; } =20 -static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x= , struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) +static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, + const struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) { return 0; } diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 550457e4c4f0..630f3dd31cc5 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -229,7 +229,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb,= netdev_features_t featur EXPORT_SYMBOL_GPL(validate_xmit_xfrm); =20 int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, - struct xfrm_user_offload *xuo, + const struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { int err; --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 069C73C09EE; Tue, 26 May 2026 19:10:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822609; cv=none; b=Y1HpKbVkHJxcsSfk+mLhX3jYSz5Li36v4zOUTz5o2tV8cYTyO2klBShvADVv8SUMFTddqpoE8odaTzSQ1FiwF7abUEsK3r6xiCa172h83gJrpvWxAD5oDcJi+Kmf/sn2pxyx7kTT4442M0X/MxMRdZJkWnynr69J5OySw3XLSvI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822609; c=relaxed/simple; bh=QK2i2Bq/nhF7aHlB6JXUdD5jlE9VPleL08UE+bghHaA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=BojA/M6h5lmsaB24m2K8hd2jr4AL01qIbT3iL+3QRsoTezx1xeKn46CMtvB+8ujtTSYfaDq+OzEBz9v1IwAotvrslq2aR7K1E5RwnFJqf8Rk/oU8dG4ITzNIzh+OLNDT6QIgo7qI2+3DNHORbc04Woi+lS9Wuv8EAjiAX3WzXX8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=hSrmOQXD; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="hSrmOQXD" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id ACC1D201E4; Tue, 26 May 2026 21:10:05 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id usiG9SscpfnC; Tue, 26 May 2026 21:10:04 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 32807201A7; Tue, 26 May 2026 21:10:04 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 32807201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822604; bh=Ws2Sfofwv0srySFvtnHog6qEye1UezUgWfDfvVO8HsY=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=hSrmOQXDdtEoyuwZvzM94uk2CIwhvkpZ5sx5mK07V4QWRiXb2tke+V0EbkfTdf9sr W3mCqlQrQ8pz/9nlybeYkjsy+tpz1uFawV/YEUugi+PMHoa+cYTKIQG2YbY8nI/VFK 6o8E1+hevzjipzIUW+nYdDuHiMslOqbK7JEDwdWH+PJK29JMiFKASei8N3SSjFQhS0 cb8yfprDu0cUOvBlvhGEwVS8T/JE8HknhneA5wHNF5BF3TZW0JkqjVG5FpewRx+sKr VDb3zkeu33LzCHSYt87vjYxyCiBmmFIvIm61YGDQv69zFpSqtY26HehcT2rNqUBm+O fyBQFH30fDixQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:10:02 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 14/16] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration Date: Tue, 26 May 2026 21:09:51 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) Add a new netlink method to migrate a single xfrm_state. Unlike the existing migration mechanism (SA + policy), this supports migrating only the SA and allows changing the reqid. The SA is looked up via xfrm_usersa_id, which uniquely identifies it, so old_saddr is not needed. old_daddr is carried in xfrm_usersa_id.daddr. The reqid is invariant in the old migration. Signed-off-by: Antony Antony --- v8->v9: - fix smark size estimate (Steffen) - pass net from caller in xfrm_send_migrate_state()(Steffen: 7e2a4f7ca095) - fix race condition in xfrm_do_migrate_state(): check km.state under x->lock before migrate_sync/delete to prevent concurrent migrations (sashiko AI review) - add XFRM_MIGRATE_STATE_KNOWN_FLAGS to uapi; reject unknown flags with -= EINVAL and extack string - pre-check new SA tuple before migration - add XFRM_MSG_MIGRATE_STATE for single SA migration: SQUASH - add xfrm_compat.c support for XFRM_MSG_MIGRATE_STATE - fix uninitialized msg_type in PF_KEY migrate path - new_mark handling point to x->mark directly, drop new_marks[] array - fix UPDATE_SEL family check to use props.family instead of sel.family - extract xso_to_xuo() helper, fix duplication - drop extra check XFRMA_OFFLOAD_DEV takes precedence - rename XFRM_MIGRATE_STATE_NO_OFFLOAD -> XFRM_MIGRATE_STATE_CLEAR_OFFLOAD - rename XFRM_MIGRATE_STATE_UPDATE_SEL -> XFRM_MIGRATE_STATE_UPDATE_H2H_S= EL - use nla_get_u32_default() when possible - use verify_selector_prefixlen() - split const xfrm_user_offload *xuo cleanup into separate patch (Sabrina) v7->v8: - removed the unknown-flags validation block v6->v7: - add flags field to xfrm_user_migrate_state (based on Sabrina's fe= edback) - add XFRM_MIGRATE_STATE_NO_OFFLOAD (bit 0): suppresses offload - omit-to-inherit; mutually exclusive with XFRMA_OFFLOAD_DEV - zero-initialize struct xfrm_migrate m[XFRM_MAX_DEPTH] - add struct xfrm_selector new_sel to xfrm_user_migrate_state - add XFRM_MIGRATE_STATE_UPDATE_SEL: derive new selector from SA addresses when old selector is a single-host match v5->v6: - (Feedback from Sabrina's review) - reqid change: use xfrm_state_add, not xfrm_state_insert - encap and xuo: use nla_data() directly, no kmemdup needed - notification failure is non-fatal: set extack warning, return 0 - drop state direction, x->dir, check, not required - reverse xmas tree local variable ordering - use NL_SET_ERR_MSG_WEAK for clone failure message - fix implicit padding in xfrm_user_migrate_state uapi struct - support XFRMA_SET_MARK/XFRMA_SET_MARK_MASK in XFRM_MSG_MIGRATE_STATE v4->v5: - set portid, seq in XFRM_MSG_MIGRATE_STATE netlink notification - rename error label to out for clarity - add locking and synchronize after cloning - change some if(x) to if(!x) for clarity - call __xfrm_state_delete() inside the lock - return error from xfrm_send_migrate_state() instead of always returning= 0 v3->v4: preserve reqid invariant for each state migrated v2->v3: free the skb on the error path v1->v2: merged next patch here to fix use uninitialized value - removed unnecessary inline - added const when possible xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration : SQUASH --- include/net/xfrm.h | 10 +- include/uapi/linux/xfrm.h | 25 ++++ net/xfrm/xfrm_compat.c | 5 +- net/xfrm/xfrm_policy.c | 17 +++ net/xfrm/xfrm_state.c | 29 +++- net/xfrm/xfrm_user.c | 333 ++++++++++++++++++++++++++++++++++++++++= +++- security/selinux/nlmsgtab.c | 3 +- 7 files changed, 405 insertions(+), 17 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 5515c7b10020..e2cb2d0e5cee 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -684,12 +684,20 @@ struct xfrm_migrate { xfrm_address_t new_saddr; struct xfrm_encap_tmpl *encap; struct xfrm_user_offload *xuo; + struct xfrm_mark old_mark; + const struct xfrm_mark *new_mark; + struct xfrm_mark smark; u8 proto; u8 mode; - u16 reserved; + u16 msg_type; /* XFRM_MSG_MIGRATE or XFRM_MSG_MIGRATE_STATE */ + u32 flags; u32 old_reqid; + u32 new_reqid; + u32 nat_keepalive_interval; + u32 mapping_maxage; u16 old_family; u16 new_family; + const struct xfrm_selector *new_sel; }; =20 #define XFRM_KM_TIMEOUT 30 diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h index a23495c0e0a1..051f8066efd1 100644 --- a/include/uapi/linux/xfrm.h +++ b/include/uapi/linux/xfrm.h @@ -227,6 +227,9 @@ enum { #define XFRM_MSG_SETDEFAULT XFRM_MSG_SETDEFAULT XFRM_MSG_GETDEFAULT, #define XFRM_MSG_GETDEFAULT XFRM_MSG_GETDEFAULT + + XFRM_MSG_MIGRATE_STATE, +#define XFRM_MSG_MIGRATE_STATE XFRM_MSG_MIGRATE_STATE __XFRM_MSG_MAX }; #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) @@ -507,6 +510,28 @@ struct xfrm_user_migrate { __u16 new_family; }; =20 +struct xfrm_user_migrate_state { + struct xfrm_usersa_id id; + xfrm_address_t new_daddr; + xfrm_address_t new_saddr; + struct xfrm_mark old_mark; + struct xfrm_selector new_sel; + __u32 new_reqid; + __u32 flags; + __u16 new_family; + __u16 reserved; +}; + +/* Flags for xfrm_user_migrate_state.flags */ +enum xfrm_migrate_state_flags { + XFRM_MIGRATE_STATE_CLEAR_OFFLOAD =3D 1, /* do not inherit offload from ex= isting SA */ + XFRM_MIGRATE_STATE_UPDATE_H2H_SEL =3D 2, /* update H2H selector from new = daddr/saddr */ +}; + +/* All flags defined as of this header version; unknown bits are rejected.= */ +#define XFRM_MIGRATE_STATE_KNOWN_FLAGS \ + (XFRM_MIGRATE_STATE_CLEAR_OFFLOAD | XFRM_MIGRATE_STATE_UPDATE_H2H_SEL) + struct xfrm_user_mapping { struct xfrm_usersa_id id; __u32 reqid; diff --git a/net/xfrm/xfrm_compat.c b/net/xfrm/xfrm_compat.c index b8d2e6930041..670e3512fc09 100644 --- a/net/xfrm/xfrm_compat.c +++ b/net/xfrm/xfrm_compat.c @@ -94,7 +94,8 @@ static const int compat_msg_min[XFRM_NR_MSGTYPES] =3D { [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] =3D sizeof(u32), [XFRM_MSG_NEWSPDINFO - XFRM_MSG_BASE] =3D sizeof(u32), [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] =3D sizeof(u32), - [XFRM_MSG_MAPPING - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_user_mapping) + [XFRM_MSG_MAPPING - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_user_mapping), + [XFRM_MSG_MIGRATE_STATE - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_user_migrate_= state), }; =20 static const struct nla_policy compat_policy[XFRMA_MAX+1] =3D { @@ -162,6 +163,7 @@ static struct nlmsghdr *xfrm_nlmsg_put_compat(struct sk= _buff *skb, case XFRM_MSG_NEWAE: case XFRM_MSG_REPORT: case XFRM_MSG_MIGRATE: + case XFRM_MSG_MIGRATE_STATE: case XFRM_MSG_NEWSADINFO: case XFRM_MSG_NEWSPDINFO: case XFRM_MSG_MAPPING: @@ -498,6 +500,7 @@ static int xfrm_xlate32(struct nlmsghdr *dst, const str= uct nlmsghdr *src, case XFRM_MSG_GETAE: case XFRM_MSG_REPORT: case XFRM_MSG_MIGRATE: + case XFRM_MSG_MIGRATE_STATE: case XFRM_MSG_NEWSADINFO: case XFRM_MSG_GETSADINFO: case XFRM_MSG_NEWSPDINFO: diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index cf05d778e2dd..1c558362d375 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4643,6 +4643,21 @@ static int xfrm_migrate_check(const struct xfrm_migr= ate *m, int num_migrate, return 0; } =20 +/* + * Fill migrate fields that are invariant in XFRM_MSG_MIGRATE: inherited + * from the existing SA unchanged. XFRM_MSG_MIGRATE_STATE can update these. + */ +static void xfrm_migrate_copy_old(const struct xfrm_state *x, + struct xfrm_migrate *mp) +{ + mp->msg_type =3D XFRM_MSG_MIGRATE; + mp->smark =3D x->props.smark; + mp->new_reqid =3D x->props.reqid; + mp->nat_keepalive_interval =3D x->nat_keepalive_interval; + mp->mapping_maxage =3D x->mapping_maxage; + mp->new_mark =3D &x->mark; +} + int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_migrate, struct xfrm_kmaddress *k, struct net *net, @@ -4682,6 +4697,8 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, nx_cur++; mp->encap =3D encap; mp->xuo =3D xuo; + xfrm_migrate_copy_old(x, mp); + xc =3D xfrm_state_migrate(x, mp, net, extack); if (xc) { x_new[nx_new] =3D xc; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 043e573c4f32..2c738e980b3f 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1974,11 +1974,25 @@ static struct xfrm_state *xfrm_state_clone_and_setu= p(struct xfrm_state *orig, goto out; =20 memcpy(&x->id, &orig->id, sizeof(x->id)); - memcpy(&x->sel, &orig->sel, sizeof(x->sel)); + if (m->msg_type =3D=3D XFRM_MSG_MIGRATE_STATE) { + if (m->flags & XFRM_MIGRATE_STATE_UPDATE_H2H_SEL) { + u8 prefixlen =3D (m->new_family =3D=3D AF_INET6) ? 