Commit f5e1ed04 authored by Emeel Hakim's avatar Emeel Hakim Committed by Saeed Mahameed

net/mlx5e: Fix macsec ssci attribute handling in offload path

Currently when macsec offload is set with extended packet number (epn)
enabled, the driver wrongly deduce the short secure channel identifier
(ssci) from the salt instead of the stand alone ssci attribute as it
should, consequently creating a mismatch between the kernel and driver's
ssci values.
Fix by using the ssci value from the relevant attribute.

Fixes: 4411a6c0 ("net/mlx5e: Support MACsec offload extended packet number (EPN)")
Signed-off-by: default avatarEmeel Hakim <ehakim@nvidia.com>
Reviewed-by: default avatarRaed Salem <raeds@nvidia.com>
Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
parent cd4f186d
...@@ -62,6 +62,7 @@ struct mlx5e_macsec_sa { ...@@ -62,6 +62,7 @@ struct mlx5e_macsec_sa {
u32 enc_key_id; u32 enc_key_id;
u32 next_pn; u32 next_pn;
sci_t sci; sci_t sci;
ssci_t ssci;
salt_t salt; salt_t salt;
struct rhash_head hash; struct rhash_head hash;
...@@ -499,10 +500,11 @@ mlx5e_macsec_get_macsec_device_context(const struct mlx5e_macsec *macsec, ...@@ -499,10 +500,11 @@ mlx5e_macsec_get_macsec_device_context(const struct mlx5e_macsec *macsec,
} }
static void update_macsec_epn(struct mlx5e_macsec_sa *sa, const struct macsec_key *key, static void update_macsec_epn(struct mlx5e_macsec_sa *sa, const struct macsec_key *key,
const pn_t *next_pn_halves) const pn_t *next_pn_halves, ssci_t ssci)
{ {
struct mlx5e_macsec_epn_state *epn_state = &sa->epn_state; struct mlx5e_macsec_epn_state *epn_state = &sa->epn_state;
sa->ssci = ssci;
sa->salt = key->salt; sa->salt = key->salt;
epn_state->epn_enabled = 1; epn_state->epn_enabled = 1;
epn_state->epn_msb = next_pn_halves->upper; epn_state->epn_msb = next_pn_halves->upper;
...@@ -550,7 +552,8 @@ static int mlx5e_macsec_add_txsa(struct macsec_context *ctx) ...@@ -550,7 +552,8 @@ static int mlx5e_macsec_add_txsa(struct macsec_context *ctx)
tx_sa->assoc_num = assoc_num; tx_sa->assoc_num = assoc_num;
if (secy->xpn) if (secy->xpn)
update_macsec_epn(tx_sa, &ctx_tx_sa->key, &ctx_tx_sa->next_pn_halves); update_macsec_epn(tx_sa, &ctx_tx_sa->key, &ctx_tx_sa->next_pn_halves,
ctx_tx_sa->ssci);
err = mlx5_create_encryption_key(mdev, ctx->sa.key, secy->key_len, err = mlx5_create_encryption_key(mdev, ctx->sa.key, secy->key_len,
MLX5_ACCEL_OBJ_MACSEC_KEY, MLX5_ACCEL_OBJ_MACSEC_KEY,
...@@ -945,7 +948,8 @@ static int mlx5e_macsec_add_rxsa(struct macsec_context *ctx) ...@@ -945,7 +948,8 @@ static int mlx5e_macsec_add_rxsa(struct macsec_context *ctx)
rx_sa->fs_id = rx_sc->sc_xarray_element->fs_id; rx_sa->fs_id = rx_sc->sc_xarray_element->fs_id;
if (ctx->secy->xpn) if (ctx->secy->xpn)
update_macsec_epn(rx_sa, &ctx_rx_sa->key, &ctx_rx_sa->next_pn_halves); update_macsec_epn(rx_sa, &ctx_rx_sa->key, &ctx_rx_sa->next_pn_halves,
ctx_rx_sa->ssci);
err = mlx5_create_encryption_key(mdev, ctx->sa.key, ctx->secy->key_len, err = mlx5_create_encryption_key(mdev, ctx->sa.key, ctx->secy->key_len,
MLX5_ACCEL_OBJ_MACSEC_KEY, MLX5_ACCEL_OBJ_MACSEC_KEY,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment