Patch "net/mlx5e: Fix IPsec tunnel mode offload feature check" has been added to the 6.8-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 5 Jun 2024 08:14:41 -0400

This is a note to let you know that I've just added the patch titled

    net/mlx5e: Fix IPsec tunnel mode offload feature check

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-mlx5e-fix-ipsec-tunnel-mode-offload-feature-chec.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit d9ced53464fd9e533587039a43fe4f6243948c4e
Author: Rahul Rameshbabu <rrameshbabu@xxxxxxxxxx>
Date:   Wed May 22 22:26:56 2024 +0300

    net/mlx5e: Fix IPsec tunnel mode offload feature check
    
    [ Upstream commit 9a52f6d44f4521773b4699b4ed34b8e21d5a175c ]
    
    Remove faulty check disabling checksum offload and GSO for offload of
    simple IPsec tunnel L4 traffic. Comment previously describing the deleted
    code incorrectly claimed the check prevented double tunnel (or three layers
    of ip headers).
    
    Fixes: f1267798c980 ("net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload")
    Signed-off-by: Rahul Rameshbabu <rrameshbabu@xxxxxxxxxx>
    Signed-off-by: Tariq Toukan <tariqt@xxxxxxxxxx>
    Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h
index 2ed99772f168a..e1a241d3b418c 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h
@@ -98,18 +98,11 @@ mlx5e_ipsec_feature_check(struct sk_buff *skb, netdev_features_t features)
 		if (!x || !x->xso.offload_handle)
 			goto out_disable;
 
-		if (xo->inner_ipproto) {
-			/* Cannot support tunnel packet over IPsec tunnel mode
-			 * because we cannot offload three IP header csum
-			 */
-			if (x->props.mode == XFRM_MODE_TUNNEL)
-				goto out_disable;
-
-			/* Only support UDP or TCP L4 checksum */
-			if (xo->inner_ipproto != IPPROTO_UDP &&
-			    xo->inner_ipproto != IPPROTO_TCP)
-				goto out_disable;
-		}
+		/* Only support UDP or TCP L4 checksum */
+		if (xo->inner_ipproto &&
+		    xo->inner_ipproto != IPPROTO_UDP &&
+		    xo->inner_ipproto != IPPROTO_TCP)
+			goto out_disable;
 
 		return features;
 







