From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.7 required=3.0 tests=DKIM_ADSP_ALL,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15F96C5B57D for ; Tue, 2 Jul 2019 04:38:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DA68A206E0 for ; Tue, 2 Jul 2019 04:38:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=domdv.de header.i=@domdv.de header.b="V8LuTlxI" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725812AbfGBEi1 (ORCPT ); Tue, 2 Jul 2019 00:38:27 -0400 Received: from hermes.domdv.de ([193.102.202.1]:1788 "EHLO hermes.domdv.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725648AbfGBEi1 (ORCPT ); Tue, 2 Jul 2019 00:38:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=domdv.de; s=dk3; h=Content-Transfer-Encoding:MIME-Version:Content-Type:References: In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=xeaBIMOPw7/voZfgKZji7SobaICXyrnnmWb+/5GMVRs=; b=V8LuTlxIEk+23G2vKwTk+bxVzF hWL1PejY+UqiYLmXYyA/s88/KLHa90TiARDYWMcDUTIY8DuivUyyVjLQ6hNigkRE0NZLYzZ6QJZcV 1wM06HiabzZrGDV8iE6kpSd410oP2gZiA7TOgXrXQV5xdDfKyGY7lJp+tkMlSNnwCi0w=; Received: from [fd06:8443:81a1:74b0::212] (port=1240 helo=castor.lan.domdv.de) by zeus.domdv.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from ) id 1hiAXj-0006mm-OU; Tue, 02 Jul 2019 06:37:23 +0200 Received: from woody.lan.domdv.de ([10.1.9.28] helo=host028-server-9.lan.domdv.de) by castor.lan.domdv.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from ) id 1hiAXj-0006NC-JP; Tue, 02 Jul 2019 06:37:23 +0200 Message-ID: Subject: Re: [PATCH net-next 3/3] macsec: add brackets and indentation after calling macsec_decrypt From: Andreas Steinmetz To: Sabrina Dubroca , Willem de Bruijn Cc: Network Development Date: Tue, 02 Jul 2019 06:37:23 +0200 In-Reply-To: <20190701132157.GA15622@bistromath.localdomain> References: <4932e7da775e76aa928f44c19288aa3a6ec72313.camel@domdv.de> <20190701132157.GA15622@bistromath.localdomain> Organization: D.O.M. Datenverarbeitung GmbH Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.5 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Ouch, I missed that when Andreas sent me that patch before. No, it is > actually intended. If we skip macsec_decrypt(), we should still > account for that packet in the InPktsUnchecked/InPktsDelayed > counters. That's in Figure 10-5 in the standard. > > Thanks for catching this, Willem. That patch should only move the > IS_ERR(skb) case under the block where macsec_decrypt() is called, but > not move the call to macsec_post_decrypt(). Updated patch below. Signed-off-by: Andreas Steinmetz --- a/drivers/net/macsec.c 2019-07-02 06:31:27.550120145 +0200 +++ b/drivers/net/macsec.c 2019-07-02 06:33:38.637599529 +0200 @@ -1205,17 +1205,18 @@ /* Disabled && !changed text => skip validation */ if (hdr->tci_an & MACSEC_TCI_C || - secy->validate_frames != MACSEC_VALIDATE_DISABLED) + secy->validate_frames != MACSEC_VALIDATE_DISABLED) { skb = macsec_decrypt(skb, dev, rx_sa, sci, secy); - if (IS_ERR(skb)) { - /* the decrypt callback needs the reference */ - if (PTR_ERR(skb) != -EINPROGRESS) { - macsec_rxsa_put(rx_sa); - macsec_rxsc_put(rx_sc); + if (IS_ERR(skb)) { + /* the decrypt callback needs the reference */ + if (PTR_ERR(skb) != -EINPROGRESS) { + macsec_rxsa_put(rx_sa); + macsec_rxsc_put(rx_sc); + } + rcu_read_unlock(); + return RX_HANDLER_CONSUMED; } - rcu_read_unlock(); - return RX_HANDLER_CONSUMED; } if (!macsec_post_decrypt(skb, secy, pn))