Commit 879785de authored by Antoine Tenart's avatar Antoine Tenart Committed by Paolo Abeni

net: atlantic: macsec: clear encryption keys from the stack

Commit aaab73f8 ("macsec: clear encryption keys from the stack after
setting up offload") made sure to clean encryption keys from the stack
after setting up offloading, but the atlantic driver made a copy and did
not clear it. Fix this.

[4 Fixes tags below, all part of the same series, no need to split this]

Fixes: 9ff40a75 ("net: atlantic: MACSec ingress offload implementation")
Fixes: b8f8a0b7 ("net: atlantic: MACSec ingress offload HW bindings")
Fixes: 27736563 ("net: atlantic: MACSec egress offload implementation")
Fixes: 9d106c6d ("net: atlantic: MACSec egress offload HW bindings")
Signed-off-by: default avatarAntoine Tenart <atenart@kernel.org>
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent 1b16b3fd
...@@ -570,6 +570,7 @@ static int aq_update_txsa(struct aq_nic_s *nic, const unsigned int sc_idx, ...@@ -570,6 +570,7 @@ static int aq_update_txsa(struct aq_nic_s *nic, const unsigned int sc_idx,
ret = aq_mss_set_egress_sakey_record(hw, &key_rec, sa_idx); ret = aq_mss_set_egress_sakey_record(hw, &key_rec, sa_idx);
memzero_explicit(&key_rec, sizeof(key_rec));
return ret; return ret;
} }
...@@ -899,6 +900,7 @@ static int aq_update_rxsa(struct aq_nic_s *nic, const unsigned int sc_idx, ...@@ -899,6 +900,7 @@ static int aq_update_rxsa(struct aq_nic_s *nic, const unsigned int sc_idx,
ret = aq_mss_set_ingress_sakey_record(hw, &sa_key_record, sa_idx); ret = aq_mss_set_ingress_sakey_record(hw, &sa_key_record, sa_idx);
memzero_explicit(&sa_key_record, sizeof(sa_key_record));
return ret; return ret;
} }
......
...@@ -757,6 +757,7 @@ set_ingress_sakey_record(struct aq_hw_s *hw, ...@@ -757,6 +757,7 @@ set_ingress_sakey_record(struct aq_hw_s *hw,
u16 table_index) u16 table_index)
{ {
u16 packed_record[18]; u16 packed_record[18];
int ret;
if (table_index >= NUMROWS_INGRESSSAKEYRECORD) if (table_index >= NUMROWS_INGRESSSAKEYRECORD)
return -EINVAL; return -EINVAL;
...@@ -789,9 +790,12 @@ set_ingress_sakey_record(struct aq_hw_s *hw, ...@@ -789,9 +790,12 @@ set_ingress_sakey_record(struct aq_hw_s *hw,
packed_record[16] = rec->key_len & 0x3; packed_record[16] = rec->key_len & 0x3;
return set_raw_ingress_record(hw, packed_record, 18, 2, ret = set_raw_ingress_record(hw, packed_record, 18, 2,
ROWOFFSET_INGRESSSAKEYRECORD + ROWOFFSET_INGRESSSAKEYRECORD +
table_index); table_index);
memzero_explicit(packed_record, sizeof(packed_record));
return ret;
} }
int aq_mss_set_ingress_sakey_record(struct aq_hw_s *hw, int aq_mss_set_ingress_sakey_record(struct aq_hw_s *hw,
...@@ -1739,14 +1743,14 @@ static int set_egress_sakey_record(struct aq_hw_s *hw, ...@@ -1739,14 +1743,14 @@ static int set_egress_sakey_record(struct aq_hw_s *hw,
ret = set_raw_egress_record(hw, packed_record, 8, 2, ret = set_raw_egress_record(hw, packed_record, 8, 2,
ROWOFFSET_EGRESSSAKEYRECORD + table_index); ROWOFFSET_EGRESSSAKEYRECORD + table_index);
if (unlikely(ret)) if (unlikely(ret))
return ret; goto clear_key;
ret = set_raw_egress_record(hw, packed_record + 8, 8, 2, ret = set_raw_egress_record(hw, packed_record + 8, 8, 2,
ROWOFFSET_EGRESSSAKEYRECORD + table_index - ROWOFFSET_EGRESSSAKEYRECORD + table_index -
32); 32);
if (unlikely(ret))
return ret;
return 0; clear_key:
memzero_explicit(packed_record, sizeof(packed_record));
return ret;
} }
int aq_mss_set_egress_sakey_record(struct aq_hw_s *hw, int aq_mss_set_egress_sakey_record(struct aq_hw_s *hw,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment