macsec: always read MACSEC_SA_ATTR_PN as a u64

stable inclusion from stable-v5.10.135 commit 6e0e0464f1da3eb76695ba231ab7e7e64c2c154f category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5ZWFM Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6e0e0464f1da3eb76695ba231ab7e7e64c2c154f -------------------------------- [ Upstream commit c630d1fe ] Currently, MACSEC_SA_ATTR_PN is handled inconsistently, sometimes as a u32, sometimes forced into a u64 without checking the actual length of the attribute. Instead, we can use nla_get_u64 everywhere, which will read up to 64 bits into a u64, capped by the actual length of the attribute coming from userspace. This fixes several issues: - the check in validate_add_rxsa doesn't work with 32-bit attributes - the checks in validate_add_txsa and validate_upd_sa incorrectly reject X << 32 (with X != 0) Fixes: 48ef50fa ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)") Signed-off-by: N Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: N Wei Li <liwei391@huawei.com>

macsec: always read MACSEC_SA_ATTR_PN as a u64
stable inclusion from stable-v5.10.135 commit 6e0e0464f1da3eb76695ba231ab7e7e64c2c154f category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5ZWFM Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6e0e0464f1da3eb76695ba231ab7e7e64c2c154f -------------------------------- [ Upstream commit c630d1fe ] Currently, MACSEC_SA_ATTR_PN is handled inconsistently, sometimes as a u32, sometimes forced into a u64 without checking the actual length of the attribute. Instead, we can use nla_get_u64 everywhere, which will read up to 64 bits into a u64, capped by the actual length of the attribute coming from userspace. This fixes several issues: - the check in validate_add_rxsa doesn't work with 32-bit attributes - the checks in validate_add_txsa and validate_upd_sa incorrectly reject X << 32 (with X != 0) Fixes: 48ef50fa ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)") Signed-off-by: N Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: N Wei Li <liwei391@huawei.com>
9340f50d · Sabrina Dubroca · Zheng Zengkai · ba2cb2ff · 9340f50d
显示空白变更内容
内联并排

Showing with 3 addition and 3 deletion

drivers/net/macsec.c drivers/net/macsec.c +3 -3

未找到文件。
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1695,7 +1695,7 @@ static bool validate_add_rxsa(struct nlattr **attrs)
 		return false;

 	if (attrs[MACSEC_SA_ATTR_PN] &&
-	    *(u64 *)nla_data(attrs[MACSEC_SA_ATTR_PN]) == 0)
+	    nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
 		return false;

 	if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
@@ -1938,7 +1938,7 @@ static bool validate_add_txsa(struct nlattr **attrs)
 	if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN)
 		return false;

-	if (nla_get_u32(attrs[MACSEC_SA_ATTR_PN]) == 0)
+	if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
 		return false;

 	if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
@@ -2292,7 +2292,7 @@ static bool validate_upd_sa(struct nlattr **attrs)
 	if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN)
 		return false;

-	if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u32(attrs[MACSEC_SA_ATTR_PN]) == 0)
+	if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
 		return false;

 	if (attrs[MACSEC_SA_ATTR_ACTIVE]) {