[Swan-dev] KLIPS 3.17 on kernel version 3.10.101

Erik Andersson erik at ingate.com
Thu Apr 7 18:32:07 UTC 2016 

Hi,

The commit e10b0481065428c377024da4c9c680659e3573d3 added support for 
the Linux 4.4.x kernel.

It seems that the same commit introduce an issue when running KLIPS on 
kernel 3.10.101 (haven't tried any other version).

Running cat /proc/net/pf_key yields the following kernel error:

[   15.590773] general protection fault: 0000 [#1] SMP
[   15.592016] Modules linked in: isofs sr_mod cdrom imq virtio_net 
vmxnet3 pcnet32 ixgbe(O) igb(O) dca bnx2x(O) mdio crc32c libcrc32c bnx2 
via_rhine 8139too 8139cp 3c59x tulip e100 ns83820 tg3(O) hwmon ptp pps_c)
[   15.592016] CPU: 0 PID: 1588 Comm: cat Tainted: G           O 3.10.101 #1
[   15.592016] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[   15.592016] task: ffff88003ce8b2d0 ti: ffff88003e372000 task.ti: 
ffff88003e372000
[   15.592016] RIP: 0010:[<ffffffffa0014f8c>]  [<ffffffffa0014f8c>] 
pfkey_show+0x5c/0x190 [ipsec]
[   15.592016] RSP: 0018:ffff88003e373918  EFLAGS: 00010246
[   15.592016] RAX: 0000000000000000 RBX: ffff8800394e9c40 RCX: 
0000000000000000
[   15.592016] RDX: ffff880000000000 RSI: ffffffffa0046d48 RDI: 
ffff8800394e9c40
[   15.592016] RBP: ffff88003e373980 R08: f000d67af000d671 R09: 
00000000f000ff53
[   15.592016] R10: 0000000000000001 R11: 0000000000010000 R12: 
0000000000001000
[   15.592016] R13: ffff88003e373b58 R14: 0000000000000001 R15: 
ffff8800394e9c40
[   15.592016] FS:  00007fdb0c434740(0000) GS:ffff88003fc00000(0000) 
knlGS:0000000000000000
[   15.592016] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   15.592016] CR2: 00007fdb0bc2bf30 CR3: 000000003e213000 CR4: 
00000000000406f0
[   15.592016] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
[   15.592016] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 
0000000000000400
[   15.592016] Stack:
[   15.592016]  0000000000000246 0000000000000246 0000000100000000 
000200da00000000
[   15.592016]  0000000000000030 0000000000000000 0000000000000000 
0000000000000000
[   15.592016]  0000000000000000 0000000000000202 ffff88003d92ff40 
ffff880000000000
[   15.592016] Call Trace:
[   15.592016]  [<ffffffff810dc5d0>] ? seq_read+0x110/0x370
[   15.592016]  [<ffffffff81108a80>] ? proc_reg_write+0x70/0x70
[   15.592016]  [<ffffffff81108ab4>] ? proc_reg_read+0x34/0x70
[   15.592016]  [<ffffffff810bd849>] ? do_loop_readv_writev+0x59/0x80
[   15.592016]  [<ffffffff810bebe5>] ? do_readv_writev+0x1c5/0x230
[   15.592016]  [<ffffffff81090d38>] ? __alloc_pages_nodemask+0xd8/0x690
[   15.592016]  [<ffffffff810afab3>] ? page_add_new_anon_rmap+0x23/0xc0
[   15.592016]  [<ffffffff810a3c34>] ? __do_fault+0x414/0x510
[   15.592016]  [<ffffffff8108acf4>] ? find_get_page+0x14/0x70
[   15.592016]  [<ffffffff8108cb5f>] ? filemap_fault+0x6f/0x410
[   15.592016]  [<ffffffff810e375d>] ? default_file_splice_read+0x28d/0x3b0
[   15.592016]  [<ffffffff810e2060>] ? page_cache_pipe_buf_release+0x20/0x20
[   15.592016]  [<ffffffff810d46a6>] ? alloc_inode+0x26/0x90
[   15.592016]  [<ffffffff814002d5>] ? _raw_spin_lock+0x5/0x10
[   15.592016]  [<ffffffff814002d5>] ? _raw_spin_lock+0x5/0x10
[   15.592016]  [<ffffffff810d411e>] ? inode_sb_list_add+0x4e/0x60
[   15.592016]  [<ffffffff814002d5>] ? _raw_spin_lock+0x5/0x10
[   15.592016]  [<ffffffff810d031b>] ? __d_instantiate+0xbb/0xf0
[   15.592016]  [<ffffffff810dfd5a>] ? __inode_wait_for_writeback+0x6a/0xc0
[   15.592016]  [<ffffffff810dbed4>] ? seq_open+0x74/0x140
[   15.592016]  [<ffffffffa0014f30>] ? pfkey_sendmsg+0x4f0/0x4f0 [ipsec]
[   15.592016]  [<ffffffff810dc212>] ? single_open+0x52/0xa0
[   15.592016]  [<ffffffff810ba382>] ? kmem_cache_alloc+0xa2/0xc0
[   15.592016]  [<ffffffff8108acf4>] ? find_get_page+0x14/0x70
[   15.592016]  [<ffffffff8108cb5f>] ? filemap_fault+0x6f/0x410
[   15.592016]  [<ffffffff810e270c>] ? splice_direct_to_actor+0xdc/0x1f0
[   15.592016]  [<ffffffff810e2980>] ? do_splice_from+0x100/0x100
[   15.592016]  [<ffffffff810e3bee>] ? do_splice_direct+0x4e/0x70
[   15.592016]  [<ffffffff810be449>] ? do_sendfile+0x189/0x2f0
[   15.592016]  [<ffffffff814002d5>] ? _raw_spin_lock+0x5/0x10
[   15.592016]  [<ffffffff810bf292>] ? SyS_sendfile64+0x72/0x90
[   15.592016]  [<ffffffff81400f89>] ? system_call_fastpath+0x16/0x1b
[   15.592016] Code: d2 75 6e e9 33 01 00 00 0f 1f 80 00 00 00 00 4c 8b 
82 d0 01 00 00 44 8b 8a 54 01 00 00 48 c7 c6 48 6d 04 a0 8b 4c 24 58 48 
89 df <41> 8b 00 89 44 24 20 41 0f bf 40 04 89 44 24 18 49 8b 40 08
[   15.592016] RIP  [<ffffffffa0014f8c>] pfkey_show+0x5c/0x190 [ipsec]
[   15.592016]  RSP <ffff88003e373918>
[   15.818758] ---[ end trace e57a31571eb5c502 ]---
Segmentation fault

The following patch solves the issue mentioned above:

index d965e5d..3f70e15 100644
--- a/linux/include/libreswan/pfkey.h
+++ b/linux/include/libreswan/pfkey.h
@@ -18,6 +18,7 @@
  #define __NET_IPSEC_PF_KEY_H

  #include "pfkeyv2.h"
+#include <linux/version.h>
  #ifdef __KERNEL__
  extern struct proto_ops pfkey_proto_ops;
  typedef struct sock pfkey_sock;
@@ -139,7 +140,11 @@ struct key_opt {
         struct sock     *sk;
  };

-#define key_pid(sk) ((struct key_opt*)&(sk))->key_pid
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
+# define key_pid(sk) ((struct key_opt*)&(sk))->key_pid
+#else
+# define key_pid(sk) ((struct key_opt*)&((sk)->sk_protinfo))->key_pid
+#endif

  /* XXX-mcr this is not an alignment, this is because the count is in 
64-bit
   * words.

Does this seem as a valid solution? Haven't seen any other issues.

Regards,

/Erik

More information about the Swan-dev mailing list