diff mbox series

[1/5] xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO

Message ID 20250127060757.3946314-2-steffen.klassert@secunet.com (mailing list archive)
State Accepted
Commit c05c5e5aa163f4682ca97a2f0536575fc7dbdecb
Delegated to: Netdev Maintainers
Headers show
Series [1/5] xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO | expand

Checks

Context Check Description
netdev/series_format warning Pull request is its own cover letter; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers fail 1 blamed authors not CCed: christian.langrock@secunet.com; 4 maintainers not CCed: pabeni@redhat.com christian.langrock@secunet.com horms@kernel.org edumazet@google.com
netdev/build_clang success Errors and warnings before: 2 this patch: 2
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 9 this patch: 9
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 16 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest warning net-next-2025-01-27--18-00 (tests: 770)

Commit Message

Steffen Klassert Jan. 27, 2025, 6:07 a.m. UTC 
From: Jianbo Liu <jianbol@nvidia.com>

When skb needs GSO and wrap around happens, if xo->seq.low (seqno of
the first skb segment) is before the last seq number but oseq (seqno
of the last segment) is after it, xo->seq.low is still bigger than
replay_esn->oseq while oseq is smaller than it, so the update of
replay_esn->oseq_hi is missed for this case wrap around because of
the change in the cited commit.

For example, if sending a packet with gso_segs=3 while old
replay_esn->oseq=0xfffffffe, we calculate:
    xo->seq.low = 0xfffffffe + 1 = 0x0xffffffff
    oseq = 0xfffffffe + 3 = 0x1
(oseq < replay_esn->oseq) is true, but (xo->seq.low <
replay_esn->oseq) is false, so replay_esn->oseq_hi is not incremented.

To fix this issue, change the outer checking back for the update of
replay_esn->oseq_hi. And add new checking inside for the update of
packet's oseq_hi.

Fixes: 4b549ccce941 ("xfrm: replay: Fix ESN wrap around for GSO")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Patrisious Haddad <phaddad@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/xfrm/xfrm_replay.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org Jan. 28, 2025, 12:20 a.m. UTC | #1 
Hello:

This series was applied to netdev/net.git (main)
by Steffen Klassert <steffen.klassert@secunet.com>:

On Mon, 27 Jan 2025 07:07:53 +0100 you wrote:
> From: Jianbo Liu <jianbol@nvidia.com>
> 
> When skb needs GSO and wrap around happens, if xo->seq.low (seqno of
> the first skb segment) is before the last seq number but oseq (seqno
> of the last segment) is after it, xo->seq.low is still bigger than
> replay_esn->oseq while oseq is smaller than it, so the update of
> replay_esn->oseq_hi is missed for this case wrap around because of
> the change in the cited commit.
> 
> [...]

Here is the summary with links:
  - [1/5] xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
    https://git.kernel.org/netdev/net/c/c05c5e5aa163
  - [2/5] xfrm: state: fix out-of-bounds read during lookup
    https://git.kernel.org/netdev/net/c/e952837f3ddb
  - [3/5] xfrm: delete intermediate secpath entry in packet offload mode
    https://git.kernel.org/netdev/net/c/600258d555f0
  - [4/5] xfrm: Fix the usage of skb->sk
    https://git.kernel.org/netdev/net/c/1620c88887b1
  - [5/5] xfrm: Don't disable preemption while looking up cache state.
    https://git.kernel.org/netdev/net/c/6c9b7db96db6

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index bc56c6305725..235bbefc2aba 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -714,10 +714,12 @@  static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
 			oseq += skb_shinfo(skb)->gso_segs;
 		}
 
-		if (unlikely(xo->seq.low < replay_esn->oseq)) {
-			XFRM_SKB_CB(skb)->seq.output.hi = ++oseq_hi;
-			xo->seq.hi = oseq_hi;
-			replay_esn->oseq_hi = oseq_hi;
+		if (unlikely(oseq < replay_esn->oseq)) {
+			replay_esn->oseq_hi = ++oseq_hi;
+			if (xo->seq.low < replay_esn->oseq) {
+				XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
+				xo->seq.hi = oseq_hi;
+			}
 			if (replay_esn->oseq_hi == 0) {
 				replay_esn->oseq--;
 				replay_esn->oseq_hi--;