macsec: read MACSEC_SA_ATTR_PN with nla_get_uint

[ Upstream commit 030e1c45666629f72d0fc1d040f9d2915680de8e ]

The code currently reads both U32 attributes and U64 attributes as
U64, so when a U32 attribute is provided by userspace (ie, when not
using XPN), on big endian systems, we'll load that value into the
upper 32bits of the next_pn field instead of the lower 32bits. This
means that the value that userspace provided is ignored (we only care
about the lower 32bits for non-XPN), and we'll start using PNs from 0.

Switch to nla_get_uint, which will read the value correctly on all
arches, whether it's 32b or 64b.

Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/1c1df1661b89238caf5beefb84a10ebfd56c66ea.1756459839.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 090a56a5e456acb1d1cbfb418d28e6fdcabc49f3..8b10112c30dc17d86915c3d269f172f15da1fe4c 100644 (file)
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1843,7 +1843,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
 
        if (tb_sa[MACSEC_SA_ATTR_PN]) {
                spin_lock_bh(&rx_sa->lock);
-               rx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
+               rx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
                spin_unlock_bh(&rx_sa->lock);
        }
 
@@ -2085,7 +2085,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
        }
 
        spin_lock_bh(&tx_sa->lock);
-       tx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
+       tx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
        spin_unlock_bh(&tx_sa->lock);
 
        if (tb_sa[MACSEC_SA_ATTR_ACTIVE])
@@ -2397,7 +2397,7 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
 
                spin_lock_bh(&tx_sa->lock);
                prev_pn = tx_sa->next_pn_halves;
-               tx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
+               tx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
                spin_unlock_bh(&tx_sa->lock);
        }
 
@@ -2495,7 +2495,7 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
 
                spin_lock_bh(&rx_sa->lock);
                prev_pn = rx_sa->next_pn_halves;
-               rx_sa->next_pn = nla_get_u64(tb_sa[MACSEC_SA_ATTR_PN]);
+               rx_sa->next_pn = nla_get_uint(tb_sa[MACSEC_SA_ATTR_PN]);
                spin_unlock_bh(&rx_sa->lock);
        }