On Tue, Mar 23, 2021 at 01:02:35PM +0100, Florian Westphal wrote:
> Steffen Klassert <steffen.klass...@secunet.com> wrote:
> > Commit 94579ac3f6d0 ("xfrm: Fix double ESP trailer insertion in IPsec
> > crypto offload.") added a XFRM_XMIT flag to avoid duplicate ESP trailer
> > insertion on HW offload. This flag is set on the secpath that is shared
> > amongst segments. This lead to a situation where some segments are
> > not transformed correctly when segmentation happens at layer 3.
> >
> > Fix this by using private skb extensions for segmented and hw offloaded
> > ESP packets.
> >
> > Fixes: 94579ac3f6d0 ("xfrm: Fix double ESP trailer insertion in IPsec
> > crypto offload.")
> > Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
> > ---
> > include/linux/skbuff.h | 1 +
> > net/core/skbuff.c | 23 ++++++++++++++++++-----
> > net/ipv4/esp4_offload.c | 16 +++++++++++++++-
> > net/ipv6/esp6_offload.c | 16 +++++++++++++++-
> > net/xfrm/xfrm_device.c | 2 --
> > 5 files changed, 49 insertions(+), 9 deletions(-)
> >
> > - if (hw_offload)
> > + if (hw_offload) {
> > + ext = skb_ext_cow(skb->extensions, skb->active_extensions);
>
> It should be possible to do
>
> if (hw_offload) {
> if (!skb_ext_add(skb, SKB_EXT_SECPATH);
> return -ENOMEM;
>
> xo = xfrm_offload(skb);
> ....
>
> without need for a new 'cow' function.
> skb_ext_add() will auto-COW if the extension area has a refcount > 1.
Good point, thanks! Will do a v2.
