lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <IA3PR11MB898599F0588E1D1E9CAE7DBB8F11A@IA3PR11MB8985.namprd11.prod.outlook.com>
Date: Fri, 19 Sep 2025 08:16:05 +0000
From: "Romanowski, Rafal" <rafal.romanowski@...el.com>
To: "Jagielski, Jedrzej" <jedrzej.jagielski@...el.com>,
	"intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>
CC: "Nguyen, Anthony L" <anthony.l.nguyen@...el.com>, "netdev@...r.kernel.org"
	<netdev@...r.kernel.org>, "stable@...r.kernel.org" <stable@...r.kernel.org>,
	"Jagielski, Jedrzej" <jedrzej.jagielski@...el.com>, "Keller, Jacob E"
	<jacob.e.keller@...el.com>, "Kitszel, Przemyslaw"
	<przemyslaw.kitszel@...el.com>, "Loktionov, Aleksandr"
	<aleksandr.loktionov@...el.com>
Subject: RE: [Intel-wired-lan] [PATCH iwl-net v1 3/4] ixgbevf: fix mailbox API
 compatibility by negotiating supported features

> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf Of
> Jedrzej Jagielski
> Sent: Thursday, August 28, 2025 11:52 AM
> To: intel-wired-lan@...ts.osuosl.org
> Cc: Nguyen, Anthony L <anthony.l.nguyen@...el.com>;
> netdev@...r.kernel.org; stable@...r.kernel.org; Jagielski, Jedrzej
> <jedrzej.jagielski@...el.com>; Keller, Jacob E <jacob.e.keller@...el.com>;
> Kitszel, Przemyslaw <przemyslaw.kitszel@...el.com>; Loktionov, Aleksandr
> <aleksandr.loktionov@...el.com>
> Subject: [Intel-wired-lan] [PATCH iwl-net v1 3/4] ixgbevf: fix mailbox API
> compatibility by negotiating supported features
> 
> There was backward compatibility in the terms of mailbox API. Various drivers
> from various OSes supporting 10G adapters from Intel portfolio could easily
> negotiate mailbox API.
> 
> This convention has been broken since introducing API 1.4.
> Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support
> for IPSec which is specific only for the kernel ixgbe driver. None of the rest of
> the Intel 10G PF/VF drivers supports it. And actually lack of support was not
> included in the IPSec implementation - there were no such code paths. No
> possibility to negotiate support for the feature was introduced along with
> introduction of the feature itself.
> 
> Commit 339f28964147 ("ixgbevf: Add support for new mailbox
> communication between PF and VF") increasing API version to 1.5 did the
> same - it introduced code supported specifically by the PF ESX driver. It altered
> API version for the VF driver in the same time not touching the version defined
> for the PF ixgbe driver. It led to additional discrepancies, as the code provided
> within API 1.6 cannot be supported for Linux ixgbe driver as it causes crashes.
> 
> The issue was noticed some time ago and mitigated by Jake within the commit
> d0725312adf5 ("ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5").
> As a result we have regression for IPsec support and after increasing API to
> version 1.6 ixgbevf driver stopped to support ESX MBX.
> 
> To fix this mess add new mailbox op asking PF driver about supported
> features. Basing on a response determine whether to set support for IPSec and
> ESX-specific enhanced mailbox.
> 
> New mailbox op, for compatibility purposes, must be added within new API
> revision, as API version of OOT PF & VF drivers is already increased to
> 1.6 and doesn't incorporate features negotiate op.
> 
> Features negotiation mechanism gives possibility to be extended with new
> features when needed in the future.
> 
> Reported-by: Jacob Keller <jacob.e.keller@...el.com>
> Fixes: 0062e7cc955e ("ixgbevf: add VF IPsec offload code")
> Fixes: 339f28964147 ("ixgbevf: Add support for new mailbox communication
> between PF and VF")
> Reviewed-by: Jacob Keller <jacob.e.keller@...el.com>
> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@...el.com>
> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@...el.com>
> Cc: stable@...r.kernel.org
> Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski@...el.com>
> ---
>  drivers/net/ethernet/intel/ixgbevf/ipsec.c    | 10 +++++
>  drivers/net/ethernet/intel/ixgbevf/ixgbevf.h  |  7 +++
> .../net/ethernet/intel/ixgbevf/ixgbevf_main.c | 32 ++++++++++++-
>  drivers/net/ethernet/intel/ixgbevf/mbx.h      |  4 ++
>  drivers/net/ethernet/intel/ixgbevf/vf.c       | 45 ++++++++++++++++++-
>  drivers/net/ethernet/intel/ixgbevf/vf.h       |  1 +
>  6 files changed, 96 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c
> b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
> index 65580b9cb06f..fce35924ff8b 100644
> --- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c
> +++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
> @@ -273,6 +273,9 @@ static int ixgbevf_ipsec_add_sa(struct net_device

Tested-by: Rafal Romanowski <rafal.romanowski@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