From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
netdev@vger.kernel.org, Tariq Toukan <tariqt@nvidia.com>,
Hyong Youb Kim <hyonkim@cisco.com>,
Leon Romanovsky <leonro@nvidia.com>
Subject: [net 01/16] net/mlx5e: Do not increment ESN when updating IPsec ESN state
Date: Tue, 18 Oct 2022 23:37:58 -0700 [thread overview]
Message-ID: <20221019063813.802772-2-saeed@kernel.org> (raw)
In-Reply-To: <20221019063813.802772-1-saeed@kernel.org>
From: Hyong Youb Kim <hyonkim@cisco.com>
An offloaded SA stops receiving after about 2^32 + replay_window
packets. For example, when SA reaches <seq-hi 0x1, seq 0x2c>, all
subsequent packets get dropped with SA-icv-failure (integrity_failed).
To reproduce the bug:
- ConnectX-6 Dx with crypto enabled (FW 22.30.1004)
- ipsec.conf:
nic-offload = yes
replay-window = 32
esn = yes
salifetime=24h
- Run netperf for a long time to send more than 2^32 packets
netperf -H <device-under-test> -t TCP_STREAM -l 20000
When 2^32 + replay_window packets are received, the replay window
moves from the 2nd half of subspace (overlap=1) to the 1st half
(overlap=0). The driver then updates the 'esn' value in NIC
(i.e. seq_hi) as follows.
seq_hi = xfrm_replay_seqhi(seq_bottom)
new esn in NIC = seq_hi + 1
The +1 increment is wrong, as seq_hi already contains the correct
seq_hi. For example, when seq_hi=1, the driver actually tells NIC to
use seq_hi=2 (esn). This incorrect esn value causes all subsequent
packets to fail integrity checks (SA-icv-failure). So, do not
increment.
Fixes: cb01008390bb ("net/mlx5: IPSec, Add support for ESN")
Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
Acked-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 2a8fd7020622..a715601865d3 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -101,7 +101,6 @@ static bool mlx5e_ipsec_update_esn_state(struct mlx5e_ipsec_sa_entry *sa_entry)
struct xfrm_replay_state_esn *replay_esn;
u32 seq_bottom = 0;
u8 overlap;
- u32 *esn;
if (!(sa_entry->x->props.flags & XFRM_STATE_ESN)) {
sa_entry->esn_state.trigger = 0;
@@ -116,11 +115,9 @@ static bool mlx5e_ipsec_update_esn_state(struct mlx5e_ipsec_sa_entry *sa_entry)
sa_entry->esn_state.esn = xfrm_replay_seqhi(sa_entry->x,
htonl(seq_bottom));
- esn = &sa_entry->esn_state.esn;
sa_entry->esn_state.trigger = 1;
if (unlikely(overlap && seq_bottom < MLX5E_IPSEC_ESN_SCOPE_MID)) {
- ++(*esn);
sa_entry->esn_state.overlap = 0;
return true;
} else if (unlikely(!overlap &&
--
2.37.3
next prev parent reply other threads:[~2022-10-19 6:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-19 6:37 [pull request][RESEND net 00/16] mlx5 fixes 2022-10-14 Saeed Mahameed
2022-10-19 6:37 ` Saeed Mahameed [this message]
2022-10-19 6:37 ` [net 02/16] net/mlx5: Wait for firmware to enable CRS before pci_restore_state Saeed Mahameed
2022-10-20 10:01 ` Paolo Abeni
2022-10-19 6:38 ` [net 03/16] net/mlx5: DR, Fix matcher disconnect error flow Saeed Mahameed
2022-10-19 6:38 ` [net 04/16] net/mlx5e: Extend SKB room check to include PTP-SQ Saeed Mahameed
2022-10-19 6:38 ` [net 05/16] net/mlx5e: Update restore chain id for slow path packets Saeed Mahameed
2022-10-19 6:38 ` [net 06/16] net/mlx5: ASO, Create the ASO SQ with the correct timestamp format Saeed Mahameed
2022-10-19 6:38 ` [net 07/16] net/mlx5: Fix possible use-after-free in async command interface Saeed Mahameed
2022-10-19 6:38 ` [net 08/16] net/mlx5e: TC, Reject forwarding from internal port to internal port Saeed Mahameed
2022-10-19 6:38 ` [net 09/16] net/mlx5: SF: Fix probing active SFs during driver probe phase Saeed Mahameed
2022-10-19 6:38 ` [net 10/16] net/mlx5e: TC, Fix cloned flow attr instance dests are not zeroed Saeed Mahameed
2022-10-19 6:38 ` [net 11/16] net/mlx5: Update fw fatal reporter state on PCI handlers successful recover Saeed Mahameed
2022-10-19 6:38 ` [net 12/16] net/mlx5: Fix crash during sync firmware reset Saeed Mahameed
2022-10-19 6:38 ` [net 13/16] net/mlx5e: Fix macsec coverity issue at rx sa update Saeed Mahameed
2022-10-19 6:38 ` [net 14/16] net/mlx5e: Fix macsec rx security association (SA) update/delete Saeed Mahameed
2022-10-19 6:38 ` [net 15/16] net/mlx5e: Fix wrong bitwise comparison usage in macsec_fs_rx_add_rule function Saeed Mahameed
2022-10-19 6:38 ` [net 16/16] net/mlx5e: Fix macsec sci endianness at rx sa update Saeed Mahameed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221019063813.802772-2-saeed@kernel.org \
--to=saeed@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hyonkim@cisco.com \
--cc=kuba@kernel.org \
--cc=leonro@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=saeedm@nvidia.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).