ixgbe: fix ipsec trailer length
authorShannon Nelson <shannon.nelson@oracle.com>
Thu, 22 Feb 2018 19:09:56 +0000 (11:09 -0800)
committerJeff Kirsher <jeffrey.t.kirsher@intel.com>
Mon, 12 Mar 2018 17:44:59 +0000 (10:44 -0700)
Fix up the Tx trailer length calculation.  We can't believe the
trailer len from the xstate information because it was calculated
before the packet was put together and padding added.  This bit
of code finds the padding value in the trailer, adds it to the
authentication length, and saves it so later we can put it into
the Tx descriptor to tell the device where to stop the checksum
calculation.

Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload")
Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c

index 8b7dbc8057eb3545b427757eb4a0b548d8689dc9..8623013e517e721431cc99269aeeab42f825b80a 100644 (file)
@@ -789,11 +789,33 @@ int ixgbe_ipsec_tx(struct ixgbe_ring *tx_ring,
 
        itd->flags = 0;
        if (xs->id.proto == IPPROTO_ESP) {
+               struct sk_buff *skb = first->skb;
+               int ret, authlen, trailerlen;
+               u8 padlen;
+
                itd->flags |= IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP |
                              IXGBE_ADVTXD_TUCMD_L4T_TCP;
                if (first->protocol == htons(ETH_P_IP))
                        itd->flags |= IXGBE_ADVTXD_TUCMD_IPV4;
-               itd->trailer_len = xs->props.trailer_len;
+
+               /* The actual trailer length is authlen (16 bytes) plus
+                * 2 bytes for the proto and the padlen values, plus
+                * padlen bytes of padding.  This ends up not the same
+                * as the static value found in xs->props.trailer_len (21).
+                *
+                * The "correct" way to get the auth length would be to use
+                *    authlen = crypto_aead_authsize(xs->data);
+                * but since we know we only have one size to worry about
+                * we can let the compiler use the constant and save us a
+                * few CPU cycles.
+                */
+               authlen = IXGBE_IPSEC_AUTH_BITS / 8;
+
+               ret = skb_copy_bits(skb, skb->len - (authlen + 2), &padlen, 1);
+               if (unlikely(ret))
+                       return 0;
+               trailerlen = authlen + 2 + padlen;
+               itd->trailer_len = trailerlen;
        }
        if (tsa->encrypt)
                itd->flags |= IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN;