lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <166686030097.40988.16309190373804586041@kwain> Date: Thu, 27 Oct 2022 10:45:00 +0200 From: Antoine Tenart <atenart@...nel.org> To: Sabrina Dubroca <sd@...asysnail.net>, netdev@...r.kernel.org Cc: Leon Romanovsky <leon@...nel.org>, Sabrina Dubroca <sd@...asysnail.net>, Mark Starovoytov <mstarovoitov@...vell.com>, Igor Russkikh <irusskikh@...vell.com> Subject: Re: [PATCH net v2 0/5] macsec: offload-related fixes Quoting Sabrina Dubroca (2022-10-26 23:56:22) > I'm working on a dummy offload for macsec on netdevsim. It just has a > small SecY and RXSC table so I can trigger failures easily on the > ndo_* side. It has exposed a couple of issues. > > The first patch is a revert of commit c850240b6c41 ("net: macsec: > report real_dev features when HW offloading is enabled"). That commit > tried to improve the performance of macsec offload by taking advantage > of some of the NIC's features, but in doing so, broke macsec offload > when the lower device supports both macsec and ipsec offload, as the > ipsec offload feature flags were copied from the real device. Since > the macsec device doesn't provide xdo_* ops, the XFRM core rejects the > registration of the new macsec device in xfrm_api_check. > > I'm working on re-adding those feature flags when offload is > available, but I haven't fully solved that yet. I think it would be > safer to do that second part in net-next considering how complex > feature interactions tend to be. > > v2: > - better describe the issue introduced by commit c850240b6c41 (Leon > Romanovsky) > - drop unnecessary !! (Leon Romanovsky) > > Sabrina Dubroca (5): > Revert "net: macsec: report real_dev features when HW offloading is > enabled" > macsec: delete new rxsc when offload fails > macsec: fix secy->n_rx_sc accounting > macsec: fix detection of RXSCs when toggling offloading > macsec: clear encryption keys from the stack after setting up offload Series, Reviewed-by: Antoine Tenart <atenart@...nel.org> Thanks!
Powered by blists - more mailing lists