lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <166686030097.40988.16309190373804586041@kwain>
Date:   Thu, 27 Oct 2022 10:45:00 +0200
From:   Antoine Tenart <atenart@...nel.org>
To:     Sabrina Dubroca <sd@...asysnail.net>, netdev@...r.kernel.org
Cc:     Leon Romanovsky <leon@...nel.org>,
        Sabrina Dubroca <sd@...asysnail.net>,
        Mark Starovoytov <mstarovoitov@...vell.com>,
        Igor Russkikh <irusskikh@...vell.com>
Subject: Re: [PATCH net v2 0/5] macsec: offload-related fixes

Quoting Sabrina Dubroca (2022-10-26 23:56:22)
> I'm working on a dummy offload for macsec on netdevsim. It just has a
> small SecY and RXSC table so I can trigger failures easily on the
> ndo_* side. It has exposed a couple of issues.
> 
> The first patch is a revert of commit c850240b6c41 ("net: macsec:
> report real_dev features when HW offloading is enabled"). That commit
> tried to improve the performance of macsec offload by taking advantage
> of some of the NIC's features, but in doing so, broke macsec offload
> when the lower device supports both macsec and ipsec offload, as the
> ipsec offload feature flags were copied from the real device. Since
> the macsec device doesn't provide xdo_* ops, the XFRM core rejects the
> registration of the new macsec device in xfrm_api_check.
> 
> I'm working on re-adding those feature flags when offload is
> available, but I haven't fully solved that yet. I think it would be
> safer to do that second part in net-next considering how complex
> feature interactions tend to be.
> 
> v2:
>  - better describe the issue introduced by commit c850240b6c41 (Leon
>    Romanovsky)
>  - drop unnecessary !! (Leon Romanovsky)
> 
> Sabrina Dubroca (5):
>   Revert "net: macsec: report real_dev features when HW offloading is
>     enabled"
>   macsec: delete new rxsc when offload fails
>   macsec: fix secy->n_rx_sc accounting
>   macsec: fix detection of RXSCs when toggling offloading
>   macsec: clear encryption keys from the stack after setting up offload

Series,
Reviewed-by: Antoine Tenart <atenart@...nel.org>

Thanks!

Powered by blists - more mailing lists