diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2024-10-23 12:53:44 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-02-08 09:58:00 +0100 |
| commit | 5e4334dc39443645415450163ff5ff1ee7e79784 (patch) | |
| tree | 9130ef9a55368f7c654b5b0c49b459026bb45d00 /net/ipv4 | |
| parent | aa48a18fdb0911572d133057cd579db704b87da4 (diff) | |
| download | linux-5e4334dc39443645415450163ff5ff1ee7e79784.tar.gz linux-5e4334dc39443645415450163ff5ff1ee7e79784.tar.bz2 linux-5e4334dc39443645415450163ff5ff1ee7e79784.zip | |
xfrm: Add an inbound percpu state cache.
[ Upstream commit 81a331a0e72ddc2f75092603d9577bd1a0ca23ad ]
Now that we can have percpu xfrm states, the number of active
states might increase. To get a better lookup performance,
we add a percpu cache to cache the used inbound xfrm states.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Tested-by: Antony Antony <antony.antony@secunet.com>
Tested-by: Tobias Brunner <tobias@strongswan.org>
Stable-dep-of: e952837f3ddb ("xfrm: state: fix out-of-bounds read during lookup")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/esp4_offload.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c index 80c4ea0e12f4..e0d94270da28 100644 --- a/net/ipv4/esp4_offload.c +++ b/net/ipv4/esp4_offload.c @@ -53,9 +53,9 @@ static struct sk_buff *esp4_gro_receive(struct list_head *head, if (sp->len == XFRM_MAX_DEPTH) goto out_reset; - x = xfrm_state_lookup(dev_net(skb->dev), skb->mark, - (xfrm_address_t *)&ip_hdr(skb)->daddr, - spi, IPPROTO_ESP, AF_INET); + x = xfrm_input_state_lookup(dev_net(skb->dev), skb->mark, + (xfrm_address_t *)&ip_hdr(skb)->daddr, + spi, IPPROTO_ESP, AF_INET); if (unlikely(x && x->dir && x->dir != XFRM_SA_DIR_IN)) { /* non-offload path will record the error and audit log */ |