Skip to content

Commit 90a5cad

Browse files
author
CKI KWF Bot
committed
Merge: macsec: stable backport for 9.8 phase 2
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/7432 JIRA: https://issues.redhat.com/browse/RHEL-115622 * d9816ec macsec: MACsec SCI assignment for ES = 0 * 030e1c4 macsec: read MACSEC_SA_ATTR_PN with nla_get_uint Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com> --- <small>Created 2025-10-02 08:41 UTC by backporter - [KWF FAQ](https://red.ht/kernel_workflow_doc) - [Slack #team-kernel-workflow](https://redhat-internal.slack.com/archives/C04LRUPMJQ5) - [Source](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/utils/backporter.py) - [Documentation](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.backporter.md) - [Report an issue](https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12334433&issuetype=1&priority=4&summary=backporter+webhook+issue&components=kernel-workflow+/+backporter)</small> Approved-by: Hangbin Liu <haliu@redhat.com> Approved-by: Antoine Tenart <atenart@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: CKI GitLab Kmaint Pipeline Bot <26919896-cki-kmaint-pipeline-bot@users.noreply.gitlab.com>
2 parents e93c261 + ae5c3c8 commit 90a5cad

File tree

1 file changed

+38
-10
lines changed

1 file changed

+38
-10
lines changed

drivers/net/macsec.c

Lines changed: 38 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -256,15 +256,39 @@ static sci_t make_sci(const u8 *addr, __be16 port)
256256
return sci;
257257
}
258258

259-
static sci_t macsec_frame_sci(struct macsec_eth_header *hdr, bool sci_present)
259+
static sci_t macsec_active_sci(struct macsec_secy *secy)
260260
{
261-
sci_t sci;
261+
struct macsec_rx_sc *rx_sc = rcu_dereference_bh(secy->rx_sc);
262+
263+
/* Case single RX SC */
264+
if (rx_sc && !rcu_dereference_bh(rx_sc->next))
265+
return (rx_sc->active) ? rx_sc->sci : 0;
266+
/* Case no RX SC or multiple */
267+
else
268+
return 0;
269+
}
270+
271+
static sci_t macsec_frame_sci(struct macsec_eth_header *hdr, bool sci_present,
272+
struct macsec_rxh_data *rxd)
273+
{
274+
struct macsec_dev *macsec;
275+
sci_t sci = 0;
262276

263-
if (sci_present)
277+
/* SC = 1 */
278+
if (sci_present) {
264279
memcpy(&sci, hdr->secure_channel_id,
265280
sizeof(hdr->secure_channel_id));
266-
else
281+
/* SC = 0; ES = 0 */
282+
} else if ((!(hdr->tci_an & (MACSEC_TCI_ES | MACSEC_TCI_SC))) &&
283+
(list_is_singular(&rxd->secys))) {
284+
/* Only one SECY should exist on this scenario */
285+
macsec = list_first_or_null_rcu(&rxd->secys, struct macsec_dev,
286+
secys);
287+
if (macsec)
288+
return macsec_active_sci(&macsec->secy);
289+
} else {
267290
sci = make_sci(hdr->eth.h_source, MACSEC_PORT_ES);
291+
}
268292

269293
return sci;
270294
}
@@ -1118,7 +1142,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
11181142
struct macsec_rxh_data *rxd;
11191143
struct macsec_dev *macsec;
11201144
unsigned int len;
1121-
sci_t sci;
1145+
sci_t sci = 0;
11221146
u32 hdr_pn;
11231147
bool cbit;
11241148
struct pcpu_rx_sc_stats *rxsc_stats;
@@ -1165,11 +1189,14 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
11651189

11661190
macsec_skb_cb(skb)->has_sci = !!(hdr->tci_an & MACSEC_TCI_SC);
11671191
macsec_skb_cb(skb)->assoc_num = hdr->tci_an & MACSEC_AN_MASK;
1168-
sci = macsec_frame_sci(hdr, macsec_skb_cb(skb)->has_sci);
11691192

11701193
rcu_read_lock();
11711194
rxd = macsec_data_rcu(skb->dev);
11721195

1196+
sci = macsec_frame_sci(hdr, macsec_skb_cb(skb)->has_sci, rxd);
1197+
if (!sci)
1198+
goto drop_nosc;
1199+
11731200
list_for_each_entry_rcu(macsec, &rxd->secys, secys) {
11741201
struct macsec_rx_sc *sc = find_rx_sc(&macsec->secy, sci);
11751202

@@ -1297,6 +1324,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
12971324
macsec_rxsa_put(rx_sa);
12981325
drop_nosa:
12991326
macsec_rxsc_put(rx_sc);
1327+
drop_nosc:
13001328
rcu_read_unlock();
13011329
drop_direct:
13021330
kfree_skb(skb);
@@ -1830,7 +1858,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
18301858

18311859
if (tb_sa[MACSEC_SA_ATTR_PN]) {
18321860
spin_lock_bh(&rx_sa->lock);
1833-
rx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
1861+
rx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
18341862
spin_unlock_bh(&rx_sa->lock);
18351863
}
18361864

@@ -2072,7 +2100,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
20722100
}
20732101

20742102
spin_lock_bh(&tx_sa->lock);
2075-
tx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
2103+
tx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
20762104
spin_unlock_bh(&tx_sa->lock);
20772105

20782106
if (tb_sa[MACSEC_SA_ATTR_ACTIVE])
@@ -2384,7 +2412,7 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
23842412

23852413
spin_lock_bh(&tx_sa->lock);
23862414
prev_pn = tx_sa->next_pn_halves;
2387-
tx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
2415+
tx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
23882416
spin_unlock_bh(&tx_sa->lock);
23892417
}
23902418

@@ -2482,7 +2510,7 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
24822510

24832511
spin_lock_bh(&rx_sa->lock);
24842512
prev_pn = rx_sa->next_pn_halves;
2485-
rx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
2513+
rx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
24862514
spin_unlock_bh(&rx_sa->lock);
24872515
}
24882516

0 commit comments

Comments
 (0)