Hi all, On Fri, 26 Apr 2019 11:41:20 +1000 Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> wrote: > > Today's linux-next merge of the ipsec-next tree got a conflict in: > > net/ipv4/xfrm4_policy.c > > between commit: > > 8742dc86d0c7 ("xfrm4: Fix uninitialized memory read in _decode_session4") > > from the ipsec tree and commit: > > c53ac41e3720 ("xfrm: remove decode_session indirection from afinfo_policy") > > from the ipsec-next tree. > > From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> > Date: Fri, 26 Apr 2019 11:37:41 +1000 > Subject: [PATCH] xfrm4: fix up for moved _decode_session4 > > Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> > --- > net/xfrm/xfrm_policy.c | 24 +++++++++++++----------- > 1 file changed, 13 insertions(+), 11 deletions(-) > > diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c > index 410233c5681e..7a43ae6b2a44 100644 > --- a/net/xfrm/xfrm_policy.c > +++ b/net/xfrm/xfrm_policy.c > @@ -3264,7 +3264,8 @@ static void > decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) > { > const struct iphdr *iph = ip_hdr(skb); > - u8 *xprth = skb_network_header(skb) + iph->ihl * 4; > + int ihl = iph->ihl; > + u8 *xprth = skb_network_header(skb) + ihl * 4; > struct flowi4 *fl4 = &fl->u.ip4; > int oif = 0; > > @@ -3275,6 +3276,11 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) > fl4->flowi4_mark = skb->mark; > fl4->flowi4_oif = reverse ? skb->skb_iif : oif; > > + fl4->flowi4_proto = iph->protocol; > + fl4->daddr = reverse ? iph->saddr : iph->daddr; > + fl4->saddr = reverse ? iph->daddr : iph->saddr; > + fl4->flowi4_tos = iph->tos; > + > if (!ip_is_fragment(iph)) { > switch (iph->protocol) { > case IPPROTO_UDP: > @@ -3286,7 +3292,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) > pskb_may_pull(skb, xprth + 4 - skb->data)) { > __be16 *ports; > > - xprth = skb_network_header(skb) + iph->ihl * 4; > + xprth = skb_network_header(skb) + ihl * 4; > ports = (__be16 *)xprth; > > fl4->fl4_sport = ports[!!reverse]; > @@ -3298,7 +3304,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) > pskb_may_pull(skb, xprth + 2 - skb->data)) { > u8 *icmp; > > - xprth = skb_network_header(skb) + iph->ihl * 4; > + xprth = skb_network_header(skb) + ihl * 4; > icmp = xprth; > > fl4->fl4_icmp_type = icmp[0]; > @@ -3310,7 +3316,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) > pskb_may_pull(skb, xprth + 4 - skb->data)) { > __be32 *ehdr; > > - xprth = skb_network_header(skb) + iph->ihl * 4; > + xprth = skb_network_header(skb) + ihl * 4; > ehdr = (__be32 *)xprth; > > fl4->fl4_ipsec_spi = ehdr[0]; > @@ -3321,7 +3327,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) > pskb_may_pull(skb, xprth + 8 - skb->data)) { > __be32 *ah_hdr; > > - xprth = skb_network_header(skb) + iph->ihl * 4; > + xprth = skb_network_header(skb) + ihl * 4; > ah_hdr = (__be32 *)xprth; > > fl4->fl4_ipsec_spi = ah_hdr[1]; > @@ -3332,7 +3338,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) > pskb_may_pull(skb, xprth + 4 - skb->data)) { > __be16 *ipcomp_hdr; > > - xprth = skb_network_header(skb) + iph->ihl * 4; > + xprth = skb_network_header(skb) + ihl * 4; > ipcomp_hdr = (__be16 *)xprth; > > fl4->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1])); > @@ -3344,7 +3350,7 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) > __be16 *greflags; > __be32 *gre_hdr; > > - xprth = skb_network_header(skb) + iph->ihl * 4; > + xprth = skb_network_header(skb) + ihl * 4; > greflags = (__be16 *)xprth; > gre_hdr = (__be32 *)xprth; > > @@ -3360,10 +3366,6 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse) > break; > } > } > - fl4->flowi4_proto = iph->protocol; > - fl4->daddr = reverse ? iph->saddr : iph->daddr; > - fl4->saddr = reverse ? iph->daddr : iph->saddr; > - fl4->flowi4_tos = iph->tos; > } > > #if IS_ENABLED(CONFIG_IPV6) This is now a conflict between the net and net-next trees. -- Cheers, Stephen Rothwell
Attachment:
pgpx0ksoAEkd7.pgp
Description: OpenPGP digital signature