From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E39C4C4332F for ; Mon, 7 Feb 2022 11:30:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357482AbiBGLZY (ORCPT ); Mon, 7 Feb 2022 06:25:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1382505AbiBGLT0 (ORCPT ); Mon, 7 Feb 2022 06:19:26 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A604BC043181; Mon, 7 Feb 2022 03:19:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 666C3B8111C; Mon, 7 Feb 2022 11:19:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 88789C340EB; Mon, 7 Feb 2022 11:19:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1644232763; bh=CFaBO+EbxGmw9/Yfmk0ysdAHrDRLa/UwHDHnUYFFR4g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TNk6FGrRRkj3wwXfS0/j9RceOQAN1NHwLaDbgj8f4UzGFoMNCijBobJjEqRfe7UaF hKgBt6JHhU8XydpDxXW/AfCDgFslb/up2IJnyS1sTWmTzZSpUVwjyqs0q2cK832HnO qKsgj6ndWQjidPl5vhkGGJ/XAOf0sT6aSQFxX2Vg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lior Nahmanson , Raed Salem , Jakub Kicinski Subject: [PATCH 5.4 28/44] net: macsec: Verify that send_sci is on when setting Tx sci explicitly Date: Mon, 7 Feb 2022 12:06:44 +0100 Message-Id: <20220207103754.074785512@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220207103753.155627314@linuxfoundation.org> References: <20220207103753.155627314@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Lior Nahmanson commit d0cfa548dbde354de986911d3913897b5448faad upstream. When setting Tx sci explicit, the Rx side is expected to use this sci and not recalculate it from the packet.However, in case of Tx sci is explicit and send_sci is off, the receiver is wrongly recalculate the sci from the source MAC address which most likely be different than the explicit sci. Fix by preventing such configuration when macsec newlink is established and return EINVAL error code on such cases. Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Lior Nahmanson Reviewed-by: Raed Salem Signed-off-by: Raed Salem Link: https://lore.kernel.org/r/1643542672-29403-1-git-send-email-raeds@nvidia.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- drivers/net/macsec.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -3247,6 +3247,15 @@ static int macsec_newlink(struct net *ne macsec->real_dev = real_dev; + /* send_sci must be set to true when transmit sci explicitly is set */ + if ((data && data[IFLA_MACSEC_SCI]) && + (data && data[IFLA_MACSEC_INC_SCI])) { + u8 send_sci = !!nla_get_u8(data[IFLA_MACSEC_INC_SCI]); + + if (!send_sci) + return -EINVAL; + } + if (data && data[IFLA_MACSEC_ICV_LEN]) icv_len = nla_get_u8(data[IFLA_MACSEC_ICV_LEN]); mtu = real_dev->mtu - icv_len - macsec_extra_len(true);