Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/922950/?format=api
{ "id": 922950, "url": "http://patchwork.ozlabs.org/api/patches/922950/?format=api", "web_url": "http://patchwork.ozlabs.org/project/intel-wired-lan/patch/1527704404-14759-1-git-send-email-shannon.nelson@oracle.com/", "project": { "id": 46, "url": "http://patchwork.ozlabs.org/api/projects/46/?format=api", "name": "Intel Wired Ethernet development", "link_name": "intel-wired-lan", "list_id": "intel-wired-lan.osuosl.org", "list_email": "intel-wired-lan@osuosl.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1527704404-14759-1-git-send-email-shannon.nelson@oracle.com>", "list_archive_url": null, "date": "2018-05-30T18:20:04", "name": "[v2] ixgbe: check ipsec ip addr against mgmt filters", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "1104f7ce6dae4682728dbc1794ab8a394797b08a", "submitter": { "id": 70766, "url": "http://patchwork.ozlabs.org/api/people/70766/?format=api", "name": "Shannon Nelson", "email": "shannon.nelson@oracle.com" }, "delegate": { "id": 68, "url": "http://patchwork.ozlabs.org/api/users/68/?format=api", "username": "jtkirshe", "first_name": "Jeff", "last_name": "Kirsher", "email": "jeffrey.t.kirsher@intel.com" }, "mbox": "http://patchwork.ozlabs.org/project/intel-wired-lan/patch/1527704404-14759-1-git-send-email-shannon.nelson@oracle.com/mbox/", "series": [ { "id": 47575, "url": "http://patchwork.ozlabs.org/api/series/47575/?format=api", "web_url": "http://patchwork.ozlabs.org/project/intel-wired-lan/list/?series=47575", "date": "2018-05-30T18:20:04", "name": "[v2] ixgbe: check ipsec ip addr against mgmt filters", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/47575/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/922950/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/922950/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<intel-wired-lan-bounces@osuosl.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "intel-wired-lan@lists.osuosl.org" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "intel-wired-lan@lists.osuosl.org" ], "Authentication-Results": [ "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=osuosl.org\n\t(client-ip=140.211.166.138; helo=whitealder.osuosl.org;\n\tenvelope-from=intel-wired-lan-bounces@osuosl.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org;\n\tdmarc=fail (p=none dis=none) header.from=oracle.com", "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=oracle.com header.i=@oracle.com\n\theader.b=\"J6n0K5U1\"; dkim-atps=neutral" ], "Received": [ "from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 40wzVs26Ytz9s0q\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 31 May 2018 04:23:32 +1000 (AEST)", "from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 025A786DB3;\n\tWed, 30 May 2018 18:23:31 +0000 (UTC)", "from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 8s1NYfNhbCT1; Wed, 30 May 2018 18:23:29 +0000 (UTC)", "from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id C22F286D91;\n\tWed, 30 May 2018 18:23:29 +0000 (UTC)", "from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 81B281C01FE\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tWed, 30 May 2018 18:23:29 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 7EA46880F5\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tWed, 30 May 2018 18:23:29 +0000 (UTC)", "from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id z9qO8FGjzrpG for <intel-wired-lan@lists.osuosl.org>;\n\tWed, 30 May 2018 18:23:28 +0000 (UTC)", "from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id 443A3880B9\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tWed, 30 May 2018 18:23:28 +0000 (UTC)", "from pps.filterd (userp2130.oracle.com [127.0.0.1])\n\tby userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id\n\tw4UILA4f134430; Wed, 30 May 2018 18:23:26 GMT", "from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74])\n\tby userp2130.oracle.com with ESMTP id 2j9x4h8v0p-1\n\t(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256\n\tverify=OK); Wed, 30 May 2018 18:23:26 +0000", "from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])\n\tby userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id\n\tw4UINP9a017970\n\t(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256\n\tverify=OK); Wed, 30 May 2018 18:23:25 GMT", "from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12])\n\tby aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id\n\tw4UINP3K023991; Wed, 30 May 2018 18:23:25 GMT", "from slnelson-mint18.us.oracle.com (/10.159.224.8)\n\tby default (Oracle Beehive Gateway v4.0)\n\twith ESMTP ; Wed, 30 May 2018 11:23:23 -0700" ], "X-Virus-Scanned": [ "amavisd-new at osuosl.org", "amavisd-new at osuosl.org" ], "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;\n\th=from : to : cc :\n\tsubject : date : message-id; s=corp-2017-10-26;\n\tbh=Jk5hqK+s4LGrI40OesJLqlUlLOsf+T4SOSr36vDFQOw=;\n\tb=J6n0K5U11gAngot9SNfuNNI9aDsNmzfKg+3jB44abk9WmVVkTJjs3xDhSsEooFd/9BVp\n\ttewM6PJbKfjxrK7TbB1vFnirkE4tWmDY2Nq+phZsdTn+f5NTX+YF2DGH4nLTvBaePXXu\n\tuuvwWuEs3RIomhjBPb/WZoc9RXCBWQ+k/RmIQOitS0BSCGCw0oVY12TXSXC6czdKaWgl\n\te1DTJ27JrbPI5EKnCLAmLNatL3HjD0z5B4nYjLjOwGGxVAi959Ryk5G0Na16Sc1AxeR3\n\tWdkSKPJpfUZGay/EEUaGZ2f7n7gg0tfDTOOWJ1RMQtUNCg7bSpp26XRtB0/7TY9c5Uv1\n\t2w== ", "From": "Shannon Nelson <shannon.nelson@oracle.com>", "To": "intel-wired-lan@lists.osuosl.org, jeffrey.t.kirsher@intel.com", "Date": "Wed, 30 May 2018 11:20:04 -0700", "Message-Id": "<1527704404-14759-1-git-send-email-shannon.nelson@oracle.com>", "X-Mailer": "git-send-email 2.7.4", "X-Proofpoint-Virus-Version": "vendor=nai engine=5900 definitions=8909\n\tsignatures=668702", "X-Proofpoint-Spam-Details": "rule=notspam policy=default score=0 suspectscore=0\n\tmalwarescore=0\n\tphishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999\n\tadultscore=0 classifier=spam adjust=0 reason=mlx scancount=1\n\tengine=8.0.1-1805220000 definitions=main-1805300194", "Subject": "[Intel-wired-lan] [PATCH v2] ixgbe: check ipsec ip addr against\n\tmgmt filters", "X-BeenThere": "intel-wired-lan@osuosl.org", "X-Mailman-Version": "2.1.24", "Precedence": "list", "List-Id": "Intel Wired Ethernet Linux Kernel Driver Development\n\t<intel-wired-lan.osuosl.org>", "List-Unsubscribe": "<https://lists.osuosl.org/mailman/options/intel-wired-lan>, \n\t<mailto:intel-wired-lan-request@osuosl.org?subject=unsubscribe>", "List-Archive": "<http://lists.osuosl.org/pipermail/intel-wired-lan/>", "List-Post": "<mailto:intel-wired-lan@osuosl.org>", "List-Help": "<mailto:intel-wired-lan-request@osuosl.org?subject=help>", "List-Subscribe": "<https://lists.osuosl.org/mailman/listinfo/intel-wired-lan>, \n\t<mailto:intel-wired-lan-request@osuosl.org?subject=subscribe>", "Cc": "netdev@vger.kernel.org", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "intel-wired-lan-bounces@osuosl.org", "Sender": "\"Intel-wired-lan\" <intel-wired-lan-bounces@osuosl.org>" }, "content": "Make sure we don't try to offload the decryption of an incoming\npacket that should get delivered to the management engine. This\nis a corner case that will likely be very seldom seen, but could\nreally confuse someone if they were to hit it.