[SRU][F:linux-bluefield][PATCH] UBUNTU: SAUCE: net/xfrm: Fix XFRM flags validity check

[Zachary Tahenakos]

Acked-by: Zachary Tahenakos <zachary.tahenakos at canonical.com>

On 6/16/22 10:54 AM, Bodong Wang wrote:
> From: Emeel Hakim <ehakim at nvidia.com>
>
> BugLink: https://bugs.launchpad.net/bugs/1978967
>
> commit a3ca11eec78 introduced a flags validity check for xfrm,
> the check excluded flag XFRM_OFFLOAD_FULL from the check hence the
> flag is being blocked from getting to the kernel space.
> The above is preventing ipsec states from being added with the
> full_offload option hence the Failure.
>
> Fix by adding XFRM_OFFLOAD_FULL flag to the check statement which
> allows the flag to get to kernel space as expected.
>
> Fixes: a3ca11eec78 ("xfrm: enforce validity of offload input flags")
> Signed-off-by: Emeel Hakim <ehakim at nvidia.com>
> Signed-off-by: Bodong Wang <bodong at nvidia.com>
> ---
>   net/xfrm/xfrm_device.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
> index 8cb04de..40960c0 100644
> --- a/net/xfrm/xfrm_device.c
> +++ b/net/xfrm/xfrm_device.c
> @@ -206,7 +206,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
>   	if (x->encap || x->tfcpad)
>   		return -EINVAL;
>   
> -	if (xuo->flags & ~(XFRM_OFFLOAD_IPV6 | XFRM_OFFLOAD_INBOUND))
> +	if (xuo->flags & ~(XFRM_OFFLOAD_IPV6 | XFRM_OFFLOAD_INBOUND | XFRM_OFFLOAD_FULL))
>   		return -EINVAL;
>   
>   	dev = dev_get_by_index(net, xuo->ifindex);