From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 477C6A0542 for ; Fri, 11 Nov 2022 11:34:52 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 42D6E40150; Fri, 11 Nov 2022 11:34:52 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id 3042E4014F for ; Fri, 11 Nov 2022 11:34:49 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1668162888; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JDTVsPNWdnP29Wgz7AMhMcXoSAzoa3v+QVQVWXWt7qQ=; b=AczmRMPyO34jthbPPykptqA43S2Bq2TKbh1i4TjaAFEGvM0sw9hIKhYsFVKaQo60miX4C8 TXcowOKsY+fQKF+tzCsweQw7eXrVnjD4yRdipKaRKPISlqLlyqNWkz+TUE3wOTS/J5GZyb 6Wbj3MH1hIwXQRfhdZ0Vcjhqsh7JpGQ= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-267-C2B071_fPGSJpSaFS8s-_g-1; Fri, 11 Nov 2022 05:34:45 -0500 X-MC-Unique: C2B071_fPGSJpSaFS8s-_g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2A2333850E87; Fri, 11 Nov 2022 10:34:45 +0000 (UTC) Received: from rh.redhat.com (unknown [10.39.195.104]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4F28B2022EA2; Fri, 11 Nov 2022 10:34:44 +0000 (UTC) From: Kevin Traynor To: Radu Nicolau Cc: Qi Zhang , dpdk stable Subject: patch 'net/iavf: fix SPI check' has been queued to stable release 21.11.3 Date: Fri, 11 Nov 2022 10:33:17 +0000 Message-Id: <20221111103337.307408-27-ktraynor@redhat.com> In-Reply-To: <20221111103337.307408-1-ktraynor@redhat.com> References: <20221111103337.307408-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 21.11.3 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/14/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/4ff81b5316372b71616d7f3742e3fe2e255f3d6c Thanks. Kevin --- >From 4ff81b5316372b71616d7f3742e3fe2e255f3d6c Mon Sep 17 00:00:00 2001 From: Radu Nicolau Date: Fri, 14 Oct 2022 10:51:24 +0100 Subject: [PATCH] net/iavf: fix SPI check [ upstream commit a452ff111c1e2616f18df231622e2e49cb3a591c ] Return error if SPI from the flow spec doesn't match the one from the crypto session. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Signed-off-by: Radu Nicolau Acked-by: Qi Zhang --- drivers/net/iavf/iavf_ipsec_crypto.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c index 5537c35ac1..e7d8fb968c 100644 --- a/drivers/net/iavf/iavf_ipsec_crypto.c +++ b/drivers/net/iavf/iavf_ipsec_crypto.c @@ -709,17 +709,9 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev, return false; - /* SPI value must be non-zero */ - if (spi == 0) + /* SPI value must be non-zero and must match flow SPI*/ + if (spi == 0 || (htonl(sess->sa.spi) != spi)) return false; - /* Session SPI must patch flow SPI*/ - else if (sess->sa.spi == spi) { - return true; - /** - * TODO: We should add a way of tracking valid hw SA indices to - * make validation less brittle - */ - } - return true; + return true; } -- 2.38.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-11-11 10:32:17.728640028 +0000 +++ 0027-net-iavf-fix-SPI-check.patch 2022-11-11 10:32:17.081300797 +0000 @@ -1 +1 @@ -From a452ff111c1e2616f18df231622e2e49cb3a591c Mon Sep 17 00:00:00 2001 +From 4ff81b5316372b71616d7f3742e3fe2e255f3d6c Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit a452ff111c1e2616f18df231622e2e49cb3a591c ] + @@ -10 +11,0 @@ -Cc: stable@dpdk.org @@ -19 +20 @@ -index b50149c0ce..60e03c8be3 100644 +index 5537c35ac1..e7d8fb968c 100644 @@ -22 +23 @@ -@@ -698,17 +698,9 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev, +@@ -709,17 +709,9 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,