From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Radu Pirea (NXP OSS)" <radu-nicolae.pirea@oss.nxp.com>,
Sabrina Dubroca <sd@queasysnail.net>,
Paolo Abeni <pabeni@redhat.com>, Sasha Levin <sashal@kernel.org>,
davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 6.1 15/19] net: macsec: indicate next pn update when offloading
Date: Wed, 18 Oct 2023 10:13:17 -0400 [thread overview]
Message-ID: <20231018141323.1334898-15-sashal@kernel.org> (raw)
In-Reply-To: <20231018141323.1334898-1-sashal@kernel.org>
From: "Radu Pirea (NXP OSS)" <radu-nicolae.pirea@oss.nxp.com>
[ Upstream commit 0412cc846a1ef38697c3f321f9b174da91ecd3b5 ]
Indicate next PN update using update_pn flag in macsec_context.
Offloaded MACsec implementations does not know whether or not the
MACSEC_SA_ATTR_PN attribute was passed for an SA update and assume
that next PN should always updated, but this is not always true.
The PN can be reset to its initial value using the following command:
$ ip macsec set macsec0 tx sa 0 off #octeontx2-pf case
Or, the update PN command will succeed even if the driver does not support
PN updates.
$ ip macsec set macsec0 tx sa 0 pn 1 on #mscc phy driver case
Comparing the initial PN with the new PN value is not a solution. When
the user updates the PN using its initial value the command will
succeed, even if the driver does not support it. Like this:
$ ip macsec add macsec0 tx sa 0 pn 1 on key 00 \
ead3664f508eb06c40ac7104cdae4ce5
$ ip macsec set macsec0 tx sa 0 pn 1 on #mlx5 case
Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macsec.c | 2 ++
include/net/macsec.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 578f470e9fad9..81453e84b6413 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -2384,6 +2384,7 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
ctx.sa.assoc_num = assoc_num;
ctx.sa.tx_sa = tx_sa;
+ ctx.sa.update_pn = !!prev_pn.full64;
ctx.secy = secy;
ret = macsec_offload(ops->mdo_upd_txsa, &ctx);
@@ -2477,6 +2478,7 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
ctx.sa.assoc_num = assoc_num;
ctx.sa.rx_sa = rx_sa;
+ ctx.sa.update_pn = !!prev_pn.full64;
ctx.secy = secy;
ret = macsec_offload(ops->mdo_upd_rxsa, &ctx);
diff --git a/include/net/macsec.h b/include/net/macsec.h
index 5b9c61c4d3a62..65c93959c2dc5 100644
--- a/include/net/macsec.h
+++ b/include/net/macsec.h
@@ -257,6 +257,7 @@ struct macsec_context {
struct macsec_secy *secy;
struct macsec_rx_sc *rx_sc;
struct {
+ bool update_pn;
unsigned char assoc_num;
u8 key[MACSEC_MAX_KEY_LEN];
union {
--
2.40.1
next prev parent reply other threads:[~2023-10-18 14:24 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-18 14:13 [PATCH AUTOSEL 6.1 01/19] ASoC: Intel: sof_sdw: add support for SKU 0B14 Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 02/19] ASoC: simple-card: fixup asoc_simple_probe() error handling Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 03/19] coresight: tmc-etr: Disable warnings for allocation failures Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 04/19] ACPI: EC: Add quirk for the HP Pavilion Gaming 15-dk1xxx Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 05/19] ASoC: tlv320adc3xxx: BUG: Correct micbias setting Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 06/19] Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 07/19] Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 08/19] workqueue: Fix UAF report by KASAN in pwq_release_workfn() Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 09/19] ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 10/19] net: sched: cls_u32: Fix allocation size in u32_init() Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 11/19] irqchip/riscv-intc: Mark all INTC nodes as initialized Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 12/19] irqchip/stm32-exti: add missing DT IRQ flag translation Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 13/19] dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 14/19] ALSA: usb-audio: Fix microphone sound on Nexigo webcam Sasha Levin
2023-10-18 14:13 ` Sasha Levin [this message]
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 16/19] powerpc/85xx: Fix math emulation exception Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 17/19] Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 18/19] Input: xpad - add PXN V900 support Sasha Levin
2023-10-18 14:13 ` [PATCH AUTOSEL 6.1 19/19] Input: powermate - fix use-after-free in powermate_config_complete Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231018141323.1334898-15-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=radu-nicolae.pirea@oss.nxp.com \
--cc=sd@queasysnail.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).