* [PATCH] net/macsec copy salt to MACSec ctx for XPN [not found] <XPN copy to MACSec context> @ 2022-05-02 12:18 ` Carlos Fernansez 2022-05-03 11:42 ` Paolo Abeni 0 siblings, 1 reply; 6+ messages in thread From: Carlos Fernansez @ 2022-05-02 12:18 UTC (permalink / raw) Cc: carlos.fernandez, Carlos Fernandez, David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev, linux-kernel From: Carlos Fernandez <carlos.fernandez@technica-engineering.de> Salt and KeyId copied to offloading context. If not, offloaded phys cannot work with XPN Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de> --- drivers/net/macsec.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 832f09ac075e..4f2bd3d722c3 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1804,6 +1804,14 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info) rx_sa->sc = rx_sc; + if (secy->xpn) { + rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]); + nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT], + MACSEC_SALT_LEN); + } + + nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN); + /* If h/w offloading is available, propagate to the device */ if (macsec_is_offloaded(netdev_priv(dev))) { const struct macsec_ops *ops; @@ -1826,13 +1834,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info) goto cleanup; } - if (secy->xpn) { - rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]); - nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT], - MACSEC_SALT_LEN); - } - - nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN); rcu_assign_pointer(rx_sc->sa[assoc_num], rx_sa); rtnl_unlock(); @@ -2046,6 +2047,14 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info) if (assoc_num == tx_sc->encoding_sa && tx_sa->active) secy->operational = true; + if (secy->xpn) { + tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]); + nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT], + MACSEC_SALT_LEN); + } + + nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN); + /* If h/w offloading is available, propagate to the device */ if (macsec_is_offloaded(netdev_priv(dev))) { const struct macsec_ops *ops; @@ -2068,13 +2077,6 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info) goto cleanup; } - if (secy->xpn) { - tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]); - nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT], - MACSEC_SALT_LEN); - } - - nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN); rcu_assign_pointer(tx_sc->sa[assoc_num], tx_sa); rtnl_unlock(); -- 2.25.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN 2022-05-02 12:18 ` [PATCH] net/macsec copy salt to MACSec ctx for XPN Carlos Fernansez @ 2022-05-03 11:42 ` Paolo Abeni 2022-05-05 12:32 ` Carlos Fernandez 0 siblings, 1 reply; 6+ messages in thread From: Paolo Abeni @ 2022-05-03 11:42 UTC (permalink / raw) To: Carlos Fernansez Cc: carlos.fernandez, Carlos Fernandez, David S. Miller, Eric Dumazet, Jakub Kicinski, netdev, linux-kernel Hello, On Mon, 2022-05-02 at 14:18 +0200, Carlos Fernansez wrote: > From: Carlos Fernandez <carlos.fernandez@technica-engineering.de> > > Salt and KeyId copied to offloading context. > > If not, offloaded phys cannot work with XPN > > Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de> This looks like a bugfix, could you please provide a relevant 'Fixes' tag? (in a v2). Additionally could you please expand the commit message a bit? Thanks! Paolo ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN 2022-05-03 11:42 ` Paolo Abeni @ 2022-05-05 12:32 ` Carlos Fernandez 2022-05-05 16:04 ` Jakub Kicinski 0 siblings, 1 reply; 6+ messages in thread From: Carlos Fernandez @ 2022-05-05 12:32 UTC (permalink / raw) To: Paolo Abeni, Carlos Fernansez Cc: carlos.fernandez@technica-enineering.de, David S. Miller, Eric Dumazet, Jakub Kicinski, netdev@vger.kernel.org, linux-kernel@vger.kernel.org When macsec offloading is used with XPN, before mdo_add_rxsa and mdo_add_txsa functions are called, the key salt is not copied to the macsec context struct. Fix by copying salt to context struct before calling the offloading functions. Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites") Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de> --- drivers/net/macsec.