/[packages]/cauldron/kernel/current/PATCHES/patches/0077-ixgbe-disallow-IPsec-Tx-offload-when-in-SR-IOV-mode.patch
ViewVC logotype

Contents of /cauldron/kernel/current/PATCHES/patches/0077-ixgbe-disallow-IPsec-Tx-offload-when-in-SR-IOV-mode.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1329221 - (show annotations) (download)
Fri Nov 9 22:05:45 2018 UTC (5 years, 10 months ago) by tmb
File size: 1774 byte(s)
add fixes from sashas autosel queue
1 From fe1b2e1fb6f693523bdd05040398f65f41905a41 Mon Sep 17 00:00:00 2001
2 From: Shannon Nelson <shannon.nelson@oracle.com>
3 Date: Wed, 22 Aug 2018 16:47:14 -0700
4 Subject: [PATCH 077/145] ixgbe: disallow IPsec Tx offload when in SR-IOV mode
5
6 [ Upstream commit 47b6f50077e68bcd544f657526dad4bfdce7e87d ]
7
8 There seems to be a problem in the x540's internal switch wherein if SR-IOV
9 mode is enabled and an offloaded IPsec packet is sent to a local VF,
10 the packet is silently dropped. This might never be a problem as it is
11 somewhat a corner case, but if someone happens to be using IPsec offload
12 from the PF to a VF that just happens to get migrated to the local box,
13 communication will mysteriously fail.
14
15 Not good.
16
17 A simple way to protect from this is to simply not allow any IPsec offloads
18 for outgoing packets when num_vfs != 0. This doesn't help any offloads that
19 were created before SR-IOV was enabled, but we'll get to that later.
20
21 Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
22 Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
23 Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
24 Signed-off-by: Sasha Levin <sashal@kernel.org>
25 ---
26 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 3 +++
27 1 file changed, 3 insertions(+)
28
29 diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
30 index da4322e4daed..add124e0381d 100644
31 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
32 +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
33 @@ -676,6 +676,9 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)
34 } else {
35 struct tx_sa tsa;
36
37 + if (adapter->num_vfs)
38 + return -EOPNOTSUPP;
39 +
40 /* find the first unused index */
41 ret = ixgbe_ipsec_find_empty_idx(ipsec, false);
42 if (ret < 0) {
43 --
44 2.19.1
45

  ViewVC Help
Powered by ViewVC 1.1.30