xfrm: Fix xfrm_replay_overflow_offload_esn

[ Upstream commit 0ba23a211360af7b6658e4fcfc571970bbbacc55 ]

In case of wrap around, replay_esn->oseq_hi is not updated
before it is tested for it's actual value, leading function
to fail with overflow indication and packets being dropped.

This patch updates replay_esn->oseq_hi in the right place.

Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading")
Signed-off-by: Yossef Efraim <yossefe@mellanox.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 8b23c5bcf8e88bcf2141dd75fac6eeec54a1b143..02501817227bebf58fc24a2e808f0b51b15fa28b 100644 (file)
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -666,7 +666,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
                if (unlikely(oseq < replay_esn->oseq)) {
                        XFRM_SKB_CB(skb)->seq.output.hi = ++oseq_hi;
                        xo->seq.hi = oseq_hi;
-
+                       replay_esn->oseq_hi = oseq_hi;
                        if (replay_esn->oseq_hi == 0) {
                                replay_esn->oseq--;
                                replay_esn->oseq_hi--;
@@ -678,7 +678,6 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
                }
 
                replay_esn->oseq = oseq;
-               replay_esn->oseq_hi = oseq_hi;
 
                if (xfrm_aevent_is_on(net))
                        x->repl->notify(x, XFRM_REPLAY_UPDATE);