[SRU][F:linux-bluefield][PATCH] UBUNTU: SAUCE: net/xfrm: Fix XFRM flags validity check
Bodong Wang
bodong at nvidia.com
Thu Jun 16 14:59:41 UTC 2022
Tim/Alex,
This is an urgent fix for us. Could you include it inside the past SRU cycle(June 15). The next one in July is too late for us.
Thanks,
Bodong
-----Original Message-----
From: Bodong Wang <bodong at nvidia.com>
Sent: Thursday, June 16, 2022 9:55 AM
To: kernel-team at lists.ubuntu.com
Cc: Vladimir Sokolovsky <vlad at nvidia.com>; Bodong Wang <bodong at nvidia.com>; Raed Salem <raeds at nvidia.com>; Maor Dickman <maord at nvidia.com>; Emeel Hakim <ehakim at nvidia.com>
Subject: [SRU][F:linux-bluefield][PATCH] UBUNTU: SAUCE: net/xfrm: Fix XFRM flags validity check
From: Emeel Hakim <ehakim at nvidia.com>
BugLink: https://bugs.launchpad.net/bugs/1978967
commit a3ca11eec78 introduced a flags validity check for xfrm, the check excluded flag XFRM_OFFLOAD_FULL from the check hence the flag is being blocked from getting to the kernel space.
The above is preventing ipsec states from being added with the full_offload option hence the Failure.
Fix by adding XFRM_OFFLOAD_FULL flag to the check statement which allows the flag to get to kernel space as expected.
Fixes: a3ca11eec78 ("xfrm: enforce validity of offload input flags")
Signed-off-by: Emeel Hakim <ehakim at nvidia.com>
Signed-off-by: Bodong Wang <bodong at nvidia.com>
---
net/xfrm/xfrm_device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 8cb04de..40960c0 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -206,7 +206,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
if (x->encap || x->tfcpad)
return -EINVAL;
- if (xuo->flags & ~(XFRM_OFFLOAD_IPV6 | XFRM_OFFLOAD_INBOUND))
+ if (xuo->flags & ~(XFRM_OFFLOAD_IPV6 | XFRM_OFFLOAD_INBOUND |
+XFRM_OFFLOAD_FULL))
return -EINVAL;
dev = dev_get_by_index(net, xuo->ifindex);
--
1.8.3.1
More information about the kernel-team
mailing list