Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenis Kirjanov <dkirjanov@suse.com>2019-05-02 13:49:28 +0200
committerDenis Kirjanov <dkirjanov@suse.com>2019-05-02 13:49:45 +0200
commit45f2662a827f8f76d74adb510f5ef42958f3567e (patch)
treec1f2ef2369cfe9fb1fe21cf2426f473b4c0b07be
parent323fc5aa65417281d959315d86b93ce206b4dbcd (diff)
xfrm: Fix ESN sequence number handling for IPsec GSO packets
(git-fixes).
-rw-r--r--patches.fixes/0007-xfrm-Fix-ESN-sequence-number-handling-for-IPsec-GSO-.patch36
-rw-r--r--series.conf1
2 files changed, 37 insertions, 0 deletions
diff --git a/patches.fixes/0007-xfrm-Fix-ESN-sequence-number-handling-for-IPsec-GSO-.patch b/patches.fixes/0007-xfrm-Fix-ESN-sequence-number-handling-for-IPsec-GSO-.patch
new file mode 100644
index 0000000000..09b3667868
--- /dev/null
+++ b/patches.fixes/0007-xfrm-Fix-ESN-sequence-number-handling-for-IPsec-GSO-.patch
@@ -0,0 +1,36 @@
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Subject: xfrm: Fix ESN sequence number handling for IPsec GSO
+ packets.
+Patch-mainline: v4.16-rc7
+Git-commit: b8b549eec8187ac1b12075d69a2d84d89b5e811a
+References: git-fixes
+
+When IPsec offloading was introduced, we accidentally incremented
+the sequence number counter on the xfrm_state by one packet
+too much in the ESN case. This leads to a sequence number gap of
+one packet after each GSO packet. Fix this by setting the sequence
+number to the correct value.
+
+Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading")
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Acked-by: Denis Kirjanov <dkirjanov@suse.com>
+---
+ net/xfrm/xfrm_replay.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
+index 02501817227b..bdb9b5121ba8 100644
+--- a/net/xfrm/xfrm_replay.c
++++ b/net/xfrm/xfrm_replay.c
+@@ -658,7 +658,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
+ } else {
+ XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
+ XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
+- xo->seq.low = oseq = oseq + 1;
++ xo->seq.low = oseq + 1;
+ xo->seq.hi = oseq_hi;
+ oseq += skb_shinfo(skb)->gso_segs;
+ }
+--
+2.12.3
+
diff --git a/series.conf b/series.conf
index 4ad3230fe6..76e4d94088 100644
--- a/series.conf
+++ b/series.conf
@@ -14300,6 +14300,7 @@
patches.drivers/Revert-e1000e-Separate-signaling-for-link-check-link.patch
patches.drivers/e1000e-Fix-link-check-race-condition.patch
patches.fixes/0008-xfrm-do-not-call-rcu_read_unlock-when-afinfo-is-NULL.patch
+ patches.fixes/0007-xfrm-Fix-ESN-sequence-number-handling-for-IPsec-GSO-.patch
patches.drivers/qed-Use-after-free-in-qed_rdma_free.patch
patches.suse/net-use-skb_to_full_sk-in-skb_update_prio.patch
patches.suse/soc-fsl-qbman-fix-issue-in-qman_delete_cgr_safe.patch