Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp1942721imn; Mon, 1 Aug 2022 05:53:34 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vxgLp7AqXFVaFvOun1NID0RIT9cDKvsY5Vo4KfRbfMPeFw3hM13dyWVCd/8CjqRpIEn8Lu X-Received: by 2002:a05:6402:3591:b0:43b:e8c8:a716 with SMTP id y17-20020a056402359100b0043be8c8a716mr15628641edc.356.1659358414269; Mon, 01 Aug 2022 05:53:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659358414; cv=none; d=google.com; s=arc-20160816; b=wOnT21efcVMLZPMmTCn6PDSilqwypj14KsnERKwsdTbnavbkdItPtCxGsulRLy2Tsc 434LV7j1VaA2d+zmWikZ66O7UXqyiNYtx+UcTHJ7LfuEe7YSu5lc/AwwZSuaDZiU2djg rR8+fsc1ClR+EnBYFjCeTutaQGm2P/C/vDoQ1uvcult89XVMsFGYo3O97W75xJih4Bb+ kbFGkysWam8Bud/HBROEMOX/ZrFX9zLBLX7wLXndG8T+C7H+pEzkmPEfe8Lb3dyWLl70 e7KYU8YHppXxKMIwf+yp+cj5j7I0VrYo5NPDZE2ZUNOBdZMQhKWZOCCG23kYgLEOg2Nk ljwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=rOHe9dY/t+y0+Eu/Lw6BJVtliNKfw0wXGZg0ooOlIVU=; b=KBmIEMVQzzCckE008jaNOk4NT/BLQzqjYV3dkmuSXbdAXpRKLKsv9rsC3nzsMA82Rs LyLBmw+sdP2Nqv1dgrnKNunubFI2PFbAvKKL1FcMXd85YN/SMwS82298s8dIC/FPqXhO 7Tc31gdYwxsnJbKb0gr55x47+/Wgi5cDkePMjmDef0UWD4nnSW+euDxeftN2h6nS8zev okW2dGoRcgPoxoXE90b1FDuypSry6qzyeRKSVBliiTL96BKRIPyMkjN/B+Vof4Fg+i9R MntdUIToX+IyRWOXYgR45Xz2uaPCsAO5eDXMAynLBuBFOyJ9CZviJccD8n6UVFr3P7wH WMrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dpZVFO6u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j6-20020a05640211c600b0043d063f4540si6603410edw.230.2022.08.01.05.53.07; Mon, 01 Aug 2022 05:53:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dpZVFO6u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233936AbiHAMPR (ORCPT + 99 others); Mon, 1 Aug 2022 08:15:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234237AbiHAMO3 (ORCPT ); Mon, 1 Aug 2022 08:14:29 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 357A376971; Mon, 1 Aug 2022 04:57:59 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5F6EB601C3; Mon, 1 Aug 2022 11:57:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6FF9FC433D6; Mon, 1 Aug 2022 11:57:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659355077; bh=O0zr0PxF78Gk7AWY0nQA4LpehnbWArrEz/phO6/gcB8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dpZVFO6ulvTZU8GkVMUB7+8723w/WOB5uEv0k+mjvjkoLtHJwSHKx1KY+xJyJ623r AGpEj88grOOLJqnNs08e7P8/N0JW84tqlpF3P32hj18+Al8F+8fjn+aKSG3q4tkvM3 P6HsUXKamzLRUOEZoxG7KlT/BANHLryjppZRyRwU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sabrina Dubroca , "David S. Miller" , Sasha Levin Subject: [PATCH 5.18 54/88] macsec: limit replay window size with XPN Date: Mon, 1 Aug 2022 13:47:08 +0200 Message-Id: <20220801114140.503169544@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114138.041018499@linuxfoundation.org> References: <20220801114138.041018499@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sabrina Dubroca [ Upstream commit b07a0e2044057f201d694ab474f5c42a02b6465b ] IEEE 802.1AEbw-2013 (section 10.7.8) specifies that the maximum value of the replay window is 2^30-1, to help with recovery of the upper bits of the PN. To avoid leaving the existing macsec device in an inconsistent state if this test fails during changelink, reuse the cleanup mechanism introduced for HW offload. This wasn't needed until now because macsec_changelink_common could not fail during changelink, as modifying the cipher suite was not allowed. Finally, this must happen after handling IFLA_MACSEC_CIPHER_SUITE so that secy->xpn is set. Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)") Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/macsec.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 634452d3ecc5..b3834e353c22 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -243,6 +243,7 @@ static struct macsec_cb *macsec_skb_cb(struct sk_buff *skb) #define DEFAULT_SEND_SCI true #define DEFAULT_ENCRYPT false #define DEFAULT_ENCODING_SA 0 +#define MACSEC_XPN_MAX_REPLAY_WINDOW (((1 << 30) - 1)) static bool send_sci(const struct macsec_secy *secy) { @@ -3746,9 +3747,6 @@ static int macsec_changelink_common(struct net_device *dev, secy->operational = tx_sa && tx_sa->active; } - if (data[IFLA_MACSEC_WINDOW]) - secy->replay_window = nla_get_u32(data[IFLA_MACSEC_WINDOW]); - if (data[IFLA_MACSEC_ENCRYPT]) tx_sc->encrypt = !!nla_get_u8(data[IFLA_MACSEC_ENCRYPT]); @@ -3794,6 +3792,16 @@ static int macsec_changelink_common(struct net_device *dev, } } + if (data[IFLA_MACSEC_WINDOW]) { + secy->replay_window = nla_get_u32(data[IFLA_MACSEC_WINDOW]); + + /* IEEE 802.1AEbw-2013 10.7.8 - maximum replay window + * for XPN cipher suites */ + if (secy->xpn && + secy->replay_window > MACSEC_XPN_MAX_REPLAY_WINDOW) + return -EINVAL; + } + return 0; } @@ -3823,7 +3831,7 @@ static int macsec_changelink(struct net_device *dev, struct nlattr *tb[], ret = macsec_changelink_common(dev, data); if (ret) - return ret; + goto cleanup; /* If h/w offloading is available, propagate to the device */ if (macsec_is_offloaded(macsec)) { -- 2.35.1