From: Ratheesh Kannoth <rkannoth@marvell.com>
Date: Wed, 9 Aug 2023 06:40:39 +0000 (+0530)
Subject: octeontx2-af: Harden rule validation.
X-Git-Tag: block-6.6-2023-09-08~22^2~146
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=12aa0a3b93f3adf61b6f7937c3aac8585ced3fca;p=linux-2.6-block.git

octeontx2-af: Harden rule validation.

Accept TC offload classifier rule only if SPI field
can be extracted by HW.

Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
index 5c8f9fc15ff8..237f82082ebe 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
@@ -580,7 +580,9 @@ static void npc_set_features(struct rvu *rvu, int blkaddr, u8 intf)
 		if (!npc_check_field(rvu, blkaddr, NPC_LB, intf))
 			*features &= ~BIT_ULL(NPC_OUTER_VID);
 
-	if (*features & (BIT_ULL(NPC_IPPROTO_AH) | BIT_ULL(NPC_IPPROTO_ESP)))
+	/* Set SPI flag only if AH/ESP and IPSEC_SPI are in the key */
+	if (npc_check_field(rvu, blkaddr, NPC_IPSEC_SPI, intf) &&
+	    (*features & (BIT_ULL(NPC_IPPROTO_ESP) | BIT_ULL(NPC_IPPROTO_AH))))
 		*features |= BIT_ULL(NPC_IPSEC_SPI);
 
 	/* for vlan ethertypes corresponding layer type should be in the key */