Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
octeontx2-af: Harden rule validation.
Accept TC offload classifier rule only if SPI field
can be extracted by HW.
Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by
Ratheesh Kannoth
and committed by
David S. Miller
12aa0a3b
7a1c3821
+3
-1
+3
-1
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
+3
-1
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
···
580
580
if (!npc_check_field(rvu, blkaddr, NPC_LB, intf))
581
581
*features &= ~BIT_ULL(NPC_OUTER_VID);
582
582
583
-
if (*features & (BIT_ULL(NPC_IPPROTO_AH) | BIT_ULL(NPC_IPPROTO_ESP)))
583
+
/* Set SPI flag only if AH/ESP and IPSEC_SPI are in the key */
584
+
if (npc_check_field(rvu, blkaddr, NPC_IPSEC_SPI, intf) &&
585
+
(*features & (BIT_ULL(NPC_IPPROTO_ESP) | BIT_ULL(NPC_IPPROTO_AH))))
584
586
*features |= BIT_ULL(NPC_IPSEC_SPI);
585
587
586
588
/* for vlan ethertypes corresponding layer type should be in the key */