superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xfrm: route MIGRATE notifications to caller's netns 

xfrm_send_migrate() in net/xfrm/xfrm_user.c and pfkey_send_migrate()
in net/key/af_key.c both hardcode &init_net for the multicast that
announces a successful XFRM_MSG_MIGRATE / SADB_X_MIGRATE.

XFRM_MSG_MIGRATE arrives on a per-netns NETLINK_XFRM socket, and the
rest of the xfrm/af_key netlink path was made netns-aware in 2008.
The other 14 multicast paths in xfrm_user.c route their event using
xs_net(x), xp_net(xp) or sock_net(skb->sk); only the migrate path
was missed.

Two consequences of the init_net hardcoding:

  1. The notification (selector, old/new endpoint addresses, and the
     km_address) is delivered to listeners on init_net's
     XFRMNLGRP_MIGRATE / pfkey BROADCAST_ALL groups rather than on
     the issuing netns. An IKE daemon running in init_net therefore
     receives migration notifications originating from any other
     netns on the host.

  2. An IKE daemon running inside a non-init netns and subscribed
     to its own XFRMNLGRP_MIGRATE / pfkey groups never receives the
     notification of its own migration. IKEv2 MOBIKE / address-update
     handling inside a netns is silently broken.

Thread struct net through km_migrate() and the xfrm_mgr.migrate
function pointer, drop the &init_net override in xfrm_send_migrate()
and pfkey_send_migrate(), and pass the caller's net (already in
scope in xfrm_migrate() via sock_net(skb->sk)) all the way down.
struct xfrm_mgr is in-tree only and not exported as a stable API,
so the function-pointer signature change is internal.

pfkey_broadcast() is already netns-aware via net_generic(net,
pfkey_net_id) since the pernet conversion. The five other
pfkey_broadcast() callers in af_key.c already pass xs_net(x),
sock_net(sk) or a per-netns net, so this only removes the
&init_net outlier.

Fixes: 5c79de6e79 ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE")
Cc: stable@vger.kernel.org # v5.15+
Signed-off-by: Maoyi Xie <maoyi.xie@ntu.edu.sg>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
master
Maoyi Xie 2026-05-04 22:27:36 +08:00 committed by Steffen Klassert
parent b266bacba7
commit 7e2a4f7ca0
5 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/net/xfrm.h
View File

@ -715,6 +715,7 @@ struct xfrm_mgr {
const struct xfrm_migrate *m, const struct xfrm_migrate *m,
int num_bundles, int num_bundles,
const struct xfrm_kmaddress *k, const struct xfrm_kmaddress *k,
struct net *net,
const struct xfrm_encap_tmpl *encap); const struct xfrm_encap_tmpl *encap);
bool (*is_alive)(const struct km_event *c); bool (*is_alive)(const struct km_event *c);
}; };
@ -1891,7 +1892,7 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
#ifdef CONFIG_XFRM_MIGRATE #ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles, const struct xfrm_migrate *m, int num_bundles,
const struct xfrm_kmaddress *k, const struct xfrm_kmaddress *k, struct net *net,
const struct xfrm_encap_tmpl *encap); const struct xfrm_encap_tmpl *encap);
struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net, struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net,
u32 if_id); u32 if_id);

6
net/key/af_key.c
View File

@ -3564,7 +3564,7 @@ static int set_ipsecrequest(struct sk_buff *skb,
#ifdef CONFIG_NET_KEY_MIGRATE #ifdef CONFIG_NET_KEY_MIGRATE
static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles, const struct xfrm_migrate *m, int num_bundles,
const struct xfrm_kmaddress *k, const struct xfrm_kmaddress *k, struct net *net,
const struct xfrm_encap_tmpl *encap) const struct xfrm_encap_tmpl *encap)
{ {
int i; int i;
@ -3669,7 +3669,7 @@ static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
} }
/* broadcast migrate message to sockets */ /* broadcast migrate message to sockets */
pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net); pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, net);
return 0; return 0;
@ -3680,7 +3680,7 @@ err:
#else #else
static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_bundles, const struct xfrm_migrate *m, int num_bundles,
const struct xfrm_kmaddress *k, const struct xfrm_kmaddress *k, struct net *net,
const struct xfrm_encap_tmpl *encap) const struct xfrm_encap_tmpl *encap)
{ {
return -ENOPROTOOPT; return -ENOPROTOOPT;

2
net/xfrm/xfrm_policy.c
View File

@ -4703,7 +4703,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
} }
/* Stage 5 - announce */ /* Stage 5 - announce */
km_migrate(sel, dir, type, m, num_migrate, k, encap); km_migrate(sel, dir, type, m, num_migrate, k, net, encap);
xfrm_pol_put(pol); xfrm_pol_put(pol);

4
net/xfrm/xfrm_state.c
View File

@ -2837,7 +2837,7 @@ EXPORT_SYMBOL(km_policy_expired);
#ifdef CONFIG_XFRM_MIGRATE #ifdef CONFIG_XFRM_MIGRATE
int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate, const struct xfrm_migrate *m, int num_migrate,
const struct xfrm_kmaddress *k, const struct xfrm_kmaddress *k, struct net *net,
const struct xfrm_encap_tmpl *encap) const struct xfrm_encap_tmpl *encap)
{ {
int err = -EINVAL; int err = -EINVAL;
@ -2848,7 +2848,7 @@ int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
list_for_each_entry_rcu(km, &xfrm_km_list, list) { list_for_each_entry_rcu(km, &xfrm_km_list, list) {
if (km->migrate) { if (km->migrate) {
ret = km->migrate(sel, dir, type, m, num_migrate, k, ret = km->migrate(sel, dir, type, m, num_migrate, k,
encap); net, encap);
if (!ret) if (!ret)
err = ret; err = ret;
} }

5
net/xfrm/xfrm_user.c
View File

@ -3271,10 +3271,9 @@ out_cancel:
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate, const struct xfrm_migrate *m, int num_migrate,
const struct xfrm_kmaddress *k, const struct xfrm_kmaddress *k, struct net *net,
const struct xfrm_encap_tmpl *encap) const struct xfrm_encap_tmpl *encap)
{ {
struct net *net = &init_net;
struct sk_buff *skb; struct sk_buff *skb;
int err; int err;
@ -3292,7 +3291,7 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
#else #else
static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
const struct xfrm_migrate *m, int num_migrate, const struct xfrm_migrate *m, int num_migrate,
const struct xfrm_kmaddress *k, const struct xfrm_kmaddress *k, struct net *net,
const struct xfrm_encap_tmpl *encap) const struct xfrm_encap_tmpl *encap)
{ {
return -ENOPROTOOPT; return -ENOPROTOOPT;