From patchwork Wed Sep 28 16:17:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992548 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4226FC32771 for ; Wed, 28 Sep 2022 16:19:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234232AbiI1QS7 convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:18:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37396 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234059AbiI1QSD (ORCPT ); Wed, 28 Sep 2022 12:18:03 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76FA095A3 for ; Wed, 28 Sep 2022 09:18:01 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-152-jB9TBfOhNtOHVbapT2_4mw-1; Wed, 28 Sep 2022 12:17:58 -0400 X-MC-Unique: jB9TBfOhNtOHVbapT2_4mw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D23E829DD9B4; Wed, 28 Sep 2022 16:17:40 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1D26D9D464; Wed, 28 Sep 2022 16:17:39 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 01/12] macsec: replace custom checks on MACSEC_SA_ATTR_AN with NLA_POLICY_MAX Date: Wed, 28 Sep 2022 18:17:14 +0200 Message-Id: <2e61465ba19fad605f8c3e51600c56ca66d53448.1664379352.git.sd@queasysnail.net> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index c891b60937a7..061ed437daa5 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1544,9 +1544,6 @@ static struct macsec_tx_sa *get_txsa_from_nl(struct net *net, if (IS_ERR(dev)) return ERR_CAST(dev); - if (*assoc_num >= MACSEC_NUM_AN) - return ERR_PTR(-EINVAL); - secy = &macsec_priv(dev)->secy; tx_sc = &secy->tx_sc; @@ -1607,8 +1604,6 @@ static struct macsec_rx_sa *get_rxsa_from_nl(struct net *net, return ERR_PTR(-EINVAL); *assoc_num = nla_get_u8(tb_sa[MACSEC_SA_ATTR_AN]); - if (*assoc_num >= MACSEC_NUM_AN) - return ERR_PTR(-EINVAL); rx_sc = get_rxsc_from_nl(net, attrs, tb_rxsc, devp, secyp); if (IS_ERR(rx_sc)) @@ -1635,7 +1630,7 @@ static const struct nla_policy macsec_genl_rxsc_policy[NUM_MACSEC_RXSC_ATTR] = { }; static const struct nla_policy macsec_genl_sa_policy[NUM_MACSEC_SA_ATTR] = { - [MACSEC_SA_ATTR_AN] = { .type = NLA_U8 }, + [MACSEC_SA_ATTR_AN] = NLA_POLICY_MAX(NLA_U8, MACSEC_NUM_AN - 1), [MACSEC_SA_ATTR_ACTIVE] = { .type = NLA_U8 }, [MACSEC_SA_ATTR_PN] = NLA_POLICY_MIN_LEN(4), [MACSEC_SA_ATTR_KEYID] = { .type = NLA_BINARY, @@ -1700,8 +1695,6 @@ static bool validate_add_rxsa(struct nlattr **attrs) !attrs[MACSEC_SA_ATTR_KEYID]) return false; - if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN) - return false; if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) @@ -1944,9 +1937,6 @@ static bool validate_add_txsa(struct nlattr **attrs) !attrs[MACSEC_SA_ATTR_KEYID]) return false; - if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN) - return false; - if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) return false; @@ -2298,9 +2288,6 @@ static bool validate_upd_sa(struct nlattr **attrs) attrs[MACSEC_SA_ATTR_SALT]) return false; - if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN) - return false; - if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) return false; From patchwork Wed Sep 28 16:17:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992543 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E45AC54EE9 for ; Wed, 28 Sep 2022 16:18:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233534AbiI1QSt convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:18:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234432AbiI1QSJ (ORCPT ); Wed, 28 Sep 2022 12:18:09 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 944382FFEB for ; Wed, 28 Sep 2022 09:18:07 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-675-BWgBBBZNMuWPK9q1Lv_I9w-1; Wed, 28 Sep 2022 12:18:03 -0400 X-MC-Unique: BWgBBBZNMuWPK9q1Lv_I9w-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BD4293C138A3; Wed, 28 Sep 2022 16:17:41 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1466C9D464; Wed, 28 Sep 2022 16:17:40 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 