| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202301290140.Y5jX2cAp-lkp@intel.com>
Date: Sun, 29 Jan 2023 01:14:02 +0800
From: kernel test robot <lkp@...el.com>
To: wolfgang@...ogate.de, steffen.klassert@...unet.com
Cc: oe-kbuild-all@...ts.linux.dev, netdev@...r.kernel.org,
Wolfgang Nothdurft <wolfgang@...ogate.de>
Subject: Re: [PATCH net] xfrm: remove inherited bridge info from skb
Hi,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on net/master]
url: https://github.com/intel-lab-lkp/linux/commits/wolfgang-linogate-de/xfrm-remove-inherited-bridge-info-from-skb/20230128-180508
patch link: https://lore.kernel.org/r/20230126125637.91969-1-wolfgang%40linogate.de
patch subject: [PATCH net] xfrm: remove inherited bridge info from skb
config: arc-defconfig (https://download.01.org/0day-ci/archive/20230129/202301290140.Y5jX2cAp-lkp@intel.com/config)
compiler: arc-elf-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/d1ea8e936ffdff6ceddc242e516a79730af3a017
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review wolfgang-linogate-de/xfrm-remove-inherited-bridge-info-from-skb/20230128-180508
git checkout d1ea8e936ffdff6ceddc242e516a79730af3a017
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=arc olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=arc SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>
All errors (new ones prefixed by >>):
net/xfrm/xfrm_input.c: In function 'xfrm_input':
>> net/xfrm/xfrm_input.c:545:32: error: 'SKB_EXT_BRIDGE_NF' undeclared (first use in this function)
545 | if (skb_ext_exist(skb, SKB_EXT_BRIDGE_NF))
| ^~~~~~~~~~~~~~~~~
net/xfrm/xfrm_input.c:545:32: note: each undeclared identifier is reported only once for each function it appears in
vim +/SKB_EXT_BRIDGE_NF +545 net/xfrm/xfrm_input.c
460
461 int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
462 {
463 const struct xfrm_state_afinfo *afinfo;
464 struct net *net = dev_net(skb->dev);
465 const struct xfrm_mode *inner_mode;
466 int err;
467 __be32 seq;
468 __be32 seq_hi;
469 struct xfrm_state *x = NULL;
470 xfrm_address_t *daddr;
471 u32 mark = skb->mark;
472 unsigned int family = AF_UNSPEC;
473 int decaps = 0;
474 int async = 0;
475 bool xfrm_gro = false;
476 bool crypto_done = false;
477 struct xfrm_offload *xo = xfrm_offload(skb);
478 struct sec_path *sp;
479
480 if (encap_type < 0) {
481 x = xfrm_input_state(skb);
482
483 if (unlikely(x->km.state != XFRM_STATE_VALID)) {
484 if (x->km.state == XFRM_STATE_ACQ)
485 XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
486 else
487 XFRM_INC_STATS(net,
488 LINUX_MIB_XFRMINSTATEINVALID);
489
490 if (encap_type == -1)
491 dev_put(skb->dev);
492 goto drop;
493 }
494
495 family = x->outer_mode.family;
496
497 /* An encap_type of -1 indicates async resumption. */
498 if (encap_type == -1) {
499 async = 1;
500 seq = XFRM_SKB_CB(skb)->seq.input.low;
501 goto resume;
502 }
503
504 /* encap_type < -1 indicates a GRO call. */
505 encap_type = 0;
506 seq = XFRM_SPI_SKB_CB(skb)->seq;
507
508 if (xo && (xo->flags & CRYPTO_DONE)) {
509 crypto_done = true;
510 family = XFRM_SPI_SKB_CB(skb)->family;
511
512 if (!(xo->status & CRYPTO_SUCCESS)) {
513 if (xo->status &
514 (CRYPTO_TRANSPORT_AH_AUTH_FAILED |
515 CRYPTO_TRANSPORT_ESP_AUTH_FAILED |
516 CRYPTO_TUNNEL_AH_AUTH_FAILED |
517 CRYPTO_TUNNEL_ESP_AUTH_FAILED)) {
518
519 xfrm_audit_state_icvfail(x, skb,
520 x->type->proto);
521 x->stats.integrity_failed++;
522 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);
523 goto drop;
524 }
525
526 if (xo->status & CRYPTO_INVALID_PROTOCOL) {
527 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);
528 goto drop;
529 }
530
531 XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
532 goto drop;
533 }
534
535 if (xfrm_parse_spi(skb, nexthdr, &spi, &seq)) {
536 XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);
537 goto drop;
538 }
539 }
540
541 goto lock;
542 }
543
544 /* strip bridge info from skb */
> 545 if (skb_ext_exist(skb, SKB_EXT_BRIDGE_NF))
546 skb_ext_del(skb, SKB_EXT_BRIDGE_NF);
547
548 family = XFRM_SPI_SKB_CB(skb)->family;
549
550 /* if tunnel is present override skb->mark value with tunnel i_key */
551 switch (family) {
552 case AF_INET:
553 if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4)
554 mark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4->parms.i_key);
555 break;
556 case AF_INET6:
557 if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6)
558 mark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6->parms.i_key);
559 break;
560 }
561
562 sp = secpath_set(skb);
563 if (!sp) {
564 XFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR);
565 goto drop;
566 }
567
568 seq = 0;
569 if (!spi && xfrm_parse_spi(skb, nexthdr, &spi, &seq)) {
570 secpath_reset(skb);
571 XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);
572 goto drop;
573 }
574
575 daddr = (xfrm_address_t *)(skb_network_header(skb) +
576 XFRM_SPI_SKB_CB(skb)->daddroff);
577 do {
578 sp = skb_sec_path(skb);
579
580 if (sp->len == XFRM_MAX_DEPTH) {
581 secpath_reset(skb);
582 XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
583 goto drop;
584 }
585
586 x = xfrm_state_lookup(net, mark, daddr, spi, nexthdr, family);
587 if (x == NULL) {
588 secpath_reset(skb);
589 XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);
590 xfrm_audit_state_notfound(skb, family, spi, seq);
591 goto drop;
592 }
593
594 skb->mark = xfrm_smark_get(skb->mark, x);
595
596 sp->xvec[sp->len++] = x;
597
598 skb_dst_force(skb);
599 if (!skb_dst(skb)) {
600 XFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR);
601 goto drop;
602 }
603
604 lock:
605 spin_lock(&x->lock);
606
607 if (unlikely(x->km.state != XFRM_STATE_VALID)) {
608 if (x->km.state == XFRM_STATE_ACQ)
609 XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
610 else
611 XFRM_INC_STATS(net,
612 LINUX_MIB_XFRMINSTATEINVALID);
613 goto drop_unlock;
614 }
615
616 if ((x->encap ? x->encap->encap_type : 0) != encap_type) {
617 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH);
618 goto drop_unlock;
619 }
620
621 if (xfrm_replay_check(x, skb, seq)) {
622 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
623 goto drop_unlock;
624 }
625
626 if (xfrm_state_check_expire(x)) {
627 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEEXPIRED);
628 goto drop_unlock;
629 }
630
631 spin_unlock(&x->lock);
632
633 if (xfrm_tunnel_check(skb, x, family)) {
634 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
635 goto drop;
636 }
637
638 seq_hi = htonl(xfrm_replay_seqhi(x, seq));
639
640 XFRM_SKB_CB(skb)->seq.input.low = seq;
641 XFRM_SKB_CB(skb)->seq.input.hi = seq_hi;
642
643 dev_hold(skb->dev);
644
645 if (crypto_done)
646 nexthdr = x->type_offload->input_tail(x, skb);
647 else
648 nexthdr = x->type->input(x, skb);
649
650 if (nexthdr == -EINPROGRESS)
651 return 0;
652 resume:
653 dev_put(skb->dev);
654
655 spin_lock(&x->lock);
656 if (nexthdr < 0) {
657 if (nexthdr == -EBADMSG) {
658 xfrm_audit_state_icvfail(x, skb,
659 x->type->proto);
660 x->stats.integrity_failed++;
661 }
662 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);
663 goto drop_unlock;
664 }
665
666 /* only the first xfrm gets the encap type */
667 encap_type = 0;
668
669 if (xfrm_replay_recheck(x, skb, seq)) {
670 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
671 goto drop_unlock;
672 }
673
674 xfrm_replay_advance(x, seq);
675
676 x->curlft.bytes += skb->len;
677 x->curlft.packets++;
678 x->lastused = ktime_get_real_seconds();
679
680 spin_unlock(&x->lock);
681
682 XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;
683
684 inner_mode = &x->inner_mode;
685
686 if (x->sel.family == AF_UNSPEC) {
687 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
688 if (inner_mode == NULL) {
689 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
690 goto drop;
691 }
692 }
693
694 if (xfrm_inner_mode_input(x, inner_mode, skb)) {
695 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
696 goto drop;
697 }
698
699 if (x->outer_mode.flags & XFRM_MODE_FLAG_TUNNEL) {
700 decaps = 1;
701 break;
702 }
703
704 /*
705 * We need the inner address. However, we only get here for
706 * transport mode so the outer address is identical.
707 */
708 daddr = &x->id.daddr;
709 family = x->outer_mode.family;
710
711 err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
712 if (err < 0) {
713 XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);
714 goto drop;
715 }
716 crypto_done = false;
717 } while (!err);
718
719 err = xfrm_rcv_cb(skb, family, x->type->proto, 0);
720 if (err)
721 goto drop;
722
723 nf_reset_ct(skb);
724
725 if (decaps) {
726 sp = skb_sec_path(skb);
727 if (sp)
728 sp->olen = 0;
729 if (skb_valid_dst(skb))
730 skb_dst_drop(skb);
731 gro_cells_receive(&gro_cells, skb);
732 return 0;
733 } else {
734 xo = xfrm_offload(skb);
735 if (xo)
736 xfrm_gro = xo->flags & XFRM_GRO;
737
738 err = -EAFNOSUPPORT;
739 rcu_read_lock();
740 afinfo = xfrm_state_afinfo_get_rcu(x->inner_mode.family);
741 if (likely(afinfo))
742 err = afinfo->transport_finish(skb, xfrm_gro || async);
743 rcu_read_unlock();
744 if (xfrm_gro) {
745 sp = skb_sec_path(skb);
746 if (sp)
747 sp->olen = 0;
748 if (skb_valid_dst(skb))
749 skb_dst_drop(skb);
750 gro_cells_receive(&gro_cells, skb);
751 return err;
752 }
753
754 return err;
755 }
756
757 drop_unlock:
758 spin_unlock(&x->lock);
759 drop:
760 xfrm_rcv_cb(skb, family, x && x->type ? x->type->proto : nexthdr, -1);
761 kfree_skb(skb);
762 return 0;
763 }
764 EXPORT_SYMBOL(xfrm_input);
765
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
Powered by blists - more mailing lists