diff mbox series

[net-next,v6,05/10] octeontx2-pf: mcs: update PN only when update_pn is true

Message ID 20230928084430.1882670-6-radu-nicolae.pirea@oss.nxp.com (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series Add MACsec support for TJA11XX C45 PHYs | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 9 this patch: 9
netdev/cc_maintainers success CCed 10 of 10 maintainers
netdev/build_clang success Errors and warnings before: 1363 this patch: 1363
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 1363 this patch: 1363
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 18 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Radu Pirea (NXP OSS) Sept. 28, 2023, 8:44 a.m. UTC
When updating SA, update the PN only when the update_pn flag is true.
Otherwise, the PN will be reset to its previous value.

Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
---
Changes in v6:
- patch added in v6

 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Subbaraya Sundeep Sept. 29, 2023, 6:20 a.m. UTC | #1
Hi,

>-----Original Message-----
>From: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
>Sent: Thursday, September 28, 2023 2:14 PM
>To: Sunil Kovvuri Goutham <sgoutham@marvell.com>; Geethasowjanya Akula
><gakula@marvell.com>; Subbaraya Sundeep Bhatta <sbhatta@marvell.com>;
>Hariprasad Kelam <hkelam@marvell.com>; davem@davemloft.net;
>edumazet@google.com; kuba@kernel.org; pabeni@redhat.com;
>borisp@nvidia.com; saeedm@nvidia.com; leon@kernel.org; sd@queasysnail.net;
>andrew@lunn.ch; hkallweit1@gmail.com; linux@armlinux.org.uk;
>richardcochran@gmail.com; sebastian.tobuschat@oss.nxp.com
>Cc: linux-kernel@vger.kernel.org; netdev@vger.kernel.org; linux-
>rdma@vger.kernel.org; Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
>Subject: [EXT] [PATCH net-next v6 05/10] octeontx2-pf: mcs: update PN only
>when update_pn is true
>
>When updating SA, update the PN only when the update_pn flag is true.
>Otherwise, the PN will be reset to its previous value.
>
>Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
>---
>Changes in v6:
>- patch added in v6
>
> drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
>diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
>b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
>index 59b138214af2..4c59850dfddf 100644
>--- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
>+++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
>@@ -1362,6 +1362,9 @@ static int cn10k_mdo_upd_txsa(struct macsec_context
>*ctx)
> 		if (err)
> 			return err;
>
>+		if (!ctx->sa.update_pn)
>+			return 0;
>+
This is incorrect. Please change it as below:

@@ -1357,10 +1357,12 @@ static int cn10k_mdo_upd_txsa(struct macsec_context *ctx)

        if (netif_running(secy->netdev)) {
                /* Keys cannot be changed after creation */
-               err = cn10k_write_tx_sa_pn(pfvf, txsc, sa_num,
-                                          sw_tx_sa->next_pn);
-               if (err)
-                       return err;
+               if (ctx->sa.update_pn) {
+                       err = cn10k_write_tx_sa_pn(pfvf, txsc, sa_num,
+                                                  sw_tx_sa->next_pn);
+                       if (err)
+                               return err;
+               }

                err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc,
                                              sa_num, sw_tx_sa->active);

> 		err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc,
> 					      sa_num, sw_tx_sa->active);
> 		if (err)
>@@ -1529,6 +1532,9 @@ static int cn10k_mdo_upd_rxsa(struct macsec_context
>*ctx)
> 		if (err)
> 			return err;
>
>+		if (!ctx->sa.update_pn)
>+			return 0;
>+
This is correct.

Thanks,
Sundeep
> 		err = cn10k_mcs_write_rx_sa_pn(pfvf, rxsc, sa_num,
> 					       rx_sa->next_pn);
> 		if (err)
>--
>2.34.1
Sabrina Dubroca Oct. 3, 2023, 1:15 p.m. UTC | #2
2023-09-28, 11:44:25 +0300, Radu Pirea (NXP OSS) wrote:
> When updating SA, update the PN only when the update_pn flag is true.
> Otherwise, the PN will be reset to its previous value.

This is a bugfix and should go through the net tree with a Fixes
tag. I'd suggest taking patches 3,5,6 out of this series and
submitting them all to net, with a Fixes tag for patches 5 and
6. Patch 7 doesn't fix a bug and could go through the net-next tree.
Radu Pirea (NXP OSS) Oct. 4, 2023, 6:30 p.m. UTC | #3
On 03.10.2023 16:15, Sabrina Dubroca wrote:
> 2023-09-28, 11:44:25 +0300, Radu Pirea (NXP OSS) wrote:
>> When updating SA, update the PN only when the update_pn flag is true.
>> Otherwise, the PN will be reset to its previous value.
> 
> This is a bugfix and should go through the net tree with a Fixes
> tag. I'd suggest taking patches 3,5,6 out of this series and
> submitting them all to net, with a Fixes tag for patches 5 and
> 6. Patch 7 doesn't fix a bug and could go through the net-next tree.
> 

Patch 7 does not look like a bug fix, but it is.
Without patch 7 a user will be able to update the SA using the initial 
PN value like this:

ip link add link eth0 macsec0 type macsec encrypt on offload phy
ip macsec add macsec0 tx sa 0 pn 1 on key 00 
ead3664f508eb06c40ac7104cdae4ce5
ip macsec set macsec0 tx sa 0 pn 1 off #this command does not fail, but 
it should
diff mbox series

Patch

diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
index 59b138214af2..4c59850dfddf 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
@@ -1362,6 +1362,9 @@  static int cn10k_mdo_upd_txsa(struct macsec_context *ctx)
 		if (err)
 			return err;
 
+		if (!ctx->sa.update_pn)
+			return 0;
+
 		err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc,
 					      sa_num, sw_tx_sa->active);
 		if (err)
@@ -1529,6 +1532,9 @@  static int cn10k_mdo_upd_rxsa(struct macsec_context *ctx)
 		if (err)
 			return err;
 
+		if (!ctx->sa.update_pn)
+			return 0;
+
 		err = cn10k_mcs_write_rx_sa_pn(pfvf, rxsc, sa_num,
 					       rx_sa->next_pn);
 		if (err)