02/12] macsec: replace custom checks on MACSEC_*_ATTR_ACTIVE with NLA_POLICY_MAX Date: Wed, 28 Sep 2022 18:17:15 +0200 Message-Id: <1a99cf014faedeeec44049b0af6b6dce9863b42d.1664379352.git.sd@queasysnail.net> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 061ed437daa5..be438147e0db 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1626,12 +1626,12 @@ static const struct nla_policy macsec_genl_policy[NUM_MACSEC_ATTR] = { static const struct nla_policy macsec_genl_rxsc_policy[NUM_MACSEC_RXSC_ATTR] = { [MACSEC_RXSC_ATTR_SCI] = { .type = NLA_U64 }, - [MACSEC_RXSC_ATTR_ACTIVE] = { .type = NLA_U8 }, + [MACSEC_RXSC_ATTR_ACTIVE] = NLA_POLICY_MAX(NLA_U8, 1), }; static const struct nla_policy macsec_genl_sa_policy[NUM_MACSEC_SA_ATTR] = { [MACSEC_SA_ATTR_AN] = NLA_POLICY_MAX(NLA_U8, MACSEC_NUM_AN - 1), - [MACSEC_SA_ATTR_ACTIVE] = { .type = NLA_U8 }, + [MACSEC_SA_ATTR_ACTIVE] = NLA_POLICY_MAX(NLA_U8, 1), [MACSEC_SA_ATTR_PN] = NLA_POLICY_MIN_LEN(4), [MACSEC_SA_ATTR_KEYID] = { .type = NLA_BINARY, .len = MACSEC_KEYID_LEN, }, @@ -1695,16 +1695,10 @@ static bool validate_add_rxsa(struct nlattr **attrs) !attrs[MACSEC_SA_ATTR_KEYID]) return false; - if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) return false; - if (attrs[MACSEC_SA_ATTR_ACTIVE]) { - if (nla_get_u8(attrs[MACSEC_SA_ATTR_ACTIVE]) > 1) - return false; - } - if (nla_len(attrs[MACSEC_SA_ATTR_KEYID]) != MACSEC_KEYID_LEN) return false; @@ -1853,11 +1847,6 @@ static bool validate_add_rxsc(struct nlattr **attrs) if (!attrs[MACSEC_RXSC_ATTR_SCI]) return false; - if (attrs[MACSEC_RXSC_ATTR_ACTIVE]) { - if (nla_get_u8(attrs[MACSEC_RXSC_ATTR_ACTIVE]) > 1) - return false; - } - return true; } @@ -1940,11 +1929,6 @@ static bool validate_add_txsa(struct nlattr **attrs) if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) return false; - if (attrs[MACSEC_SA_ATTR_ACTIVE]) { - if (nla_get_u8(attrs[MACSEC_SA_ATTR_ACTIVE]) > 1) - return false; - } - if (nla_len(attrs[MACSEC_SA_ATTR_KEYID]) != MACSEC_KEYID_LEN) return false; @@ -2291,11 +2275,6 @@ static bool validate_upd_sa(struct nlattr **attrs) if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) return false; - if (attrs[MACSEC_SA_ATTR_ACTIVE]) { - if (nla_get_u8(attrs[MACSEC_SA_ATTR_ACTIVE]) > 1) - return false; - } - return true; } From patchwork Wed Sep 28 16:17:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992547 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38E1BC04A95 for ; Wed, 28 Sep 2022 16:18:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232784AbiI1QSz convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:18:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234515AbiI1QSM (ORCPT ); Wed, 28 Sep 2022 12:18:12 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6DD537F8F for ; Wed, 28 Sep 2022 09:18:09 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-504-O134Q-RVOs23AX3HzaZnzA-1; Wed, 28 Sep 2022 12:18:07 -0400 X-MC-Unique: O134Q-RVOs23AX3HzaZnzA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C8A3C3814662; Wed, 28 Sep 2022 16:17:42 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 28B259459C; Wed, 28 Sep 2022 16:17:41 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 03/12] macsec: replace custom checks on MACSEC_SA_ATTR_SALT with NLA_POLICY_EXACT_LEN Date: Wed, 28 Sep 2022 18:17:16 +0200 Message-Id: <1ceb481d4a55a176ac8b57aacb72d4094d1d6cb1.1664379352.git.sd@queasysnail.net> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org The existing checks already specify that MACSEC_SA_ATTR_SALT must have length MACSEC_SALT_LEN. Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index be438147e0db..a9fb7946a2a6 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1638,8 +1638,7 @@ static const struct nla_policy macsec_genl_sa_policy[NUM_MACSEC_SA_ATTR] = { [MACSEC_SA_ATTR_KEY] = { .type = NLA_BINARY, .len = MACSEC_MAX_KEY_LEN, }, [MACSEC_SA_ATTR_SSCI] = { .type = NLA_U32 }, - [MACSEC_SA_ATTR_SALT] = { .type = NLA_BINARY, - .len = MACSEC_SALT_LEN, }, + [MACSEC_SA_ATTR_SALT] = NLA_POLICY_EXACT_LEN(MACSEC_SALT_LEN), }; static const struct nla_policy macsec_genl_offload_policy[NUM_MACSEC_OFFLOAD_ATTR] = { @@ -1760,14 +1759,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info) rtnl_unlock(); return -EINVAL; } - - if (nla_len(tb_sa[MACSEC_SA_ATTR_SALT]) != MACSEC_SALT_LEN) { - pr_notice("macsec: nl: add_rxsa: bad salt length: %d != %d\n", - nla_len(tb_sa[MACSEC_SA_ATTR_SALT]), - MACSEC_SALT_LEN); - rtnl_unlock(); - return -EINVAL; - } } rx_sa = rtnl_dereference(rx_sc->sa[assoc_num]); @@ -1989,14 +1980,6 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info) rtnl_unlock(); return -EINVAL; } - - if (nla_len(tb_sa[MACSEC_SA_ATTR_SALT]) != MACSEC_SALT_LEN) { - pr_notice("macsec: nl: add_txsa: bad salt length: %d != %d\n", - nla_len(tb_sa[MACSEC_SA_ATTR_SALT]), - MACSEC_SALT_LEN); - rtnl_unlock(); - return -EINVAL; - } } tx_sa = rtnl_dereference(tx_sc->sa[assoc_num]); From patchwork Wed Sep 28 16:17:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992549 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 472F8C54EE9 for ; Wed, 28 Sep 2022 16:19:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234266AbiI1QTA convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:19:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40364 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234203AbiI1QSR (ORCPT ); Wed, 28 Sep 2022 12:18:17 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EBFA536868 for ; Wed, 28 Sep 2022 09:18:14 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-347-XNbE44o8MByOnCGlhPZWtg-1; Wed, 28 Sep 2022 12:18:03 -0400 X-MC-Unique: XNbE44o8MByOnCGlhPZWtg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E21CC10115EB; Wed, 28 Sep 2022 16:17:43 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2ECF99D469; Wed, 28 Sep 2022 16:17:42 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 04/12] macsec: replace custom checks on MACSEC_SA_ATTR_KEYID with NLA_POLICY_EXACT_LEN Date: Wed, 28 Sep 2022 18:17:17 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org The existing checks already specify that MACSEC_SA_ATTR_KEYID must have length MACSEC_KEYID_LEN. Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index a9fb7946a2a6..76ff09b16013 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1633,8 +1633,7 @@ static const struct nla_policy macsec_genl_sa_policy[NUM_MACSEC_SA_ATTR] = { [MACSEC_SA_ATTR_AN] = NLA_POLICY_MAX(NLA_U8, MACSEC_NUM_AN - 1), [MACSEC_SA_ATTR_ACTIVE] = NLA_POLICY_MAX(NLA_U8, 1), [MACSEC_SA_ATTR_PN] = NLA_POLICY_MIN_LEN(4), - [MACSEC_SA_ATTR_KEYID] = { .type = NLA_BINARY, - .len = MACSEC_KEYID_LEN, }, + [MACSEC_SA_ATTR_KEYID] = NLA_POLICY_EXACT_LEN(MACSEC_KEYID_LEN), [MACSEC_SA_ATTR_KEY] = { .type = NLA_BINARY, .len = MACSEC_MAX_KEY_LEN, }, [MACSEC_SA_ATTR_SSCI] = { .type = NLA_U32 }, @@ -1698,9 +1697,6 @@ static bool validate_add_rxsa(struct nlattr **attrs) nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) return false; - if (nla_len(attrs[MACSEC_SA_ATTR_KEYID]) != MACSEC_KEYID_LEN) - return false; - return true; } @@ -1920,9 +1916,6 @@ static bool validate_add_txsa(struct nlattr **attrs) if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) return false; - if (nla_len(attrs[MACSEC_SA_ATTR_KEYID]) != MACSEC_KEYID_LEN) - return false; - return true; } From patchwork Wed Sep 28 16:17:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992546 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19E53C32771 for ; Wed, 28 Sep 2022 16:18:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234133AbiI1QSy convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:18:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35128 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234021AbiI1QSX (ORCPT ); Wed, 28 Sep 2022 12:18:23 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C516E52DF1 for ; Wed, 28 Sep 2022 09:18:15 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-632-oyebVxLSNSmQj6jRhqhoqA-1; Wed, 