lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 17 Aug 2023 12:31:23 +0200
From:   Sabrina Dubroca <sd@...asysnail.net>
To:     "Radu Pirea (OSS)" <radu-nicolae.pirea@....nxp.com>
Cc:     andrew@...n.ch, hkallweit1@...il.com, linux@...linux.org.uk,
        davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, richardcochran@...il.com,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC net-next v1 4/5] net: macsec: introduce mdo_insert_tx_tag

2023-08-17, 11:25:36 +0300, Radu Pirea (OSS) wrote:
> 
> 
> On 16.08.2023 23:40, Sabrina Dubroca wrote:
> > 2023-08-11, 18:32:48 +0300, Radu Pirea (NXP OSS) wrote:
> > > Offloading MACsec in PHYs requires inserting the SecTAG and the ICV in
> > > the ethernet frame. This operation will increase the frame size with 32
> > > bytes.
> > 
> > "up to 32 bytes"?
> 
> Yes, up to 32 bytes.
> 
> > 
> > The SecTAG and ICV can both be shorter, at least with the software
> > implementation.
> > 
> > 
> > [...]
> > > +static struct sk_buff *insert_tx_tag(struct sk_buff *skb,
> > > +				     struct net_device *dev)
> > > +{
> > [...]
> > > +
> > > +	ctx.secy = &macsec->secy;
> > > +	ctx.skb = skb;
> > 
> > I think it would be a bit more readable to just pass the skb to
> >   ->mdo_insert_tx_tag instead of adding it to the context.
> 
> Since this function requires only the skb and the phydev, I would move
> mdo_insert_tx_tag from macsec_ops to a new structure called mascec_tag. What
> do you think about this?

I think it's ok to leave it in macsec_ops.

[...]
> > > @@ -4137,6 +4211,11 @@ static int macsec_newlink(struct net *net, struct net_device *dev,
> > >   			if (err)
> > >   				goto del_dev;
> > >   		}
> > > +
> > > +		dev->needed_headroom -= MACSEC_NEEDED_HEADROOM;
> > > +		dev->needed_headroom += ops->needed_headroom;
> > > +		dev->needed_tailroom -= MACSEC_NEEDED_TAILROOM;
> > > +		dev->needed_tailroom += ops->needed_tailroom;
> > 
> > If the driver doesn't set ops->needed_headroom, we'll subtract
> > MACSEC_NEEDED_HEADROOM and not add anything back. Is that correct for
> > all existing drivers? (and same for tailroom)
> 
> It should be. However, I will do this operation only for the PHYs that needs
> to parse a tag.
> 
> > 
> > You set needed_tailroom to 0 in your driver, but the commit message
> > for this patch says that the HW needs space for the ICV. I'm a bit
> > puzzled by this, especially since MACSEC_NEEDED_TAILROOM already
> > reserves space for the ICV.
> 
> The 32 bytes headroom will compensate for 0 bytes tailroom.

Ok.


One more question about the ordering of patches in this series: is
macsec offload with your device functional without this and the final
patch? Otherwise, I would put this patch first, and then the driver
patches (either collapsed into a single patch, or preferably split out
if there's a reasonable way to do it -- patch 3 is really huge and
hard to review).

-- 
Sabrina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