From: Carlos Fernandez <[email protected]>
Salt and KeyId copied to offloading context.
If not, offloaded phys cannot work with XPN
Signed-off-by: Carlos Fernandez <[email protected]>
---
drivers/net/macsec.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 832f09ac075e..4f2bd3d722c3 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1804,6 +1804,14 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
rx_sa->sc = rx_sc;
+ if (secy->xpn) {
+ rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
+ nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
+ MACSEC_SALT_LEN);
+ }
+
+ nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
+
/* If h/w offloading is available, propagate to the device */
if (macsec_is_offloaded(netdev_priv(dev))) {
const struct macsec_ops *ops;
@@ -1826,13 +1834,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
goto cleanup;
}
- if (secy->xpn) {
- rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
- nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
- MACSEC_SALT_LEN);
- }
-
- nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
rcu_assign_pointer(rx_sc->sa[assoc_num], rx_sa);
rtnl_unlock();
@@ -2046,6 +2047,14 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
if (assoc_num == tx_sc->encoding_sa && tx_sa->active)
secy->operational = true;
+ if (secy->xpn) {
+ tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
+ nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
+ MACSEC_SALT_LEN);
+ }
+
+ nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
+
/* If h/w offloading is available, propagate to the device */
if (macsec_is_offloaded(netdev_priv(dev))) {
const struct macsec_ops *ops;
@@ -2068,13 +2077,6 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
goto cleanup;
}
- if (secy->xpn) {
- tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
- nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
- MACSEC_SALT_LEN);
- }
-
- nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
rcu_assign_pointer(tx_sc->sa[assoc_num], tx_sa);
rtnl_unlock();
--
2.25.1
Hello,
On Mon, 2022-05-02 at 14:18 +0200, Carlos Fernansez wrote:
> From: Carlos Fernandez <[email protected]>
>
> Salt and KeyId copied to offloading context.
>
> If not, offloaded phys cannot work with XPN
>
> Signed-off-by: Carlos Fernandez <[email protected]>
This looks like a bugfix, could you please provide a relevant 'Fixes'
tag? (in a v2).
Additionally could you please expand the commit message a bit?
Thanks!
Paolo
When macsec offloading is used with XPN, before mdo_add_rxsa
and mdo_add_txsa functions are called, the key salt is not
copied to the macsec context struct.
Fix by copying salt to context struct before calling the
offloading functions.
Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites")
Signed-off-by: Carlos Fernandez <[email protected]>
---
drivers/net/macsec.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 832f09ac075e..4f2bd3d722c3 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1804,6 +1804,14 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
rx_sa->sc = rx_sc;
+ if (secy->xpn) {
+ rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
+ nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
+ MACSEC_SALT_LEN);
+ }
+
+ nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
+
/* If h/w offloading is available, propagate to the device */
if (macsec_is_offloaded(netdev_priv(dev))) {
const struct macsec_ops *ops;
@@ -1826,13 +1834,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
goto cleanup;
}
- if (secy->xpn) {
- rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
- nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
- MACSEC_SALT_LEN);
- }
-
- nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
rcu_assign_pointer(rx_sc->sa[assoc_num], rx_sa);
rtnl_unlock();
@@ -2046,6 +2047,14 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
if (assoc_num == tx_sc->encoding_sa && tx_sa->active)
secy->operational = true;
+ if (secy->xpn) {
+ tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
+ nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
+ MACSEC_SALT_LEN);
+ }
+
+ nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
+
/* If h/w offloading is available, propagate to the device */
if (macsec_is_offloaded(netdev_priv(dev))) {
const struct macsec_ops *ops;
@@ -2068,13 +2077,6 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
goto cleanup;
}
- if (secy->xpn) {
- tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]);
- nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT],
- MACSEC_SALT_LEN);
- }
-
- nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
rcu_assign_pointer(tx_sc->sa[assoc_num], tx_sa);
rtnl_unlock();
--
2.25.1
________________________________________
From: Paolo Abeni <[email protected]>
Sent: Tuesday, May 3, 2022 1:42 PM
To: Carlos Fernansez
Cc: [email protected]; Carlos Fernandez; David S. Miller; Eric Dumazet; Jakub Kicinski; [email protected]; [email protected]
Subject: Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
On Mon, 2022-05-02 at 14:18 +0200, Carlos Fernansez wrote:
> From: Carlos Fernandez <[email protected]>
>
> Salt and KeyId copied to offloading context.
>
> If not, offloaded phys cannot work with XPN
>
> Signed-off-by: Carlos Fernandez <[email protected]>
This looks like a bugfix, could you please provide a relevant 'Fixes'
tag? (in a v2).
Additionally could you please expand the commit message a bit?
Thanks!
Paolo
On Thu, 5 May 2022 12:32:33 +0000 Carlos Fernandez wrote:
> When macsec offloading is used with XPN, before mdo_add_rxsa
> and mdo_add_txsa functions are called, the key salt is not
> copied to the macsec context struct.
So that it can be read out later by user space, but kernel
doesn't need it. Is that correct?
Please also see below.
> Fix by copying salt to context struct before calling the
> offloading functions.
>
> Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites")
> Signed-off-by: Carlos Fernandez <[email protected]>
> ---
> drivers/net/macsec.c | 30 ++++++++++++++++--------------
> 1 file changed, 16 insertions(+), 14 deletions(-)
[snip]
> rtnl_unlock();
> --
> 2.25.1
>
> ________________________________________
> From: Paolo Abeni <[email protected]>
> Sent: Tuesday, May 3, 2022 1:42 PM
> To: Carlos Fernansez
> Cc: [email protected]; Carlos Fernandez; David S. Miller; Eric Dumazet; Jakub Kicinski; [email protected]; [email protected]
> Subject: Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
You'll need to make a fresh posting without this quote and the legal
footer. Posting as a new thread is encouraged, you don't need to try
to make it a reply to the previous posting.
> Hello,
>
> On Mon, 2022-05-02 at 14:18 +0200, Carlos Fernansez wrote:
> > From: Carlos Fernandez <[email protected]>
> >
> > Salt and KeyId copied to offloading context.
> >
> > If not, offloaded phys cannot work with XPN
> >
> > Signed-off-by: Carlos Fernandez <[email protected]>
>
> This looks like a bugfix, could you please provide a relevant 'Fixes'
> tag? (in a v2).
Thanks, Jakub. I'll create a new patch with all the changes and send it again.
________________________________________
From: Jakub Kicinski <[email protected]>
Sent: Thursday, May 5, 2022 6:04 PM
To: Carlos Fernandez
Cc: Paolo Abeni; Carlos Fernansez; [email protected]; David S. Miller; Eric Dumazet; [email protected]; [email protected]
Subject: Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On Thu, 5 May 2022 12:32:33 +0000 Carlos Fernandez wrote:
> When macsec offloading is used with XPN, before mdo_add_rxsa
> and mdo_add_txsa functions are called, the key salt is not
> copied to the macsec context struct.
So that it can be read out later by user space, but kernel
doesn't need it. Is that correct?
Please also see below.
> Fix by copying salt to context struct before calling the
> offloading functions.
>
> Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites")
> Signed-off-by: Carlos Fernandez <[email protected]>
> ---
> drivers/net/macsec.c | 30 ++++++++++++++++--------------
> 1 file changed, 16 insertions(+), 14 deletions(-)
[snip]
> rtnl_unlock();
> --
> 2.25.1
>
> ________________________________________
> From: Paolo Abeni <[email protected]>
> Sent: Tuesday, May 3, 2022 1:42 PM
> To: Carlos Fernansez
> Cc: [email protected]; Carlos Fernandez; David S. Miller; Eric Dumazet; Jakub Kicinski; [email protected]; [email protected]
> Subject: Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
You'll need to make a fresh posting without this quote and the legal
footer. Posting as a new thread is encouraged, you don't need to try
to make it a reply to the previous posting.
> Hello,
>
> On Mon, 2022-05-02 at 14:18 +0200, Carlos Fernansez wrote:
> > From: Carlos Fernandez <[email protected]>
> >
> > Salt and KeyId copied to offloading context.
> >
> > If not, offloaded phys cannot work with XPN
> >
> > Signed-off-by: Carlos Fernandez <[email protected]>
>
> This looks like a bugfix, could you please provide a relevant 'Fixes'
> tag? (in a v2).
On Thu, 5 May 2022 09:04:32 -0700 Jakub Kicinski wrote:
> > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> You'll need to make a fresh posting without this quote and the legal
> footer. Posting as a new thread is encouraged, you don't need to try
> to make it a reply to the previous posting.
Ah, you already did that.