| From 5209346b7f95159d3f08ff748166bc7cd8d6b4b3 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Thu, 24 Jun 2021 11:38:28 +0200 |
| Subject: net: macsec: fix the length used to copy the key for offloading |
| |
| From: Antoine Tenart <atenart@kernel.org> |
| |
| [ Upstream commit 1f7fe5121127e037b86592ba42ce36515ea0e3f7 ] |
| |
| The key length used when offloading macsec to Ethernet or PHY drivers |
| was set to MACSEC_KEYID_LEN (16), which is an issue as: |
| - This was never meant to be the key length. |
| - The key length can be > 16. |
| |
| Fix this by using MACSEC_MAX_KEY_LEN to store the key (the max length |
| accepted in uAPI) and secy->key_len to copy it. |
| |
| Fixes: 3cf3227a21d1 ("net: macsec: hardware offloading infrastructure") |
| Reported-by: Lior Nahmanson <liorna@nvidia.com> |
| Signed-off-by: Antoine Tenart <atenart@kernel.org> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/net/macsec.c | 4 ++-- |
| include/net/macsec.h | 2 +- |
| 2 files changed, 3 insertions(+), 3 deletions(-) |
| |
| diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c |
| index 11ca5fa902a1..c601d3df2722 100644 |
| --- a/drivers/net/macsec.c |
| +++ b/drivers/net/macsec.c |
| @@ -1818,7 +1818,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info) |
| ctx.sa.rx_sa = rx_sa; |
| ctx.secy = secy; |
| memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]), |
| - MACSEC_KEYID_LEN); |
| + secy->key_len); |
| |
| err = macsec_offload(ops->mdo_add_rxsa, &ctx); |
| if (err) |
| @@ -2060,7 +2060,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info) |
| ctx.sa.tx_sa = tx_sa; |
| ctx.secy = secy; |
| memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]), |
| - MACSEC_KEYID_LEN); |
| + secy->key_len); |
| |
| err = macsec_offload(ops->mdo_add_txsa, &ctx); |
| if (err) |
| diff --git a/include/net/macsec.h b/include/net/macsec.h |
| index 52874cdfe226..d6fa6b97f6ef 100644 |
| --- a/include/net/macsec.h |
| +++ b/include/net/macsec.h |
| @@ -241,7 +241,7 @@ struct macsec_context { |
| struct macsec_rx_sc *rx_sc; |
| struct { |
| unsigned char assoc_num; |
| - u8 key[MACSEC_KEYID_LEN]; |
| + u8 key[MACSEC_MAX_KEY_LEN]; |
| union { |
| struct macsec_rx_sa *rx_sa; |
| struct macsec_tx_sa *tx_sa; |
| -- |
| 2.30.2 |
| |