releases/5.10.50/net-macsec-fix-the-length-used-to-copy-the-key-for-o.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 5209346b7f95159d3f08ff748166bc7cd8d6b4b3 Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Thu, 24 Jun 2021 11:38:28 +0200
 Subject: net: macsec: fix the length used to copy the key for offloading

 From: Antoine Tenart <atenart@kernel.org>

 [ Upstream commit 1f7fe5121127e037b86592ba42ce36515ea0e3f7 ]

 The key length used when offloading macsec to Ethernet or PHY drivers
 was set to MACSEC_KEYID_LEN (16), which is an issue as:
 - This was never meant to be the key length.
 - The key length can be > 16.

 Fix this by using MACSEC_MAX_KEY_LEN to store the key (the max length
 accepted in uAPI) and secy->key_len to copy it.

 Fixes: 3cf3227a21d1 ("net: macsec: hardware offloading infrastructure")
 Reported-by: Lior Nahmanson <liorna@nvidia.com>
 Signed-off-by: Antoine Tenart <atenart@kernel.org>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  drivers/net/macsec.c | 4 ++--
  include/net/macsec.h | 2 +-
  2 files changed, 3 insertions(+), 3 deletions(-)

 diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
 index 11ca5fa902a1..c601d3df2722 100644
 --- a/drivers/net/macsec.c
 +++ b/drivers/net/macsec.c
 @@ -1818,7 +1818,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
  		ctx.sa.rx_sa = rx_sa;
  		ctx.secy = secy;
  		memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]),
 -		       MACSEC_KEYID_LEN);
 +		       secy->key_len);

  		err = macsec_offload(ops->mdo_add_rxsa, &ctx);
  		if (err)
 @@ -2060,7 +2060,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
  		ctx.sa.tx_sa = tx_sa;
  		ctx.secy = secy;
  		memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]),
 -		       MACSEC_KEYID_LEN);
 +		       secy->key_len);

  		err = macsec_offload(ops->mdo_add_txsa, &ctx);
  		if (err)
 diff --git a/include/net/macsec.h b/include/net/macsec.h
 index 52874cdfe226..d6fa6b97f6ef 100644
 --- a/include/net/macsec.h
 +++ b/include/net/macsec.h
 @@ -241,7 +241,7 @@ struct macsec_context {
  	struct macsec_rx_sc *rx_sc;
  	struct {
  		unsigned char assoc_num;
 -		u8 key[MACSEC_KEYID_LEN];
 +		u8 key[MACSEC_MAX_KEY_LEN];
  		union {
  			struct macsec_rx_sa *rx_sa;
  			struct macsec_tx_sa *tx_sa;
 --
 2.30.2
	From 5209346b7f95159d3f08ff748166bc7cd8d6b4b3 Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Thu, 24 Jun 2021 11:38:28 +0200
	Subject: net: macsec: fix the length used to copy the key for offloading

	From: Antoine Tenart <atenart@kernel.org>

	[ Upstream commit 1f7fe5121127e037b86592ba42ce36515ea0e3f7 ]

	The key length used when offloading macsec to Ethernet or PHY drivers
	was set to MACSEC_KEYID_LEN (16), which is an issue as:
	- This was never meant to be the key length.
	- The key length can be > 16.

	Fix this by using MACSEC_MAX_KEY_LEN to store the key (the max length
	accepted in uAPI) and secy->key_len to copy it.

	Fixes: 3cf3227a21d1 ("net: macsec: hardware offloading infrastructure")
	Reported-by: Lior Nahmanson <liorna@nvidia.com>
	Signed-off-by: Antoine Tenart <atenart@kernel.org>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	drivers/net/macsec.c \| 4 ++--
	include/net/macsec.h \| 2 +-
	2 files changed, 3 insertions(+), 3 deletions(-)

	diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
	index 11ca5fa902a1..c601d3df2722 100644
	--- a/drivers/net/macsec.c
	+++ b/drivers/net/macsec.c
	@@ -1818,7 +1818,7 @@ static int macsec_add_rxsa(struct sk_buff skb, struct genl_info info)
	ctx.sa.rx_sa = rx_sa;
	ctx.secy = secy;
	memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]),
	- MACSEC_KEYID_LEN);
	+ secy->key_len);

	err = macsec_offload(ops->mdo_add_rxsa, &ctx);
	if (err)
	@@ -2060,7 +2060,7 @@ static int macsec_add_txsa(struct sk_buff skb, struct genl_info info)
	ctx.sa.tx_sa = tx_sa;
	ctx.secy = secy;
	memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]),
	- MACSEC_KEYID_LEN);
	+ secy->key_len);

	err = macsec_offload(ops->mdo_add_txsa, &ctx);
	if (err)
	diff --git a/include/net/macsec.h b/include/net/macsec.h
	index 52874cdfe226..d6fa6b97f6ef 100644
	--- a/include/net/macsec.h
	+++ b/include/net/macsec.h
	@@ -241,7 +241,7 @@ struct macsec_context {
	struct macsec_rx_sc *rx_sc;
	struct {
	unsigned char assoc_num;
	- u8 key[MACSEC_KEYID_LEN];
	+ u8 key[MACSEC_MAX_KEY_LEN];
	union {
	struct macsec_rx_sa *rx_sa;
	struct macsec_tx_sa *tx_sa;
	--
	2.30.2