| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260122034001.2579161-1-kuba@kernel.org> Date: Wed, 21 Jan 2026 19:40:01 -0800 From: Jakub Kicinski <kuba@...nel.org> To: tariqt@...dia.com Cc: Jakub Kicinski <kuba@...nel.org>, cratiu@...dia.com, saeedm@...dia.com, cjubran@...dia.com, davem@...emloft.net, horms@...nel.org, linux-doc@...r.kernel.org, mbloch@...dia.com, moshe@...dia.com, jiri@...dia.com, edumazet@...gle.com, gal@...dia.com, andrew+netdev@...n.ch, donald.hunter@...il.com, jiri@...nulli.us, krzk@...nel.org, pabeni@...hat.com, linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org, netdev@...r.kernel.org, rdunlap@...radead.org, leon@...nel.org, corbet@....net Subject: Re: [net-next,V5,11/15] net/mlx5: Expose a function to clear a vport's parent This is an AI-generated review of your patch. The human sending this email has considered the AI review valid, or at least plausible. For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html --- net/mlx5e: Skip ESN replay window setup for IPsec crypto offload This patch fixes a WARN_ON being triggered for crypto offload by adding a check to skip the replay window setup when the offload type is not XFRM_DEV_OFFLOAD_PACKET. > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c > index a8fb4bec369c..63aa23f5c49e 100644 > --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c > +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c > @@ -430,7 +430,8 @@ void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry, > attrs->replay_esn.esn = sa_entry->esn_state.esn; > attrs->replay_esn.esn_msb = sa_entry->esn_state.esn_msb; > attrs->replay_esn.overlap = sa_entry->esn_state.overlap; > - if (attrs->dir == XFRM_DEV_OFFLOAD_OUT) > + if (attrs->dir == XFRM_DEV_OFFLOAD_OUT || > + attrs->type != XFRM_DEV_OFFLOAD_PACKET) > goto skip_replay_window; At this point in mlx5e_ipsec_build_accel_xfrm_attrs(), attrs->type has not been initialized yet. The function starts with memset(attrs, 0, ...) which sets attrs->type to 0 (XFRM_DEV_OFFLOAD_UNSPECIFIED). The assignment attrs->type = x->xso.type happens later after the skip_replay_window label. This means the condition attrs->type != XFRM_DEV_OFFLOAD_PACKET evaluates as 0 != 2 which is always true. As a result, the replay window setup will be skipped for all inbound configurations, not just crypto offload. Should this check use x->xso.type instead of attrs->type, or should attrs->type be assigned earlier in the function before this check?
Powered by blists - more mailing lists