[net,0/2] macsec: clear encryption keys in h/w drivers

Message ID	20221108153459.811293-1-atenart@kernel.org (mailing list archive)
Headers	show Return-Path: <netdev-owner@kernel.org> From: Antoine Tenart <atenart@kernel.org> To: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, edumazet@google.com Cc: Antoine Tenart <atenart@kernel.org>, sd@queasysnail.net, irusskikh@marvell.com, netdev@vger.kernel.org Subject: [PATCH net 0/2] macsec: clear encryption keys in h/w drivers Date: Tue, 8 Nov 2022 16:34:57 +0100 Message-Id: <20221108153459.811293-1-atenart@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	macsec: clear encryption keys in h/w drivers \| expand [net,0/2] macsec: clear encryption keys in h/w drivers [net,1/2] net: phy: mscc: macsec: clear encryption keys when freeing a flow [net,2/2] net: atlantic: macsec: clear encryption keys from the stack

Message ID

20221108153459.811293-1-atenart@kernel.org (mailing list archive)

Headers

From: Antoine Tenart <atenart@kernel.org>
To: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com,
        edumazet@google.com
Cc: Antoine Tenart <atenart@kernel.org>, sd@queasysnail.net,
        irusskikh@marvell.com, netdev@vger.kernel.org
Subject: [PATCH net 0/2] macsec: clear encryption keys in h/w drivers
Date: Tue,  8 Nov 2022 16:34:57 +0100
Message-Id: <20221108153459.811293-1-atenart@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

macsec: clear encryption keys in h/w drivers | expand

Message

Antoine Tenart Nov. 8, 2022, 3:34 p.m. UTC

Hello,

Commit aaab73f8fba4 ("macsec: clear encryption keys from the stack after
setting up offload") made sure to clean encryption keys from the stack
after setting up offloading but some h/w drivers did a copy of the key
which need to be zeroed as well.

The MSCC PHY driver can actually be converted not to copy the encryption
key at all, but such patch would be quite difficult to backport. I'll
send a following up patch doing this in net-next once this series lands.

Tested on the MSCC PHY but not on the atlantic NIC.

Thanks,
Antoine

Antoine Tenart (2):
  net: phy: mscc: macsec: clear encryption keys when freeing a flow
  net: atlantic: macsec: clear encryption keys from the stack

 .../net/ethernet/aquantia/atlantic/aq_macsec.c |  2 ++
 .../aquantia/atlantic/macsec/macsec_api.c      | 18 +++++++++++-------
 drivers/net/phy/mscc/mscc_macsec.c             |  1 +
 3 files changed, 14 insertions(+), 7 deletions(-)

Comments

Igor Russkikh Nov. 9, 2022, 9:54 a.m. UTC | #1

> Commit aaab73f8fba4 ("macsec: clear encryption keys from the stack after
> setting up offload") made sure to clean encryption keys from the stack
> after setting up offloading but some h/w drivers did a copy of the key
> which need to be zeroed as well.
> 
> The MSCC PHY driver can actually be converted not to copy the encryption
> key at all, but such patch would be quite difficult to backport. I'll
> send a following up patch doing this in net-next once this series lands.
> 
> Tested on the MSCC PHY but not on the atlantic NIC.

Hi Antoine, reviewed both. Will try to test on atlantic when possible.

Reviewed-by: Igor Russkikh <irusskikh@marvell.com>

Thanks
  Igor

patchwork-bot+netdevbpf@kernel.org Nov. 10, 2022, 11:10 a.m. UTC | #2

Hello:

This series was applied to netdev/net.git (master)
by Paolo Abeni <pabeni@redhat.com>:

On Tue,  8 Nov 2022 16:34:57 +0100 you wrote:
> Hello,
> 
> Commit aaab73f8fba4 ("macsec: clear encryption keys from the stack after
> setting up offload") made sure to clean encryption keys from the stack
> after setting up offloading but some h/w drivers did a copy of the key
> which need to be zeroed as well.
> 
> [...]

Here is the summary with links:
  - [net,1/2] net: phy: mscc: macsec: clear encryption keys when freeing a flow
    https://git.kernel.org/netdev/net/c/1b16b3fdf675
  - [net,2/2] net: atlantic: macsec: clear encryption keys from the stack
    https://git.kernel.org/netdev/net/c/879785def0f5

You are awesome, thank you!