Re: [PATCH net-next v24 09/23] ovpn: implement packet processing

From: Sabrina Dubroca
Date: Mon Mar 24 2025 - 07:05:38 EST

Next message: srinivas . kandagatla: "[PATCH v3 0/6] ASoC: wcd938x: enable t14s audio headset"
Previous message: Bart Van Assche: "Re: [PATCH RFC] ufs: delegate the interrupt service routine to a threaded irq handler"
Next in thread: Antonio Quartulli: "Re: [PATCH net-next v24 09/23] ovpn: implement packet processing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2025-03-18, 02:40:44 +0100, Antonio Quartulli wrote:
> +int ovpn_crypto_state_reset(struct ovpn_crypto_state *cs,
> + const struct ovpn_peer_key_reset *pkr)
> +{
> + struct ovpn_crypto_key_slot *old = NULL, *new;
> + u8 idx;
> +
> + if (pkr->slot != OVPN_KEY_SLOT_PRIMARY &&
> + pkr->slot != OVPN_KEY_SLOT_SECONDARY)
> + return -EINVAL;
> +
> + new = ovpn_aead_crypto_key_slot_new(&pkr->key);
> + if (IS_ERR(new))
> + return PTR_ERR(new);
> +
> + spin_lock_bh(&cs->lock);

At this point, should there be a check that we're not installing 2
keys with the same key_id at the same time? I expect a well-behaved
userspace never does that, but it would confuse
ovpn_crypto_key_id_to_slot if it ever happened.

["well, then the tunnel is broken. if userspace sets up a broken
config that's not the kernel's problem." is an acceptable answer]

--
Sabrina

Next message: srinivas . kandagatla: "[PATCH v3 0/6] ASoC: wcd938x: enable t14s audio headset"
Previous message: Bart Van Assche: "Re: [PATCH RFC] ufs: delegate the interrupt service routine to a threaded irq handler"
Next in thread: Antonio Quartulli: "Re: [PATCH net-next v24 09/23] ovpn: implement packet processing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]