Patch "net: macsec: indicate next pn update when offloading" has been added to the 6.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    net: macsec: indicate next pn update when offloading

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-macsec-indicate-next-pn-update-when-offloading.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 460a3f20c8f1231f6995151d3405862d5ae314dc
Author: Radu Pirea (NXP OSS) <radu-nicolae.pirea@xxxxxxxxxxx>
Date:   Thu Oct 5 21:06:33 2023 +0300

    net: macsec: indicate next pn update when offloading
    
    [ Upstream commit 0412cc846a1ef38697c3f321f9b174da91ecd3b5 ]
    
    Indicate next PN update using update_pn flag in macsec_context.
    Offloaded MACsec implementations does not know whether or not the
    MACSEC_SA_ATTR_PN attribute was passed for an SA update and assume
    that next PN should always updated, but this is not always true.
    
    The PN can be reset to its initial value using the following command:
    $ ip macsec set macsec0 tx sa 0 off #octeontx2-pf case
    
    Or, the update PN command will succeed even if the driver does not support
    PN updates.
    $ ip macsec set macsec0 tx sa 0 pn 1 on #mscc phy driver case
    
    Comparing the initial PN with the new PN value is not a solution. When
    the user updates the PN using its initial value the command will
    succeed, even if the driver does not support it. Like this:
    $ ip macsec add macsec0 tx sa 0 pn 1 on key 00 \
    ead3664f508eb06c40ac7104cdae4ce5
    $ ip macsec set macsec0 tx sa 0 pn 1 on #mlx5 case
    
    Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@xxxxxxxxxxx>
    Reviewed-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
    Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
    Stable-dep-of: e0a8c918daa5 ("net: phy: mscc: macsec: reject PN update requests")
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 578f470e9fad9..81453e84b6413 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -2384,6 +2384,7 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
 
 		ctx.sa.assoc_num = assoc_num;
 		ctx.sa.tx_sa = tx_sa;
+		ctx.sa.update_pn = !!prev_pn.full64;
 		ctx.secy = secy;
 
 		ret = macsec_offload(ops->mdo_upd_txsa, &ctx);
@@ -2477,6 +2478,7 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
 
 		ctx.sa.assoc_num = assoc_num;
 		ctx.sa.rx_sa = rx_sa;
+		ctx.sa.update_pn = !!prev_pn.full64;
 		ctx.secy = secy;
 
 		ret = macsec_offload(ops->mdo_upd_rxsa, &ctx);
diff --git a/include/net/macsec.h b/include/net/macsec.h
index 5b9c61c4d3a62..65c93959c2dc5 100644
--- a/include/net/macsec.h
+++ b/include/net/macsec.h
@@ -257,6 +257,7 @@ struct macsec_context {
 	struct macsec_secy *secy;
 	struct macsec_rx_sc *rx_sc;
 	struct {
+		bool update_pn;
 		unsigned char assoc_num;
 		u8 key[MACSEC_MAX_KEY_LEN];
 		union {



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux