Patch "macsec: don't increment counters for an unrelated SA" has been added to the 5.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    macsec: don't increment counters for an unrelated SA

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     macsec-don-t-increment-counters-for-an-unrelated-sa.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 0bc5cc71c803800efdb843d985edae057b4f3946
Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
Date:   Fri Oct 11 17:16:37 2024 +0200

    macsec: don't increment counters for an unrelated SA
    
    [ Upstream commit cf58aefb1332db322060cad4a330d5f9292b0f41 ]
    
    On RX, we shouldn't be incrementing the stats for an arbitrary SA in
    case the actual SA hasn't been set up. Those counters are intended to
    track packets for their respective AN when the SA isn't currently
    configured. Due to the way MACsec is implemented, we don't keep
    counters unless the SA is configured, so we can't track those packets,
    and those counters will remain at 0.
    
    The RXSC's stats keeps track of those packets without telling us which
    AN they belonged to. We could add counters for non-existent SAs, and
    then find a way to integrate them in the dump to userspace, but I
    don't think it's worth the effort.
    
    Fixes: 91ec9bd57f35 ("macsec: Fix traffic counters/statistics")
    Reported-by: Paolo Abeni <pabeni@xxxxxxxxxx>
    Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
    Link: https://patch.msgid.link/f5ac92aaa5b89343232615f4c03f9f95042c6aa0.1728657709.git.sd@xxxxxxxxxxxxxxx
    Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index d5f2d895dba21..d1c1cbc324b13 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -317,19 +317,6 @@ static struct macsec_rx_sa *macsec_rxsa_get(struct macsec_rx_sa __rcu *ptr)
 	return sa;
 }
 
-static struct macsec_rx_sa *macsec_active_rxsa_get(struct macsec_rx_sc *rx_sc)
-{
-	struct macsec_rx_sa *sa = NULL;
-	int an;
-
-	for (an = 0; an < MACSEC_NUM_AN; an++)	{
-		sa = macsec_rxsa_get(rx_sc->sa[an]);
-		if (sa)
-			break;
-	}
-	return sa;
-}
-
 static void free_rx_sc_rcu(struct rcu_head *head)
 {
 	struct macsec_rx_sc *rx_sc = container_of(head, struct macsec_rx_sc, rcu_head);
@@ -1202,15 +1189,12 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
 		/* If validateFrames is Strict or the C bit in the
 		 * SecTAG is set, discard
 		 */
-		struct macsec_rx_sa *active_rx_sa = macsec_active_rxsa_get(rx_sc);
 		if (hdr->tci_an & MACSEC_TCI_C ||
 		    secy->validate_frames == MACSEC_VALIDATE_STRICT) {
 			u64_stats_update_begin(&rxsc_stats->syncp);
 			rxsc_stats->stats.InPktsNotUsingSA++;
 			u64_stats_update_end(&rxsc_stats->syncp);
 			DEV_STATS_INC(secy->netdev, rx_errors);
-			if (active_rx_sa)
-				this_cpu_inc(active_rx_sa->stats->InPktsNotUsingSA);
 			goto drop_nosa;
 		}
 
@@ -1220,8 +1204,6 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
 		u64_stats_update_begin(&rxsc_stats->syncp);
 		rxsc_stats->stats.InPktsUnusedSA++;
 		u64_stats_update_end(&rxsc_stats->syncp);
-		if (active_rx_sa)
-			this_cpu_inc(active_rx_sa->stats->InPktsUnusedSA);
 		goto deliver;
 	}
 




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux