| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230329184201.GB831478@unreal>
Date: Wed, 29 Mar 2023 21:42:01 +0300
From: Leon Romanovsky <leon@...nel.org>
To: Sabrina Dubroca <sd@...asysnail.net>
Cc: Emeel Hakim <ehakim@...dia.com>, davem@...emloft.net,
kuba@...nel.org, pabeni@...hat.com, edumazet@...gle.com,
netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2 1/4] vlan: Add MACsec offload operations for
VLAN interface
On Wed, Mar 29, 2023 at 04:43:59PM +0200, Sabrina Dubroca wrote:
> 2023-03-29, 15:21:04 +0300, Emeel Hakim wrote:
> > Add support for MACsec offload operations for VLAN driver
> > to allow offloading MACsec when VLAN's real device supports
> > Macsec offload by forwarding the offload request to it.
> >
> > Signed-off-by: Emeel Hakim <ehakim@...dia.com>
> > ---
> > V1 -> V2: - Consult vlan_features when adding NETIF_F_HW_MACSEC.
>
> Uh? You're not actually doing that? You also dropped the
> changes to vlan_dev_fix_features without explaining why.
vlan_dev_fix_features() relies on real_dev->vlan_features which was set
in mlx5 part of this patch.
643 static netdev_features_t vlan_dev_fix_features(struct net_device *dev,
644 netdev_features_t features)
645 {
...
649
650 lower_features = netdev_intersect_features((real_dev->vlan_features |
651 NETIF_F_RXCSUM),
652 real_dev->features);
This part ensure that once real_dev->vlan_features and real_dev->features have NETIF_F_HW_MACSEC,
the returned features will include NETIF_F_HW_MACSEC too.
>
> [...]
> > @@ -572,6 +573,9 @@ static int vlan_dev_init(struct net_device *dev)
> > NETIF_F_HIGHDMA | NETIF_F_SCTP_CRC |
> > NETIF_F_ALL_FCOE;
> >
> > + if (real_dev->features & NETIF_F_HW_MACSEC)
> > + dev->hw_features |= NETIF_F_HW_MACSEC;
> > +
> > dev->features |= dev->hw_features | NETIF_F_LLTX;
> > netif_inherit_tso_max(dev, real_dev);
> > if (dev->features & NETIF_F_VLAN_FEATURES)
> > @@ -803,6 +807,100 @@ static int vlan_dev_fill_forward_path(struct net_device_path_ctx *ctx,
> > return 0;
> > }
> >
> > +#if IS_ENABLED(CONFIG_MACSEC)
> > +
> > +static const struct macsec_ops *vlan_get_macsec_ops(struct macsec_context *ctx)
> ^ const?
>
> > +{
> > + return vlan_dev_priv(ctx->netdev)->real_dev->macsec_ops;
> > +}
> > +
> > +#define _BUILD_VLAN_MACSEC_MDO(mdo) \
> > + const struct macsec_ops *ops; \
> > + ops = vlan_get_macsec_ops(ctx); \
> > + return ops ? ops->mdo_ ## mdo(ctx) : -EOPNOTSUPP
> > +
> > +static int vlan_macsec_add_txsa(struct macsec_context *ctx)
> > +{
> > +_BUILD_VLAN_MACSEC_MDO(add_txsa);
>
> Shouldn't those be indented?
>
> > +}
> > +
>
> [...]
> > +
> > +#define VLAN_MACSEC_DECLARE_MDO(mdo) .mdo_ ## mdo = vlan_macsec_ ## mdo
> > +
> > +static const struct macsec_ops macsec_offload_ops = {
> > + VLAN_MACSEC_DECLARE_MDO(add_txsa),
>
> This completely breaks the ability to use cscope when looking for
> implementations of mdo_add_txsa. I'm not very fond of the c/p, but I
> don't think we should be using macros at all here. At least to me,
> being able to navigate directly from mdo_add_txsa to its
> implementation without expanding the macro manually is important.
>
> So, IMHO, those should be:
>
> .mdo_add_txsa = vlan_macsec_add_txsa,
Completely agree with you.
>
> (etc)
>
> --
> Sabrina
>
Powered by blists - more mailing lists