[SRU][F:linux-bluefield][PATCH] UBUNTU: SAUCE: net/xfrm: Fix XFRM flags validity check

Alex Kaluzhny alex.kaluzhny at canonical.com
Thu Jun 16 15:02:56 UTC 2022


+ Dann and German

On Thu, Jun 16, 2022 at 10:59 AM Bodong Wang <bodong at nvidia.com> wrote:

> Tim/Alex,
>
> This is an urgent fix for us. Could you include it inside the past SRU
> cycle(June 15). The next one in July is too late for us.
>
> Thanks,
> Bodong
>
> -----Original Message-----
> From: Bodong Wang <bodong at nvidia.com>
> Sent: Thursday, June 16, 2022 9:55 AM
> To: kernel-team at lists.ubuntu.com
> Cc: Vladimir Sokolovsky <vlad at nvidia.com>; Bodong Wang <bodong at nvidia.com>;
> Raed Salem <raeds at nvidia.com>; Maor Dickman <maord at nvidia.com>; Emeel
> Hakim <ehakim at nvidia.com>
> Subject: [SRU][F:linux-bluefield][PATCH] UBUNTU: SAUCE: net/xfrm: Fix XFRM
> flags validity check
>
> From: Emeel Hakim <ehakim at nvidia.com>
>
> BugLink: https://bugs.launchpad.net/bugs/1978967
>
> commit a3ca11eec78 introduced a flags validity check for xfrm, the check
> excluded flag XFRM_OFFLOAD_FULL from the check hence the flag is being
> blocked from getting to the kernel space.
> The above is preventing ipsec states from being added with the
> full_offload option hence the Failure.
>
> Fix by adding XFRM_OFFLOAD_FULL flag to the check statement which allows
> the flag to get to kernel space as expected.
>
> Fixes: a3ca11eec78 ("xfrm: enforce validity of offload input flags")
> Signed-off-by: Emeel Hakim <ehakim at nvidia.com>
> Signed-off-by: Bodong Wang <bodong at nvidia.com>
> ---
>  net/xfrm/xfrm_device.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index
> 8cb04de..40960c0 100644
> --- a/net/xfrm/xfrm_device.c
> +++ b/net/xfrm/xfrm_device.c
> @@ -206,7 +206,7 @@ int xfrm_dev_state_add(struct net *net, struct
> xfrm_state *x,
>         if (x->encap || x->tfcpad)
>                 return -EINVAL;
>
> -       if (xuo->flags & ~(XFRM_OFFLOAD_IPV6 | XFRM_OFFLOAD_INBOUND))
> +       if (xuo->flags & ~(XFRM_OFFLOAD_IPV6 | XFRM_OFFLOAD_INBOUND |
> +XFRM_OFFLOAD_FULL))
>                 return -EINVAL;
>
>         dev = dev_get_by_index(net, xuo->ifindex);
> --
> 1.8.3.1
>
>

-- 
Alex Kaluzhny

Program Manager, Devices Program Delivery
www.canonical.com | www.ubuntu.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220616/05d0fbf2/attachment-0001.html>


More information about the kernel-team mailing list