xfrm: replay: Fix ESN wrap around for GSO

[ Upstream commit 4b549ccce941798703f159b227aa28c716aa78fa ] When using GSO it can happen that the wrong seq_hi is used for the last packets before the wrap around. This can lead to double usage of a sequence number. To avoid this, we should serialize this last GSO packet. Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading") Co-developed-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Christian Langrock <christian.langrock@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Christian Langrock <christian.langrock@secunet.com> 2022-10-17 09:34:47 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-12-02 19:39:58 +0300
commit: 51969d679ba4567e10f6c15061d1dad1063406e7 (patch)
tree: 5d43cd427d340fe7b4b5a6f573e0bf4eadf70f8c /net/ipv4
parent: 497653f6d2392c8d4abb041f01e1a19781d995d0 (diff)
download: linux-51969d679ba4567e10f6c15061d1dad1063406e7.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c
index 3450c9ba2728..84257678160a 100644
--- a/net/ipv4/esp4_offload.c
+++ b/net/ipv4/esp4_offload.c
@@ -312,6 +312,9 @@ static int esp_xmit(struct xfrm_state *x, struct sk_buff *skb,  netdev_features_
 			xo->seq.low += skb_shinfo(skb)->gso_segs;
 	}
 
+	if (xo->seq.low < seq)
+		xo->seq.hi++;
+
 	esp.seqno = cpu_to_be64(seq + ((u64)xo->seq.hi << 32));
 
 	ip_hdr(skb)->tot_len = htons(skb->len);
author	Christian Langrock <christian.langrock@secunet.com>	2022-10-17 09:34:47 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-12-02 19:39:58 +0300
commit	51969d679ba4567e10f6c15061d1dad1063406e7 (patch)
tree	5d43cd427d340fe7b4b5a6f573e0bf4eadf70f8c /net/ipv4
parent	497653f6d2392c8d4abb041f01e1a19781d995d0 (diff)
download	linux-51969d679ba4567e10f6c15061d1dad1063406e7.tar.xz