Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp168684rwb; Wed, 28 Sep 2022 00:37:38 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4d8e8qE2Fy36ptu6Ak0wB5j97VN+RRIrii37t+JcaKCbaC4cO3zx2H43uI5DJQWcFeq7aZ X-Received: by 2002:a17:906:58ce:b0:787:8744:8316 with SMTP id e14-20020a17090658ce00b0078787448316mr2171296ejs.267.1664350658129; Wed, 28 Sep 2022 00:37:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664350658; cv=none; d=google.com; s=arc-20160816; b=ZxfnRnUVcm4jVxE7/E6FM+fRuDf3OV+VxPAgy5I2ocZE7Pp7sZ/1+prWfubzStxjd/ bUjxuNtBjLKrqxbS5q87TOJk9S9GdQfZB5vyw6UAoFiqQzp+/mn7rrR7eqZ+2iX+2AP7 l0q8sPbj8INgh7bFKPDwuVv0sjJyJ+jRMjnMg9AigxOA6oT2iGNIdr4G2QuorDSQIr1z ydYylgsMCsC1qCCb17dGX9M3RXmhzx5ZGafU28zJNABGJ7xkq4KqqzravEfFobsaoWHR ejSiwgI4Yk8rNy+61zSbPX09z2qZYDpFJFsktTnMp8GiI803gwTF2lrzOBhH4Nfxwh2S vkXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=STM5Eh+EttZMY5YwkLq0qtgiWoddLU8tZBU9E30+yDM=; b=hs93kYORyGCjinj3278RwNQMW3zYp7WguJtWuFIdKv0YhPL4pVZCdqeLtswxTo0+Ue e6QvIyVZZX+3qvEZoEi3of70pT8Yvsdhgd3r4nilej/na1/N+s6BP9rOufXkg9uLk6zg BS9nHt8TdY8l1L13wXkH3ngspZ09sWc9UZkzAw3m89q9xhQswoNJSSwI1wJQDzqyhsAN Ss4pSRRuZ8E0hcAFfs0I5rH6fiucHPc6uslendHwXKoxSqWb21/VTUt+FHdk59DBt04S qfcjkemrdbBtQL33zHo2GK3GudUQA4vRTku9V+cQwinb8vro3nv2OmSTps8gD1kv1urE dTWA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t23-20020a170906609700b00781599eb7d9si3712401ejj.542.2022.09.28.00.37.11; Wed, 28 Sep 2022 00:37:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232902AbiI1GvU (ORCPT + 99 others); Wed, 28 Sep 2022 02:51:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232380AbiI1Guu (ORCPT ); Wed, 28 Sep 2022 02:50:50 -0400 Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AED6C1F65FE; Tue, 27 Sep 2022 23:49:13 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 0BC64201CC; Wed, 28 Sep 2022 08:49:10 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9YqpzX5v-ApX; Wed, 28 Sep 2022 08:49:09 +0200 (CEST) Received: from mailout1.secunet.com (mailout1.secunet.com [62.96.220.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 5D72B2052D; Wed, 28 Sep 2022 08:49:08 +0200 (CEST) Received: from cas-essen-01.secunet.de (unknown [10.53.40.201]) by mailout1.secunet.com (Postfix) with ESMTP id 4DE2380004A; Wed, 28 Sep 2022 08:49:08 +0200 (CEST) Received: from mbx-essen-01.secunet.de (10.53.40.197) by cas-essen-01.secunet.de (10.53.40.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Wed, 28 Sep 2022 08:49:08 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-01.secunet.de (10.53.40.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Wed, 28 Sep 2022 08:49:07 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 8E90531825E5; Wed, 28 Sep 2022 08:49:07 +0200 (CEST) Date: Wed, 28 Sep 2022 08:49:07 +0200 From: Steffen Klassert To: Christian Langrock CC: , , , , , , Subject: Re: [PATCH net-ipsec v2] xfrm: replay: Fix ESN wrap around for GSO Message-ID: <20220928064907.GU566407@gauss3.secunet.de> References: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To mbx-essen-01.secunet.de (10.53.40.197) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 27, 2022 at 02:59:50PM +0200, Christian Langrock wrote: > When using GSO it can happen that the wrong seq_hi is used for the last > packets before the wrap around. This can lead to double usage of a > sequence number. To avoid this, we should serialize this last GSO > packet. > > Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for...") > Signed-off-by: Christian Langrock Some minor nits: This is already v3, not v2 as stated in the subject line. Also, please explain the changes between the versions (see 'git log' for examples). The target tree is 'ipsec', not 'net-ipsec'. Otherwise this is a fix for a real bug. So fix the build, incorporate the review from Leon and send a v4. Thanks!