Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1547390pxb;
        Tue, 8 Feb 2022 21:52:54 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzYHvATbVzD8AHvnl/1mbCEhpdcroEl12PzDhFvfOb7u6QHbfS75AXqov7gGEs/WhVXFtNp
X-Received: by 2002:a17:902:f611:: with SMTP id n17mr615038plg.122.1644385974719;
        Tue, 08 Feb 2022 21:52:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1644385974; cv=none;
        d=google.com; s=arc-20160816;
        b=aSeggG8cL9VZXpaSehrlOPCb5eyWzk+zhrANBRQpfVUVkN2foeCeyMvPlt2AzukiV9
         n2nswh7rdqnX+9QPGjubmbC+dht0AW3pBTIgrNS+fmXwtj3HX2tGAzfGICCeDYI1p/CP
         N6yGNh22je4NyOFT+IjoGLOPFRpHfkmUblYP80bQPV00BP8ja8n761MTyC7fosXIrKPW
         RfK8Q7HwrspZkBJObXfp1kV6iIlDc3RUDUSPoXL5/n33xxFVFBijOtkYdVxQB5P4XDh6
         RPudvUlxBqlgA1i8mFQMO1tMbMJcpaVpaCOFzy6OyLSXu+5ED5VriBq+SMcueI0d6Cjb
         Bo8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=CHodE06K8zYIztPG9cICHOL5wHBjS7zdjHYe6OmIGH0=;
        b=n0iNiU14fnPJD3rZi/uGIonW+3/pHLbMAhuw8FtFnFKqRbP3WIXPJfoPqV8/dpKwmI
         5HmUBnRlr90L8odjgBcMr97aZ+VBk8TmRRYiwwLlktIiKL1ctrgec1kYw7HRIlqW0CX5
         ygri977VtBwHSEc+5ifaIGCN4bq5X5HUu2qDVO68xc8yLYCzB81cu5WeEJZ4qYEmfzCH
         njXkqDXnjintXLkqn10ogiAmh4fuiNm1G0FED374+NtITepAaMGuyQESLaM/9UIc3P8H
         q4eoLWGKCXyvur6FAHn5yqPTnnKTz+aOIhiXoC/sgYC7+WcrS6QEwWKcXJzxIcdtmPc+
         C4dw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=MOsDKxAn;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id l64si949168pgd.252.2022.02.08.21.52.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 08 Feb 2022 21:52:54 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=MOsDKxAn;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id F3F86C0045B5;
	Tue,  8 Feb 2022 21:47:01 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1381689AbiBGL3Q (ORCPT <rfc822;10maurycy10@gmail.com>
        + 99 others); Mon, 7 Feb 2022 06:29:16 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34520 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1383412AbiBGLW0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 7 Feb 2022 06:22:26 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 331A6C043181;
        Mon,  7 Feb 2022 03:22:26 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id B8A3D61388;
        Mon,  7 Feb 2022 11:22:25 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 96CB3C004E1;
        Mon,  7 Feb 2022 11:22:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1644232945;
        bh=RjLcbxRpv+Y7o6Mi6MjzGygqJI/L5hAeZx0ol2bEJeI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=MOsDKxAnroHaRK7RQd0alkzVA4YzBMk9SCFDpBMcGZM3fWcz+yiZVtyNiE2M0F8vL
         L1GTKK17aKZWktQs2ZnS2kX7xfwIIW8OzqjKbJgNjNsEalOvScCQpAcZaNN1Syfda4
         PZA6vjTsaLlA4/xtVLbc2He1NLUmeAat1+B/hOOw=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Lior Nahmanson <liorna@nvidia.com>,
        Raed Salem <raeds@nvidia.com>, Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 5.10 41/74] net: macsec: Verify that send_sci is on when setting Tx sci explicitly
Date:   Mon,  7 Feb 2022 12:06:39 +0100
Message-Id: <20220207103758.573403731@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220207103757.232676988@linuxfoundation.org>
References: <20220207103757.232676988@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Lior Nahmanson <liorna@nvidia.com>

commit d0cfa548dbde354de986911d3913897b5448faad upstream.

When setting Tx sci explicit, the Rx side is expected to use this
sci and not recalculate it from the packet.However, in case of Tx sci
is explicit and send_sci is off, the receiver is wrongly recalculate
the sci from the source MAC address which most likely be different
than the explicit sci.

Fix by preventing such configuration when macsec newlink is established
and return EINVAL error code on such cases.

Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver")
Signed-off-by: Lior Nahmanson <liorna@nvidia.com>
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Raed Salem <raeds@nvidia.com>
Link: https://lore.kernel.org/r/1643542672-29403-1-git-send-email-raeds@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/macsec.c |    9 +++++++++
 1 file changed, 9 insertions(+)

--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -4017,6 +4017,15 @@ static int macsec_newlink(struct net *ne
 	    !macsec_check_offload(macsec->offload, macsec))
 		return -EOPNOTSUPP;
 
+	/* send_sci must be set to true when transmit sci explicitly is set */
+	if ((data && data[IFLA_MACSEC_SCI]) &&
+	    (data && data[IFLA_MACSEC_INC_SCI])) {
+		u8 send_sci = !!nla_get_u8(data[IFLA_MACSEC_INC_SCI]);
+
+		if (!send_sci)
+			return -EINVAL;
+	}
+
 	if (data && data[IFLA_MACSEC_ICV_LEN])
 		icv_len = nla_get_u8(data[IFLA_MACSEC_ICV_LEN]);
 	mtu = real_dev->mtu - icv_len - macsec_extra_len(true);