From: Leon Romanovsky <leon@kernel.org>
To: Bharat Bhushan <bbhushan2@marvell.com>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
sgoutham@marvell.com, gakula@marvell.com, sbhatta@marvell.com,
hkelam@marvell.com, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com, jerinj@marvell.com,
lcherian@marvell.com, richardcochran@gmail.com
Subject: Re: [net-next,v4 5/8] cn10k-ipsec: Add SA add/delete support for outb inline ipsec
Date: Thu, 13 Jun 2024 21:40:51 +0300 [thread overview]
Message-ID: <20240613184051.GH4966@unreal> (raw)
In-Reply-To: <20240612134622.2157086-6-bbhushan2@marvell.com>
On Wed, Jun 12, 2024 at 07:16:19PM +0530, Bharat Bhushan wrote:
> This patch adds support to add and delete Security Association
> (SA) xfrm ops. Hardware maintains SA context in memory allocated
> by software. Each SA context is 128 byte aligned and size of
> each context is multiple of 128-byte. Add support for transport
> and tunnel ipsec mode, ESP protocol, aead aes-gcm-icv16, key size
> 128/192/256-bits with 32bit salt.
>
> Signed-off-by: Bharat Bhushan <bbhushan2@marvell.com>
> ---
> v3->v4:
> - Added check for crypto offload (XFRM_DEV_OFFLOAD_CRYPTO)
> Thanks "Leon Romanovsky" for pointing out
>
> v2->v3:
> - Removed memset to zero wherever possible
> (comment from Kalesh Anakkur Purayil)
> - Corrected error hanlding when setting SA for inbound
> (comment from Kalesh Anakkur Purayil)
> - Move "netdev->xfrmdev_ops = &cn10k_ipsec_xfrmdev_ops;" to this patch
> This fix build error with W=1
>
> .../marvell/octeontx2/nic/cn10k_ipsec.c | 456 ++++++++++++++++++
> .../marvell/octeontx2/nic/cn10k_ipsec.h | 114 +++++
> 2 files changed, 570 insertions(+)
>
> diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> index fc1029c17c00..892bdbde92ee 100644
> --- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> +++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> @@ -336,6 +336,12 @@ static int cn10k_outb_cpt_clean(struct otx2_nic *pf)
> /* Set inline ipsec disabled for this device */
> pf->flags &= ~OTX2_FLAG_INLINE_IPSEC_ENABLED;
>
> + if (!bitmap_empty(pf->ipsec.sa_bitmap, CN10K_IPSEC_OUTB_MAX_SA)) {
> + netdev_err(pf->netdev, "SA installed on this device\n");
> + mutex_unlock(&pf->ipsec.lock);
> + return -EBUSY;
> + }
Sorry for not really reviewing the patches and posting some random
comments, but this addition makes me wonder if it is correct
design/implementation. At the stage of IPsec cleanup, all SAs should be
removed before this call.
BTW, In kernel, this type of IPsec is called "Crypto Offload" and not
"inline ipsec".
Thanks
next prev parent reply other threads:[~2024-06-13 18:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-12 13:46 [net-next,v4 0/8] cn10k-ipsec: Add outbound inline ipsec support Bharat Bhushan
2024-06-12 13:46 ` [net-next,v4 1/8] octeontx2-pf: map skb data as device writeable Bharat Bhushan
2024-06-12 13:46 ` [net-next,v4 2/8] octeontx2-pf: Move skb fragment map/unmap to common code Bharat Bhushan
2024-06-12 13:46 ` [net-next,v4 3/8] octeontx2-af: Disable backpressure between CPT and NIX Bharat Bhushan
2024-06-12 13:46 ` [net-next,v4 4/8] cn10k-ipsec: Initialize crypto hardware for outb inline ipsec Bharat Bhushan
2024-06-12 15:45 ` Kalesh Anakkur Purayil
2024-06-13 5:25 ` [EXTERNAL] " Bharat Bhushan
2024-06-12 13:46 ` [net-next,v4 5/8] cn10k-ipsec: Add SA add/delete support " Bharat Bhushan
2024-06-13 18:40 ` Leon Romanovsky [this message]
2024-06-12 13:46 ` [net-next,v4 6/8] cn10k-ipsec: Process inline ipsec transmit offload Bharat Bhushan
2024-06-12 13:46 ` [net-next,v4 7/8] cn10k-ipsec: Allow inline ipsec offload for skb with SA Bharat Bhushan
2024-06-12 13:46 ` [net-next,v4 8/8] cn10k-ipsec: Enable outbound inline ipsec offload Bharat Bhushan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240613184051.GH4966@unreal \
--to=leon@kernel.org \
--cc=bbhushan2@marvell.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gakula@marvell.com \
--cc=hkelam@marvell.com \
--cc=jerinj@marvell.com \
--cc=kuba@kernel.org \
--cc=lcherian@marvell.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=richardcochran@gmail.com \
--cc=sbhatta@marvell.com \
--cc=sgoutham@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox