lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Nov 2022 21:39:51 +0200 From: Leon Romanovsky <leon@...nel.org> To: Simon Horman <simon.horman@...igine.com> Cc: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Steffen Klassert <steffen.klassert@...unet.com>, Herbert Xu <herbert@...dor.apana.org.au>, Chentian Liu <chengtian.liu@...igine.com>, Huanhuan Wang <huanhuan.wang@...igine.com>, Yinjun Zhang <yinjun.zhang@...igine.com>, Louis Peens <louis.peens@...igine.com>, netdev@...r.kernel.org, oss-drivers@...igine.com Subject: Re: [PATCH net-next v3 2/3] nfp: add framework to support ipsec offloading On Tue, Nov 01, 2022 at 12:02:47PM +0100, Simon Horman wrote: > From: Huanhuan Wang <huanhuan.wang@...igine.com> > > A new metadata type and config structure are introduced to > interact with firmware to support ipsec offloading. This > feature relies on specific firmware that supports ipsec > encrypt/decrypt by advertising related capability bit. > > The xfrm callbacks which interact with upper layer are > implemented in the following patch. > > Based on initial work of Norm Bagley <norman.bagley@...ronome.com>. > > Signed-off-by: Huanhuan Wang <huanhuan.wang@...igine.com> > Reviewed-by: Louis Peens <louis.peens@...igine.com> > Signed-off-by: Simon Horman <simon.horman@...igine.com> > --- > drivers/net/ethernet/netronome/Kconfig | 11 ++ > drivers/net/ethernet/netronome/nfp/Makefile | 2 + > .../ethernet/netronome/nfp/crypto/crypto.h | 23 ++++ > .../net/ethernet/netronome/nfp/crypto/ipsec.c | 105 ++++++++++++++++++ > drivers/net/ethernet/netronome/nfp/nfd3/dp.c | 58 ++++++++-- > .../net/ethernet/netronome/nfp/nfd3/ipsec.c | 18 +++ > .../net/ethernet/netronome/nfp/nfd3/nfd3.h | 8 ++ > drivers/net/ethernet/netronome/nfp/nfp_net.h | 9 ++ > .../ethernet/netronome/nfp/nfp_net_common.c | 3 + > .../net/ethernet/netronome/nfp/nfp_net_ctrl.h | 4 + > 10 files changed, 231 insertions(+), 10 deletions(-) > create mode 100644 drivers/net/ethernet/netronome/nfp/crypto/ipsec.c > create mode 100644 drivers/net/ethernet/netronome/nfp/nfd3/ipsec.c <...> > +void nfp_net_ipsec_clean(struct nfp_net *nn) > +{ > + if (!(nn->cap_w1 & NFP_NET_CFG_CTRL_IPSEC)) > + return; > + xa_destroy(&nn->xa_ipsec); You shouldn't use xa_destroy() here as if you have entries in xa_ipsec, you won't release them and leak memory without any warning. Most likely, the WARN_ON(!xa_empty(&nn->xa_ipsec)) is what you want here. The rest code is ok. Thanks, Reviewed-by: Leon Romanovsky <leonro@...dia.com>
Powered by blists - more mailing lists