From: Leon Romanovsky <leon@kernel.org>
To: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Leon Romanovsky <leonro@nvidia.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
Ayush Sawal <ayush.sawal@chelsio.com>,
Bharat Bhushan <bbhushan2@marvell.com>,
Eric Dumazet <edumazet@google.com>,
Geetha sowjanya <gakula@marvell.com>,
hariprasad <hkelam@marvell.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
intel-wired-lan@lists.osuosl.org,
Jakub Kicinski <kuba@kernel.org>, Jay Vosburgh <jv@jvosburgh.net>,
Jonathan Corbet <corbet@lwn.net>,
linux-doc@vger.kernel.org, linux-rdma@vger.kernel.org,
Louis Peens <louis.peens@corigine.com>,
netdev@vger.kernel.org, oss-drivers@corigine.com,
Paolo Abeni <pabeni@redhat.com>,
Potnuri Bharat Teja <bharat@chelsio.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>,
Saeed Mahameed <saeedm@nvidia.com>,
Subbaraya Sundeep <sbhatta@marvell.com>,
Sunil Goutham <sgoutham@marvell.com>,
Tariq Toukan <tariqt@nvidia.com>,
Tony Nguyen <anthony.l.nguyen@intel.com>,
Ilia Lin <ilia.lin@kernel.org>
Subject: [PATCH ipsec-next 2/5] xfrm: simplify SA initialization routine
Date: Wed, 5 Feb 2025 20:20:21 +0200 [thread overview]
Message-ID: <dcadf7c144207017104657f85d512889a2d1a09e.1738778580.git.leon@kernel.org> (raw)
In-Reply-To: <cover.1738778580.git.leon@kernel.org>
From: Leon Romanovsky <leonro@nvidia.com>
SA replay mode is initialized differently for user-space and
kernel-space users, but the call to xfrm_init_replay() existed in
common path with boolean protection. That caused to situation where
we have two different function orders.
So let's rewrite the SA initialization flow to have same order for
both in-kernel and user-space callers.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
include/net/xfrm.h | 3 +--
net/xfrm/xfrm_state.c | 22 ++++++++++------------
net/xfrm/xfrm_user.c | 2 +-
3 files changed, 12 insertions(+), 15 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 28355a5be5b9..58f8f7661ec4 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1770,8 +1770,7 @@ void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq);
int xfrm_init_replay(struct xfrm_state *x, struct netlink_ext_ack *extack);
u32 xfrm_state_mtu(struct xfrm_state *x, int mtu);
-int __xfrm_init_state(struct xfrm_state *x, bool init_replay,
- struct netlink_ext_ack *extack);
+int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack);
int xfrm_init_state(struct xfrm_state *x);
int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type);
int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 568fe8df7741..42799b0946a3 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -3120,8 +3120,7 @@ u32 xfrm_state_mtu(struct xfrm_state *x, int mtu)
}
EXPORT_SYMBOL_GPL(xfrm_state_mtu);
-int __xfrm_init_state(struct xfrm_state *x, bool init_replay,
- struct netlink_ext_ack *extack)
+int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
{
const struct xfrm_mode *inner_mode;
const struct xfrm_mode *outer_mode;
@@ -3188,12 +3187,6 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay,
}
x->outer_mode = *outer_mode;
- if (init_replay) {
- err = xfrm_init_replay(x, extack);
- if (err)
- goto error;
- }
-
if (x->nat_keepalive_interval) {
if (x->dir != XFRM_SA_DIR_OUT) {
NL_SET_ERR_MSG(extack, "NAT keepalive is only supported for outbound SAs");
@@ -3225,11 +3218,16 @@ int xfrm_init_state(struct xfrm_state *x)
{
int err;
- err = __xfrm_init_state(x, true, NULL);
- if (!err)
- x->km.state = XFRM_STATE_VALID;
+ err = __xfrm_init_state(x, NULL);
+ if (err)
+ return err;
- return err;
+ err = xfrm_init_replay(x, NULL);
+ if (err)
+ return err;
+
+ x->km.state = XFRM_STATE_VALID;
+ return 0;
}
EXPORT_SYMBOL(xfrm_init_state);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 82a768500999..d1d422f68978 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -907,7 +907,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
goto error;
}
- err = __xfrm_init_state(x, false, extack);
+ err = __xfrm_init_state(x, extack);
if (err)
goto error;
--
2.48.1
next prev parent reply other threads:[~2025-02-05 18:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-05 18:20 [PATCH ipsec-next 0/5] Support PTMU in tunnel mode for packet offload Leon Romanovsky
2025-02-05 18:20 ` [PATCH ipsec-next 1/5] xfrm: delay initialization of offload path till its actually requested Leon Romanovsky
2025-02-06 8:46 ` Bharat Bhushan
2025-02-06 8:54 ` Leon Romanovsky
2025-02-06 13:59 ` Bharat Bhushan
2025-02-06 14:26 ` Leon Romanovsky
2025-02-05 18:20 ` Leon Romanovsky [this message]
2025-02-12 11:56 ` [PATCH ipsec-next 2/5] xfrm: simplify SA initialization routine Steffen Klassert
2025-02-12 18:30 ` Leon Romanovsky
2025-02-14 9:29 ` Steffen Klassert
2025-02-14 11:14 ` Leon Romanovsky
2025-02-05 18:20 ` [PATCH ipsec-next 3/5] xfrm: rely on XFRM offload Leon Romanovsky
2025-02-18 20:39 ` Zhu Yanjun
2025-02-05 18:20 ` [PATCH ipsec-next 4/5] xfrm: provide common xdo_dev_offload_ok callback implementation Leon Romanovsky
2025-02-16 9:33 ` Zhu Yanjun
2025-02-16 11:07 ` Leon Romanovsky
2025-02-16 12:36 ` Zhu Yanjun
2025-02-05 18:20 ` [PATCH ipsec-next 5/5] xfrm: check for PMTU in tunnel mode for packet offload Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dcadf7c144207017104657f85d512889a2d1a09e.1738778580.git.leon@kernel.org \
--to=leon@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=anthony.l.nguyen@intel.com \
--cc=ayush.sawal@chelsio.com \
--cc=bbhushan2@marvell.com \
--cc=bharat@chelsio.com \
--cc=corbet@lwn.net \
--cc=edumazet@google.com \
--cc=gakula@marvell.com \
--cc=herbert@gondor.apana.org.au \
--cc=hkelam@marvell.com \
--cc=ilia.lin@kernel.org \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jv@jvosburgh.net \
--cc=kuba@kernel.org \
--cc=leonro@nvidia.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=louis.peens@corigine.com \
--cc=netdev@vger.kernel.org \
--cc=oss-drivers@corigine.com \
--cc=pabeni@redhat.com \
--cc=przemyslaw.kitszel@intel.com \
--cc=saeedm@nvidia.com \
--cc=sbhatta@marvell.com \
--cc=sgoutham@marvell.com \
--cc=steffen.klassert@secunet.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox