From: Sabrina Dubroca <sd@queasysnail.net>
To: "Russell King (Oracle)" <linux@armlinux.org.uk>
Cc: Radu Pirea <radu-nicolae.pirea@nxp.com>,
"atenart@kernel.org" <atenart@kernel.org>,
"Radu-nicolae Pirea (OSS)" <radu-nicolae.pirea@oss.nxp.com>,
"andrew@lunn.ch" <andrew@lunn.ch>,
"hkallweit1@gmail.com" <hkallweit1@gmail.com>,
"davem@davemloft.net" <davem@davemloft.net>,
Sebastian Tobuschat <sebastian.tobuschat@nxp.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"richardcochran@gmail.com" <richardcochran@gmail.com>,
"edumazet@google.com" <edumazet@google.com>,
"kuba@kernel.org" <kuba@kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: [RFC net-next v2 5/5] net: phy: nxp-c45-tja11xx: implement mdo_insert_tx_tag
Date: Fri, 1 Sep 2023 15:56:20 +0200 [thread overview]
Message-ID: <ZPHthKXGKwcyBARo@hog> (raw)
In-Reply-To: <ZPG9s1LDbphnBHUE@shell.armlinux.org.uk>
2023-09-01, 11:32:19 +0100, Russell King (Oracle) wrote:
> On Fri, Sep 01, 2023 at 12:07:32PM +0200, Sabrina Dubroca wrote:
> > 2023-09-01, 09:09:06 +0000, Radu Pirea wrote:
> > > We can do a flush very simple, but to restore the configuration maybe
> > > we should to save the key in the macsec_key structure. I am not sure if
> > > the key can be extracted from crypto_aead structure.
> >
> > Either that or in the driver. I have a small preference for driver,
> > because then cases that don't need this restore won't have to keep the
> > key in memory, reducing the likelihood of accidentally sharing it.
> > OTOH, if we centralize that code, it's easier to make sure everything
> > is cleared from kernel memory when we delete the SA.
>
> Maybe consider about doing it as a library function, so drivers that
> need this don't have to reimplement the functionality in randomly
> buggy ways?
But then the driver would depend on the macsec module, right? It's not
a large module, but that seems a bit undesirable.
I think I'd rather add the key to macsec_key, and only copy it there
in case we're offloading (we currently don't allow enabling offloading
after installing some SAs/keys so that would be fine). Maybe add a
driver flag to request keeping the keys in memory (I don't know if all
drivers will require that -- seems like all PHY drivers would, but what
about the MAC ones?).
--
Sabrina
next prev parent reply other threads:[~2023-09-01 13:56 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-24 9:16 [RFC net-next v2 0/5] Add MACsec support for TJA11XX C45 PHYs Radu Pirea (NXP OSS)
2023-08-24 9:16 ` [RFC net-next v2 1/5] net: macsec: documentation for macsec_context and macsec_ops Radu Pirea (NXP OSS)
2023-08-24 13:26 ` Antoine Tenart
2023-08-24 9:16 ` [RFC net-next v2 2/5] net: macsec: introduce mdo_insert_tx_tag Radu Pirea (NXP OSS)
2023-08-24 14:54 ` Sabrina Dubroca
2023-08-25 10:01 ` Radu Pirea (OSS)
2023-08-24 9:16 ` [RFC net-next v2 3/5] net: phy: nxp-c45-tja11xx add MACsec support Radu Pirea (NXP OSS)
2023-08-25 12:52 ` Sabrina Dubroca
2023-08-25 13:29 ` Andrew Lunn
2023-08-25 13:44 ` Radu Pirea (OSS)
2023-08-25 13:50 ` Andrew Lunn
2023-08-25 14:12 ` Radu Pirea (OSS)
2023-08-30 12:06 ` Russell King (Oracle)
2023-08-28 10:43 ` Sabrina Dubroca
2023-08-27 8:03 ` Simon Horman
2023-08-24 9:16 ` [RFC net-next v2 4/5] net: phy: nxp-c45-tja11xx: add MACsec statistics Radu Pirea (NXP OSS)
2023-08-25 13:41 ` Sabrina Dubroca
2023-08-25 14:22 ` Radu Pirea (OSS)
2023-08-24 9:16 ` [RFC net-next v2 5/5] net: phy: nxp-c45-tja11xx: implement mdo_insert_tx_tag Radu Pirea (NXP OSS)
2023-08-27 8:05 ` Simon Horman
2023-08-28 10:17 ` Sabrina Dubroca
2023-08-28 13:46 ` Radu Pirea (OSS)
2023-08-30 11:35 ` Sabrina Dubroca
2023-09-01 9:09 ` Radu Pirea
2023-09-01 9:27 ` Russell King (Oracle)
2023-09-01 11:31 ` Radu Pirea (OSS)
2023-09-01 12:45 ` Russell King (Oracle)
2023-09-01 10:07 ` Sabrina Dubroca
2023-09-01 10:32 ` Russell King (Oracle)
2023-09-01 13:56 ` Sabrina Dubroca [this message]
2023-09-01 11:58 ` Radu Pirea (OSS)
2023-09-01 13:57 ` Sabrina Dubroca
2023-09-01 14:22 ` Radu Pirea (OSS)
2023-09-01 15:37 ` Sabrina Dubroca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZPHthKXGKwcyBARo@hog \
--to=sd@queasysnail.net \
--cc=andrew@lunn.ch \
--cc=atenart@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hkallweit1@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=radu-nicolae.pirea@nxp.com \
--cc=radu-nicolae.pirea@oss.nxp.com \
--cc=richardcochran@gmail.com \
--cc=sebastian.tobuschat@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.