[COMMIT] branch master updated. v1.17.0.0_tigermoth_rc1-140-gb95ccd3d - git-lng-odp

30 Jan 2018

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master has been updated
       via  b95ccd3db6eeb7358a877541747e06354429acdd (commit)
       via  9a46e749c6da2d4a4aef7337ab8247b0cd0c2be9 (commit)
       via  8e826373dcbe52eca0036deab60b4fb83917e237 (commit)
       via  ae02d6ca65ef5f484258c8ce4d477a06151713b6 (commit)
       via  716b3335f9e3003dcb2d79404c91b21551c2077b (commit)
      from  01ec93bbfffe740b1a12213ac201c89dd9f2ef71 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b95ccd3db6eeb7358a877541747e06354429acdd
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Jan 24 18:19:48 2018 +0300
linux-gen: ipsec: fix SA leak in SA creation
odp_ipsec_sa_create can leave SA locked if one asks for
    ODP_AUTH_AES_GMAC with non-NULL encryption. Unlock SA in error path.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Janne Peltonen janne.peltonen@nokia.com
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org

diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index dba0a174..1a63858a 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -416,7 +416,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
    	break;
    case ODP_AUTH_ALG_AES_GMAC:
    	if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg)
-			return ODP_IPSEC_SA_INVALID;
+			goto error;
    	ipsec_sa->use_counter_iv = 1;
    	ipsec_sa->esp_iv_len = 8;
    	ipsec_sa->esp_block_len = 16;
commit 9a46e749c6da2d4a4aef7337ab8247b0cd0c2be9
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Jan 24 18:26:37 2018 +0300
linux-gen: ipsec: prevent sa_lookup from matching outbound SAs
lookup_mode was valid only for inbound SAs but contained garbage for
    outbound SAs. Thus it was possible for lookup to match SA with outbound
    SA. Prevent that by marking all outbound SAs as
    ODP_IPSEC_LOOKUP_DISABLED.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Janne Peltonen janne.peltonen@nokia.com
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h
index dbdcbb91..bdb86c40 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -122,6 +122,7 @@ struct ipsec_sa_s {
uint8_t		salt[IPSEC_MAX_SALT_LEN];
    uint32_t	salt_length;
+	odp_ipsec_lookup_mode_t lookup_mode;
union {
    	unsigned flags;
@@ -144,7 +145,6 @@ struct ipsec_sa_s {
union {
    	struct {
-			odp_ipsec_lookup_mode_t lookup_mode;
    		odp_ipsec_ip_version_t lookup_ver;
    		union {
    			odp_u32be_t	lookup_dst_ipv4;
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index e151b7a7..dba0a174 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -274,8 +274,8 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
    ipsec_sa->mode = param->mode;
    ipsec_sa->flags = 0;
    if (ODP_IPSEC_DIR_INBOUND == param->dir) {
-		ipsec_sa->in.lookup_mode = param->inbound.lookup_mode;
-		if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) {
+		ipsec_sa->lookup_mode = param->inbound.lookup_mode;
+		if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->lookup_mode) {
    		ipsec_sa->in.lookup_ver =
    			param->inbound.lookup_param.ip_version;
    		if (ODP_IPSEC_IPV4 == ipsec_sa->in.lookup_ver)
@@ -293,6 +293,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
    	ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0);
    	odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0);
    } else {
+		ipsec_sa->lookup_mode = ODP_IPSEC_LOOKUP_DISABLED;
    	odp_atomic_store_u32(&ipsec_sa->out.seq, 1);
    	ipsec_sa->out.frag_mode = param->outbound.frag_mode;
    	ipsec_sa->out.mtu = param->outbound.mtu;
@@ -552,19 +553,16 @@ int odp_ipsec_sa_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu)
ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup)
 {
-	(void)lookup;
-
    int i;
-	ipsec_sa_t *ipsec_sa;
    ipsec_sa_t *best = NULL;
for (i = 0; i < ODP_CONFIG_IPSEC_SAS; i++) {
-		ipsec_sa = ipsec_sa_entry(i);
+		ipsec_sa_t *ipsec_sa = ipsec_sa_entry(i);
if (ipsec_sa_lock(ipsec_sa) < 0)
    		continue;
-		if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode &&
+		if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->lookup_mode &&
    	    lookup->proto == ipsec_sa->proto &&
    	    lookup->spi == ipsec_sa->spi &&
    	    lookup->ver == ipsec_sa->in.lookup_ver &&
@@ -576,7 +574,7 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup)
    			_odp_ipsec_sa_unuse(best);
    		return ipsec_sa;
    	} else if (NULL == best &&
-			   ODP_IPSEC_LOOKUP_SPI == ipsec_sa->in.lookup_mode &&
+			   ODP_IPSEC_LOOKUP_SPI == ipsec_sa->lookup_mode &&
    		   lookup->proto == ipsec_sa->proto &&
    		   lookup->spi == ipsec_sa->spi) {
    		best = ipsec_sa;
commit 8e826373dcbe52eca0036deab60b4fb83917e237
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Jan 24 18:19:48 2018 +0300
linux-gen: ipsec: fix SA leak in lookup case
SA lookup can leave SAs locked if multiple SAs matched the LOOKUP_SPI
    case. Follow that case if we have no 'best' option.
Fixes: https://bugs.linaro.org/show_bug.cgi?id=3595
    Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Janne Peltonen janne.peltonen@nokia.com
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 0cf0251d..e151b7a7 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -575,9 +575,10 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup)
    		if (NULL != best)
    			_odp_ipsec_sa_unuse(best);
    		return ipsec_sa;
-		} else if (ODP_IPSEC_LOOKUP_SPI == ipsec_sa->in.lookup_mode &&
-				lookup->proto == ipsec_sa->proto &&
-				lookup->spi == ipsec_sa->spi) {
+		} else if (NULL == best &&
+			   ODP_IPSEC_LOOKUP_SPI == ipsec_sa->in.lookup_mode &&
+			   lookup->proto == ipsec_sa->proto &&
+			   lookup->spi == ipsec_sa->spi) {
    		best = ipsec_sa;
    	} else {
    		_odp_ipsec_sa_unuse(ipsec_sa);
commit ae02d6ca65ef5f484258c8ce4d477a06151713b6
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Jan 24 18:18:45 2018 +0300
linux-gen: ipsec: fix SA leak in odp_ipsec_sa_create
It is possible to leave SA in reserved state while if antireplay
    options are unsupported. Free the SA in this case.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Janne Peltonen janne.peltonen@nokia.com
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 0ae524a6..0cf0251d 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -289,7 +289,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
    	}
if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS)
-			return ODP_IPSEC_SA_INVALID;
+			goto error;
    	ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0);
    	odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0);
    } else {
commit 716b3335f9e3003dcb2d79404c91b21551c2077b
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Wed Jan 24 18:15:59 2018 +0300
linux-gen: ipsec: disallow using SAs while they are being created
Current code has a race condition between inbound traffic and creation
    of new SA. It is possible for inbound traffic to trigger partially
    created SA using SA_LOOKUP option (or INLINE mode). Add separate
    (RESERVED) stage for SA which is in process of being created.
Fixes: https://bugs.linaro.org/show_bug.cgi?id=3594
    Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-by: Janne Peltonen janne.peltonen@nokia.com
    Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index c168385a..0ae524a6 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -17,7 +17,8 @@
 #include <string.h>
#define IPSEC_SA_STATE_DISABLE	0x40000000
-#define IPSEC_SA_STATE_FREE	0xc0000000 /* This includes disable !!! */
+#define IPSEC_SA_STATE_FREE	0xc0000000
+#define IPSEC_SA_STATE_RESERVED	0x80000000
typedef struct ipsec_sa_table_t {
    ipsec_sa_t ipsec_sa[ODP_CONFIG_IPSEC_SAS];
@@ -108,7 +109,8 @@ static ipsec_sa_t *ipsec_sa_reserve(void)
ipsec_sa = ipsec_sa_entry(i);
-		if (odp_atomic_cas_acq_u32(&ipsec_sa->state, &state, 0))
+		if (odp_atomic_cas_acq_u32(&ipsec_sa->state, &state,
+					   IPSEC_SA_STATE_RESERVED))
    		return ipsec_sa;
    }
@@ -120,6 +122,12 @@ static void ipsec_sa_release(ipsec_sa_t *ipsec_sa)
    odp_atomic_store_rel_u32(&ipsec_sa->state, IPSEC_SA_STATE_FREE);
 }
+/* Mark reserved SA as available now */
+static void ipsec_sa_publish(ipsec_sa_t *ipsec_sa)
+{
+	odp_atomic_store_rel_u32(&ipsec_sa->state, 0);
+}
+
 static int ipsec_sa_lock(ipsec_sa_t *ipsec_sa)
 {
    int cas = 0;
@@ -128,9 +136,11 @@ static int ipsec_sa_lock(ipsec_sa_t *ipsec_sa)
    while (0 == cas) {
    	/*
    	 * This can be called from lookup path, so we really need this
-		 * check
+		 * check. Thanks to the way flags are defined we actually test
+		 * that the SA is not DISABLED, FREE or RESERVED using just one
+		 * condition.
    	 */
-		if (state & IPSEC_SA_STATE_DISABLE)
+		if (state & IPSEC_SA_STATE_FREE)
    		return -1;
cas = odp_atomic_cas_acq_u32(&ipsec_sa->state, &state,
@@ -438,6 +448,8 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
    			      &ses_create_rc))
    	goto error;
+	ipsec_sa_publish(ipsec_sa);
+
    return ipsec_sa->ipsec_sa_hdl;
error:
-----------------------------------------------------------------------
Summary of changes:
 .../linux-generic/include/odp_ipsec_internal.h     |  2 +-
 platform/linux-generic/odp_ipsec_sad.c             | 43 ++++++++++++++--------
 2 files changed, 28 insertions(+), 17 deletions(-)
hooks/post-receive
-- 


    