Message ID | 20230928084430.1882670-6-radu-nicolae.pirea@oss.nxp.com (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | Add MACsec support for TJA11XX C45 PHYs | expand |
Hi, >-----Original Message----- >From: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com> >Sent: Thursday, September 28, 2023 2:14 PM >To: Sunil Kovvuri Goutham <sgoutham@marvell.com>; Geethasowjanya Akula ><gakula@marvell.com>; Subbaraya Sundeep Bhatta <sbhatta@marvell.com>; >Hariprasad Kelam <hkelam@marvell.com>; davem@davemloft.net; >edumazet@google.com; kuba@kernel.org; pabeni@redhat.com; >borisp@nvidia.com; saeedm@nvidia.com; leon@kernel.org; sd@queasysnail.net; >andrew@lunn.ch; hkallweit1@gmail.com; linux@armlinux.org.uk; >richardcochran@gmail.com; sebastian.tobuschat@oss.nxp.com >Cc: linux-kernel@vger.kernel.org; netdev@vger.kernel.org; linux- >rdma@vger.kernel.org; Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com> >Subject: [EXT] [PATCH net-next v6 05/10] octeontx2-pf: mcs: update PN only >when update_pn is true > >When updating SA, update the PN only when the update_pn flag is true. >Otherwise, the PN will be reset to its previous value. > >Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com> >--- >Changes in v6: >- patch added in v6 > > drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c >b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c >index 59b138214af2..4c59850dfddf 100644 >--- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c >+++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c >@@ -1362,6 +1362,9 @@ static int cn10k_mdo_upd_txsa(struct macsec_context >*ctx) > if (err) > return err; > >+ if (!ctx->sa.update_pn) >+ return 0; >+ This is incorrect. Please change it as below: @@ -1357,10 +1357,12 @@ static int cn10k_mdo_upd_txsa(struct macsec_context *ctx) if (netif_running(secy->netdev)) { /* Keys cannot be changed after creation */ - err = cn10k_write_tx_sa_pn(pfvf, txsc, sa_num, - sw_tx_sa->next_pn); - if (err) - return err; + if (ctx->sa.update_pn) { + err = cn10k_write_tx_sa_pn(pfvf, txsc, sa_num, + sw_tx_sa->next_pn); + if (err) + return err; + } err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc, sa_num, sw_tx_sa->active); > err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc, > sa_num, sw_tx_sa->active); > if (err) >@@ -1529,6 +1532,9 @@ static int cn10k_mdo_upd_rxsa(struct macsec_context >*ctx) > if (err) > return err; > >+ if (!ctx->sa.update_pn) >+ return 0; >+ This is correct. Thanks, Sundeep > err = cn10k_mcs_write_rx_sa_pn(pfvf, rxsc, sa_num, > rx_sa->next_pn); > if (err) >-- >2.34.1
2023-09-28, 11:44:25 +0300, Radu Pirea (NXP OSS) wrote: > When updating SA, update the PN only when the update_pn flag is true. > Otherwise, the PN will be reset to its previous value. This is a bugfix and should go through the net tree with a Fixes tag. I'd suggest taking patches 3,5,6 out of this series and submitting them all to net, with a Fixes tag for patches 5 and 6. Patch 7 doesn't fix a bug and could go through the net-next tree.
On 03.10.2023 16:15, Sabrina Dubroca wrote: > 2023-09-28, 11:44:25 +0300, Radu Pirea (NXP OSS) wrote: >> When updating SA, update the PN only when the update_pn flag is true. >> Otherwise, the PN will be reset to its previous value. > > This is a bugfix and should go through the net tree with a Fixes > tag. I'd suggest taking patches 3,5,6 out of this series and > submitting them all to net, with a Fixes tag for patches 5 and > 6. Patch 7 doesn't fix a bug and could go through the net-next tree. > Patch 7 does not look like a bug fix, but it is. Without patch 7 a user will be able to update the SA using the initial PN value like this: ip link add link eth0 macsec0 type macsec encrypt on offload phy ip macsec add macsec0 tx sa 0 pn 1 on key 00 ead3664f508eb06c40ac7104cdae4ce5 ip macsec set macsec0 tx sa 0 pn 1 off #this command does not fail, but it should
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c index 59b138214af2..4c59850dfddf 100644 --- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c +++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c @@ -1362,6 +1362,9 @@ static int cn10k_mdo_upd_txsa(struct macsec_context *ctx) if (err) return err; + if (!ctx->sa.update_pn) + return 0; + err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc, sa_num, sw_tx_sa->active); if (err) @@ -1529,6 +1532,9 @@ static int cn10k_mdo_upd_rxsa(struct macsec_context *ctx) if (err) return err; + if (!ctx->sa.update_pn) + return 0; + err = cn10k_mcs_write_rx_sa_pn(pfvf, rxsc, sa_num, rx_sa->next_pn); if (err)
When updating SA, update the PN only when the update_pn flag is true. Otherwise, the PN will be reset to its previous value. Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com> --- Changes in v6: - patch added in v6 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 6 ++++++ 1 file changed, 6 insertions(+)