MACSEC_SA_ATTR_PN is either a u32 or a u64, we can now use NLA_UINT for this instead of a custom binary type. We can then use a min check within the policy. We need to keep the length checks done in macsec_{add,upd}_{rx,tx}sa based on whether the device is set up for XPN (with 64b PNs instead of 32b). On the dump side, keep the existing custom code as userspace may expect a u64 when using XPN, and nla_put_uint may only output a u32 attribute if the value fits. Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index b613ce1e3a7e..83158dbc1628 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -1671,7 +1671,7 @@ static const struct nla_policy macsec_genl_rxsc_policy[NUM_MACSEC_RXSC_ATTR] = { static const struct nla_policy macsec_genl_sa_policy[NUM_MACSEC_SA_ATTR] = { [MACSEC_SA_ATTR_AN] = NLA_POLICY_MAX(NLA_U8, MACSEC_NUM_AN - 1), [MACSEC_SA_ATTR_ACTIVE] = NLA_POLICY_MAX(NLA_U8, 1), - [MACSEC_SA_ATTR_PN] = NLA_POLICY_MIN_LEN(4), + [MACSEC_SA_ATTR_PN] = NLA_POLICY_MIN(NLA_UINT, 1), [MACSEC_SA_ATTR_KEYID] = NLA_POLICY_EXACT_LEN(MACSEC_KEYID_LEN), [MACSEC_SA_ATTR_KEY] = NLA_POLICY_MAX_LEN(MACSEC_MAX_KEY_LEN), [MACSEC_SA_ATTR_SSCI] = { .type = NLA_U32 }, @@ -1731,10 +1731,6 @@ static bool validate_add_rxsa(struct nlattr **attrs) !attrs[MACSEC_SA_ATTR_KEYID]) return false; - if (attrs[MACSEC_SA_ATTR_PN] && - nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) - return false; - return true; } @@ -1952,9 +1948,6 @@ static bool validate_add_txsa(struct nlattr **attrs) !attrs[MACSEC_SA_ATTR_KEYID]) return false; - if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) - return false; - return true; } @@ -2288,9 +2281,6 @@ static bool validate_upd_sa(struct nlattr **attrs) attrs[MACSEC_SA_ATTR_SALT]) return false; - if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0) - return false; - return true; } -- 2.50.0