From: Sabrina Dubroca Date: Tue, 26 Aug 2025 13:16:24 +0000 (+0200) Subject: macsec: use NLA_UINT for MACSEC_SA_ATTR_PN X-Git-Tag: v6.18-rc1~132^2~316^2~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=82f3116132fc12d27e5a4bb7151c8da4f689a083;p=thirdparty%2Fkernel%2Fstable.git macsec: use NLA_UINT for MACSEC_SA_ATTR_PN MACSEC_SA_ATTR_PN is either a u32 or a u64, we can now use NLA_UINT for this instead of a custom binary type. We can then use a min check within the policy. We need to keep the length checks done in macsec_{add,upd}_{rx,tx}sa based on whether the device is set up for XPN (with 64b PNs instead of 32b). On the dump side, keep the existing custom code as userspace may expect a u64 when using XPN, and nla_put_uint may only output a u32 attribute if the value fits. Signed-off-by: Sabrina Dubroca Reviewed-by: Simon Horman Link: https://patch.msgid.link/c9d32bd479cd4464e09010fbce1becc75377c8a0.1756202772.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski --- diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index b613ce1e3a7e7..83158dbc16280 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1671,7 +1671,7 @@ static const struct nla_policy macsec_genl_rxsc_policy[NUM_MACSEC_RXSC_ATTR] = { static const struct nla_policy macsec_genl_sa_policy[NUM_MACSEC_SA_ATTR] = { [MACSEC_SA_ATTR_AN] = NLA_POLICY_MAX(NLA_U8, MACSEC_NUM_AN - 1), [MACSEC_SA_ATTR_ACTIVE] = NLA_POLICY_MAX(NLA_U8, 1), - [MACSEC_SA_ATTR_PN] = NLA_POLICY_MIN_LEN(4), + [MACSEC_SA_ATTR_PN] = NLA_POLICY_MIN(NLA_UINT, 1), [MACSEC_SA_ATTR_KEYID] = NLA_POLICY_EXACT_LEN(MACSEC_KEYID_LEN), [MACSEC_SA_ATTR_KEY] = NLA_POLICY_MAX_LEN(MACSEC_MAX_KEY_LEN), [MACSEC_SA_ATTR_SSCI] = { .type = NLA_U32 }, @@ -1731,10 +1731,6 @@ static bool validate_add_rxsa(struct nlattr **attrs) !attrs[MACSEC_SA_ATTR_KEYID]) return false; - if (attrs[MACSEC_SA_ATTR_PN] && - nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) - return false; - return true; } @@ -1952,9 +1948,6 @@ static bool validate_add_txsa(struct nlattr **attrs) !attrs[MACSEC_SA_ATTR_KEYID]) return false; - if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) - return false; - return true; } @@ -2288,9 +2281,6 @@ static bool validate_upd_sa(struct nlattr **attrs) attrs[MACSEC_SA_ATTR_SALT]) return false; - if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) - return false; - return true; }