| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Mar 2021 13:02:35 +0100
From: Florian Westphal <fw@...len.de>
To: Steffen Klassert <steffen.klassert@...unet.com>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH ipsec] xfrm: Provide private skb extensions for segmented
and hw offloaded ESP packets
Steffen Klassert <steffen.klassert@...unet.com> wrote:
> Commit 94579ac3f6d0 ("xfrm: Fix double ESP trailer insertion in IPsec
> crypto offload.") added a XFRM_XMIT flag to avoid duplicate ESP trailer
> insertion on HW offload. This flag is set on the secpath that is shared
> amongst segments. This lead to a situation where some segments are
> not transformed correctly when segmentation happens at layer 3.
>
> Fix this by using private skb extensions for segmented and hw offloaded
> ESP packets.
>
> Fixes: 94579ac3f6d0 ("xfrm: Fix double ESP trailer insertion in IPsec crypto offload.")
> Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>
> ---
> include/linux/skbuff.h | 1 +
> net/core/skbuff.c | 23 ++++++++++++++++++-----
> net/ipv4/esp4_offload.c | 16 +++++++++++++++-
> net/ipv6/esp6_offload.c | 16 +++++++++++++++-
> net/xfrm/xfrm_device.c | 2 --
> 5 files changed, 49 insertions(+), 9 deletions(-)
>
> - if (hw_offload)
> + if (hw_offload) {
> + ext = skb_ext_cow(skb->extensions, skb->active_extensions);
It should be possible to do
if (hw_offload) {
if (!skb_ext_add(skb, SKB_EXT_SECPATH);
return -ENOMEM;
xo = xfrm_offload(skb);
....
without need for a new 'cow' function.
skb_ext_add() will auto-COW if the extension area has a refcount > 1.
Powered by blists - more mailing lists