From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 15294A00C2; Fri, 14 Oct 2022 11:51:32 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 04C8D42D22; Fri, 14 Oct 2022 11:51:32 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mails.dpdk.org (Postfix) with ESMTP id 25AF842CF8; Fri, 14 Oct 2022 11:51:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1665741090; x=1697277090; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=d9+ErBO0gFG8lsDSf5pmmDYmlJN6fl9sPUa4T461H0A=; b=SYH/TfjfNjm6Novu+8BP4cPT86bCiQHDQLn9y8hbraPSOlvJX1aSrAZp fyW4nedK+xBMpgwqtHkiO5kkZZzzUZP/P7tF8IUBzc2r1EJttvcwmVWOK Jqd5TR1z+w0MIUW3eITXczbBIXlv4iUwppB8JXdt67RkSvtnejCf1yFhP E5e/iZ/pPufmW02LfroXExH/AnQ6Z7V+qzkPeOphz0hKMjVu3jEAAy2/J UwOryx7kYtbeWI1E9psn/jXzvwUW/bWpD5BA942HYtouJGidXSy0x122b JjhWVEpd1b+Hy4pSZmwmYqOfiFUooDZe4NQk4N9ZKG+hsbRfzEIEIeGsJ w==; X-IronPort-AV: E=McAfee;i="6500,9779,10499"; a="285728196" X-IronPort-AV: E=Sophos;i="5.95,184,1661842800"; d="scan'208";a="285728196" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Oct 2022 02:51:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10499"; a="956524950" X-IronPort-AV: E=Sophos;i="5.95,184,1661842800"; d="scan'208";a="956524950" Received: from silpixa00400884.ir.intel.com ([10.243.22.82]) by fmsmga005.fm.intel.com with ESMTP; 14 Oct 2022 02:51:27 -0700 From: Radu Nicolau To: Jingjing Wu , Beilei Xing Cc: dev@dpdk.org, Radu Nicolau , stable@dpdk.org Subject: [PATCH] net/iavf: fix SPI check Date: Fri, 14 Oct 2022 10:51:24 +0100 Message-Id: <20221014095124.3580200-1-radu.nicolau@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Return error if SPI from the flow spec doesn't match the one from the crypto session. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: stable@dpdk.org Signed-off-by: Radu Nicolau --- drivers/net/iavf/iavf_ipsec_crypto.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c index afd7f8f467..4c5c403a46 100644 --- a/drivers/net/iavf/iavf_ipsec_crypto.c +++ b/drivers/net/iavf/iavf_ipsec_crypto.c @@ -697,19 +697,11 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev, if (unlikely(sess == NULL || sess->adapter != adapter)) return false; - /* SPI value must be non-zero */ - if (spi == 0) + /* SPI value must be non-zero and must match flow SPI*/ + if (spi == 0 || (htonl(sess->sa.spi) != spi)) return false; - /* Session SPI must patch flow SPI*/ - else if (sess->sa.spi == spi) { - return true; - /** - * TODO: We should add a way of tracking valid hw SA indices to - * make validation less brittle - */ - } - return true; + return true; } /** -- 2.25.1