| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202301241552.GWkgnAH7-lkp@intel.com>
Date: Tue, 24 Jan 2023 15:59:55 +0800
From: kernel test robot <lkp@...el.com>
To: Leon Romanovsky <leon@...nel.org>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Steffen Klassert <steffen.klassert@...unet.com>
Cc: llvm@...ts.linux.dev, oe-kbuild-all@...ts.linux.dev,
Veaceslav Falico <vfalico@...il.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Jonathan Corbet <corbet@....net>,
Jay Vosburgh <j.vosburgh@...il.com>, oss-drivers@...igine.com,
linux-doc@...r.kernel.org, Raju Rangoju <rajur@...lsio.com>,
Jesse Brandeburg <jesse.brandeburg@...el.com>,
Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org,
intel-wired-lan@...ts.osuosl.org,
Ayush Sawal <ayush.sawal@...lsio.com>,
Simon Horman <simon.horman@...igine.com>,
Tony Nguyen <anthony.l.nguyen@...el.com>,
Paolo Abeni <pabeni@...hat.com>,
Leon Romanovsky <leonro@...dia.com>,
Saeed Mahameed <saeedm@...dia.com>,
Andy Gospodarek <andy@...yhouse.net>
Subject: Re: [Intel-wired-lan] [PATCH net-next 04/10] net/mlx5e: Fill IPsec
state validation failure reason
Hi Leon,
I love your patch! Yet something to improve:
[auto build test ERROR on net-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
patch link: https://lore.kernel.org/r/a5426033528ccef6e0e71fe06b55ae56c5596e85.1674481435.git.leon%40kernel.org
patch subject: [Intel-wired-lan] [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation failure reason
config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20230124/202301241552.GWkgnAH7-lkp@intel.com/config)
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/bd6a3bcc8978f551f83f85b9c18d199c71c29d7c
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
git checkout bd6a3bcc8978f551f83f85b9c18d199c71c29d7c
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/ drivers/net/ethernet/mellanox/mlx5/core/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>
All errors (new ones prefixed by >>):
>> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c:276:22: error: use of undeclared identifier 'extackx'; did you mean 'extack'?
NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
^~~~~~~
extack
include/linux/netlink.h:128:18: note: expanded from macro 'NL_SET_ERR_MSG_MOD'
NL_SET_ERR_MSG((extack), KBUILD_MODNAME ": " msg)
^
include/linux/netlink.h:100:38: note: expanded from macro 'NL_SET_ERR_MSG'
struct netlink_ext_ack *__extack = (extack); \
^
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c:167:34: note: 'extack' declared here
struct netlink_ext_ack *extack)
^
1 error generated.
vim +276 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
164
165 static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
166 struct xfrm_state *x,
167 struct netlink_ext_ack *extack)
168 {
169 if (x->props.aalgo != SADB_AALG_NONE) {
170 NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");
171 return -EINVAL;
172 }
173 if (x->props.ealgo != SADB_X_EALG_AES_GCM_ICV16) {
174 NL_SET_ERR_MSG_MOD(extack, "Only AES-GCM-ICV16 xfrm state may be offloaded");
175 return -EINVAL;
176 }
177 if (x->props.calgo != SADB_X_CALG_NONE) {
178 NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");
179 return -EINVAL;
180 }
181 if (x->props.flags & XFRM_STATE_ESN &&
182 !(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_ESN)) {
183 NL_SET_ERR_MSG_MOD(extack, "Cannot offload ESN xfrm states");
184 return -EINVAL;
185 }
186 if (x->props.family != AF_INET &&
187 x->props.family != AF_INET6) {
188 NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm states may be offloaded");
189 return -EINVAL;
190 }
191 if (x->id.proto != IPPROTO_ESP) {
192 NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state may be offloaded");
193 return -EINVAL;
194 }
195 if (x->encap) {
196 NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state may not be offloaded");
197 return -EINVAL;
198 }
199 if (!x->aead) {
200 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without aead");
201 return -EINVAL;
202 }
203 if (x->aead->alg_icv_len != 128) {
204 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 128bit");
205 return -EINVAL;
206 }
207 if ((x->aead->alg_key_len != 128 + 32) &&
208 (x->aead->alg_key_len != 256 + 32)) {
209 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD key length other than 128/256 bit");
210 return -EINVAL;
211 }
212 if (x->tfcpad) {
213 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");
214 return -EINVAL;
215 }
216 if (!x->geniv) {
217 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");
218 return -EINVAL;
219 }
220 if (strcmp(x->geniv, "seqiv")) {
221 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");
222 return -EINVAL;
223 }
224 switch (x->xso.type) {
225 case XFRM_DEV_OFFLOAD_CRYPTO:
226 if (!(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_CRYPTO)) {
227 NL_SET_ERR_MSG_MOD(extack, "Crypto offload is not supported");
228 return -EINVAL;
229 }
230
231 if (x->props.mode != XFRM_MODE_TRANSPORT &&
232 x->props.mode != XFRM_MODE_TUNNEL) {
233 NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm states may be offloaded");
234 return -EINVAL;
235 }
236 break;
237 case XFRM_DEV_OFFLOAD_PACKET:
238 if (!(mlx5_ipsec_device_caps(mdev) &
239 MLX5_IPSEC_CAP_PACKET_OFFLOAD)) {
240 NL_SET_ERR_MSG_MOD(extack, "Packet offload is not supported");
241 return -EINVAL;
242 }
243
244 if (x->props.mode != XFRM_MODE_TRANSPORT) {
245 NL_SET_ERR_MSG_MOD(extack, "Only transport xfrm states may be offloaded in packet mode");
246 return -EINVAL;
247 }
248
249 if (x->replay_esn && x->replay_esn->replay_window != 32 &&
250 x->replay_esn->replay_window != 64 &&
251 x->replay_esn->replay_window != 128 &&
252 x->replay_esn->replay_window != 256) {
253 NL_SET_ERR_MSG_MOD(extack, "Unsupported replay window size");
254 return -EINVAL;
255 }
256
257 if (!x->props.reqid) {
258 NL_SET_ERR_MSG_MOD(extack, "Cannot offload without reqid");
259 return -EINVAL;
260 }
261
262 if (x->lft.hard_byte_limit != XFRM_INF ||
263 x->lft.soft_byte_limit != XFRM_INF) {
264 NL_SET_ERR_MSG_MOD(extack, "Device doesn't support limits in bytes");
265 return -EINVAL;
266 }
267
268 if (x->lft.soft_packet_limit >= x->lft.hard_packet_limit &&
269 x->lft.hard_packet_limit != XFRM_INF) {
270 /* XFRM stack doesn't prevent such configuration :(. */
271 NL_SET_ERR_MSG_MOD(extack, "Hard packet limit must be greater than soft one");
272 return -EINVAL;
273 }
274 break;
275 default:
> 276 NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
277 return -EINVAL;
278 }
279 return 0;
280 }
281
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
Powered by blists - more mailing lists