128 : 32; + + x->sel =3D orig->sel; + x->sel.family =3D m->new_family; + x->sel.prefixlen_d =3D prefixlen; + x->sel.prefixlen_s =3D prefixlen; + x->sel.daddr =3D m->new_daddr; + x->sel.saddr =3D m->new_saddr; + } else { + x->sel =3D *m->new_sel; + } + } else { + x->sel =3D orig->sel; + } memcpy(&x->lft, &orig->lft, sizeof(x->lft)); x->props.mode =3D orig->props.mode; x->props.replay_window =3D orig->props.replay_window; - x->props.reqid =3D orig->props.reqid; =20 if (orig->aalg) { x->aalg =3D xfrm_algo_auth_clone(orig->aalg); @@ -2011,8 +2025,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->encap =3D kmemdup(m->encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; - x->mapping_maxage =3D orig->mapping_maxage; - x->nat_keepalive_interval =3D orig->nat_keepalive_interval; + x->mapping_maxage =3D m->mapping_maxage; + x->nat_keepalive_interval =3D m->nat_keepalive_interval; } =20 if (orig->security) @@ -2029,8 +2043,9 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, if (xfrm_replay_clone(x, orig)) goto error; =20 - memcpy(&x->mark, &orig->mark, sizeof(x->mark)); - memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); + x->mark =3D m->new_mark ? *m->new_mark : m->old_mark; + + x->props.smark =3D m->smark; =20 x->props.flags =3D orig->props.flags; x->props.extra_flags =3D orig->props.extra_flags; @@ -2053,7 +2068,7 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, goto error; } =20 - + x->props.reqid =3D m->new_reqid; x->props.family =3D m->new_family; memcpy(&x->id.daddr, &m->new_daddr, sizeof(x->id.daddr)); memcpy(&x->props.saddr, &m->new_saddr, sizeof(x->props.saddr)); diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index c7ae670212a9..fca7b02e0e02 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1195,6 +1195,16 @@ static int copy_sec_ctx(struct xfrm_sec_ctx *s, stru= ct sk_buff *skb) return 0; } =20 +static void xso_to_xuo(const struct xfrm_dev_offload *xso, + struct xfrm_user_offload *xuo) +{ + xuo->ifindex =3D xso->dev->ifindex; + if (xso->dir =3D=3D XFRM_DEV_OFFLOAD_IN) + xuo->flags =3D XFRM_OFFLOAD_INBOUND; + if (xso->type =3D=3D XFRM_DEV_OFFLOAD_PACKET) + xuo->flags |=3D XFRM_OFFLOAD_PACKET; +} + static int copy_user_offload(struct xfrm_dev_offload *xso, struct sk_buff = *skb) { struct xfrm_user_offload *xuo; @@ -1206,11 +1216,7 @@ static int copy_user_offload(struct xfrm_dev_offload= *xso, struct sk_buff *skb) =20 xuo =3D nla_data(attr); memset(xuo, 0, sizeof(*xuo)); - xuo->ifindex =3D xso->dev->ifindex; - if (xso->dir =3D=3D XFRM_DEV_OFFLOAD_IN) - xuo->flags =3D XFRM_OFFLOAD_INBOUND; - if (xso->type =3D=3D XFRM_DEV_OFFLOAD_PACKET) - xuo->flags |=3D XFRM_OFFLOAD_PACKET; + xso_to_xuo(xso, xuo); =20 return 0; } @@ -1335,7 +1341,7 @@ static int copy_to_user_encap(struct xfrm_encap_tmpl = *ep, struct sk_buff *skb) return 0; } =20 -static int xfrm_smark_put(struct sk_buff *skb, struct xfrm_mark *m) +static int xfrm_smark_put(struct sk_buff *skb, const struct xfrm_mark *m) { int ret =3D 0; =20 @@ -3084,6 +3090,25 @@ static int xfrm_add_acquire(struct sk_buff *skb, str= uct nlmsghdr *nlh, } =20 #ifdef CONFIG_XFRM_MIGRATE +static void copy_from_user_migrate_state(struct xfrm_migrate *ma, + const struct xfrm_user_migrate_state *um) +{ + memcpy(&ma->old_daddr, &um->id.daddr, sizeof(ma->old_daddr)); + memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); + memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); + + ma->proto =3D um->id.proto; + ma->new_reqid =3D um->new_reqid; + + ma->old_family =3D um->id.family; + ma->new_family =3D um->new_family; + + ma->old_mark =3D um->old_mark; + ma->flags =3D um->flags; + ma->new_sel =3D &um->new_sel; + ma->msg_type =3D XFRM_MSG_MIGRATE_STATE; +} + static int copy_from_user_migrate(struct xfrm_migrate *ma, struct xfrm_kmaddress *k, struct nlattr **attrs, int *num, @@ -3123,6 +3148,7 @@ static int copy_from_user_migrate(struct xfrm_migrate= *ma, =20 ma->old_family =3D um->old_family; ma->new_family =3D um->new_family; + ma->msg_type =3D XFRM_MSG_MIGRATE; } =20 *num =3D i; @@ -3133,7 +3159,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struc= t nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { struct xfrm_userpolicy_id *pi =3D nlmsg_data(nlh); - struct xfrm_migrate m[XFRM_MAX_DEPTH]; + struct xfrm_migrate m[XFRM_MAX_DEPTH] =3D {}; struct xfrm_kmaddress km, *kmp; u8 type; int err; @@ -3186,7 +3212,298 @@ static int xfrm_do_migrate(struct sk_buff *skb, str= uct nlmsghdr *nlh, kfree(xuo); return err; } + +static int build_migrate_state(struct sk_buff *skb, + const struct xfrm_user_migrate_state *um, + const struct xfrm_migrate *m, + u8 dir, u32 portid, u32 seq) +{ + int err; + struct nlmsghdr *nlh; + struct xfrm_user_migrate_state *hdr; + + nlh =3D nlmsg_put(skb, portid, seq, XFRM_MSG_MIGRATE_STATE, + sizeof(struct xfrm_user_migrate_state), 0); + if (!nlh) + return -EMSGSIZE; + + hdr =3D nlmsg_data(nlh); + *hdr =3D *um; + hdr->new_sel =3D *m->new_sel; + + if (m->encap) { + err =3D nla_put(skb, XFRMA_ENCAP, sizeof(*m->encap), m->encap); + if (err) + goto out_cancel; + } + + if (m->xuo) { + err =3D nla_put(skb, XFRMA_OFFLOAD_DEV, sizeof(*m->xuo), m->xuo); + if (err) + goto out_cancel; + } + + if (m->new_mark) { + err =3D nla_put(skb, XFRMA_MARK, sizeof(*m->new_mark), + m->new_mark); + if (err) + goto out_cancel; + } + + err =3D xfrm_smark_put(skb, &m->smark); + if (err) + goto out_cancel; + + if (m->mapping_maxage) { + err =3D nla_put_u32(skb, XFRMA_MTIMER_THRESH, m->mapping_maxage); + if (err) + goto out_cancel; + } + + if (m->nat_keepalive_interval) { + err =3D nla_put_u32(skb, XFRMA_NAT_KEEPALIVE_INTERVAL, + m->nat_keepalive_interval); + if (err) + goto out_cancel; + } + + if (dir) { + err =3D nla_put_u8(skb, XFRMA_SA_DIR, dir); + if (err) + goto out_cancel; + } + + nlmsg_end(skb, nlh); + return 0; + +out_cancel: + nlmsg_cancel(skb, nlh); + return err; +} + +static unsigned int xfrm_migrate_state_msgsize(const struct xfrm_migrate *= m, + u8 dir) +{ + return NLMSG_ALIGN(sizeof(struct xfrm_user_migrate_state)) + + (m->encap ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0) + + (m->xuo ? nla_total_size(sizeof(struct xfrm_user_offload)) : 0) + + (m->new_mark ? nla_total_size(sizeof(struct xfrm_mark)) : 0) + + ((m->smark.v | m->smark.m) ? nla_total_size(sizeof(u32)) * 2 : 0) + + (m->mapping_maxage ? nla_total_size(sizeof(u32)) : 0) + + (m->nat_keepalive_interval ? nla_total_size(sizeof(u32)) : 0) + + (dir ? nla_total_size(sizeof(u8)) : 0); /* XFRMA_SA_DIR */ +} + +static int xfrm_send_migrate_state(struct net *net, + const struct xfrm_user_migrate_state *um, + const struct xfrm_migrate *m, + u8 dir, u32 portid, u32 seq) +{ + int err; + struct sk_buff *skb; + + skb =3D nlmsg_new(xfrm_migrate_state_msgsize(m, dir), GFP_ATOMIC); + if (!skb) + return -ENOMEM; + + err =3D build_migrate_state(skb, um, m, dir, portid, seq); + if (err < 0) { + kfree_skb(skb); + return err; + } + + return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE); +} + +static int xfrm_do_migrate_state(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr **attrs, struct netlink_ext_ack *extack) +{ + struct xfrm_user_migrate_state *um =3D nlmsg_data(nlh); + struct net *net =3D sock_net(skb->sk); + struct xfrm_user_offload xuo =3D {}; + struct xfrm_migrate m =3D {}; + struct xfrm_state *xc; + struct xfrm_state *x; + int err; + + if (!um->id.spi) { + NL_SET_ERR_MSG(extack, "Invalid SPI 0x0"); + return -EINVAL; + } + + if (um->reserved) { + NL_SET_ERR_MSG(extack, "Reserved field must be zero"); + return -EINVAL; + } + + if (um->flags & ~XFRM_MIGRATE_STATE_KNOWN_FLAGS) { + NL_SET_ERR_MSG_FMT(extack, "Unknown flags: 0x%x", + um->flags & ~XFRM_MIGRATE_STATE_KNOWN_FLAGS); + return -EINVAL; + } + + err =3D verify_xfrm_family(um->new_family, extack); + if (err) + return err; + + if (!(um->flags & XFRM_MIGRATE_STATE_UPDATE_H2H_SEL)) { + err =3D verify_selector_prefixlen(um->new_sel.family, + &um->new_sel, extack); + if (err) + return err; + } + + copy_from_user_migrate_state(&m, um); + + x =3D xfrm_state_lookup(net, m.old_mark.v & m.old_mark.m, + &um->id.daddr, um->id.spi, + um->id.proto, um->id.family); + if (!x) { + NL_SET_ERR_MSG(extack, "Can not find state"); + return -ESRCH; + } + + if (um->flags & XFRM_MIGRATE_STATE_UPDATE_H2H_SEL) { + u8 prefixlen =3D (x->props.family =3D=3D AF_INET6) ? 128 : 32; + + if (x->sel.prefixlen_s !=3D x->sel.prefixlen_d || + x->sel.prefixlen_d !=3D prefixlen || + !xfrm_addr_equal(&x->sel.daddr, &x->id.daddr, x->props.family) || + !xfrm_addr_equal(&x->sel.saddr, &x->props.saddr, x->props.family)) { + NL_SET_ERR_MSG(extack, + "SA selector is not a single-host match for SA addresses"); + err =3D -EINVAL; + goto out; + } + } + + if (attrs[XFRMA_ENCAP]) { + m.encap =3D nla_data(attrs[XFRMA_ENCAP]); + if (m.encap->encap_type =3D=3D 0) { + m.encap =3D NULL; /* sentinel: remove encap */ + } else if (m.encap->encap_type !=3D UDP_ENCAP_ESPINUDP) { + NL_SET_ERR_MSG(extack, "Unsupported encapsulation type"); + err =3D -EINVAL; + goto out; + } + } else { + m.encap =3D x->encap; /* omit-to-inherit */ + } + + if (attrs[XFRMA_MTIMER_THRESH]) { + err =3D verify_mtimer_thresh(!!m.encap, x->dir, extack); + if (err) + goto out; + } + + if (nla_get_u32_default(attrs[XFRMA_NAT_KEEPALIVE_INTERVAL], 0) && !m.enc= ap) { + NL_SET_ERR_MSG(extack, + "NAT_KEEPALIVE_INTERVAL requires encapsulation"); + err =3D -EINVAL; + goto out; + } + + if (attrs[XFRMA_OFFLOAD_DEV]) { + m.xuo =3D nla_data(attrs[XFRMA_OFFLOAD_DEV]); + } else { + bool inherit_offload =3D !(um->flags & XFRM_MIGRATE_STATE_CLEAR_OFFLOAD); + + if (inherit_offload && x->xso.dev) { + xso_to_xuo(&x->xso, &xuo); + m.xuo =3D &xuo; + } + } + + if (attrs[XFRMA_MARK]) + m.new_mark =3D nla_data(attrs[XFRMA_MARK]); + + if (attrs[XFRMA_SET_MARK]) + xfrm_smark_init(attrs, &m.smark); + else + m.smark =3D x->props.smark; + + m.mapping_maxage =3D nla_get_u32_default(attrs[XFRMA_MTIMER_THRESH], + x->mapping_maxage); + m.nat_keepalive_interval =3D nla_get_u32_default(attrs[XFRMA_NAT_KEEPALIV= E_INTERVAL], + x->nat_keepalive_interval); + + if (m.new_family !=3D um->id.family || + !xfrm_addr_equal(&m.new_daddr, &um->id.daddr, um->id.family)) { + u32 new_mark_key =3D m.new_mark ? m.new_mark->v & m.new_mark->m : + m.old_mark.v & m.old_mark.m; + struct xfrm_state *x_new; + + x_new =3D xfrm_state_lookup(net, new_mark_key, &m.new_daddr, + um->id.spi, um->id.proto, m.new_family); + if (x_new) { + xfrm_state_put(x_new); + NL_SET_ERR_MSG(extack, "New SA tuple already occupied"); + err =3D -EEXIST; + goto out; + } + } + + xc =3D xfrm_state_migrate_create(x, &m, net, extack); + if (!xc) { + NL_SET_ERR_MSG_WEAK(extack, "State migration clone failed"); + err =3D -EINVAL; + goto out; + } + + spin_lock_bh(&x->lock); + if (x->km.state !=3D XFRM_STATE_VALID) { + spin_unlock_bh(&x->lock); + NL_SET_ERR_MSG(extack, "State already deleted"); + err =3D -ESRCH; + goto out_xc; + } + xfrm_migrate_sync(xc, x); /* to prevent SN/IV reuse */ + __xfrm_state_delete(x); + spin_unlock_bh(&x->lock); + + err =3D xfrm_state_migrate_install(x, xc, &m, extack); + if (err < 0) { + /* + * Should not occur: pre-check above ensures the new tuple is + * free under xfrm_cfg_mutex. Both SAs are gone if it does; + * restoring x would risk SN/IV reuse. + */ + goto out; + } + + /* Restore encap cleared by sentinel (type=3D0) during migration. */ + if (attrs[XFRMA_ENCAP]) + m.encap =3D nla_data(attrs[XFRMA_ENCAP]); + + m.new_sel =3D &xc->sel; + m.mapping_maxage =3D xc->mapping_maxage; + m.nat_keepalive_interval =3D xc->nat_keepalive_interval; + + err =3D xfrm_send_migrate_state(net, um, &m, xc->dir, + nlh->nlmsg_pid, nlh->nlmsg_seq); + if (err < 0) { + NL_SET_ERR_MSG(extack, "Failed to send migration notification"); + err =3D 0; + } + +out: + xfrm_state_put(x); + return err; +out_xc: + xc->km.state =3D XFRM_STATE_DEAD; + xfrm_state_put(xc); + xfrm_state_put(x); + return err; +} + #else +static int xfrm_do_migrate_state(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr **attrs, struct netlink_ext_ack *extack) +{ + NL_SET_ERR_MSG(extack, "XFRM_MSG_MIGRATE_STATE is not supported"); + return -ENOPROTOOPT; +} + static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { @@ -3339,6 +3656,7 @@ const int xfrm_msg_min[XFRM_NR_MSGTYPES] =3D { [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] =3D sizeof(u32), [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_userpolicy_defau= lt), [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_userpolicy_defau= lt), + [XFRM_MSG_MIGRATE_STATE - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_user_migrate_s= tate), }; EXPORT_SYMBOL_GPL(xfrm_msg_min); =20 @@ -3432,6 +3750,7 @@ static const struct xfrm_link { [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] =3D { .doit =3D xfrm_get_spdinfo = }, [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] =3D { .doit =3D xfrm_set_default = }, [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] =3D { .doit =3D xfrm_get_default = }, + [XFRM_MSG_MIGRATE_STATE - XFRM_MSG_BASE] =3D { .doit =3D xfrm_do_migrate_= state }, }; =20 static int xfrm_reject_unused_attr(int type, struct nlattr **attrs, diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 2c0b07f9fbbd..655d2616c9d2 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -128,6 +128,7 @@ static const struct nlmsg_perm nlmsg_xfrm_perms[] =3D { { XFRM_MSG_MAPPING, NETLINK_XFRM_SOCKET__NLMSG_READ }, { XFRM_MSG_SETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, { XFRM_MSG_GETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_READ }, + { XFRM_MSG_MIGRATE_STATE, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, }; =20 static const struct nlmsg_perm nlmsg_audit_perms[] =3D { @@ -203,7 +204,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u3= 2 *perm) * structures at the top of this file with the new mappings * before updating the BUILD_BUG_ON() macro! */ - BUILD_BUG_ON(XFRM_MSG_MAX !=3D XFRM_MSG_GETDEFAULT); + BUILD_BUG_ON(XFRM_MSG_MAX !=3D XFRM_MSG_MIGRATE_STATE); =20 if (selinux_policycap_netlink_xperm()) { *perm =3D NETLINK_XFRM_SOCKET__NLMSG; --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5C733C13F1; Tue, 26 May 2026 19:10:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822621; cv=none; b=NyZRf6T/EecAJR/o8/rIyt8fXNP+JtgJ4c8xUP90jAiSbPUw7ZsQ5NJevOAxjqIJo5XDVOtVRtuA28VSaZVT40FNppTg/uZ0xoPB8zzdj02R9okQ2tVCSR7z/OylyORPaAoIKrFxc30CPN+O3Xo5scVpy0gxynDHmjOq3EysPqw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822621; c=relaxed/simple; bh=yzvLdJtP8ixTNLvybz517SR/mIvOgy8t7XebX0qaXaU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=iaxt8SatbOH2btZhg2Rx6bXVnO8tiP3H8n9NuwgRHb5Yp9r06Q7QLJUCMRX+0VfbVpmYWnufIjGr+ZHWcXjXkfyasAn9nON0NL88cevpIGZlNQRYF2pGknVxWKZia7nFKWN2/ZyixYtNBMSRkJjL2DliM7CSTclsE1xFXYcVQ6U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=wt6RDiJb; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="wt6RDiJb" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 6BE74201E4; Tue, 26 May 2026 21:10:18 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jp43p2vE8T8E; Tue, 26 May 2026 21:10:18 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id DEB1F201A7; Tue, 26 May 2026 21:10:17 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com DEB1F201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822617; bh=qV0MpFkkHKluOJAZdMiT+Ag4Qvl53queWFFmEr8y/is=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=wt6RDiJbE5NuqYhpwjT0EaxILZ3Tx2fgI/LTG1kCkDcEsBC5U9xaEr93dOf5I5ZsH RA+dRJ52hhIKM9M0J6vCuAneiJ04qS2tixw13qpUlHZwHcetXz4vFyAMTKTCDLZQ53 kypGR0szcALUBnB93FUQjJlEYA1ixhwcvUI7sBSDvjwaXTDPxi+yIJnfeeuNYpXHgu eraMyoTOGin/GgG+Tah8JHs3Iw8H77PONeRnSziMDYKT0L52PRf1NvEQmkSmmP7O3U IUfhaQopR01On/UOqhT+BesDk0hY8I0a77uNusfUNRCQ+GdlXR+YgkSJfEtAmrFVvF dsY3EWmmYV6wA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:10:13 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 15/16] xfrm: restrict netlink attributes for XFRM_MSG_MIGRATE_STATE Date: Tue, 26 May 2026 21:10:03 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) Only accept XFRMA used in this method, reject the rest. Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_user.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index fca7b02e0e02..caddd23936dc 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3782,6 +3782,30 @@ static int xfrm_reject_unused_attr(int type, struct = nlattr **attrs, } } =20 + if (type =3D=3D XFRM_MSG_MIGRATE_STATE) { + int i; + + for (i =3D 0; i <=3D XFRMA_MAX; i++) { + if (!attrs[i]) + continue; + + switch (i) { + case XFRMA_MARK: + case XFRMA_ENCAP: + case XFRMA_OFFLOAD_DEV: + case XFRMA_SET_MARK: + case XFRMA_SET_MARK_MASK: + case XFRMA_MTIMER_THRESH: + case XFRMA_NAT_KEEPALIVE_INTERVAL: + break; + default: + NL_SET_ERR_MSG_ATTR(extack, attrs[i], + "Unsupported attribute in XFRM_MSG_MIGRATE_STATE"); + return -EINVAL; + } + } + } + return 0; } =20 --=20 2.47.3 From nobody Mon Jun 8 20:41:26 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 360293C13FC; Tue, 26 May 2026 19:10:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822635; cv=none; b=nnn9w2rt31s75DvaGIwGd2JHNeZwkRdAOnaM/YJnWVqI6ygdyzncPmT+S2X02t3gmh1h01h+eisb7KGjrPCMAZp85oK+AWhGv2VVEk/m6KJMVhDDPKGBU3ew3dj8QYZP+KMH6/LyIZw9NiRxmrIEjPBF74juE3059rQlBSlkNWY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779822635; c=relaxed/simple; bh=qUw+5fB9i2bxU4OKtuYQP9uYATVq9f6fsV0jlZv2PpM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UxWP6KStT5KTqqGDhzA9EGE5jlZvUpSEFzF9UusQxzizyt//pI8E5SHz8yQrVX8r6MlmKEG7vuyoyCCGuDVVBw5ZAFYyxxhI5Npo1D3O6CXIGVU9GhyM9+3oqgTI2WjClnWpV7d2KOd3AalsC/ZaFu25jFlZWPOnInTCioIhPZs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=t7IsSDvJ; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="t7IsSDvJ" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id D1B5A201E4; Tue, 26 May 2026 21:10:31 +0200 (CEST) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z018umT7JiKe; Tue, 26 May 2026 21:10:30 +0200 (CEST) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id B5BAE201A7; Tue, 26 May 2026 21:10:30 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com B5BAE201A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1779822630; bh=lXymOI+gS1zghKtLdIYZpI6HbspxCOj3XLly03oz87c=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=t7IsSDvJF/tEnX0GXPcp5oQG6d2/KpnRiMvZ/JZhkbErMMKBj230dNnMTShCbutPq 0mvqJtKUOUXhjcZ1yCqhVy3Eu1eCKeEnKsQxiLbR1FROQQm/mjXCaZmhvd2LDhg39X L2fT/uBPmYRMDFTsDDHu0dOecTcZrzyoz6UjxEGLVwWG3+dnxHeRsrck5elt3KTlzW t/40q0us/l62LylaWdG7m9FBW70akI4Ie83+hXM5wravxfzLNy2aeQQn7i41jUOD+C 05bpQuXl8geIpHolJwNxGdmkjoVLGp4zPh+g50I9xvHf+JXW7pGq71LqU45PASYlYB 9A+rMOJmV3cWw== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Tue, 26 May 2026 21:10:28 +0200 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: Sabrina Dubroca , , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v9 16/16] xfrm: add documentation for XFRM_MSG_MIGRATE_STATE Date: Tue, 26 May 2026 21:10:17 +0200 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.15-dev Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) Add documentation for the new XFRM_MSG_MIGRATE_STATE netlink message, which migrates a single SA identified by SPI and mark without involving policies. The document covers the motivation and design differences from the existing XFRM_MSG_MIGRATE, the SA lookup mechanism, supported attributes with their omit-to-inherit semantics, and usage examples. Signed-off-by: Antony Antony --- v8->v9: document -ESRCH error when SA is deleted before migration completes - reject unknown flags with -EINVAL, report bad bits in extack - split Migration Steps into Outgoing SA and Incoming SA subsections - split migration steps by direction, fix feature detection errors, -EEXIS= T safe to retry - rename flags v7->v8: unknown flags ignored v6->v7: update docs to reflect the flags v5->v6: added this patch --- Documentation/networking/xfrm/index.rst | 1 + .../networking/xfrm/xfrm_migrate_state.rst | 274 +++++++++++++++++= ++++ 2 files changed, 275 insertions(+) diff --git a/Documentation/networking/xfrm/index.rst b/Documentation/networ= king/xfrm/index.rst index 7d866da836fe..90191848f8db 100644 --- a/Documentation/networking/xfrm/index.rst +++ b/Documentation/networking/xfrm/index.rst @@ -9,5 +9,6 @@ XFRM Framework =20 xfrm_device xfrm_proc + xfrm_migrate_state xfrm_sync xfrm_sysctl diff --git a/Documentation/networking/xfrm/xfrm_migrate_state.rst b/Documen= tation/networking/xfrm/xfrm_migrate_state.rst new file mode 100644 index 000000000000..9d53cb22b007 --- /dev/null +++ b/Documentation/networking/xfrm/xfrm_migrate_state.rst @@ -0,0 +1,274 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +XFRM SA Migrate State +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Overview +=3D=3D=3D=3D=3D=3D=3D=3D + +``XFRM_MSG_MIGRATE_STATE`` migrates a single SA, looked up using SPI and +mark, without involving policies. Unlike ``XFRM_MSG_MIGRATE``, which coupl= es +SA and policy migration and allows migrating multiple SAs in one call, this +interface identifies the SA unambiguously via SPI and supports changing +the reqid, addresses, encapsulation, selector, and