lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 29 Mar 2023 21:42:01 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Sabrina Dubroca <sd@...asysnail.net>
Cc:     Emeel Hakim <ehakim@...dia.com>, davem@...emloft.net,
        kuba@...nel.org, pabeni@...hat.com, edumazet@...gle.com,
        netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2 1/4] vlan: Add MACsec offload operations for
 VLAN interface

On Wed, Mar 29, 2023 at 04:43:59PM +0200, Sabrina Dubroca wrote:
> 2023-03-29, 15:21:04 +0300, Emeel Hakim wrote:
> > Add support for MACsec offload operations for VLAN driver
> > to allow offloading MACsec when VLAN's real device supports
> > Macsec offload by forwarding the offload request to it.
> > 
> > Signed-off-by: Emeel Hakim <ehakim@...dia.com>
> > ---
> > V1 -> V2: - Consult vlan_features when adding NETIF_F_HW_MACSEC.
> 
> Uh? You're not actually doing that? You also dropped the
> changes to vlan_dev_fix_features without explaining why.

vlan_dev_fix_features() relies on real_dev->vlan_features which was set
in mlx5 part of this patch.

  643 static netdev_features_t vlan_dev_fix_features(struct net_device *dev,
  644         netdev_features_t features)
  645 {
  ...
  649
  650         lower_features = netdev_intersect_features((real_dev->vlan_features |
  651                                                     NETIF_F_RXCSUM),
  652                                                    real_dev->features);

This part ensure that once real_dev->vlan_features and real_dev->features have NETIF_F_HW_MACSEC,
the returned features will include NETIF_F_HW_MACSEC too.

> 
> [...]
> > @@ -572,6 +573,9 @@ static int vlan_dev_init(struct net_device *dev)
> >  			   NETIF_F_HIGHDMA | NETIF_F_SCTP_CRC |
> >  			   NETIF_F_ALL_FCOE;
> >  
> > +	if (real_dev->features & NETIF_F_HW_MACSEC)
> > +		dev->hw_features |= NETIF_F_HW_MACSEC;
> > +
> >  	dev->features |= dev->hw_features | NETIF_F_LLTX;
> >  	netif_inherit_tso_max(dev, real_dev);
> >  	if (dev->features & NETIF_F_VLAN_FEATURES)
> > @@ -803,6 +807,100 @@ static int vlan_dev_fill_forward_path(struct net_device_path_ctx *ctx,
> >  	return 0;
> >  }
> >  
> > +#if IS_ENABLED(CONFIG_MACSEC)
> > +
> > +static const struct macsec_ops *vlan_get_macsec_ops(struct macsec_context *ctx)
>                                                        ^ const?
> 
> > +{
> > +	return vlan_dev_priv(ctx->netdev)->real_dev->macsec_ops;
> > +}
> > +
> > +#define _BUILD_VLAN_MACSEC_MDO(mdo) \
> > +	const struct macsec_ops *ops; \
> > +	ops =  vlan_get_macsec_ops(ctx); \
> > +	return ops ? ops->mdo_ ## mdo(ctx) : -EOPNOTSUPP
> > +
> > +static int vlan_macsec_add_txsa(struct macsec_context *ctx)
> > +{
> > +_BUILD_VLAN_MACSEC_MDO(add_txsa);
> 
> Shouldn't those be indented?
> 
> > +}
> > +
> 
> [...]
> > +
> > +#define VLAN_MACSEC_DECLARE_MDO(mdo) .mdo_ ## mdo = vlan_macsec_ ## mdo
> > +
> > +static const struct macsec_ops macsec_offload_ops = {
> > +	VLAN_MACSEC_DECLARE_MDO(add_txsa),
> 
> This completely breaks the ability to use cscope when looking for
> implementations of mdo_add_txsa. I'm not very fond of the c/p, but I
> don't think we should be using macros at all here. At least to me,
> being able to navigate directly from mdo_add_txsa to its
> implementation without expanding the macro manually is important.
> 
> So, IMHO, those should be:
> 
> 	.mdo_add_txsa = vlan_macsec_add_txsa,

Completely agree with you.

> 
> (etc)
> 
> -- 
> Sabrina
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