* [PATCH net-next] net/mlx5e: MACsec: annotate context list traversals
@ 2026-07-01 12:40 Runyu Xiao
2026-07-02 13:19 ` Tariq Toukan
0 siblings, 1 reply; 2+ messages in thread
From: Runyu Xiao @ 2026-07-01 12:40 UTC (permalink / raw)
To: borisp, saeedm, leon, tariqt, mbloch
Cc: andrew+netdev, davem, edumazet, kuba, pabeni, sd, dtatulea,
cjubran, horms, jianbol, netdev, linux-rdma, linux-kernel,
runyu.xiao, jianhao.xu
The MACsec offload control paths take macsec->lock before looking up
MACsec device and RX SC contexts. The lookup helpers walk RCU lists, but
the iterators do not currently pass the mutex condition, so
CONFIG_PROVE_RCU_LIST cannot see the existing writer/control-path
protection.
Pass lockdep_is_held(&macsec->lock) to the list iterators in the MACsec
lookup helpers. The RX SC helper does not otherwise need the MACsec
context, so pass it in only to express the existing lockdep condition.
This was found by our static analysis tool and then manually reviewed
against the current tree. The dynamic triage evidence is a
target-matched CONFIG_PROVE_RCU_LIST warning; the change is limited
to documenting the existing protection contract.
This is a lockdep annotation cleanup. It does not change MACsec context
lifetime or list updates.
Signed-off-by: Runyu Xiao <runyu.xiao@seu.edu.cn>
---
.../mellanox/mlx5/core/en_accel/macsec.c | 23 +++++++++++--------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
index 528b04d4de41..3028e327e36d 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
@@ -405,11 +405,13 @@ static int mlx5e_macsec_init_sa(struct macsec_context *ctx,
}
static struct mlx5e_macsec_rx_sc *
-mlx5e_macsec_get_rx_sc_from_sc_list(const struct list_head *list, sci_t sci)
+mlx5e_macsec_get_rx_sc_from_sc_list(struct mlx5e_macsec *macsec,
+ const struct list_head *list, sci_t sci)
{
struct mlx5e_macsec_rx_sc *iter;
- list_for_each_entry_rcu(iter, list, rx_sc_list_element) {
+ list_for_each_entry_rcu(iter, list, rx_sc_list_element,
+ lockdep_is_held(&macsec->lock)) {
if (iter->sci == sci)
return iter;
}
@@ -473,14 +475,15 @@ static bool mlx5e_macsec_secy_features_validate(struct macsec_context *ctx)
}
static struct mlx5e_macsec_device *
-mlx5e_macsec_get_macsec_device_context(const struct mlx5e_macsec *macsec,
+mlx5e_macsec_get_macsec_device_context(struct mlx5e_macsec *macsec,
const struct macsec_context *ctx)
{
struct mlx5e_macsec_device *iter;
const struct list_head *list;
list = &macsec->macsec_device_list_head;
- list_for_each_entry_rcu(iter, list, macsec_device_list_element) {
+ list_for_each_entry_rcu(iter, list, macsec_device_list_element,
+ lockdep_is_held(&macsec->lock)) {
if (iter->netdev == ctx->secy->netdev)
return iter;
}
@@ -692,7 +695,7 @@ static int mlx5e_macsec_add_rxsc(struct macsec_context *ctx)
}
rx_sc_list = &macsec_device->macsec_rx_sc_list_head;
- rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(rx_sc_list, ctx_rx_sc->sci);
+ rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, rx_sc_list, ctx_rx_sc->sci);
if (rx_sc) {
netdev_err(ctx->netdev, "MACsec offload: rx_sc (sci %lld) already exists\n",
ctx_rx_sc->sci);
@@ -775,7 +778,7 @@ static int mlx5e_macsec_upd_rxsc(struct macsec_context *ctx)
}
list = &macsec_device->macsec_rx_sc_list_head;
- rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, ctx_rx_sc->sci);
+ rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, ctx_rx_sc->sci);
if (!rx_sc) {
err = -EINVAL;
goto out;
@@ -853,7 +856,7 @@ static int mlx5e_macsec_del_rxsc(struct macsec_context *ctx)
}
list = &macsec_device->macsec_rx_sc_list_head;
- rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, ctx->rx_sc->sci);
+ rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, ctx->rx_sc->sci);
if (!rx_sc) {
netdev_err(ctx->netdev,
