mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-17 16:15:18 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Xin Long 94c291577f xfrm: policy: match with both mark and mask on user interfaces 
commit 4f47e8ab6a upstream.

In commit ed17b8d377 ("xfrm: fix a warning in xfrm_policy_insert_list"),
it would take 'priority' to make a policy unique, and allow duplicated
policies with different 'priority' to be added, which is not expected
by userland, as Tobias reported in strongswan.

To fix this duplicated policies issue, and also fix the issue in
commit ed17b8d377 ("xfrm: fix a warning in xfrm_policy_insert_list"),
when doing add/del/get/update on user interfaces, this patch is to change
to look up a policy with both mark and mask by doing:

  mark.v == pol->mark.v && mark.m == pol->mark.m

and leave the check:

  (mark & pol->mark.m) == pol->mark.v

for tx/rx path only.

As the userland expects an exact mark and mask match to manage policies.

v1->v2:
  - make xfrm_policy_mark_match inline and fix the changelog as
    Tobias suggested.

Fixes: 295fae5688 ("xfrm: Allow user space manipulation of SPD mark")
Fixes: ed17b8d377 ("xfrm: fix a warning in xfrm_policy_insert_list")
Reported-by: Tobias Brunner <tobias@strongswan.org>
Tested-by: Tobias Brunner <tobias@strongswan.org>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-20 09:08:31 +02:00
..
6lowpan 6lowpan: Off by one handling ->nexthdr 2020-01-27 14:46:30 +01:00
9p xen/9p: use alloc/free_pages_exact() 2022-03-11 10:13:33 +01:00
802 net/802/garp: fix memleak in garp_request_join() 2021-08-04 12:22:14 +02:00
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 13:58:58 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 12:47:02 +02:00
atm atm: fix a memory leak of vcc->user_back 2020-10-01 13:12:42 +02:00
ax25 ax25: Fix NULL pointer dereference in ax25_kill_by_device 2022-03-16 12:57:07 +01:00
batman-adv batman-adv: Don't expect inter-netns unique iflink indices 2022-03-08 19:01:57 +01:00
bluetooth Bluetooth: Fix use after free in hci_send_acl 2022-04-20 09:08:28 +02:00
bpf bpf: fix panic due to oob in bpf_prog_test_run_skb 2021-12-22 09:17:58 +01:00
bridge netfilter: bridge: add support for pppoe filtering 2022-01-27 09:00:49 +01:00
caif net-caif: avoid user-triggerable WARN_ON(1) 2021-09-22 11:45:33 +02:00
can net: add missing SOF_TIMESTAMPING_OPT_ID support 2022-04-20 09:08:28 +02:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-11-05 11:07:03 +01:00
core esp: Fix possible buffer overflow in ESP transformation 2022-03-28 08:22:26 +02:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-08 19:01:58 +01:00
dccp dccp: don't duplicate ccid when cloning dccp sock 2021-09-22 11:45:33 +02:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-28 11:12:18 +02:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
dsa net: dsa: Fix duplicate frames flooded by learning 2020-04-02 16:34:24 +02:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:17:59 +01:00
hsr hsr: use netdev_err() instead of WARN_ONCE() 2021-05-22 10:57:24 +02:00
ieee802154 net: ieee802154: Return meaningful error codes from the netlink helpers 2022-02-08 18:16:29 +01:00
ife
ipv4 net: add missing SOF_TIMESTAMPING_OPT_ID support 2022-04-20 09:08:28 +02:00
ipv6 net: add missing SOF_TIMESTAMPING_OPT_ID support 2022-04-20 09:08:28 +02:00
ipx
iucv net/af_iucv: set correct sk_protocol for child sockets 2020-12-08 10:17:32 +01:00
kcm kcm: switch order of device registration to fix a crash 2019-04-17 08:37:45 +02:00
key xfrm: policy: match with both mark and mask on user interfaces 2022-04-20 09:08:31 +02:00
l2tp net/l2tp: Fix reference count leak in l2tp_udp_recv_core 2021-09-22 11:45:33 +02:00
l3mdev
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:12:08 +01:00
llc llc: only change llc->dev when bind() succeeds 2022-03-28 08:22:27 +02:00
mac80211 mac80211: fix potential double free on mesh join 2022-03-28 08:22:27 +02:00
mac802154 net: mac802154: Fix general protection fault 2021-04-16 11:57:52 +02:00
mpls net: mpls: Fix notifications when deleting a device 2021-12-08 08:46:55 +01:00
ncsi net/ncsi: Avoid GFP_KERNEL in response handler 2021-04-16 11:57:51 +02:00
netfilter netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options 2022-04-20 09:08:21 +02:00
netlabel net: fix NULL pointer reference in cipso_v4_doi_free 2021-09-22 11:45:32 +02:00
netlink af_netlink: Fix shift out of bounds in group mask calculation 2022-04-20 09:08:18 +02:00
netrom netrom: Decrease sock refcount when sock timers expire 2021-07-28 11:12:18 +02:00
nfc nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() 2022-01-27 09:00:47 +01:00
nsh
openvswitch openvswitch: Fixed nd target mask field in the flow dump. 2022-04-20 09:08:25 +02:00
packet net: add missing SOF_TIMESTAMPING_OPT_ID support 2022-04-20 09:08:28 +02:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 13:57:37 +01:00
psample net: psample: fix skb_over_panic 2019-12-05 15:38:15 +01:00
qrtr net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() 2021-03-30 14:40:12 +02:00
rds net/rds: correct socket tunable error in rds_tcp_tune() 2021-12-08 08:46:55 +01:00
rfkill rfkill: Fix incorrect check to avoid NULL pointer dereference 2020-01-12 12:11:57 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-12-08 10:17:32 +01:00
rxrpc rxrpc: Fix handling of an unsupported token type in rxrpc_read() 2021-01-23 15:48:47 +01:00
sched net: sched: limit TC_ACT_REPEAT loops 2022-02-23 11:57:35 +01:00
sctp sctp: fix the processing for INIT_ACK chunk 2022-03-23 09:01:34 +01:00
smc net/smc: correct settings of RMB window update limit 2022-04-20 09:08:27 +02:00
strparser
sunrpc SUNRPC/call_alloc: async tasks mustn't block waiting for memory 2022-04-20 09:08:28 +02:00
switchdev
tipc tipc: rate limit warning for received illegal binding update 2022-02-16 12:44:51 +01:00
tls net/tls: Fixed return value when tls_complete_pending_work() fails 2018-12-05 19:41:11 +01:00
unix af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress 2022-01-27 09:01:00 +01:00
vmw_vsock vsock: remove vsock from connected table when connect is interrupted by a signal 2022-02-23 11:57:34 +01:00
wimax
wireless nl80211: Update bss channel on channel switch for P2P_CLIENT 2022-03-23 09:01:34 +01:00
x25 net/x25: Fix null-ptr-deref caused by x25_disconnect 2022-04-20 09:08:21 +02:00
xfrm xfrm: policy: match with both mark and mask on user interfaces 2022-04-20 09:08:31 +02:00
compat.c net: Return the correct errno code 2021-06-30 08:48:47 -04:00
Kconfig
Makefile net: split out functions related to registering inflight socket files 2021-08-04 12:22:14 +02:00
socket.c net: Set fput_needed iff FDPUT_FPUT is set 2020-08-21 09:48:14 +02:00
sysctl_net.c