This is a note to let you know that I've just added the patch titled
nfp: fix incorrect pointer deference when offloading IPsec with bonding
to the 6.2-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
nfp-fix-incorrect-pointer-deference-when-offloading-ipsec-with-bonding.patch
and it can be found in the queue-6.2 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 63cfd210034c772fad047afa13dd5a4664b0a72e Mon Sep 17 00:00:00 2001
From: Huanhuan Wang <huanhuan.wang@xxxxxxxxxxxx>
Date: Thu, 20 Apr 2023 16:01:25 +0200
Subject: nfp: fix incorrect pointer deference when offloading IPsec with bonding
From: Huanhuan Wang <huanhuan.wang@xxxxxxxxxxxx>
commit 63cfd210034c772fad047afa13dd5a4664b0a72e upstream.
There are two pointers in struct xfrm_dev_offload, *dev, *real_dev.
The *dev points whether bonding interface or real interface, if
bonding IPsec offload is used, it points bonding interface; if not,
it points real interface. And *real_dev always points real interface.
So nfp should always use real_dev instead of dev.
Prior to this change the system becomes unresponsive when offloading
IPsec for a device which is a lower device to a bonding device.
Fixes: 859a497fe80c ("nfp: implement xfrm callbacks and expose ipsec offload feature to upper layer")
CC: stable@xxxxxxxxxxxxxxx
Signed-off-by: Huanhuan Wang <huanhuan.wang@xxxxxxxxxxxx>
Acked-by: Simon Horman <simon.horman@xxxxxxxxxxxx>
Signed-off-by: Louis Peens <louis.peens@xxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20230420140125.38521-1-louis.peens@xxxxxxxxxxxx
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
+++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
@@ -267,7 +267,7 @@ static void set_sha2_512hmac(struct nfp_
static int nfp_net_xfrm_add_state(struct xfrm_state *x)
{
- struct net_device *netdev = x->xso.dev;
+ struct net_device *netdev = x->xso.real_dev;
struct nfp_ipsec_cfg_mssg msg = {};
int i, key_len, trunc_len, err = 0;
struct nfp_ipsec_cfg_add_sa *cfg;
@@ -503,7 +503,7 @@ static void nfp_net_xfrm_del_state(struc
.cmd = NFP_IPSEC_CFG_MSSG_INV_SA,
.sa_idx = x->xso.offload_handle - 1,
};
- struct net_device *netdev = x->xso.dev;
+ struct net_device *netdev = x->xso.real_dev;
struct nfp_net *nn;
int err;
Patches currently in stable-queue which might be from huanhuan.wang@xxxxxxxxxxxx are
queue-6.2/nfp-fix-incorrect-pointer-deference-when-offloading-ipsec-with-bonding.patch
