| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250525095854.1612196-1-hkelam@marvell.com>
Date: Sun, 25 May 2025 15:28:54 +0530
From: Hariprasad Kelam <hkelam@...vell.com>
To: <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>
CC: Hariprasad Kelam <hkelam@...vell.com>,
Sunil Goutham
<sgoutham@...vell.com>,
Linu Cherian <lcherian@...vell.com>,
Geetha sowjanya
<gakula@...vell.com>,
Jerin Jacob <jerinj@...vell.com>,
Subbaraya Sundeep
<sbhatta@...vell.com>,
Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller"
<davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski
<kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Ratheesh Kannoth
<rkannoth@...vell.com>,
Simon Horman <horms@...nel.org>
Subject: [net] Octeontx2-af: Skip overlap check for SPI field
Currently, the AF driver scans the mkex profile to identify all
supported features. This process also involves checking for any
fields that might overlap with each other.
For example, NPC_TCP_SPORT field offset within the key should
not overlap with NPC_DMAC/NPC_SIP_IPV4 or any other field.
However, there are situations where some overlap is unavoidable.
For instance, when extracting the SPI field, the same key offset might
be used by both the AH and ESP layers. This patch addresses this
specific scenario by skipping the overlap check and instead, adds
a warning message to the user.
Fixes: 12aa0a3b93f3 ("octeontx2-af: Harden rule validation.")
Signed-off-by: Hariprasad Kelam <hkelam@...vell.com>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
index 1b765045aa63..163cbce8575f 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
@@ -606,8 +606,10 @@ static void npc_set_features(struct rvu *rvu, int blkaddr, u8 intf)
if (!npc_check_field(rvu, blkaddr, NPC_LB, intf))
*features &= ~BIT_ULL(NPC_OUTER_VID);
+ if (npc_check_overlap(rvu, blkaddr, NPC_IPSEC_SPI, 0, intf))
+ dev_warn(rvu->dev, "Overlap detected the field NPC_IPSEC_SPI\n");
/* Set SPI flag only if AH/ESP and IPSEC_SPI are in the key */
- if (npc_check_field(rvu, blkaddr, NPC_IPSEC_SPI, intf) &&
+ if (npc_is_field_present(rvu, NPC_IPSEC_SPI, intf) &&
(*features & (BIT_ULL(NPC_IPPROTO_ESP) | BIT_ULL(NPC_IPPROTO_AH))))
*features |= BIT_ULL(NPC_IPSEC_SPI);
--
2.34.1
Powered by blists - more mailing lists