lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20260121194226.43044b20@kernel.org>
Date: Wed, 21 Jan 2026 19:42:26 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: tariqt@...dia.com
Cc: cratiu@...dia.com, saeedm@...dia.com, cjubran@...dia.com,
 davem@...emloft.net, horms@...nel.org, linux-doc@...r.kernel.org,
 mbloch@...dia.com, moshe@...dia.com, jiri@...dia.com, edumazet@...gle.com,
 gal@...dia.com, andrew+netdev@...n.ch, donald.hunter@...il.com,
 jiri@...nulli.us, krzk@...nel.org, pabeni@...hat.com,
 linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org,
 netdev@...r.kernel.org, rdunlap@...radead.org, leon@...nel.org,
 corbet@....net
Subject: Re: [net-next,V5,11/15] net/mlx5: Expose a function to clear a
 vport's parent

On Wed, 21 Jan 2026 19:40:01 -0800 Jakub Kicinski wrote:
> This is an AI-generated review of your patch. The human sending this
> email has considered the AI review valid, or at least plausible.
> 
> For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html
> ---
> net/mlx5e: Skip ESN replay window setup for IPsec crypto offload
> 
> This patch fixes a WARN_ON being triggered for crypto offload by adding
> a check to skip the replay window setup when the offload type is not
> XFRM_DEV_OFFLOAD_PACKET.
> 
> > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
> > index a8fb4bec369c..63aa23f5c49e 100644
> > --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
> > +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
> > @@ -430,7 +430,8 @@ void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
> >  		attrs->replay_esn.esn = sa_entry->esn_state.esn;
> >  		attrs->replay_esn.esn_msb = sa_entry->esn_state.esn_msb;
> >  		attrs->replay_esn.overlap = sa_entry->esn_state.overlap;
> > -		if (attrs->dir == XFRM_DEV_OFFLOAD_OUT)
> > +		if (attrs->dir == XFRM_DEV_OFFLOAD_OUT ||
> > +		    attrs->type != XFRM_DEV_OFFLOAD_PACKET)
> >  			goto skip_replay_window;  
> 
> At this point in mlx5e_ipsec_build_accel_xfrm_attrs(), attrs->type has not
> been initialized yet. The function starts with memset(attrs, 0, ...) which
> sets attrs->type to 0 (XFRM_DEV_OFFLOAD_UNSPECIFIED).
> 
> The assignment attrs->type = x->xso.type happens later after the
> skip_replay_window label. This means the condition attrs->type !=
> XFRM_DEV_OFFLOAD_PACKET evaluates as 0 != 2 which is always true.
> 
> As a result, the replay window setup will be skipped for all inbound
> configurations, not just crypto offload. Should this check use x->xso.type
> instead of attrs->type, or should attrs->type be assigned earlier in the
> function before this check?

Herm, something misfired here, this is a review for the series of fixes
posted on the same day, not for the rate scheduling.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