Merge branch 'macsec-fix-some-bugs-in-the-receive-path' (bc389fd1) · Commits · 戴 / test

Andreas Steinmetz says: ==================== macsec: fix some bugs in the receive path This series fixes some bugs in the receive path of macsec. The first is a use after free when processing macsec frames with a SecTAG that has the TCI E bit set but the C bit clear. In the 2nd bug, the driver leaves an invalid checksumming state after decrypting the packet. This is a combined effort of Sabrina Dubroca <sd@queasysnail.net> and me. ==================== Signed-off-by:

David S. Miller <davem@davemloft.net>

drivers/net/macsec.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -865,6 +865,7 @@ static void macsec_reset_skb(struct sk_buff skb, struct net_device dev)

		static void macsec_finalize_skb(struct sk_buff *skb, u8 icv_len, u8 hdr_len)
		{
		skb->ip_summed = CHECKSUM_NONE;
		memmove(skb->data + hdr_len, skb->data, 2 * ETH_ALEN);
		skb_pull(skb, hdr_len);
		pskb_trim_unique(skb, skb->len - icv_len);
		@@ -1099,10 +1100,9 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
		}

		skb = skb_unshare(skb, GFP_ATOMIC);
		if (!skb) {
		*pskb = NULL;
		*pskb = skb;
		if (!skb)
		return RX_HANDLER_CONSUMED;
		}

		pulled_sci = pskb_may_pull(skb, macsec_extra_len(true));
		if (!pulled_sci) {

Admin message