\n\nSuggested-by: Jesse Brandeburg <jesse.brandeburg@intel.com>\nSigned-off-by: Shannon Nelson <shannon.nelson@oracle.com>\n---\nv2 - added the BMC IP check\n\n drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 88 ++++++++++++++++++++++++++\n 1 file changed, 88 insertions(+)", "diff": "diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c\nindex 99b170f..e1c9762 100644\n--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c\n+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c\n@@ -445,6 +445,89 @@ static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs,\n }\n \n /**\n+ * ixgbe_ipsec_check_mgmt_ip - make sure there is no clash with mgmt IP filters\n+ * @xs: pointer to transformer state struct\n+ **/\n+static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)\n+{\n+\tstruct net_device *dev = xs->xso.dev;\n+\tstruct ixgbe_adapter *adapter = netdev_priv(dev);\n+\tstruct ixgbe_hw *hw = &adapter->hw;\n+\tu32 mfval, manc, reg;\n+\tint num_filters = 4;\n+\tbool manc_ipv4;\n+\tu32 bmcipval;\n+\tint i, j;\n+\n+#define MANC_EN_IPV4_FILTER BIT(24)\n+#define MFVAL_IPV4_FILTER_SHIFT 16\n+#define MFVAL_IPV6_FILTER_SHIFT 24\n+#define MIPAF_ARR(_m, _n) (IXGBE_MIPAF + ((_m) * 0x10) + ((_n) * 4))\n+\n+#define IXGBE_BMCIP(_n) (0x5050 + ((_n) * 4))\n+#define IXGBE_BMCIPVAL 0x5060\n+#define BMCIP_V4 0x2\n+#define BMCIP_V6 0x3\n+#define BMCIP_MASK 0x3\n+\n+\tmanc = IXGBE_READ_REG(hw, IXGBE_MANC);\n+\tmanc_ipv4 = !!(manc & MANC_EN_IPV4_FILTER);\n+\tmfval = IXGBE_READ_REG(hw, IXGBE_MFVAL);\n+\tbmcipval = IXGBE_READ_REG(hw, IXGBE_BMCIPVAL);\n+\n+\tif (xs->props.family == AF_INET) {\n+\t\t/* are there any IPv4 filters to check? */\n+\t\tif (manc_ipv4) {\n+\t\t\t/* the 4 ipv4 filters are all in MIPAF(3, i) */\n+\t\t\tfor (i = 0; i < num_filters; i++) {\n+\t\t\t\tif (!(mfval & BIT(MFVAL_IPV4_FILTER_SHIFT + i)))\n+\t\t\t\t\tcontinue;\n+\n+\t\t\t\treg = IXGBE_READ_REG(hw, MIPAF_ARR(3, i));\n+\t\t\t\tif (reg == xs->id.daddr.a4)\n+\t\t\t\t\treturn 1;\n+\t\t\t}\n+\t\t}\n+\n+\t\tif ((bmcipval & BMCIP_MASK) == BMCIP_V4) {\n+\t\t\treg = IXGBE_READ_REG(hw, IXGBE_BMCIP(3));\n+\t\t\tif (reg == xs->id.daddr.a4)\n+\t\t\t\treturn 1;\n+\t\t}\n+\n+\t} else {\n+\t\t/* if there are ipv4 filters, they are in the last ipv6 slot */\n+\t\tif (manc_ipv4)\n+\t\t\tnum_filters = 3;\n+\n+\t\tfor (i = 0; i < num_filters; i++) {\n+\t\t\tif (!(mfval & BIT(MFVAL_IPV6_FILTER_SHIFT + i)))\n+\t\t\t\tcontinue;\n+\n+\t\t\tfor (j = 0; j < 4; j++) {\n+\t\t\t\treg = IXGBE_READ_REG(hw, MIPAF_ARR(i, j));\n+\t\t\t\tif (reg != xs->id.daddr.a6[j])\n+\t\t\t\t\tbreak;\n+\t\t\t}\n+\t\t\tif (j == 4) /* did we match all 4 words? */\n+\t\t\t\treturn 1;\n+\t\t}\n+\n+\t\tif ((bmcipval & BMCIP_MASK) == BMCIP_V6) {\n+\t\t\tfor (j = 0; j < 4; j++) {\n+\t\t\t\treg = IXGBE_READ_REG(hw, IXGBE_BMCIP(j));\n+\t\t\t\tif (reg != xs->id.daddr.a6[j])\n+\t\t\t\t\tbreak;\n+\t\t\t}\n+\t\t\tif (j == 4) /* did we match all 4 words? */\n+\t\t\t\treturn 1;\n+\t\t}\n+\t}\n+\n+\treturn 0;\n+}\n+\n+/**\n * ixgbe_ipsec_add_sa - program device with a security association\n * @xs: pointer to transformer state struct\n **/\n@@ -465,6 +548,11 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)\n \t\treturn -EINVAL;\n \t}\n \n+\tif (ixgbe_ipsec_check_mgmt_ip(xs)) {\n+\t\tnetdev_err(dev, \"IPsec IP addr clash with mgmt filters\\n\");\n+\t\treturn -EINVAL;\n+\t}\n+\n \tif (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {\n \t\tstruct rx_sa rsa;\n \n", "prefixes": [ "v2" ] }