Re: [PATCH net-next v6 05/10] octeontx2-pf: mcs: update PN only when update_pn is true

From: Radu Pirea (OSS)
Date: Wed Oct 04 2023 - 14:30:37 EST




On 03.10.2023 16:15, Sabrina Dubroca wrote:
2023-09-28, 11:44:25 +0300, Radu Pirea (NXP OSS) wrote:
When updating SA, update the PN only when the update_pn flag is true.
Otherwise, the PN will be reset to its previous value.

This is a bugfix and should go through the net tree with a Fixes
tag. I'd suggest taking patches 3,5,6 out of this series and
submitting them all to net, with a Fixes tag for patches 5 and
6. Patch 7 doesn't fix a bug and could go through the net-next tree.


Patch 7 does not look like a bug fix, but it is.
Without patch 7 a user will be able to update the SA using the initial PN value like this:

ip link add link eth0 macsec0 type macsec encrypt on offload phy
ip macsec add macsec0 tx sa 0 pn 1 on key 00 ead3664f508eb06c40ac7104cdae4ce5
ip macsec set macsec0 tx sa 0 pn 1 off #this command does not fail, but it should

--
Radu P.