git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Lin Ma <linma@zju.edu.cn>
	Fri, 30 Jun 2023 08:19:11 +0000 (16:19 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 26 Aug 2023 12:23:32 +0000 (14:23 +0200)
commit	a465ace883ac600fef37165b653b0ca5cc9c1a53
tree	29f2748542e29231ce26bbffcf3c0454285a32c1	tree
parent	fed1cd2cd3aa95dedb75d12d430c90d6203d6c32	commit \| diff

net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure

[ Upstream commit d1e0e61d617ba17aa516db707aa871387566bbf7 ]

According to all consumers code of attrs[XFRMA_SEC_CTX], like

* verify_sec_ctx_len(), convert to xfrm_user_sec_ctx*
* xfrm_state_construct(), call security_xfrm_state_alloc whose prototype
is int security_xfrm_state_alloc(.., struct xfrm_user_sec_ctx *sec_ctx);
* copy_from_user_sec_ctx(), convert to xfrm_user_sec_ctx *
...

It seems that the expected parsing result for XFRMA_SEC_CTX should be
structure xfrm_user_sec_ctx, and the current xfrm_sec_ctx is confusing
and misleading (Luckily, they happen to have same size 8 bytes).

This commit amend the policy structure to xfrm_user_sec_ctx to avoid
ambiguity.

Fixes: cf5cb79f6946 ("[XFRM] netlink: Establish an attribute policy")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

net/xfrm/xfrm_compat.c		diff \| blob \| blame \| history
net/xfrm/xfrm_user.c		diff \| blob \| blame \| history