1. Patchew
  2. linux
  3. View series

[PATCH net] net: macsec: Retrieve MACSec-XPN attributes before offloading

Carlos Fernandez posted 1 patch 3 years, 10 months ago 
drivers/net/macsec.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
[PATCH net] net: macsec: Retrieve MACSec-XPN attributes before offloading
Posted by Carlos Fernandez 3 years, 10 months ago 
When MACsec offloading is used with XPN, before mdo_add_rxsa
and mdo_add_txsa functions are called, the key salt is not
copied to the macsec context struct. Offloaded phys will need
this data when performing offloading.

Fix by copying salt and id to context struct before calling the
offloading functions.

Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites")
Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de>
---
 drivers/net/macsec.c | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 832f09ac075e..4f2bd3d722c3 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1804,6 +1804,14 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
 
 	rx_sa->sc = rx_sc;
 
+	if (secy->xpn) {
+		rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
+		nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
+			   MACSEC_SALT_LEN);
+	}
+
+	nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
+
 	/* If h/w offloading is available, propagate to the device */
 	if (macsec_is_offloaded(netdev_priv(dev))) {
 		const struct macsec_ops *ops;
@@ -1826,13 +1834,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
 			goto cleanup;
 	}
 
-	if (secy->xpn) {
-		rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
-		nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
-			   MACSEC_SALT_LEN);
-	}
-
-	nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
 	rcu_assign_pointer(rx_sc->sa[assoc_num], rx_sa);
 
 	rtnl_unlock();
@@ -2046,6 +2047,14 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
 	if (assoc_num == tx_sc->encoding_sa && tx_sa->active)
 		secy->operational = true;
 
+	if (secy->xpn) {
+		tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
+		nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
+			   MACSEC_SALT_LEN);
+	}
+
+	nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
+
 	/* If h/w offloading is available, propagate to the device */
 	if (macsec_is_offloaded(netdev_priv(dev))) {
 		const struct macsec_ops *ops;
@@ -2068,13 +2077,6 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
 			goto cleanup;
 	}
 
-	if (secy->xpn) {
-		tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
-		nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
-			   MACSEC_SALT_LEN);
-	}
-
-	nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
 	rcu_assign_pointer(tx_sc->sa[assoc_num], tx_sa);
 
 	rtnl_unlock();
Re: [PATCH net] net: macsec: Retrieve MACSec-XPN attributes before offloading
Posted by Paolo Abeni 3 years, 10 months ago 
Hello,

On Tue, 2022-06-28 at 13:16 +0200, Carlos Fernandez wrote:
> When MACsec offloading is used with XPN, before mdo_add_rxsa
> and mdo_add_txsa functions are called, the key salt is not
> copied to the macsec context struct. Offloaded phys will need
> this data when performing offloading.
> 
> Fix by copying salt and id to context struct before calling the
> offloading functions.
> 
> Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites")
> Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de>

This does not pass the checkpatch validation:

https://patchwork.kernel.org/project/netdevbpf/patch/20220628111617.28001-1-carlos.fernandez@technica-engineering.de/

The required 'From: ' tag is still missing.

Please really add it and re-post. Please additionally check your patch
status after the submission via the patchwork UI:

https://patchwork.kernel.org/user/todo/netdevbpf/

so you can detect this kind of issues earlier.

Thanks!

Paolo 
> ---
>  drivers/net/macsec.c | 30 ++++++++++++++++--------------
>  1 file changed, 16 insertions(+), 14 deletions(-)
> 
> diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
> index 832f09ac075e..4f2bd3d722c3 100644
> --- a/drivers/net/macsec.c
> +++ b/drivers/net/macsec.c
> @@ -1804,6 +1804,14 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
>  
>  	rx_sa->sc = rx_sc;
>  
> +	if (secy->xpn) {
> +		rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
> +		nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
> +			   MACSEC_SALT_LEN);
> +	}
> +
> +	nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
> +
>  	/* If h/w offloading is available, propagate to the device */
>  	if (macsec_is_offloaded(netdev_priv(dev))) {
>  		const struct macsec_ops *ops;
> @@ -1826,13 +1834,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
>  			goto cleanup;
>  	}
>  
> -	if (secy->xpn) {
> -		rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
> -		nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
> -			   MACSEC_SALT_LEN);
> -	}
> -
> -	nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
>  	rcu_assign_pointer(rx_sc->sa[assoc_num], rx_sa);
>  
>  	rtnl_unlock();
> @@ -2046,6 +2047,14 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
>  	if (assoc_num == tx_sc->encoding_sa && tx_sa->active)
>  		secy->operational = true;
>  
> +	if (secy->xpn) {
> +		tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
> +		nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
> +			   MACSEC_SALT_LEN);
> +	}
> +
> +	nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
> +
>  	/* If h/w offloading is available, propagate to the device */
>  	if (macsec_is_offloaded(netdev_priv(dev))) {
>  		const struct macsec_ops *ops;
> @@ -2068,13 +2077,6 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
>  			goto cleanup;
>  	}
>  
> -	if (secy->xpn) {
> -		tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
> -		nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
> -			   MACSEC_SALT_LEN);
> -	}
> -
> -	nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
>  	rcu_assign_pointer(tx_sc->sa[assoc_num], tx_sa);
>  
>  	rtnl_unlock();
>
Re: [PATCH net] net: macsec: Retrieve MACSec-XPN attributes before offloading
Posted by Carlos Fernandez 3 years, 10 months ago 
Hi Paolo, 

Sorry about that, I was pretty sure I added it in the first line of the patch and then I used git send-email. 
Is there any way that I can be sure everything is ok before sending it? I'll try again.

Thanks,

________________________________________
From: Paolo Abeni <pabeni@redhat.com>
Sent: Thursday, June 30, 2022 10:16 AM
To: Carlos Fernandez; davem@davemloft.net; edumazet@google.com; kuba@kernel.org; mayflowerera@gmail.com; netdev@vger.kernel.org; linux-kernel@vger.kernel.org
Cc: Carlos Fernandez
Subject: Re: [PATCH net] net: macsec: Retrieve MACSec-XPN attributes before offloading

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hello,

On Tue, 2022-06-28 at 13:16 +0200, Carlos Fernandez wrote:
> When MACsec offloading is used with XPN, before mdo_add_rxsa
> and mdo_add_txsa functions are called, the key salt is not
> copied to the macsec context struct. Offloaded phys will need
> this data when performing offloading.
>
> Fix by copying salt and id to context struct before calling the
> offloading functions.
>
> Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites")
> Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de>

This does not pass the checkpatch validation:

https://patchwork.kernel.org/project/netdevbpf/patch/20220628111617.28001-1-carlos.fernandez@technica-engineering.de/

The required 'From: ' tag is still missing.

Please really add it and re-post. Please additionally check your patch
status after the submission via the patchwork UI:

https://patchwork.kernel.org/user/todo/netdevbpf/

so you can detect this kind of issues earlier.

Thanks!

Paolo
> ---
>  drivers/net/macsec.c | 30 ++++++++++++++++--------------
>  1 file changed, 16 insertions(+), 14 deletions(-)
>
> diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
> index 832f09ac075e..4f2bd3d722c3 100644
> --- a/drivers/net/macsec.c
> +++ b/drivers/net/macsec.c
> @@ -1804,6 +1804,14 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
>
>       rx_sa->sc = rx_sc;
>
> +     if (secy->xpn) {
> +             rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
> +             nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
> +                        MACSEC_SALT_LEN);
> +     }
> +
> +     nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
> +
>       /* If h/w offloading is available, propagate to the device */
>       if (macsec_is_offloaded(netdev_priv(dev))) {
>               const struct macsec_ops *ops;
> @@ -1826,13 +1834,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
>                       goto cleanup;
>       }
>
> -     if (secy->xpn) {
> -             rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
> -             nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
> -                        MACSEC_SALT_LEN);
> -     }
> -
> -     nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
>       rcu_assign_pointer(rx_sc->sa[assoc_num], rx_sa);
>
>       rtnl_unlock();
> @@ -2046,6 +2047,14 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
>       if (assoc_num == tx_sc->encoding_sa && tx_sa->active)
>               secy->operational = true;
>
> +     if (secy->xpn) {
> +             tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
> +             nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
> +                        MACSEC_SALT_LEN);
> +     }
> +
> +     nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
> +
>       /* If h/w offloading is available, propagate to the device */
>       if (macsec_is_offloaded(netdev_priv(dev))) {
>               const struct macsec_ops *ops;
> @@ -2068,13 +2077,6 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
>                       goto cleanup;
>       }
>
> -     if (secy->xpn) {
> -             tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
> -             nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
> -                        MACSEC_SALT_LEN);
> -     }
> -
> -     nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
>       rcu_assign_pointer(tx_sc->sa[assoc_num], tx_sa);
>
>       rtnl_unlock();
>
Re: [PATCH net] net: macsec: Retrieve MACSec-XPN attributes before offloading
Posted by Paolo Abeni 3 years, 10 months ago 
On Thu, 2022-06-30 at 08:51 +0000, Carlos Fernandez wrote:
> Sorry about that, I was pretty sure I added it in the first line of the patch and then I used git send-email. 
> Is there any way that I can be sure everything is ok before sending it? I'll try again.

As a last resort thing, you can git send-email to another account under
your control (_only_ to that recipient!), git am <email> on a clean -
net tree and check that everything is fine.

Cheers,

Paolo

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.