leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

net: atlantic: macsec: clear encryption keys from the stack

Browse Source 
Commit aaab73f8fb ("macsec: clear encryption keys from the stack after
setting up offload") made sure to clean encryption keys from the stack
after setting up offloading, but the atlantic driver made a copy and did
not clear it. Fix this.

[4 Fixes tags below, all part of the same series, no need to split this]

Fixes: 9ff40a751a ("net: atlantic: MACSec ingress offload implementation")
Fixes: b8f8a0b7b5 ("net: atlantic: MACSec ingress offload HW bindings")
Fixes: 27736563ce ("net: atlantic: MACSec egress offload implementation")
Fixes: 9d106c6dd8 ("net: atlantic: MACSec egress offload HW bindings")
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
This commit is contained in:
Antoine Tenart 2022-11-08 16:34:59 +01:00 committed by Paolo Abeni
parent 1b16b3fdf6
commit 879785def0
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/net/ethernet/aquantia/atlantic/aq_macsec.c
View File

@ -570,6 +570,7 @@ static int aq_update_txsa(struct aq_nic_s *nic, const unsigned int sc_idx,
ret = aq_mss_set_egress_sakey_record(hw, &key_rec, sa_idx); ret = aq_mss_set_egress_sakey_record(hw, &key_rec, sa_idx);
memzero_explicit(&key_rec, sizeof(key_rec));
return ret; return ret;
} }
@ -899,6 +900,7 @@ static int aq_update_rxsa(struct aq_nic_s *nic, const unsigned int sc_idx,
ret = aq_mss_set_ingress_sakey_record(hw, &sa_key_record, sa_idx); ret = aq_mss_set_ingress_sakey_record(hw, &sa_key_record, sa_idx);
memzero_explicit(&sa_key_record, sizeof(sa_key_record));
return ret; return ret;
} }

14
drivers/net/ethernet/aquantia/atlantic/macsec/macsec_api.c
View File

@ -757,6 +757,7 @@ set_ingress_sakey_record(struct aq_hw_s *hw,
u16 table_index) u16 table_index)
{ {
u16 packed_record[18]; u16 packed_record[18];
int ret;
if (table_index >= NUMROWS_INGRESSSAKEYRECORD) if (table_index >= NUMROWS_INGRESSSAKEYRECORD)
return -EINVAL; return -EINVAL;
@ -789,9 +790,12 @@ set_ingress_sakey_record(struct aq_hw_s *hw,
packed_record[16] = rec->key_len & 0x3; packed_record[16] = rec->key_len & 0x3;
return set_raw_ingress_record(hw, packed_record, 18, 2, ret = set_raw_ingress_record(hw, packed_record, 18, 2,
ROWOFFSET_INGRESSSAKEYRECORD + ROWOFFSET_INGRESSSAKEYRECORD +
table_index); table_index);
memzero_explicit(packed_record, sizeof(packed_record));
return ret;
} }
int aq_mss_set_ingress_sakey_record(struct aq_hw_s *hw, int aq_mss_set_ingress_sakey_record(struct aq_hw_s *hw,
@ -1739,14 +1743,14 @@ static int set_egress_sakey_record(struct aq_hw_s *hw,
ret = set_raw_egress_record(hw, packed_record, 8, 2, ret = set_raw_egress_record(hw, packed_record, 8, 2,
ROWOFFSET_EGRESSSAKEYRECORD + table_index); ROWOFFSET_EGRESSSAKEYRECORD + table_index);
if (unlikely(ret)) if (unlikely(ret))
return ret; goto clear_key;
ret = set_raw_egress_record(hw, packed_record + 8, 8, 2, ret = set_raw_egress_record(hw, packed_record + 8, 8, 2,
ROWOFFSET_EGRESSSAKEYRECORD + table_index - ROWOFFSET_EGRESSSAKEYRECORD + table_index -
32); 32);
if (unlikely(ret))
return ret;
return 0; clear_key:
memzero_explicit(packed_record, sizeof(packed_record));
return ret;
} }
int aq_mss_set_egress_sakey_record(struct aq_hw_s *hw, int aq_mss_set_egress_sakey_record(struct aq_hw_s *hw,