iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,056,506 Commits 104 Branches 1,843 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Hyong Youb Kim ee1c0ca1af net/mlx5e: Do not increment ESN when updating IPsec ESN state 
[ Upstream commit 888be6b279b7257b5f6e4c9527675bff0a335596 ]

An offloaded SA stops receiving after about 2^32 + replay_window
packets. For example, when SA reaches <seq-hi 0x1, seq 0x2c>, all
subsequent packets get dropped with SA-icv-failure (integrity_failed).

To reproduce the bug:
- ConnectX-6 Dx with crypto enabled (FW 22.30.1004)
- ipsec.conf:
  nic-offload = yes
  replay-window = 32
  esn = yes
  salifetime=24h
- Run netperf for a long time to send more than 2^32 packets
  netperf -H <device-under-test> -t TCP_STREAM -l 20000

When 2^32 + replay_window packets are received, the replay window
moves from the 2nd half of subspace (overlap=1) to the 1st half
(overlap=0). The driver then updates the 'esn' value in NIC
(i.e. seq_hi) as follows.

 seq_hi = xfrm_replay_seqhi(seq_bottom)
 new esn in NIC = seq_hi + 1

The +1 increment is wrong, as seq_hi already contains the correct
seq_hi. For example, when seq_hi=1, the driver actually tells NIC to
use seq_hi=2 (esn). This incorrect esn value causes all subsequent
packets to fail integrity checks (SA-icv-failure). So, do not
increment.

Fixes: cb01008390bb ("net/mlx5: IPSec, Add support for ESN")
Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
Acked-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Link: https://lore.kernel.org/r/20221026135153.154807-2-saeed@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-11-03 23:59:19 +09:00
arch
x86/unwind/orc: Fix unreliable stack dump with gcov
2022-11-03 23:59:16 +09:00
block
blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
2022-10-26 12:35:54 +02:00
certs
certs/blacklist_hashes.c: fix const confusion in certs blacklist
2022-06-22 14:22:01 +02:00
crypto
crypto: akcipher - default implementation for setting a private key
2022-10-26 12:35:25 +02:00
Documentation
arm64: errata: Remove AES hwcap for COMPAT tasks
2022-10-29 10:12:53 +02:00
drivers
net/mlx5e: Do not increment ESN when updating IPsec ESN state
2022-11-03 23:59:19 +09:00
fs
kernfs: fix use-after-free in __kernfs_remove
2022-11-03 23:59:13 +09:00
include
media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
2022-11-03 23:59:17 +09:00
init
stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
2022-08-17 14:23:10 +02:00
ipc
ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
2022-06-09 10:23:10 +02:00
kernel
PM: hibernate: Allow hybrid sleep to work with s2idle
2022-11-03 23:59:17 +09:00
lib
lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5
2022-10-26 12:35:55 +02:00
LICENSES
LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes"
2021-07-15 06:31:24 -06:00
mm
mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
2022-10-29 10:12:54 +02:00
net
nh: fix scope used to find saddr when adding non gw nh
2022-11-03 23:59:19 +09:00
samples
samples/landlock: Format with clang-format
2022-06-09 10:23:23 +02:00
scripts
kbuild: rpm-pkg: fix breakage when V=1 is used
2022-10-26 12:35:27 +02:00
security
selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
2022-10-29 10:12:54 +02:00
sound
ALSA: aoa: Fix I2S device accounting
2022-11-03 23:59:18 +09:00
tools
perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics
2022-11-03 23:59:18 +09:00
usr
usr/include/Makefile: add linux/nfc.h to the compile-test coverage
2022-02-01 17:27:15 +01:00
virt
kvm: Add support for arch compat vm ioctls
2022-10-29 10:12:54 +02:00
.clang-format
clang-format: Update with the latest for_each macro list
2021-05-12 23:32:39 +02:00
.cocciconfig
.get_maintainer.ignore
Opt out of scripts/get_maintainer.pl
2019-05-16 10:53:40 -07:00
.gitattributes
.gitattributes: use 'dts' diff driver for dts files
2019-12-04 19:44:11 -08:00
.gitignore
.gitignore: ignore only top-level modules.builtin
2021-05-02 00:43:35 +09:00
.mailmap
mailmap: add Andrej Shadura
2021-10-18 20:22:03 -10:00
COPYING
COPYING: state that all contributions really are covered by this file
2020-02-10 13:32:20 -08:00
CREDITS
MAINTAINERS: Move Daniel Drake to credits
2021-09-21 08:34:58 +03:00
Kbuild
kbuild: rename hostprogs-y/always to hostprogs/always-y
2020-02-04 01:53:07 +09:00
Kconfig
kbuild: ensure full rebuild when the compiler is updated
2020-05-12 13:28:33 +09:00
MAINTAINERS
Input: goodix - add a goodix.h header file
2022-07-12 16:34:51 +02:00
Makefile
Linux 5.15.76
2022-10-29 10:12:58 +02:00
README
Drop all 00-INDEX files from Documentation/
2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
No description provided
Readme 5.7 GiB
Languages
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%