From: Shannon Nelson <shannon.nel...@oracle.com>
Date: Thu, 8 Mar 2018 16:17:23 -0800
> Adding a macvlan device on top of a lowerdev that supports
> the xfrm offloads fails with a new regression:
> # ip link add link ens1f0 mv0 type macvlan
> RTNETLINK answers: Operation not permitted
>
> Tracing down the failure shows that the macvlan device inherits
> the NETIF_F_HW_ESP and NETIF_F_HW_ESP_TX_CSUM feature flags
> from the lowerdev, but with no dev->xfrmdev_ops API filled
> in, it doesn't actually support xfrm. When the request is
> made to add the new macvlan device, the XFRM listener for
> NETDEV_REGISTER calls xfrm_api_check() which fails the new
> registration because dev->xfrmdev_ops is NULL.
>
> The macvlan creation succeeds when we filter out the ESP
> feature flags in macvlan_fix_features(), so let's filter them
> out like we're already filtering out ~NETIF_F_NETNS_LOCAL.
> When XFRM support is added in the future, we can add the flags
> into MACVLAN_FEATURES.
>
> This same problem could crop up in the future with any other
> new feature flags, so let's filter out any flags that aren't
> defined as supported in macvlan.
>
> Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
> Reported-by: Alexey Kodanev <alexey.koda...@oracle.com>
> Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com>
Applied, thanks.
