From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
netdev@vger.kernel.org, Tariq Toukan <tariqt@nvidia.com>,
Hyong Youb Kim <hyonkim@cisco.com>,
Leon Romanovsky <leonro@nvidia.com>
Subject: [V3 net 01/16] net/mlx5e: Do not increment ESN when updating IPsec ESN state
Date: Mon, 24 Oct 2022 12:53:42 +0100 [thread overview]
Message-ID: <20221024115357.37278-2-saeed@kernel.org> (raw)
In-Reply-To: <20221024115357.37278-1-saeed@kernel.org>
From: Hyong Youb Kim <hyonkim@cisco.com>
An offloaded SA stops receiving after about 2^32 + replay_window
packets. For example, when SA reaches <seq-hi 0x1, seq 0x2c>, all
subsequent packets get dropped with SA-icv-failure (integrity_failed).
To reproduce the bug:
- ConnectX-6 Dx with crypto enabled (FW 22.30.1004)
- ipsec.conf:
nic-offload = yes
replay-window = 32
esn = yes
salifetime=24h
- Run netperf for a long time to send more than 2^32 packets
netperf -H <device-under-test> -t TCP_STREAM -l 20000
When 2^32 + replay_window packets are received, the replay window
moves from the 2nd half of subspace (overlap=1) to the 1st half
(overlap=0). The driver then updates the 'esn' value in NIC
(i.e. seq_hi) as follows.
seq_hi = xfrm_replay_seqhi(seq_bottom)
new esn in NIC = seq_hi + 1
The +1 increment is wrong, as seq_hi already contains the correct
seq_hi. For example, when seq_hi=1, the driver actually tells NIC to
use seq_hi=2 (esn). This incorrect esn value causes all subsequent
packets to fail integrity checks (SA-icv-failure). So, do not
increment.
Fixes: cb01008390bb ("net/mlx5: IPSec, Add support for ESN")
Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
Acked-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 2a8fd7020622..a715601865d3 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -101,7 +101,6 @@ static bool mlx5e_ipsec_update_esn_state(struct mlx5e_ipsec_sa_entry *sa_entry)
struct xfrm_replay_state_esn *replay_esn;
u32 seq_bottom = 0;
u8 overlap;
- u32 *esn;
if (!(sa_entry->x->props.flags & XFRM_STATE_ESN)) {
sa_entry->esn_state.trigger = 0;
@@ -116,11 +115,9 @@ static bool mlx5e_ipsec_update_esn_state(struct mlx5e_ipsec_sa_entry *sa_entry)
sa_entry->esn_state.esn = xfrm_replay_seqhi(sa_entry->x,
htonl(seq_bottom));
- esn = &sa_entry->esn_state.esn;
sa_entry->esn_state.trigger = 1;
if (unlikely(overlap && seq_bottom < MLX5E_IPSEC_ESN_SCOPE_MID)) {
- ++(*esn);
sa_entry->esn_state.overlap = 0;
return true;
} else if (unlikely(!overlap &&
--
2.37.3
next prev parent reply other threads:[~2022-10-24 12:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-24 11:53 [pull request][V3 net 00/16] mlx5 fixes 2022-10-14 Saeed Mahameed
2022-10-24 11:53 ` Saeed Mahameed [this message]
2022-10-24 11:53 ` [V3 net 02/16] net/mlx5: Wait for firmware to enable CRS before pci_restore_state Saeed Mahameed
2022-10-24 11:53 ` [V3 net 03/16] net/mlx5: DR, Fix matcher disconnect error flow Saeed Mahameed
2022-10-24 11:53 ` [V3 net 04/16] net/mlx5e: Extend SKB room check to include PTP-SQ Saeed Mahameed
2022-10-24 11:53 ` [V3 net 05/16] net/mlx5e: Update restore chain id for slow path packets Saeed Mahameed
2022-10-24 11:53 ` [V3 net 06/16] net/mlx5: ASO, Create the ASO SQ with the correct timestamp format Saeed Mahameed
2022-10-24 11:53 ` [V3 net 07/16] net/mlx5: Fix possible use-after-free in async command interface Saeed Mahameed
2022-10-24 11:53 ` [V3 net 08/16] net/mlx5e: TC, Reject forwarding from internal port to internal port Saeed Mahameed
2022-10-24 11:53 ` [V3 net 09/16] net/mlx5: SF: Fix probing active SFs during driver probe phase Saeed Mahameed
2022-10-25 4:27 ` Jakub Kicinski
2022-10-24 11:53 ` [V3 net 10/16] net/mlx5e: TC, Fix cloned flow attr instance dests are not zeroed Saeed Mahameed
2022-10-24 11:53 ` [V3 net 11/16] net/mlx5: Update fw fatal reporter state on PCI handlers successful recover Saeed Mahameed
2022-10-24 11:53 ` [V3 net 12/16] net/mlx5: Fix crash during sync firmware reset Saeed Mahameed
2022-10-24 11:53 ` [V3 net 13/16] net/mlx5e: Fix macsec coverity issue at rx sa update Saeed Mahameed
2022-10-24 11:53 ` [V3 net 14/16] net/mlx5e: Fix macsec rx security association (SA) update/delete Saeed Mahameed
2022-10-24 11:53 ` [V3 net 15/16] net/mlx5e: Fix wrong bitwise comparison usage in macsec_fs_rx_add_rule function Saeed Mahameed
2022-10-24 11:53 ` [V3 net 16/16] net/mlx5e: Fix macsec sci endianness at rx sa update Saeed Mahameed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221024115357.37278-2-saeed@kernel.org \
--to=saeed@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hyonkim@cisco.com \
--cc=kuba@kernel.org \
--cc=leonro@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=saeedm@nvidia.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.