28 Sep 2022 12:18:10 -0400 X-MC-Unique: oyebVxLSNSmQj6jRhqhoqA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id ED691886C98; Wed, 28 Sep 2022 16:17:44 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D9A49D469; Wed, 28 Sep 2022 16:17:44 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 05/12] macsec: use NLA_POLICY_VALIDATE_FN to validate MACSEC_SA_ATTR_PN Date: Wed, 28 Sep 2022 18:17:18 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org We need to keep the length checks done in macsec_{add,upd}_{rx,tx}sa based on whether the device is set up for XPN (with 64b PNs instead of 32b), but we can at least check early and that the length is not completely bogus and whether the PN is 0. Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 76ff09b16013..3f8069f758c7 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1617,6 +1617,19 @@ static struct macsec_rx_sa *get_rxsa_from_nl(struct net *net, return rx_sa; } +static int validate_pn(const struct nlattr *attr, + struct netlink_ext_ack *extack) +{ + if (nla_len(attr) == MACSEC_DEFAULT_PN_LEN || + nla_len(attr) == MACSEC_XPN_PN_LEN) { + if (nla_get_u64(attr) == 0) + return -EINVAL; + return 0; + } + + return -EINVAL; +} + static const struct nla_policy macsec_genl_policy[NUM_MACSEC_ATTR] = { [MACSEC_ATTR_IFINDEX] = { .type = NLA_U32 }, [MACSEC_ATTR_RXSC_CONFIG] = { .type = NLA_NESTED }, @@ -1632,7 +1645,7 @@ static const struct nla_policy macsec_genl_rxsc_policy[NUM_MACSEC_RXSC_ATTR] = { static const struct nla_policy macsec_genl_sa_policy[NUM_MACSEC_SA_ATTR] = { [MACSEC_SA_ATTR_AN] = NLA_POLICY_MAX(NLA_U8, MACSEC_NUM_AN - 1), [MACSEC_SA_ATTR_ACTIVE] = NLA_POLICY_MAX(NLA_U8, 1), - [MACSEC_SA_ATTR_PN] = NLA_POLICY_MIN_LEN(4), + [MACSEC_SA_ATTR_PN] = NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_pn, 8), [MACSEC_SA_ATTR_KEYID] = NLA_POLICY_EXACT_LEN(MACSEC_KEYID_LEN), [MACSEC_SA_ATTR_KEY] = { .type = NLA_BINARY, .len = MACSEC_MAX_KEY_LEN, }, @@ -1693,10 +1706,6 @@ static bool validate_add_rxsa(struct nlattr **attrs) !attrs[MACSEC_SA_ATTR_KEYID]) return false; - if (attrs[MACSEC_SA_ATTR_PN] && - nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) - return false; - return true; } @@ -1913,9 +1922,6 @@ static bool validate_add_txsa(struct nlattr **attrs) !attrs[MACSEC_SA_ATTR_KEYID]) return false; - if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) - return false; - return true; } @@ -2248,9 +2254,6 @@ static bool validate_upd_sa(struct nlattr **attrs) attrs[MACSEC_SA_ATTR_SALT]) return false; - if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) - return false; - return true; } From patchwork Wed Sep 28 16:17:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992545 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5282C04A95 for ; Wed, 28 Sep 2022 16:18:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234124AbiI1QSw convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:18:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234597AbiI1QS0 (ORCPT ); Wed, 28 Sep 2022 12:18:26 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3AB73F1D6 for ; Wed, 28 Sep 2022 09:18:15 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-620-Jp2MNgpgPdetcsVQN5b7Cg-1; Wed, 28 Sep 2022 12:18:12 -0400 X-MC-Unique: Jp2MNgpgPdetcsVQN5b7Cg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A6EC588F56F; Wed, 28 Sep 2022 16:17:45 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2E41B9D487; Wed, 28 Sep 2022 16:17:45 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 06/12] macsec: add NLA_POLICY_MAX for MACSEC_OFFLOAD_ATTR_TYPE and IFLA_MACSEC_OFFLOAD Date: Wed, 28 Sep 2022 18:17:19 +0200 Message-Id: <4ca70c6cbfd85f13dce60e824ee90bdcaef8f5ad.1664379352.git.sd@queasysnail.net> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org This is equivalent to the existing checks allowing either MACSEC_OFFLOAD_OFF or calling macsec_check_offload. Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 3f8069f758c7..84e67f8c9bad 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1654,7 +1654,7 @@ static const struct nla_policy macsec_genl_sa_policy[NUM_MACSEC_SA_ATTR] = { }; static const struct nla_policy macsec_genl_offload_policy[NUM_MACSEC_OFFLOAD_ATTR] = { - [MACSEC_OFFLOAD_ATTR_TYPE] = { .type = NLA_U8 }, + [MACSEC_OFFLOAD_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U8, MACSEC_OFFLOAD_MAX), }; /* Offloads an operation to a device driver */ @@ -3659,6 +3659,7 @@ static const struct nla_policy macsec_rtnl_policy[IFLA_MACSEC_MAX + 1] = { [IFLA_MACSEC_SCB] = { .type = NLA_U8 }, [IFLA_MACSEC_REPLAY_PROTECT] = { .type = NLA_U8 }, [IFLA_MACSEC_VALIDATION] = { .type = NLA_U8 }, + [IFLA_MACSEC_OFFLOAD] = NLA_POLICY_MAX(NLA_U8, MACSEC_OFFLOAD_MAX), }; static void macsec_free_netdev(struct net_device *dev) From patchwork Wed Sep 28 16:17:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992551 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CF7AC54EE9 for ; Wed, 28 Sep 2022 16:19:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234295AbiI1QTD convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:19:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40596 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234641AbiI1QSa (ORCPT ); Wed, 28 Sep 2022 12:18:30 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1001BE11FA for ; Wed, 28 Sep 2022 09:18:27 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-142-u4503PDSOfC0JkUc3M_zvw-1; Wed, 28 Sep 2022 12:18:18 -0400 X-MC-Unique: u4503PDSOfC0JkUc3M_zvw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C0A5338035D9; Wed, 28 Sep 2022 16:17:46 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id E99D194573; Wed, 28 Sep 2022 16:17:45 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 07/12] macsec: replace custom checks on IFLA_MACSEC_ICV_LEN with NLA_POLICY_RANGE Date: Wed, 28 Sep 2022 18:17:20 +0200 Message-Id: <56da4c0178a38d68ad515f9340e09db3d9f2f156.1664379352.git.sd@queasysnail.net> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org The existing checks already force this range. Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 84e67f8c9bad..c70dd40e9d8d 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -3648,7 +3648,7 @@ static const struct device_type macsec_type = { static const struct nla_policy macsec_rtnl_policy[IFLA_MACSEC_MAX + 1] = { [IFLA_MACSEC_SCI] = { .type = NLA_U64 }, [IFLA_MACSEC_PORT] = { .type = NLA_U16 }, - [IFLA_MACSEC_ICV_LEN] = { .type = NLA_U8 }, + [IFLA_MACSEC_ICV_LEN] = NLA_POLICY_RANGE(NLA_U8, MACSEC_MIN_ICV_LEN, MACSEC_STD_ICV_LEN), [IFLA_MACSEC_CIPHER_SUITE] = { .type = NLA_U64 }, [IFLA_MACSEC_WINDOW] = { .type = NLA_U32 }, [IFLA_MACSEC_ENCODING_SA] = { .type = NLA_U8 }, @@ -4134,9 +4134,6 @@ static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[], case MACSEC_CIPHER_ID_GCM_AES_XPN_128: case MACSEC_CIPHER_ID_GCM_AES_XPN_256: case MACSEC_DEFAULT_CIPHER_ID: - if (icv_len < MACSEC_MIN_ICV_LEN || - icv_len > MACSEC_STD_ICV_LEN) - return -EINVAL; break; default: return -EINVAL; From patchwork Wed Sep 28 16:17:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992542 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF76AC32771 for ; Wed, 28 Sep 2022 16:18:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232246AbiI1QSs convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:18:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234598AbiI1QS0 (ORCPT ); Wed, 28 Sep 2022 12:18:26 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5BF4C85FA9 for ; Wed, 28 Sep 2022 09:18:20 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-599-MhOxfM3EPO-ZrAnW-Ys-KQ-1; Wed, 28 Sep 2022 12:18:13 -0400 X-MC-Unique: MhOxfM3EPO-ZrAnW-Ys-KQ-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E07E11C05B03; Wed, 28 Sep 2022 16:17:47 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 160A494573; Wed, 28 Sep 2022 16:17:46 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 08/12] macsec: use NLA_POLICY_VALIDATE_FN to validate IFLA_MACSEC_CIPHER_SUITE Date: Wed, 28 Sep 2022 18:17:21 +0200 Message-Id: <5d4541915e5229c0329ff8e6618439ca21767b18.1664379352.git.sd@queasysnail.net> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Unfortunately, since the value of MACSEC_DEFAULT_CIPHER_ID doesn't fit near the others, we can't use a simple range in the policy. Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index c70dd40e9d8d..3863f41c9106 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -3645,11 +3645,13 @@ static const struct device_type macsec_type = { .name = "macsec", }; +static int validate_cipher_suite(const struct nlattr *attr, + struct netlink_ext_ack *extack); static const struct nla_policy macsec_rtnl_policy[IFLA_MACSEC_MAX + 1] = { [IFLA_MACSEC_SCI] = { .type = NLA_U64 }, [IFLA_MACSEC_PORT] = { .type = NLA_U16 }, [IFLA_MACSEC_ICV_LEN] = NLA_POLICY_RANGE(NLA_U8, MACSEC_MIN_ICV_LEN, MACSEC_STD_ICV_LEN), - [IFLA_MACSEC_CIPHER_SUITE] = { .type = NLA_U64 }, + [IFLA_MACSEC_CIPHER_SUITE] = NLA_POLICY_VALIDATE_FN(NLA_U64, validate_cipher_suite), [IFLA_MACSEC_WINDOW] = { .type = NLA_U32 }, [IFLA_MACSEC_ENCODING_SA] = { .type = NLA_U8 }, [IFLA_MACSEC_ENCRYPT] = { .type = NLA_U8 }, @@ -4099,6 +4101,21 @@ static int macsec_newlink(struct net *net, struct net_device *dev, return err; } +static int validate_cipher_suite(const struct nlattr *attr, + struct netlink_ext_ack *extack) +{ + switch (nla_get_u64(attr)) { + case MACSEC_CIPHER_ID_GCM_AES_128: + case MACSEC_CIPHER_ID_GCM_AES_256: + case MACSEC_CIPHER_ID_GCM_AES_XPN_128: + case MACSEC_CIPHER_ID_GCM_AES_XPN_256: + case MACSEC_DEFAULT_CIPHER_ID: + return 0; + default: + return -EINVAL; + } +} + static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[], struct netlink_ext_ack *extack) { @@ -4128,17 +4145,6 @@ static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[], } } - switch (csid) { - case MACSEC_CIPHER_ID_GCM_AES_128: - case MACSEC_CIPHER_ID_GCM_AES_256: - case MACSEC_CIPHER_ID_GCM_AES_XPN_128: - case MACSEC_CIPHER_ID_GCM_AES_XPN_256: - case MACSEC_DEFAULT_CIPHER_ID: - break; - default: - return -EINVAL; - } - if (data[IFLA_MACSEC_ENCODING_SA]) { if (nla_get_u8(data[IFLA_MACSEC_ENCODING_SA]) >= MACSEC_NUM_AN) return -EINVAL; From patchwork Wed Sep 28 16:17:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992552 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C7A0C04A95 for ; Wed, 28 Sep 2022 16:19:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234515AbiI1QTF convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:19:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234649AbiI1QSb (ORCPT ); Wed, 28 Sep 2022 12:18:31 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 899E1ABD6C for ; Wed, 28 Sep 2022 09:18:30 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-328-ZJ3-Kv4NPJKOB-siy_oTIw-1; Wed, 28 Sep 2022 12:18:25 -0400 X-MC-Unique: ZJ3-Kv4NPJKOB-siy_oTIw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D1DC7849414; Wed, 28 Sep 2022 16:17:48 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4C2AB9D47C; Wed, 28 Sep 2022 16:17:48 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 09/12] macsec: validate IFLA_MACSEC_VALIDATION with NLA_POLICY_MAX Date: Wed, 28 Sep 2022 18:17:22 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 3863f41c9106..3171a84e6900 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -3660,7 +3660,7 @@ static const struct nla_policy macsec_rtnl_policy[IFLA_MACSEC_MAX + 1] = { [IFLA_MACSEC_ES] = { .type = NLA_U8 }, [IFLA_MACSEC_SCB] = { .type = NLA_U8 }, [IFLA_MACSEC_REPLAY_PROTECT] = { .type = NLA_U8 }, - [IFLA_MACSEC_VALIDATION] = { .type = NLA_U8 }, + [IFLA_MACSEC_VALIDATION] = NLA_POLICY_MAX(NLA_U8, MACSEC_VALIDATE_MAX), [IFLA_MACSEC_OFFLOAD] = NLA_POLICY_MAX(NLA_U8, MACSEC_OFFLOAD_MAX), }; @@ -4166,10 +4166,6 @@ static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[], if ((sci && (scb || es)) || (scb && es)) return -EINVAL; - if (data[IFLA_MACSEC_VALIDATION] && - nla_get_u8(data[IFLA_MACSEC_VALIDATION]) > MACSEC_VALIDATE_MAX) - return -EINVAL; - if ((data[IFLA_MACSEC_REPLAY_PROTECT] && nla_get_u8(data[IFLA_MACSEC_REPLAY_PROTECT])) && !data[IFLA_MACSEC_WINDOW]) From patchwork Wed Sep 28 16:27:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992562 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5D4FC04A95 for ; Wed, 28 Sep 2022 16:28:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233742AbiI1Q2Z convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:28:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229847AbiI1Q2Y (ORCPT ); Wed, 28 Sep 2022 12:28:24 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3C424DB69 for ; Wed, 28 Sep 2022 09:28:22 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-665-CBpVKG3eNXK8ESUG4JYhDA-1; Wed, 28 Sep 2022 12:28:20 -0400 X-MC-Unique: CBpVKG3eNXK8ESUG4JYhDA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 21490857FAC; Wed, 28 Sep 2022 16:28:19 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 60B4BC50928; Wed, 28 Sep 2022 16:28:18 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 10/12] macsec: replace custom checks for IFLA_MACSEC_* flags with NLA_POLICY_MAX Date: Wed, 28 Sep 2022 18:27:57 +0200 Message-Id: <89e3d9f99e525491055c14be9e2660b3ff712f17.1664379352.git.sd@queasysnail.net> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Those are all off/on flags. Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 3171a84e6900..81027941bc5b 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -3654,12 +3654,12 @@ static const struct nla_policy macsec_rtnl_policy[IFLA_MACSEC_MAX + 1] = { [IFLA_MACSEC_CIPHER_SUITE] = NLA_POLICY_VALIDATE_FN(NLA_U64, validate_cipher_suite), [IFLA_MACSEC_WINDOW] = { .type = NLA_U32 }, [IFLA_MACSEC_ENCODING_SA] = { .type = NLA_U8 }, - [IFLA_MACSEC_ENCRYPT] = { .type = NLA_U8 }, - [IFLA_MACSEC_PROTECT] = { .type = NLA_U8 }, - [IFLA_MACSEC_INC_SCI] = { .type = NLA_U8 }, - [IFLA_MACSEC_ES] = { .type = NLA_U8 }, - [IFLA_MACSEC_SCB] = { .type = NLA_U8 }, - [IFLA_MACSEC_REPLAY_PROTECT] = { .type = NLA_U8 }, + [IFLA_MACSEC_ENCRYPT] = NLA_POLICY_MAX(NLA_U8, 1), + [IFLA_MACSEC_PROTECT] = NLA_POLICY_MAX(NLA_U8, 1), + [IFLA_MACSEC_INC_SCI] = NLA_POLICY_MAX(NLA_U8, 1), + [IFLA_MACSEC_ES] = NLA_POLICY_MAX(NLA_U8, 1), + [IFLA_MACSEC_SCB] = NLA_POLICY_MAX(NLA_U8, 1), + [IFLA_MACSEC_REPLAY_PROTECT] = NLA_POLICY_MAX(NLA_U8, 1), [IFLA_MACSEC_VALIDATION] = NLA_POLICY_MAX(NLA_U8, MACSEC_VALIDATE_MAX), [IFLA_MACSEC_OFFLOAD] = NLA_POLICY_MAX(NLA_U8, MACSEC_OFFLOAD_MAX), }; @@ -4121,7 +4121,6 @@ static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[], { u64 csid = MACSEC_DEFAULT_CIPHER_ID; u8 icv_len = MACSEC_DEFAULT_ICV_LEN; - int flag; bool es, scb, sci; if (!data) @@ -4150,15 +4149,6 @@ static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[], return -EINVAL; } - for (flag = IFLA_MACSEC_ENCODING_SA + 1; - flag < IFLA_MACSEC_VALIDATION; - flag++) { - if (data[flag]) { - if (nla_get_u8(data[flag]) > 1) - return -EINVAL; - } - } - es = data[IFLA_MACSEC_ES] ? nla_get_u8(data[IFLA_MACSEC_ES]) : false; sci = data[IFLA_MACSEC_INC_SCI] ? nla_get_u8(data[IFLA_MACSEC_INC_SCI]) : false; scb = data[IFLA_MACSEC_SCB] ? nla_get_u8(data[IFLA_MACSEC_SCB]) : false; From patchwork Wed Sep 28 16:28:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992563 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CDD5C04A95 for ; Wed, 28 Sep 2022 16:29:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233812AbiI1Q3T convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:29:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38502 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233186AbiI1Q3R (ORCPT ); Wed, 28 Sep 2022 12:29:17 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FE5D4DB69 for ; Wed, 28 Sep 2022 09:29:17 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-532-dkkzACktOL-lMwUjm7CixQ-1; Wed, 28 Sep 2022 12:29:12 -0400 X-MC-Unique: dkkzACktOL-lMwUjm7CixQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BF17A89F5F2; Wed, 28 Sep 2022 16:29:11 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0799A145D84F; Wed, 28 Sep 2022 16:29:10 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 11/12] macsec: replace custom check on IFLA_MACSEC_ENCODING_SA with NLA_POLICY_MAX Date: Wed, 28 Sep 2022 18:28:58 +0200 Message-Id: <57f0c81a407a93dcd6d6221ba5b0904b3ba4d63f.1664379352.git.sd@queasysnail.net> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 81027941bc5b..863e5ae6e75e 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -3653,7 +3653,7 @@ static const struct nla_policy macsec_rtnl_policy[IFLA_MACSEC_MAX + 1] = { [IFLA_MACSEC_ICV_LEN] = NLA_POLICY_RANGE(NLA_U8, MACSEC_MIN_ICV_LEN, MACSEC_STD_ICV_LEN), [IFLA_MACSEC_CIPHER_SUITE] = NLA_POLICY_VALIDATE_FN(NLA_U64, validate_cipher_suite), [IFLA_MACSEC_WINDOW] = { .type = NLA_U32 }, - [IFLA_MACSEC_ENCODING_SA] = { .type = NLA_U8 }, + [IFLA_MACSEC_ENCODING_SA] = NLA_POLICY_MAX(NLA_U8, MACSEC_NUM_AN - 1), [IFLA_MACSEC_ENCRYPT] = NLA_POLICY_MAX(NLA_U8, 1), [IFLA_MACSEC_PROTECT] = NLA_POLICY_MAX(NLA_U8, 1), [IFLA_MACSEC_INC_SCI] = NLA_POLICY_MAX(NLA_U8, 1), @@ -4144,11 +4144,6 @@ static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[], } } - if (data[IFLA_MACSEC_ENCODING_SA]) { - if (nla_get_u8(data[IFLA_MACSEC_ENCODING_SA]) >= MACSEC_NUM_AN) - return -EINVAL; - } - es = data[IFLA_MACSEC_ES] ? nla_get_u8(data[IFLA_MACSEC_ES]) : false; sci = data[IFLA_MACSEC_INC_SCI] ? nla_get_u8(data[IFLA_MACSEC_INC_SCI]) : false; scb = data[IFLA_MACSEC_SCB] ? nla_get_u8(data[IFLA_MACSEC_SCB]) : false; From patchwork Wed Sep 28 16:29:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sabrina Dubroca X-Patchwork-Id: 12992564 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E82C8C04A95 for ; Wed, 28 Sep 2022 16:29:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233650AbiI1Q3o convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2022 12:29:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39268 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234471AbiI1Q3i (ORCPT ); Wed, 28 Sep 2022 12:29:38 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C2C66E3684 for ; Wed, 28 Sep 2022 09:29:30 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-599-swYBXqOBNhC4AmYlNf0Gbg-1; Wed, 28 Sep 2022 12:29:19 -0400 X-MC-Unique: swYBXqOBNhC4AmYlNf0Gbg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CC6441C06EC9; Wed, 28 Sep 2022 16:29:18 +0000 (UTC) Received: from hog.localdomain (unknown [10.39.195.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 005D4C5092A; Wed, 28 Sep 2022 16:29:17 +0000 (UTC) From: Sabrina Dubroca To: netdev@vger.kernel.org Cc: Sabrina Dubroca Subject: [PATCH net-next 12/12] macsec: remove validate_add_rxsc Date: Wed, 28 Sep 2022 18:29:03 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: queasysnail.net Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org It's not doing much anymore. Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 863e5ae6e75e..4d457b7211e3 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1838,14 +1838,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info) return err; } -static bool validate_add_rxsc(struct nlattr **attrs) -{ - if (!attrs[MACSEC_RXSC_ATTR_SCI]) - return false; - - return true; -} - static int macsec_add_rxsc(struct sk_buff *skb, struct genl_info *info) { struct net_device *dev; @@ -1863,7 +1855,7 @@ static int macsec_add_rxsc(struct sk_buff *skb, struct genl_info *info) if (parse_rxsc_config(attrs, tb_rxsc)) return -EINVAL; - if (!validate_add_rxsc(tb_rxsc)) + if (!tb_rxsc[MACSEC_RXSC_ATTR_SCI]) return -EINVAL; rtnl_lock(); @@ -2458,7 +2450,7 @@ static int macsec_upd_rxsc(struct sk_buff *skb, struct genl_info *info) if (parse_rxsc_config(attrs, tb_rxsc)) return -EINVAL; - if (!validate_add_rxsc(tb_rxsc)) + if (!tb_rxsc[MACSEC_RXSC_ATTR_SCI]) return -EINVAL; rtnl_lock();