offload. + +Because IKE daemons can manage policies independently of +the kernel, this interface allows precise per-SA migration without +requiring policy involvement. Optional netlink attributes follow an +omit-to-inherit model: omitting an attribute preserves the value from +the old SA. The ``flags`` field controls two exceptions: hardware offload +is inherited by default and can be suppressed with +``XFRM_MIGRATE_STATE_CLEAR_OFFLOAD`` or overridden with ``XFRMA_OFFLOAD_DE= V``; +the new selector is taken from ``new_sel`` by default and can instead be +derived from the new addresses with ``XFRM_MIGRATE_STATE_UPDATE_H2H_SEL``. + +SA Identification +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The struct is defined in ``include/uapi/linux/xfrm.h``. The SA is looked +up using ``xfrm_state_lookup()`` with ``id.spi``, +``id.daddr``, ``id.proto``, ``id.family``, and +``old_mark.v & old_mark.m`` as the mark key:: + + struct xfrm_user_migrate_state { + struct xfrm_usersa_id id; /* spi, daddr, proto, family */ + xfrm_address_t new_daddr; + xfrm_address_t new_saddr; + struct xfrm_mark old_mark; /* SA lookup: key =3D v & m */ + struct xfrm_selector new_sel; /* new selector (see Flags) */ + __u32 new_reqid; + __u32 flags; /* XFRM_MIGRATE_STATE_* */ + __u16 new_family; + __u16 reserved; /* must be zero */ + }; + +The ``reserved`` field must be set to zero; the kernel rejects any +other value with ``-EINVAL``. + +Supported Attributes +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The following fields in ``xfrm_user_migrate_state`` are always explicit +and are not inherited from the existing SA. Passing zero is not equivalent +to "keep unchanged" =E2=80=94 zero is used as-is: + +- ``new_daddr`` - new destination address +- ``new_saddr`` - new source address +- ``new_family`` - new address family +- ``new_reqid`` - new reqid (0 =3D no reqid) +- ``new_sel`` - new selector; used when ``XFRM_MIGRATE_STATE_UPDATE_H2H_SE= L`` is + not set (see `Flags`_ below) +- ``flags`` - bitmask of ``XFRM_MIGRATE_STATE_*`` flags (see `Flags`_ belo= w) + +The following netlink attributes are also accepted. Omitting an attribute +inherits the value from the existing SA (omit-to-inherit). + +.. list-table:: + :widths: 30 70 + :header-rows: 1 + + * - Attribute + - Description + * - ``XFRMA_MARK`` + - Mark on the migrated SA (``struct xfrm_mark``). Absent inherits + ``old_mark``. To use no mark on the new SA, send ``XFRMA_MARK`` + with ``{0, 0}``. + * - ``XFRMA_ENCAP`` + - UDP encapsulation template; only ``UDP_ENCAP_ESPINUDP`` is supporte= d. + Set ``encap_type=3D0`` to remove encap. + * - ``XFRMA_OFFLOAD_DEV`` + - Hardware offload configuration (``struct xfrm_user_offload``). Abse= nt + copies offload from the existing SA. When + ``XFRM_MIGRATE_STATE_CLEAR_OFFLOAD`` is set in ``flags``, the new S= A has + no offload; this flag is mutually exclusive with ``XFRMA_OFFLOAD_DE= V`` + and sending both returns ``-EINVAL``. + * - ``XFRMA_SET_MARK`` + - Output mark on the migrated SA; pair with ``XFRMA_SET_MARK_MASK``. + Send 0 to clear. + * - ``XFRMA_NAT_KEEPALIVE_INTERVAL`` + - NAT keepalive interval in seconds. Requires encap. Send 0 to clear. + Automatically cleared when encap is removed; setting a non-zero + value without encap returns ``-EINVAL``. + * - ``XFRMA_MTIMER_THRESH`` + - Mapping maxage threshold. Only valid on input SAs; setting on an + output SA returns ``-EINVAL``. Requires encap. Send 0 to clear. + Automatically cleared when encap is removed; setting a non-zero + value without encap returns ``-EINVAL``. + +The following SA properties are immutable and cannot be changed via +``XFRM_MSG_MIGRATE_STATE``: algorithms (``XFRMA_ALG_*``), replay state, +direction (``XFRMA_SA_DIR``), and security context (``XFRMA_SEC_CTX``). + +Flags +=3D=3D=3D=3D=3D + +The ``flags`` field in ``xfrm_user_migrate_state`` controls optional +migration behaviour. Unknown flag bits are rejected with ``-EINVAL``; the +extended ACK message identifies the unrecognised bits (e.g. ``"Unknown fla= gs: +0x4"``). Userspace can use ``XFRM_MIGRATE_STATE_KNOWN_FLAGS`` (defined in +````) to validate flags before sending; note that this const= ant +reflects the flags known to the header version userspace was compiled agai= nst, +which may differ from what the running kernel accepts. + +.. list-table:: + :widths: 40 60 + :header-rows: 1 + + * - Flag + - Description + * - ``XFRM_MIGRATE_STATE_CLEAR_OFFLOAD`` + - When set, the new SA has no hardware offload even when + ``XFRMA_OFFLOAD_DEV`` is absent. Without this flag, omitting + ``XFRMA_OFFLOAD_DEV`` copies the existing offload to the new SA. + Mutually exclusive with ``XFRMA_OFFLOAD_DEV``; sending both + returns ``-EINVAL``. + * - ``XFRM_MIGRATE_STATE_UPDATE_H2H_SEL`` + - When set, the kernel validates that the existing SA selector is a + single-host entry matching the SA addresses (``prefixlen_s =3D=3D + prefixlen_d`` equal to 32 for IPv4 or 128 for IPv6, and addresses + matching ``id.daddr`` and ``props.saddr``). If the check passes, + the new selector is derived from ``new_daddr`` and ``new_saddr`` + with the single-host mask for ``new_family``. A mismatch returns + ``-EINVAL``. When this flag is not set, ``new_sel`` is used as-is + for the migrated SA. + +Migration Steps +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Outgoing SA +----------- + +To prevent cleartext traffic leaks, install a block policy before +migrating: + +#. Install a block policy to drop traffic on the affected selector. +#. Remove the old policy. +#. Call ``XFRM_MSG_MIGRATE_STATE`` for each SA. +#. Reinstall the policies. +#. Remove the block policy. + +If AES-GCM is in use, the block policy also prevents IV reuse during +the migration window. For other AEADs this step is not required for +IV safety, but skipping it allows a brief cleartext window. + +Incoming SA +----------- + +No block policy is needed. ``XFRM_MSG_MIGRATE_STATE`` atomically +transfers the sequence number and replay window from the old SA to +the new SA, so the new SA continues replay protection without a gap. +Call ``XFRM_MSG_MIGRATE_STATE`` for each SA directly. + +When accepting incoming traffic, be liberal during the migration +window: packets sent by the remote peer before it completed its own +migration may arrive out of order or slightly late. Dropping them +unnecessarily causes packet loss. A generous replay window reduces +the impact of reordering during migration. + +Block Policy and IV Safety +-------------------------- + +AES-GCM IV uniqueness is critical: reusing a (key, IV) pair allows +an attacker to recover the authentication subkey and forge +authentication tags, breaking both confidentiality and integrity. +This concern applies to outgoing SAs only =E2=80=94 the remote peer contro= ls +IV generation on incoming traffic. + +``XFRM_MSG_MIGRATE_STATE`` atomically copies the sequence number and +replay window from the old SA to the new SA and deletes the old SA. +The block policy serves two purposes: it prevents cleartext traffic +leaks during the migration window, and for AES-GCM it prevents IV +reuse by ensuring no outgoing packets are sent under the same key. +The atomic copy of the sequence number and replay window complements +this =E2=80=94 together they eliminate both risks during migration. +The atomic copy also serves incoming SAs, ensuring replay protection +continues without a gap across the migration. + +Feature Detection +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Userspace can probe for kernel support by sending a minimal +``XFRM_MSG_MIGRATE_STATE`` message with a non-zero non-existent SPI: + +- ``-EINVAL``: kernel predates ``XFRM_MSG_MIGRATE_STATE``; message type + is out of range +- ``-ENOPROTOOPT``: message type is known but ``CONFIG_XFRM_MIGRATE`` + is not enabled +- ``-ESRCH``: supported (SPI not found) + +Userspace Notification on Success +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D + +On successful migration the kernel multicasts an +``XFRM_MSG_MIGRATE_STATE`` message to the ``XFRMNLGRP_MIGRATE`` group. +The fixed header is ``struct xfrm_user_migrate_state`` copied from the +request, followed by the same set of netlink attributes that are +accepted as input, with the differences noted below. + +Differences from the request +----------------------------- + +.. list-table:: + :widths: 25 75 + :header-rows: 1 + + * - Field / Attribute + - Difference + * - ``new_sel`` + - Contains the actual selector of the newly installed SA, not the + ``new_sel`` from the request. When + ``XFRM_MIGRATE_STATE_UPDATE_H2H_SEL`` is set the kernel derives the + selector from ``new_daddr`` / ``new_saddr``; the caller's + ``new_sel`` field is ignored in that case. The notification + always carries the real selector of the new SA. + * - ``XFRMA_SA_DIR`` + - Present in the notification (set from the direction of the new + SA) but **not accepted as input** =E2=80=94 direction is immutable. + * - ``flags`` + - Echoed back as-is. ``XFRM_MIGRATE_STATE_CLEAR_OFFLOAD`` and + ``XFRM_MIGRATE_STATE_UPDATE_H2H_SEL`` describe the request that was + made, not a property of the resulting SA. + +Attributes in the notification +------------------------------- + +.. list-table:: + :widths: 30 70 + :header-rows: 1 + + * - Attribute + - Description + * - ``XFRMA_ENCAP`` + - UDP encapsulation template, if configured on the new SA. + * - ``XFRMA_OFFLOAD_DEV`` + - Hardware offload configuration, if active on the new SA. + * - ``XFRMA_MARK`` + - Mark on the new SA, if set. + * - ``XFRMA_SET_MARK`` + - Output mark on the new SA, if set. + * - ``XFRMA_SET_MARK_MASK`` + - Output mark mask, present together with ``XFRMA_SET_MARK``. + * - ``XFRMA_MTIMER_THRESH`` + - Mapping maxage threshold, if non-zero. + * - ``XFRMA_NAT_KEEPALIVE_INTERVAL`` + - NAT keepalive interval, if non-zero. + * - ``XFRMA_SA_DIR`` + - Direction of the new SA. + +Error Handling +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +If the target SA tuple (new daddr, SPI, proto, new family) is already +occupied, the operation returns ``-EEXIST`` before the migration begins. +The old SA remains intact and the operation is safe to retry after +resolving the conflict. + +If the target SA is deleted before the migration completes, the operation +returns ``-ESRCH``. No new SA is installed. Userspace should verify the +current SA state before retrying. + +If the multicast notification (``XFRMNLGRP_MIGRATE``) fails to send, +the migration itself has already completed successfully and the new SA +is installed. The operation returns success, 0, with an extack warning, +but listeners will not receive the migration event. --=20 2.47.3