"MACsec offload rx_sc sci %lld doesn't exist\n",
@@ -894,7 +897,7 @@ static int mlx5e_macsec_add_rxsa(struct macsec_context *ctx)
}
list = &macsec_device->macsec_rx_sc_list_head;
- rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, sci);
+ rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, sci);
if (!rx_sc) {
netdev_err(ctx->netdev,
"MACsec offload rx_sc sci %lld doesn't exist\n",
@@ -978,7 +981,7 @@ static int mlx5e_macsec_upd_rxsa(struct macsec_context *ctx)
}
list = &macsec_device->macsec_rx_sc_list_head;
- rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, sci);
+ rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, sci);
if (!rx_sc) {
netdev_err(ctx->netdev,
"MACsec offload rx_sc sci %lld doesn't exist\n",
@@ -1035,7 +1038,7 @@ static int mlx5e_macsec_del_rxsa(struct macsec_context *ctx)
}
list = &macsec_device->macsec_rx_sc_list_head;
- rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, sci);
+ rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, sci);
if (!rx_sc) {
netdev_err(ctx->netdev,
"MACsec offload rx_sc sci %lld doesn't exist\n",
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] net/mlx5e: MACsec: annotate context list traversals
2026-07-01 12:40 [PATCH net-next] net/mlx5e: MACsec: annotate context list traversals Runyu Xiao
@ 2026-07-02 13:19 ` Tariq Toukan
0 siblings, 0 replies; 2+ messages in thread
From: Tariq Toukan @ 2026-07-02 13:19 UTC (permalink / raw)
To: Runyu Xiao, borisp, saeedm, leon, tariqt, mbloch
Cc: andrew+netdev, davem, edumazet, kuba, pabeni, sd, dtatulea,
cjubran, horms, jianbol, netdev, linux-rdma, linux-kernel,
jianhao.xu
On 01/07/2026 15:40, Runyu Xiao wrote:
> The MACsec offload control paths take macsec->lock before looking up
> MACsec device and RX SC contexts. The lookup helpers walk RCU lists, but
> the iterators do not currently pass the mutex condition, so
> CONFIG_PROVE_RCU_LIST cannot see the existing writer/control-path
> protection.
>
> Pass lockdep_is_held(&macsec->lock) to the list iterators in the MACsec
> lookup helpers. The RX SC helper does not otherwise need the MACsec
> context, so pass it in only to express the existing lockdep condition.
>
> This was found by our static analysis tool and then manually reviewed
> against the current tree. The dynamic triage evidence is a
> target-matched CONFIG_PROVE_RCU_LIST warning; the change is limited
> to documenting the existing protection contract.
>
> This is a lockdep annotation cleanup. It does not change MACsec context
> lifetime or list updates.
>
> Signed-off-by: Runyu Xiao <runyu.xiao@seu.edu.cn>
> ---
> .../mellanox/mlx5/core/en_accel/macsec.c | 23 +++++++++++--------
> 1 file changed, 13 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> index 528b04d4de41..3028e327e36d 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> @@ -405,11 +405,13 @@ static int mlx5e_macsec_init_sa(struct macsec_context *ctx,
> }
>
> static struct mlx5e_macsec_rx_sc *
> -mlx5e_macsec_get_rx_sc_from_sc_list(const struct list_head *list, sci_t sci)
> +mlx5e_macsec_get_rx_sc_from_sc_list(struct mlx5e_macsec *macsec,
> + const struct list_head *list, sci_t sci)
> {
> struct mlx5e_macsec_rx_sc *iter;
>
> - list_for_each_entry_rcu(iter, list, rx_sc_list_element) {
> + list_for_each_entry_rcu(iter, list, rx_sc_list_element,
> + lockdep_is_held(&macsec->lock)) {
> if (iter->sci == sci)
> return iter;
> }
> @@ -473,14 +475,15 @@ static bool mlx5e_macsec_secy_features_validate(struct macsec_context *ctx)
> }
>
> static struct mlx5e_macsec_device *
> -mlx5e_macsec_get_macsec_device_context(const struct mlx5e_macsec *macsec,
> +mlx5e_macsec_get_macsec_device_context(struct mlx5e_macsec *macsec,
Looking at the changes below, I don't find the const removal necessary.
> const struct macsec_context *ctx)
> {
> struct mlx5e_macsec_device *iter;
> const struct list_head *list;
>
> list = &macsec->macsec_device_list_head;
> - list_for_each_entry_rcu(iter, list, macsec_device_list_element) {
> + list_for_each_entry_rcu(iter, list, macsec_device_list_element,
> + lockdep_is_held(&macsec->lock)) {
> if (iter->netdev == ctx->secy->netdev)
> return iter;
> }
> @@ -692,7 +695,7 @@ static int mlx5e_macsec_add_rxsc(struct macsec_context *ctx)
> }
>
> rx_sc_list = &macsec_device->macsec_rx_sc_list_head;
> - rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(rx_sc_list, ctx_rx_sc->sci);
> + rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, rx_sc_list, ctx_rx_sc->sci);
> if (rx_sc) {
> netdev_err(ctx->netdev, "MACsec offload: rx_sc (sci %lld) already exists\n",
> ctx_rx_sc->sci);
> @@ -775,7 +778,7 @@ static int mlx5e_macsec_upd_rxsc(struct macsec_context *ctx)
> }
>
> list = &macsec_device->macsec_rx_sc_list_head;
> - rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, ctx_rx_sc->sci);
> + rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, ctx_rx_sc->sci);
> if (!rx_sc) {
> err = -EINVAL;
> goto out;
> @@ -853,7 +856,7 @@ static int mlx5e_macsec_del_rxsc(struct macsec_context *ctx)
> }
>
> list = &macsec_device->macsec_rx_sc_list_head;
> - rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, ctx->rx_sc->sci);
> + rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, ctx->rx_sc->sci);
> if (!rx_sc) {
> netdev_err(ctx->netdev,
> "MACsec offload rx_sc sci %lld doesn't exist\n",
> @@ -894,7 +897,7 @@ static int mlx5e_macsec_add_rxsa(struct macsec_context *ctx)
> }
>
> list = &macsec_device->macsec_rx_sc_list_head;
> - rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, sci);
> + rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, sci);
> if (!rx_sc) {
> netdev_err(ctx->netdev,
> "MACsec offload rx_sc sci %lld doesn't exist\n",
> @@ -978,7 +981,7 @@ static int mlx5e_macsec_upd_rxsa(struct macsec_context *ctx)
> }
>
> list = &macsec_device->macsec_rx_sc_list_head;
> - rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, sci);
> + rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, sci);
> if (!rx_sc) {
> netdev_err(ctx->netdev,
> "MACsec offload rx_sc sci %lld doesn't exist\n",
> @@ -1035,7 +1038,7 @@ static int mlx5e_macsec_del_rxsa(struct macsec_context *ctx)
> }
>
> list = &macsec_device->macsec_rx_sc_list_head;
> - rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(list, sci);
> + rx_sc = mlx5e_macsec_get_rx_sc_from_sc_list(macsec, list, sci);
> if (!rx_sc) {
> netdev_err(ctx->netdev,
> "MACsec offload rx_sc sci %lld doesn't exist\n",
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-07-02 13:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-01 12:40 [PATCH net-next] net/mlx5e: MACsec: annotate context list traversals Runyu Xiao
2026-07-02 13:19 ` Tariq Toukan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox