From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81654C4CEC9 for ; Wed, 18 Sep 2019 06:29:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4F3FD218AF for ; Wed, 18 Sep 2019 06:29:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1568788185; bh=JFk5Jv4dKcXIkrB4AdcywhjcbvMFMjIgV59Vz693O0w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=punJbApUtoU7LfJ/a1l2UyZZ0Pq5NOYPKlhnuZmgDuXHwSSuzJ9TVBhrX+Pb3r+93 Sd8m4F2Ezw4VjkUdtBxVQv1j8Nla0h5aoundFeLN+3gG3gN9lhpA6h7/D20q+jItNu EjRfyyiNUXPqhMy7EmwEmU/+okCs8WpiunjN1t70= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730174AbfIRG3o (ORCPT ); Wed, 18 Sep 2019 02:29:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:46740 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726990AbfIRGZl (ORCPT ); Wed, 18 Sep 2019 02:25:41 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3A68B21906; Wed, 18 Sep 2019 06:25:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1568787940; bh=JFk5Jv4dKcXIkrB4AdcywhjcbvMFMjIgV59Vz693O0w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xYgRxwhwg7PUGcDe+awqw+npdhnqEimfBi5JKaGau3vYbNYr/NrSVI4aCE6Alpl9K 8Kgjwa8WfXLWFDVm5l8O2eI/dr+zfl7QqmM3ucqWVgmoPM7Mn46FOEggqjGsmBOb30 XBB/LjkLdBreNme4N6SvQMsCxQ8NGeYWXTgNdRAQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Michael Marley , Steffen Klassert , "David S. Miller" Subject: [PATCH 5.2 05/85] ixgbe: Fix secpath usage for IPsec TX offload. Date: Wed, 18 Sep 2019 08:18:23 +0200 Message-Id: <20190918061234.300610892@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190918061234.107708857@linuxfoundation.org> References: <20190918061234.107708857@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Steffen Klassert [ Upstream commit f39b683d35dfa93a58f1b400a8ec0ff81296b37c ] The ixgbe driver currently does IPsec TX offloading based on an existing secpath. However, the secpath can also come from the RX side, in this case it is misinterpreted for TX offload and the packets are dropped with a "bad sa_idx" error. Fix this by using the xfrm_offload() function to test for TX offload. Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload") Reported-by: Michael Marley Signed-off-by: Steffen Klassert Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c @@ -36,6 +36,7 @@ #include #include #include +#include #include "ixgbe.h" #include "ixgbe_common.h" @@ -8691,7 +8692,7 @@ netdev_tx_t ixgbe_xmit_frame_ring(struct #endif /* IXGBE_FCOE */ #ifdef CONFIG_IXGBE_IPSEC - if (secpath_exists(skb) && + if (xfrm_offload(skb) && !ixgbe_ipsec_tx(tx_ring, first, &ipsec_tx)) goto out_drop; #endif