Re: [edk2] [Patch] NetworkPkg: Fix hang issue after system reconnected when IPSec has set up

Thu, 13 Aug 2015 23:02:26 -0700 

Reviewed-by: Ye Ting <ting...@intel.com> 

-----Original Message-----
From: Wu, Jiaxin 
Sent: Thursday, August 13, 2015 10:10 PM
To: edk2-devel@lists.01.org
Cc: Ye, Ting
Subject: [Patch] NetworkPkg: Fix hang issue after system reconnected when IPSec 
has set up

IpSecStop() is incompetent to send out the delete information since the 
underlying
IP child has been destroyed. Delete all established IKE SAs and related
Child SAs directly.

Cc: Ye Ting <ting...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin...@intel.com>
---
 NetworkPkg/IpSecDxe/IkeService.c     |  1 -
 NetworkPkg/IpSecDxe/IkeService.h     |  3 ++-
 NetworkPkg/IpSecDxe/Ikev2/Exchange.c |  6 +++---
 NetworkPkg/IpSecDxe/Ikev2/Utility.c  |  6 ++----
 NetworkPkg/IpSecDxe/IpSecDriver.c    | 25 +++++++++++++++++++++++--
 5 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/NetworkPkg/IpSecDxe/IkeService.c b/NetworkPkg/IpSecDxe/IkeService.c
index 6594963..d857196 100644
--- a/NetworkPkg/IpSecDxe/IkeService.c
+++ b/NetworkPkg/IpSecDxe/IkeService.c
@@ -13,11 +13,10 @@
 
 **/
 
 #include "IkeService.h"
 #include "IpSecConfigImpl.h"
-#include "Ikev2/Utility.h"
 
 IKE_EXCHANGE_INTERFACE  *mIkeExchange[] = {
   &mIkev1Exchange,
   &mIkev2Exchange
 };
diff --git a/NetworkPkg/IpSecDxe/IkeService.h b/NetworkPkg/IpSecDxe/IkeService.h
index 3ebd179..0e05dfe 100644
--- a/NetworkPkg/IpSecDxe/IkeService.h
+++ b/NetworkPkg/IpSecDxe/IkeService.h
@@ -1,9 +1,9 @@
 /** @file
   Prototypes definitions of IKE service.
 
-  Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
   http://opensource.org/licenses/bsd-license.php.
@@ -17,10 +17,11 @@
 #define _IKE_SERVICE_H_
 
 #include "Ike.h"
 #include "IpSecImpl.h"
 #include "IkeCommon.h"
+#include "Ikev2/Utility.h"
 
 #define IPSEC_CRYPTO_LIB_MEMORY 128 * 1024
 
 /**
   This is prototype definition of general interface to intialize a IKE 
negotiation.
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c 
b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c
index 37f9667..9d58ab0 100644
--- a/NetworkPkg/IpSecDxe/Ikev2/Exchange.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Exchange.c
@@ -1,9 +1,9 @@
 /** @file
   The general interfaces of the IKEv2.
 
-  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
   http://opensource.org/licenses/bsd-license.php.
@@ -328,11 +328,11 @@ Ikev2NegotiateInfo (
     }
 
     //
     // Send out the Packet
     //
-    if (UdpService != NULL) {
+    if (UdpService != NULL && UdpService->Output != NULL) {
       Status = Ikev2SendIkePacket (UdpService, (UINT8 *) SaCommon, IkePacket, 
0);
 
       if (EFI_ERROR (Status)) {
         goto ON_ERROR;
       }
@@ -355,11 +355,11 @@ Ikev2NegotiateInfo (
       }
 
       //
       // Send out the Packet
       //
-      if (UdpService != NULL) {
+      if (UdpService != NULL && UdpService->Output != NULL) {
         Status = Ikev2SendIkePacket (UdpService, (UINT8 *) 
&ChildSaSession->SessionCommon, IkePacket, 0);
 
         if (EFI_ERROR (Status)) {
           goto ON_ERROR;
         }
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c 
b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
index 8769850..16be09e 100644
--- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
@@ -1,10 +1,10 @@
 /** @file
   The Common operations used by IKE Exchange Process.
 
   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
-  Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
   http://opensource.org/licenses/bsd-license.php.
@@ -889,13 +889,11 @@ Ikev2ChildSaSilentDelete (
   ChildSession    = NULL;
   LocalSelector   = NULL;
   RemoteSelector  = NULL;
   UdpService      = IkeSaSession->SessionCommon.UdpService;
 
-  Private  = (UdpService->IpVersion == IP_VERSION_4) ?
-             IPSEC_PRIVATE_DATA_FROM_UDP4LIST(UdpService->ListHead) :
-             IPSEC_PRIVATE_DATA_FROM_UDP6LIST(UdpService->ListHead);
+  Private = IkeSaSession->SessionCommon.Private;
 
   //
   // Remove the Established SA from ChildSaEstablishlist.
   //
   ChildSession = Ikev2ChildSaSessionRemove(
diff --git a/NetworkPkg/IpSecDxe/IpSecDriver.c 
b/NetworkPkg/IpSecDxe/IpSecDriver.c
index 454d218..d8282b5 100644
--- a/NetworkPkg/IpSecDxe/IpSecDriver.c
+++ b/NetworkPkg/IpSecDxe/IpSecDriver.c
@@ -1,9 +1,9 @@
 /** @file
   Driver Binding Protocol for IPsec Driver.
 
-  Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
   http://opensource.org/licenses/bsd-license.php.
@@ -176,10 +176,11 @@ IpSecStop (
   EFI_STATUS          Status;
   IPSEC_PRIVATE_DATA  *Private;
   IKE_UDP_SERVICE     *UdpSrv;
   LIST_ENTRY          *Entry;
   LIST_ENTRY          *Next;
+  IKEV2_SA_SESSION    *Ikev2SaSession;
 
   //
   // Locate ipsec protocol to get private data.
   //
   Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) 
&IpSec);
@@ -194,11 +195,31 @@ IpSecStop (
   // The SAs are shared by both IP4 and IP6 stack. So we skip the cleanup
   // and leave the SAs unchanged if the other IP stack is still running.
   //
   if ((IpVersion == IP_VERSION_4 && Private->Udp6Num ==0) ||
       (IpVersion == IP_VERSION_6 && Private->Udp4Num ==0)) {
-    IkeDeleteAllSas (Private, FALSE);
+    //
+    // If IKEv2 SAs are under establishing, delete it directly.
+    //
+    if (!IsListEmpty (&Private->Ikev2SessionList)) {
+      NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2SessionList) {
+        Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);
+        RemoveEntryList (&Ikev2SaSession->BySessionTable);
+        Ikev2SaSessionFree (Ikev2SaSession);
+      }
+    }
+
+    //
+    // Delete established IKEv2 SAs.
+    //
+    if (!IsListEmpty (&Private->Ikev2EstablishedList)) {
+      NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2EstablishedList) {
+        Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); 
+        RemoveEntryList (&Ikev2SaSession->BySessionTable);
+        Ikev2SaSessionFree (Ikev2SaSession);
+      }
+    }
   }
 
   if (IpVersion == IP_VERSION_4) {
     //
     // If has udp4 io opened on the controller, close and free it.
-- 
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to