Skip to content

Commit 252486e

Browse files
author
CKI KWF Bot
committed
Merge: macsec: stable backport for 10.2 phase 1
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-10/-/merge_requests/1527 JIRA: https://issues.redhat.com/browse/RHEL-115574 * d9816ec macsec: MACsec SCI assignment for ES = 0 * 030e1c4 macsec: read MACSEC_SA_ATTR_PN with nla_get_uint Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com> --- <small>Created 2025-10-02 08:48 UTC by backporter - [KWF FAQ](https://red.ht/kernel_workflow_doc) - [Slack #team-kernel-workflow](https://redhat-internal.slack.com/archives/C04LRUPMJQ5) - [Source](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/utils/backporter.py) - [Documentation](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.backporter.md) - [Report an issue](https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12334433&issuetype=1&priority=4&summary=backporter+webhook+issue&components=kernel-workflow+/+backporter)</small> Approved-by: Hangbin Liu <haliu@redhat.com> Approved-by: Antoine Tenart <atenart@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: CKI GitLab Kmaint Pipeline Bot <26919896-cki-kmaint-pipeline-bot@users.noreply.gitlab.com>
2 parents f44ddf0 + ef03c7a commit 252486e

File tree

1 file changed

+38
-10
lines changed

1 file changed

+38
-10
lines changed

drivers/net/macsec.c

Lines changed: 38 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -246,15 +246,39 @@ static sci_t make_sci(const u8 *addr, __be16 port)
246246
return sci;
247247
}
248248

249-
static sci_t macsec_frame_sci(struct macsec_eth_header *hdr, bool sci_present)
249+
static sci_t macsec_active_sci(struct macsec_secy *secy)
250250
{
251-
sci_t sci;
251+
struct macsec_rx_sc *rx_sc = rcu_dereference_bh(secy->rx_sc);
252+
253+
/* Case single RX SC */
254+
if (rx_sc && !rcu_dereference_bh(rx_sc->next))
255+
return (rx_sc->active) ? rx_sc->sci : 0;
256+
/* Case no RX SC or multiple */
257+
else
258+
return 0;
259+
}
260+
261+
static sci_t macsec_frame_sci(struct macsec_eth_header *hdr, bool sci_present,
262+
struct macsec_rxh_data *rxd)
263+
{
264+
struct macsec_dev *macsec;
265+
sci_t sci = 0;
252266

253-
if (sci_present)
267+
/* SC = 1 */
268+
if (sci_present) {
254269
memcpy(&sci, hdr->secure_channel_id,
255270
sizeof(hdr->secure_channel_id));
256-
else
271+
/* SC = 0; ES = 0 */
272+
} else if ((!(hdr->tci_an & (MACSEC_TCI_ES | MACSEC_TCI_SC))) &&
273+
(list_is_singular(&rxd->secys))) {
274+
/* Only one SECY should exist on this scenario */
275+
macsec = list_first_or_null_rcu(&rxd->secys, struct macsec_dev,
276+
secys);
277+
if (macsec)
278+
return macsec_active_sci(&macsec->secy);
279+
} else {
257280
sci = make_sci(hdr->eth.h_source, MACSEC_PORT_ES);
281+
}
258282

259283
return sci;
260284
}
@@ -1108,7 +1132,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
11081132
struct macsec_rxh_data *rxd;
11091133
struct macsec_dev *macsec;
11101134
unsigned int len;
1111-
sci_t sci;
1135+
sci_t sci = 0;
11121136
u32 hdr_pn;
11131137
bool cbit;
11141138
struct pcpu_rx_sc_stats *rxsc_stats;
@@ -1155,11 +1179,14 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
11551179

11561180
macsec_skb_cb(skb)->has_sci = !!(hdr->tci_an & MACSEC_TCI_SC);
11571181
macsec_skb_cb(skb)->assoc_num = hdr->tci_an & MACSEC_AN_MASK;
1158-
sci = macsec_frame_sci(hdr, macsec_skb_cb(skb)->has_sci);
11591182

11601183
rcu_read_lock();
11611184
rxd = macsec_data_rcu(skb->dev);
11621185

1186+
sci = macsec_frame_sci(hdr, macsec_skb_cb(skb)->has_sci, rxd);
1187+
if (!sci)
1188+
goto drop_nosc;
1189+
11631190
list_for_each_entry_rcu(macsec, &rxd->secys, secys) {
11641191
struct macsec_rx_sc *sc = find_rx_sc(&macsec->secy, sci);
11651192

@@ -1282,6 +1309,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
12821309
macsec_rxsa_put(rx_sa);
12831310
drop_nosa:
12841311
macsec_rxsc_put(rx_sc);
1312+
drop_nosc:
12851313
rcu_read_unlock();
12861314
drop_direct:
12871315
kfree_skb(skb);
@@ -1815,7 +1843,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
18151843

18161844
if (tb_sa[MACSEC_SA_ATTR_PN]) {
18171845
spin_lock_bh(&rx_sa->lock);
1818-
rx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
1846+
rx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
18191847
spin_unlock_bh(&rx_sa->lock);
18201848
}
18211849

@@ -2057,7 +2085,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
20572085
}
20582086

20592087
spin_lock_bh(&tx_sa->lock);
2060-
tx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
2088+
tx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
20612089
spin_unlock_bh(&tx_sa->lock);
20622090

20632091
if (tb_sa[MACSEC_SA_ATTR_ACTIVE])
@@ -2369,7 +2397,7 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
23692397

23702398
spin_lock_bh(&tx_sa->lock);
23712399
prev_pn = tx_sa->next_pn_halves;
2372-
tx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
2400+
tx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
23732401
spin_unlock_bh(&tx_sa->lock);
23742402
}
23752403

@@ -2467,7 +2495,7 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
24672495

24682496
spin_lock_bh(&rx_sa->lock);
24692497
prev_pn = rx_sa->next_pn_halves;
2470-
rx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
2498+
rx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
24712499
spin_unlock_bh(&rx_sa->lock);
24722500
}
24732501

0 commit comments

Comments
 (0)