From: Tariq Toukan <tariqt@nvidia.com>
To: Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
Leon Romanovsky <leon@kernel.org>,
Tariq Toukan <tariqt@nvidia.com>, Mark Bloch <mbloch@nvidia.com>,
"Patrisious Haddad" <phaddad@nvidia.com>,
Jianbo Liu <jianbol@nvidia.com>, Kees Cook <kees@kernel.org>,
Dragos Tatulea <dtatulea@nvidia.com>, <netdev@vger.kernel.org>,
<linux-rdma@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
Gal Pressman <gal@nvidia.com>,
"Leon Romanovsky" <leonro@nvidia.com>
Subject: [PATCH net-next] net/mlx5: Add vhca_id_type support to IPsec alias creation
Date: Thu, 30 Apr 2026 09:19:58 +0300 [thread overview]
Message-ID: <20260430061958.225245-1-tariqt@nvidia.com> (raw)
From: Patrisious Haddad <phaddad@nvidia.com>
When creating an alias FT for MPV IPsec, if alias creation with
sw_vhca_id is supported use it instead of using the hw_vhca_id.
This in turn allows IPsec to work properly after live migration,
in case a VF was live migrated and his hw_vhca_id changed due to
migration which can happen if you migrate to a VF with a different index
than yours, IPsec would fail to start post migration, this patch
resolves the issue by using sw_vhca_id instead which doesn't change post
migration.
Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 1 +
.../ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c | 10 ++++++++++
drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 +
3 files changed, 12 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
index c89417c1a1f9..b5c8fbfb0eed 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -2306,6 +2306,7 @@ int mlx5_cmd_alias_obj_create(struct mlx5_core_dev *dev,
attr = MLX5_ADDR_OF(create_alias_obj_in, in, alias_ctx);
MLX5_SET(alias_context, attr, vhca_id_to_be_accessed, alias_attr->vhca_id);
+ MLX5_SET(alias_context, attr, vhca_id_type, alias_attr->vhca_id_type);
MLX5_SET(alias_context, attr, object_id_to_be_accessed, alias_attr->obj_id);
key = MLX5_ADDR_OF(alias_context, attr, access_key);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c
index 28cb670ba33e..9aadb20b8b8e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c
@@ -116,6 +116,16 @@ static int ipsec_fs_create_aliased_ft(struct mlx5_core_dev *ibv_owner,
memcpy(alias_attr.access_key, alias_key, ACCESS_KEY_LEN);
alias_attr.obj_id = aliased_object_id;
alias_attr.obj_type = MLX5_GENERAL_OBJECT_TYPES_FLOW_TABLE_ALIAS;
+ if (MLX5_CAP_GEN_2(ibv_owner, sw_vhca_id_valid) &&
+ MLX5_CAP_GEN(ibv_allowed, ft_alias_sw_vhca_id)) {
+ vhca_id_to_be_accessed = MLX5_CAP_GEN_2(ibv_owner, sw_vhca_id);
+ alias_attr.vhca_id_type = VHCA_ID_TYPE_SW;
+ } else {
+ vhca_id_to_be_accessed = MLX5_CAP_GEN(ibv_owner, vhca_id);
+ alias_attr.vhca_id_type = VHCA_ID_TYPE_HW;
+ if (MLX5_CAP_GEN_2(ibv_owner, sw_vhca_id_valid))
+ mlx5_core_warn(ibv_owner, "IPsec with migration isn't supported, if migration is required update FW.\n");
+ }
alias_attr.vhca_id = vhca_id_to_be_accessed;
ret = mlx5_cmd_alias_obj_create(ibv_allowed, &alias_attr, obj_id);
if (ret) {
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
index 1507e881d962..8730cabbb5a8 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
@@ -110,6 +110,7 @@ struct mlx5_cmd_allow_other_vhca_access_attr {
struct mlx5_cmd_alias_obj_create_attr {
u32 obj_id;
u16 vhca_id;
+ u8 vhca_id_type;
u16 obj_type;
u8 access_key[ACCESS_KEY_LEN];
};
base-commit: 09942ddedcb960f9e78fd817ec33f501d1040c5b
--
2.44.0
next reply other threads:[~2026-04-30 6:20 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-30 6:19 Tariq Toukan [this message]
2026-05-02 17:08 ` [PATCH net-next] net/mlx5: Add vhca_id_type support to IPsec alias creation Simon Horman
2026-05-02 18:20 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260430061958.225245-1-tariqt@nvidia.com \
--to=tariqt@nvidia.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=dtatulea@nvidia.com \
--cc=edumazet@google.com \
--cc=gal@nvidia.com \
--cc=jianbol@nvidia.com \
--cc=kees@kernel.org \
--cc=kuba@kernel.org \
--cc=leon@kernel.org \
--cc=leonro@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=mbloch@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=phaddad@nvidia.com \
--cc=saeedm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox