Patch "macsec: always read MACSEC_SA_ATTR_PN as a u64" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 30 Jul 2022 22:45:00 -0400

This is a note to let you know that I've just added the patch titled

    macsec: always read MACSEC_SA_ATTR_PN as a u64

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     macsec-always-read-macsec_sa_attr_pn-as-a-u64.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 081e5abb4ae9e32d3d465ab28d17d9ae7a168959
Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
Date:   Fri Jul 22 11:16:30 2022 +0200

    macsec: always read MACSEC_SA_ATTR_PN as a u64
    
    [ Upstream commit c630d1fe6219769049c87d1a6a0e9a6de55328a1 ]
    
    Currently, MACSEC_SA_ATTR_PN is handled inconsistently, sometimes as a
    u32, sometimes forced into a u64 without checking the actual length of
    the attribute. Instead, we can use nla_get_u64 everywhere, which will
    read up to 64 bits into a u64, capped by the actual length of the
    attribute coming from userspace.
    
    This fixes several issues:
     - the check in validate_add_rxsa doesn't work with 32-bit attributes
     - the checks in validate_add_txsa and validate_upd_sa incorrectly
       reject X << 32 (with X != 0)
    
    Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)")
    Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 1f2eb576533c..3e74dcc1f875 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1696,7 +1696,7 @@ static bool validate_add_rxsa(struct nlattr **attrs)
 		return false;
 
 	if (attrs[MACSEC_SA_ATTR_PN] &&
-	    *(u64 *)nla_data(attrs[MACSEC_SA_ATTR_PN]) == 0)
+	    nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
 		return false;
 
 	if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
@@ -1939,7 +1939,7 @@ static bool validate_add_txsa(struct nlattr **attrs)
 	if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN)
 		return false;
 
-	if (nla_get_u32(attrs[MACSEC_SA_ATTR_PN]) == 0)
+	if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
 		return false;
 
 	if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
@@ -2293,7 +2293,7 @@ static bool validate_upd_sa(struct nlattr **attrs)
 	if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN)
 		return false;
 
-	if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u32(attrs[MACSEC_SA_ATTR_PN]) == 0)
+	if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
 		return false;
 
 	if (attrs[MACSEC_SA_ATTR_ACTIVE]) {






