* [net] ixgbevf: Fix secpath usage for IPsec Tx offload
@ 2019-09-12 19:07 Jeff Kirsher
2019-09-12 22:26 ` Shannon Nelson
2019-09-13 13:53 ` David Miller
0 siblings, 2 replies; 3+ messages in thread
From: Jeff Kirsher @ 2019-09-12 19:07 UTC (permalink / raw)
To: netdev; +Cc: Jeff Kirsher, Shannon Nelson, Jonathan Tooker
Port the same fix for ixgbe to ixgbevf.
The ixgbevf driver currently does IPsec Tx offloading
based on an existing secpath. However, the secpath
can also come from the Rx side, in this case it is
misinterpreted for Tx offload and the packets are
dropped with a "bad sa_idx" error. Fix this by using
the xfrm_offload() function to test for Tx offload.
CC: Shannon Nelson <snelson@pensando.io>
Fixes: 7f68d4306701 ("ixgbevf: enable VF IPsec offload operations")
Reported-by: Jonathan Tooker <jonathan@reliablehosting.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
index d2b41f9f87f8..72872d6ca80c 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
@@ -30,6 +30,7 @@
#include <linux/bpf.h>
#include <linux/bpf_trace.h>
#include <linux/atomic.h>
+#include <net/xfrm.h>
#include "ixgbevf.h"
@@ -4161,7 +4162,7 @@ static int ixgbevf_xmit_frame_ring(struct sk_buff *skb,
first->protocol = vlan_get_protocol(skb);
#ifdef CONFIG_IXGBEVF_IPSEC
- if (secpath_exists(skb) && !ixgbevf_ipsec_tx(tx_ring, first, &ipsec_tx))
+ if (xfrm_offload(skb) && !ixgbevf_ipsec_tx(tx_ring, first, &ipsec_tx))
goto out_drop;
#endif
tso = ixgbevf_tso(tx_ring, first, &hdr_len, &ipsec_tx);
--
2.21.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [net] ixgbevf: Fix secpath usage for IPsec Tx offload
2019-09-12 19:07 [net] ixgbevf: Fix secpath usage for IPsec Tx offload Jeff Kirsher
@ 2019-09-12 22:26 ` Shannon Nelson
2019-09-13 13:53 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: Shannon Nelson @ 2019-09-12 22:26 UTC (permalink / raw)
To: Jeff Kirsher, netdev; +Cc: Jonathan Tooker
On 9/12/19 8:07 PM, Jeff Kirsher wrote:
> Port the same fix for ixgbe to ixgbevf.
>
> The ixgbevf driver currently does IPsec Tx offloading
> based on an existing secpath. However, the secpath
> can also come from the Rx side, in this case it is
> misinterpreted for Tx offload and the packets are
> dropped with a "bad sa_idx" error. Fix this by using
> the xfrm_offload() function to test for Tx offload.
>
> CC: Shannon Nelson <snelson@pensando.io>
> Fixes: 7f68d4306701 ("ixgbevf: enable VF IPsec offload operations")
> Reported-by: Jonathan Tooker <jonathan@reliablehosting.com>
> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
> ---
> drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
> index d2b41f9f87f8..72872d6ca80c 100644
> --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
> +++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
> @@ -30,6 +30,7 @@
> #include <linux/bpf.h>
> #include <linux/bpf_trace.h>
> #include <linux/atomic.h>
> +#include <net/xfrm.h>
>
> #include "ixgbevf.h"
>
> @@ -4161,7 +4162,7 @@ static int ixgbevf_xmit_frame_ring(struct sk_buff *skb,
> first->protocol = vlan_get_protocol(skb);
>
> #ifdef CONFIG_IXGBEVF_IPSEC
> - if (secpath_exists(skb) && !ixgbevf_ipsec_tx(tx_ring, first, &ipsec_tx))
> + if (xfrm_offload(skb) && !ixgbevf_ipsec_tx(tx_ring, first, &ipsec_tx))
> goto out_drop;
> #endif
> tso = ixgbevf_tso(tx_ring, first, &hdr_len, &ipsec_tx);
Acked-by: Shannon Nelson <snelson@pensando.io>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [net] ixgbevf: Fix secpath usage for IPsec Tx offload
2019-09-12 19:07 [net] ixgbevf: Fix secpath usage for IPsec Tx offload Jeff Kirsher
2019-09-12 22:26 ` Shannon Nelson
@ 2019-09-13 13:53 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2019-09-13 13:53 UTC (permalink / raw)
To: jeffrey.t.kirsher; +Cc: netdev, snelson, jonathan
From: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Date: Thu, 12 Sep 2019 12:07:34 -0700
> Port the same fix for ixgbe to ixgbevf.
>
> The ixgbevf driver currently does IPsec Tx offloading
> based on an existing secpath. However, the secpath
> can also come from the Rx side, in this case it is
> misinterpreted for Tx offload and the packets are
> dropped with a "bad sa_idx" error. Fix this by using
> the xfrm_offload() function to test for Tx offload.
>
> CC: Shannon Nelson <snelson@pensando.io>
> Fixes: 7f68d4306701 ("ixgbevf: enable VF IPsec offload operations")
> Reported-by: Jonathan Tooker <jonathan@reliablehosting.com>
> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Applied, and like the ixgbe version of this fix I queued it up for -stable.
Thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-09-13 13:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-12 19:07 [net] ixgbevf: Fix secpath usage for IPsec Tx offload Jeff Kirsher
2019-09-12 22:26 ` Shannon Nelson
2019-09-13 13:53 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox