| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Oct 2023 21:30:24 +0300 From: "Radu Pirea (OSS)" <radu-nicolae.pirea@....nxp.com> To: Sabrina Dubroca <sd@...asysnail.net> Cc: sgoutham@...vell.com, gakula@...vell.com, sbhatta@...vell.com, hkelam@...vell.com, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, borisp@...dia.com, saeedm@...dia.com, leon@...nel.org, andrew@...n.ch, hkallweit1@...il.com, linux@...linux.org.uk, richardcochran@...il.com, sebastian.tobuschat@....nxp.com, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, linux-rdma@...r.kernel.org Subject: Re: [PATCH net-next v6 05/10] octeontx2-pf: mcs: update PN only when update_pn is true On 03.10.2023 16:15, Sabrina Dubroca wrote: > 2023-09-28, 11:44:25 +0300, Radu Pirea (NXP OSS) wrote: >> When updating SA, update the PN only when the update_pn flag is true. >> Otherwise, the PN will be reset to its previous value. > > This is a bugfix and should go through the net tree with a Fixes > tag. I'd suggest taking patches 3,5,6 out of this series and > submitting them all to net, with a Fixes tag for patches 5 and > 6. Patch 7 doesn't fix a bug and could go through the net-next tree. > Patch 7 does not look like a bug fix, but it is. Without patch 7 a user will be able to update the SA using the initial PN value like this: ip link add link eth0 macsec0 type macsec encrypt on offload phy ip macsec add macsec0 tx sa 0 pn 1 on key 00 ead3664f508eb06c40ac7104cdae4ce5 ip macsec set macsec0 tx sa 0 pn 1 off #this command does not fail, but it should -- Radu P.
Powered by blists - more mailing lists