| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250523075611.3723340-1-steffen.klassert@secunet.com>
Date: Fri, 23 May 2025 09:55:59 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>
CC: Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert
<steffen.klassert@...unet.com>, <netdev@...r.kernel.org>
Subject: [PATCH 0/12] pull request (net-next): ipsec-next 2025-05-23
1) Remove some unnecessary strscpy_pad() size arguments.
From Thorsten Blum.
2) Correct use of xso.real_dev on bonding offloads.
Patchset from Cosmin Ratiu.
3) Add hardware offload configuration to XFRM_MSG_MIGRATE.
From Chiachang Wang.
4) Refactor migration setup during cloning. This was
done after the clone was created. Now it is done
in the cloning function itself.
From Chiachang Wang.
5) Validate assignment of maximal possible SEQ number.
Prevent from setting to the maximum sequrnce number
as this would cause for traffic drop.
From Leon Romanovsky.
6) Prevent configuration of interface index when offload
is used. Hardware can't handle this case.i
From Leon Romanovsky.
7) Always use kfree_sensitive() for SA secret zeroization.
From Zilin Guan.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 0c49baf099ba2147a6ff3bbdc3197c6ddbee5469:
r8169: add helper rtl8125_phy_param (2025-04-10 20:18:11 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git tags/ipsec-next-2025-05-23
for you to fetch changes up to e7a37c9e428a2912a4eec160e633503cd72e1ee6:
xfrm: use kfree_sensitive() for SA secret zeroization (2025-05-20 07:55:00 +0200)
----------------------------------------------------------------
ipsec-next-2025-05-23
----------------------------------------------------------------
Chiachang Wang (2):
xfrm: Migrate offload configuration
xfrm: Refactor migration setup during the cloning process
Cosmin Ratiu (6):
net/mlx5: Avoid using xso.real_dev unnecessarily
xfrm: Use xdo.dev instead of xdo.real_dev
xfrm: Remove unneeded device check from validate_xmit_xfrm
xfrm: Add explicit dev to .xdo_dev_state_{add,delete,free}
bonding: Mark active offloaded xfrm_states
bonding: Fix multiple long standing offload races
Leon Romanovsky (2):
xfrm: validate assignment of maximal possible SEQ number
xfrm: prevent configuration of interface index when offload is used
Steffen Klassert (2):
Merge branch 'xfrm & bonding: Correct use of xso.real_dev'
Merge branch 'Update offload configuration with SA'
Thorsten Blum (1):
xfrm: Remove unnecessary strscpy_pad() size arguments
Zilin Guan (1):
xfrm: use kfree_sensitive() for SA secret zeroization
Documentation/networking/xfrm_device.rst | 10 +-
drivers/net/bonding/bond_main.c | 119 ++++++++++-----------
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 20 ++--
.../chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 18 ++--
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 41 +++----
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 21 ++--
.../ethernet/marvell/octeontx2/nic/cn10k_ipsec.c | 18 ++--
.../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 28 ++---
.../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 +
drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 11 +-
drivers/net/netdevsim/ipsec.c | 15 ++-
include/linux/netdevice.h | 10 +-
include/net/xfrm.h | 19 +++-
net/key/af_key.c | 2 +-
net/xfrm/xfrm_device.c | 18 ++--
net/xfrm/xfrm_policy.c | 4 +-
net/xfrm/xfrm_state.c | 46 ++++----
net/xfrm/xfrm_user.c | 77 +++++++++----
18 files changed, 277 insertions(+), 201 deletions(-)
Powered by blists - more mailing lists