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 832f09ac075e..4f2bd3d722c3 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1804,6 +1804,14 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info) rx_sa->sc = rx_sc; + if (secy->xpn) { + rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]); + nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT], + MACSEC_SALT_LEN); + } + + nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN); + /* If h/w offloading is available, propagate to the device */ if (macsec_is_offloaded(netdev_priv(dev))) { const struct macsec_ops *ops; @@ -1826,13 +1834,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info) goto cleanup; } - if (secy->xpn) { - rx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]); - nla_memcpy(rx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT], - MACSEC_SALT_LEN); - } - - nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN); rcu_assign_pointer(rx_sc->sa[assoc_num], rx_sa); rtnl_unlock(); @@ -2046,6 +2047,14 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info) if (assoc_num == tx_sc->encoding_sa && tx_sa->active) secy->operational = true; + if (secy->xpn) { + tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]); + nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT], + MACSEC_SALT_LEN); + } + + nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN); + /* If h/w offloading is available, propagate to the device */ if (macsec_is_offloaded(netdev_priv(dev))) { const struct macsec_ops *ops; @@ -2068,13 +2077,6 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info) goto cleanup; } - if (secy->xpn) { - tx_sa->ssci = nla_get_ssci(tb_sa[MACSEC_SA_ATTR_SSCI]); - nla_memcpy(tx_sa->key.salt.bytes, tb_sa[MACSEC_SA_ATTR_SALT], - MACSEC_SALT_LEN); - } - - nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN); rcu_assign_pointer(tx_sc->sa[assoc_num], tx_sa); rtnl_unlock(); -- 2.25.1 ________________________________________ From: Paolo Abeni <pabeni@redhat.com> Sent: Tuesday, May 3, 2022 1:42 PM To: Carlos Fernansez Cc: carlos.fernandez@technica-enineering.de; Carlos Fernandez; David S. Miller; Eric Dumazet; Jakub Kicinski; netdev@vger.kernel.org; linux-kernel@vger.kernel.org Subject: Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello, On Mon, 2022-05-02 at 14:18 +0200, Carlos Fernansez wrote: > From: Carlos Fernandez <carlos.fernandez@technica-engineering.de> > > Salt and KeyId copied to offloading context. > > If not, offloaded phys cannot work with XPN > > Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de> This looks like a bugfix, could you please provide a relevant 'Fixes' tag? (in a v2). Additionally could you please expand the commit message a bit? Thanks! Paolo ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN 2022-05-05 12:32 ` Carlos Fernandez @ 2022-05-05 16:04 ` Jakub Kicinski 2022-05-05 16:05 ` Jakub Kicinski 2022-05-06 8:12 ` Carlos Fernandez 0 siblings, 2 replies; 6+ messages in thread From: Jakub Kicinski @ 2022-05-05 16:04 UTC (permalink / raw) To: Carlos Fernandez Cc: Paolo Abeni, Carlos Fernansez, carlos.fernandez@technica-enineering.de, David S. Miller, Eric Dumazet, netdev@vger.kernel.org, linux-kernel@vger.kernel.org On Thu, 5 May 2022 12:32:33 +0000 Carlos Fernandez wrote: > When macsec offloading is used with XPN, before mdo_add_rxsa > and mdo_add_txsa functions are called, the key salt is not > copied to the macsec context struct. So that it can be read out later by user space, but kernel doesn't need it. Is that correct? Please also see below. > Fix by copying salt to context struct before calling the > offloading functions. > > Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites") > Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de> > --- > drivers/net/macsec.c | 30 ++++++++++++++++-------------- > 1 file changed, 16 insertions(+), 14 deletions(-) [snip] > rtnl_unlock(); > -- > 2.25.1 > > ________________________________________ > From: Paolo Abeni <pabeni@redhat.com> > Sent: Tuesday, May 3, 2022 1:42 PM > To: Carlos Fernansez > Cc: carlos.fernandez@technica-enineering.de; Carlos Fernandez; David S. Miller; Eric Dumazet; Jakub Kicinski; netdev@vger.kernel.org; linux-kernel@vger.kernel.org > Subject: Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN > > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. You'll need to make a fresh posting without this quote and the legal footer. Posting as a new thread is encouraged, you don't need to try to make it a reply to the previous posting. > Hello, > > On Mon, 2022-05-02 at 14:18 +0200, Carlos Fernansez wrote: > > From: Carlos Fernandez <carlos.fernandez@technica-engineering.de> > > > > Salt and KeyId copied to offloading context. > > > > If not, offloaded phys cannot work with XPN > > > > Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de> > > This looks like a bugfix, could you please provide a relevant 'Fixes' > tag? (in a v2). ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN 2022-05-05 16:04 ` Jakub Kicinski @ 2022-05-05 16:05 ` Jakub Kicinski 2022-05-06 8:12 ` Carlos Fernandez 1 sibling, 0 replies; 6+ messages in thread From: Jakub Kicinski @ 2022-05-05 16:05 UTC (permalink / raw) To: Carlos Fernandez Cc: Paolo Abeni, Carlos Fernansez, carlos.fernandez@technica-enineering.de, David S. Miller, Eric Dumazet, netdev@vger.kernel.org, linux-kernel@vger.kernel.org On Thu, 5 May 2022 09:04:32 -0700 Jakub Kicinski wrote: > > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. > > You'll need to make a fresh posting without this quote and the legal > footer. Posting as a new thread is encouraged, you don't need to try > to make it a reply to the previous posting. Ah, you already did that. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN 2022-05-05 16:04 ` Jakub Kicinski 2022-05-05 16:05 ` Jakub Kicinski @ 2022-05-06 8:12 ` Carlos Fernandez 1 sibling, 0 replies; 6+ messages in thread From: Carlos Fernandez @ 2022-05-06 8:12 UTC (permalink / raw) To: Jakub Kicinski Cc: Paolo Abeni, Carlos Fernansez, carlos.fernandez@technica-enineering.de, David S. Miller, Eric Dumazet, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Thanks, Jakub. I'll create a new patch with all the changes and send it again. ________________________________________ From: Jakub Kicinski <kuba@kernel.org> Sent: Thursday, May 5, 2022 6:04 PM To: Carlos Fernandez Cc: Paolo Abeni; Carlos Fernansez; carlos.fernandez@technica-enineering.de; David S. Miller; Eric Dumazet; netdev@vger.kernel.org; linux-kernel@vger.kernel.org Subject: Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Thu, 5 May 2022 12:32:33 +0000 Carlos Fernandez wrote: > When macsec offloading is used with XPN, before mdo_add_rxsa > and mdo_add_txsa functions are called, the key salt is not > copied to the macsec context struct. So that it can be read out later by user space, but kernel doesn't need it. Is that correct? Please also see below. > Fix by copying salt to context struct before calling the > offloading functions. > > Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites") > Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de> > --- > drivers/net/macsec.c | 30 ++++++++++++++++-------------- > 1 file changed, 16 insertions(+), 14 deletions(-) [snip] > rtnl_unlock(); > -- > 2.25.1 > > ________________________________________ > From: Paolo Abeni <pabeni@redhat.com> > Sent: Tuesday, May 3, 2022 1:42 PM > To: Carlos Fernansez > Cc: carlos.fernandez@technica-enineering.de; Carlos Fernandez; David S. Miller; Eric Dumazet; Jakub Kicinski; netdev@vger.kernel.org; linux-kernel@vger.kernel.org > Subject: Re: [PATCH] net/macsec copy salt to MACSec ctx for XPN > > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. You'll need to make a fresh posting without this quote and the legal footer. Posting as a new thread is encouraged, you don't need to try to make it a reply to the previous posting. > Hello, > > On Mon, 2022-05-02 at 14:18 +0200, Carlos Fernansez wrote: > > From: Carlos Fernandez <carlos.fernandez@technica-engineering.de> > > > > Salt and KeyId copied to offloading context. > > > > If not, offloaded phys cannot work with XPN > > > > Signed-off-by: Carlos Fernandez <carlos.fernandez@technica-engineering.de> > > This looks like a bugfix, could you please provide a relevant 'Fixes' > tag? (in a v2). ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-05-06 8:13 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <XPN copy to MACSec context>
2022-05-02 12:18 ` [PATCH] net/macsec copy salt to MACSec ctx for XPN Carlos Fernansez
2022-05-03 11:42 ` Paolo Abeni
2022-05-05 12:32 ` Carlos Fernandez
2022-05-05 16:04 ` Jakub Kicinski
2022-05-05 16:05 ` Jakub Kicinski
2022-05-06 8:12 ` Carlos Fernandez
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).