Patch "net/mlx5e: macsec: Maintain TX SA from encoding_sa" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    net/mlx5e: macsec: Maintain TX SA from encoding_sa

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-mlx5e-macsec-maintain-tx-sa-from-encoding_sa.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit b58a9352b6e13932a6b87ddefc45aef3b1f0000e
Author: Dragos Tatulea <dtatulea@xxxxxxxxxx>
Date:   Fri Dec 20 10:15:03 2024 +0200

    net/mlx5e: macsec: Maintain TX SA from encoding_sa
    
    [ Upstream commit 8c6254479b3d5bd788d2b5fefaa48fb194331ed0 ]
    
    In MACsec, it is possible to create multiple active TX SAs on a SC,
    but only one such SA can be used at a time for transmission. This SA
    is selected through the encoding_sa link parameter.
    
    When there are 2 or more active TX SAs configured (encoding_sa=0):
      ip macsec add macsec0 tx sa 0 pn 1 on key 00 <KEY1>
      ip macsec add macsec0 tx sa 1 pn 1 on key 00 <KEY2>
    
    ... the traffic should be still sent via TX SA 0 as the encoding_sa was
    not changed. However, the driver ignores the encoding_sa and overrides
    it to SA 1 by installing the flow steering id of the newly created TX SA
    into the SCI -> flow steering id hash map. The future packet tx
    descriptors will point to the incorrect flow steering rule (SA 1).
    
    This patch fixes the issue by avoiding the creation of the flow steering
    rule for an active TX SA that is not the encoding_sa. The driver side
    tx_sa object and the FW side macsec object are still created. When the
    encoding_sa link parameter is changed to another active TX SA, only the
    new flow steering rule will be created in the mlx5e_macsec_upd_txsa()
    handler.
    
    Fixes: 8ff0ac5be144 ("net/mlx5: Add MACsec offload Tx command support")
    Signed-off-by: Dragos Tatulea <dtatulea@xxxxxxxxxx>
    Reviewed-by: Cosmin Ratiu <cratiu@xxxxxxxxxx>
    Reviewed-by: Lior Nahmanson <liorna@xxxxxxxxxx>
    Signed-off-by: Tariq Toukan <tariqt@xxxxxxxxxx>
    Link: https://patch.msgid.link/20241220081505.1286093-3-tariqt@xxxxxxxxxx
    Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
index cc9bcc420032..6ab02f3fc291 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
@@ -339,9 +339,13 @@ static int mlx5e_macsec_init_sa_fs(struct macsec_context *ctx,
 {
 	struct mlx5e_priv *priv = macsec_netdev_priv(ctx->netdev);
 	struct mlx5_macsec_fs *macsec_fs = priv->mdev->macsec_fs;
+	const struct macsec_tx_sc *tx_sc = &ctx->secy->tx_sc;
 	struct mlx5_macsec_rule_attrs rule_attrs;
 	union mlx5_macsec_rule *macsec_rule;
 
+	if (is_tx && tx_sc->encoding_sa != sa->assoc_num)
+		return 0;
+
 	rule_attrs.macsec_obj_id = sa->macsec_obj_id;
 	rule_attrs.sci = sa->sci;
 	rule_attrs.assoc_num = sa->assoc_num;




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux