patch 'net/iavf: fix SPI check' has been queued to stable release 21.11.3

Kevin Traynor ktraynor at redhat.com
Fri Nov 11 11:33:17 CET 2022


Hi,

FYI, your patch has been queued to stable release 21.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/14/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/4ff81b5316372b71616d7f3742e3fe2e255f3d6c

Thanks.

Kevin

---
>From 4ff81b5316372b71616d7f3742e3fe2e255f3d6c Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau at intel.com>
Date: Fri, 14 Oct 2022 10:51:24 +0100
Subject: [PATCH] net/iavf: fix SPI check

[ upstream commit a452ff111c1e2616f18df231622e2e49cb3a591c ]

Return error if SPI from the flow spec doesn't match
the one from the crypto session.

Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")

Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
Acked-by: Qi Zhang <qi.z.zhang at intel.com>
---
 drivers/net/iavf/iavf_ipsec_crypto.c | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index 5537c35ac1..e7d8fb968c 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -709,17 +709,9 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
 		return false;
 
-	/* SPI value must be non-zero */
-	if (spi == 0)
+	/* SPI value must be non-zero and must match flow SPI*/
+	if (spi == 0 || (htonl(sess->sa.spi) != spi))
 		return false;
-	/* Session SPI must patch flow SPI*/
-	else if (sess->sa.spi == spi) {
-		return true;
-		/**
-		 * TODO: We should add a way of tracking valid hw SA indices to
-		 * make validation less brittle
-		 */
-	}
 
-		return true;
+	return true;
 }
 
-- 
2.38.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-11-11 10:32:17.728640028 +0000
+++ 0027-net-iavf-fix-SPI-check.patch	2022-11-11 10:32:17.081300797 +0000
@@ -1 +1 @@
-From a452ff111c1e2616f18df231622e2e49cb3a591c Mon Sep 17 00:00:00 2001
+From 4ff81b5316372b71616d7f3742e3fe2e255f3d6c Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit a452ff111c1e2616f18df231622e2e49cb3a591c ]
+
@@ -10 +11,0 @@
-Cc: stable at dpdk.org
@@ -19 +20 @@
-index b50149c0ce..60e03c8be3 100644
+index 5537c35ac1..e7d8fb968c 100644
@@ -22 +23 @@
-@@ -698,17 +698,9 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
+@@ -709,17 +709,9 @@ iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,



More information about the stable mailing list