[net 11/15] net/mlx5e: MACsec, fix mlx5e_macsec_update_rxsa bail condition and functionality

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Eric Dumazet <edumazet@google.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
	netdev@vger.kernel.org, Tariq Toukan <tariqt@nvidia.com>,
	Raed Salem <raeds@nvidia.com>, Emeel Hakim <ehakim@nvidia.com>
Subject: [net 11/15] net/mlx5e: MACsec, fix mlx5e_macsec_update_rxsa bail condition and functionality
Date: Thu, 24 Nov 2022 00:10:36 -0800	[thread overview]
Message-ID: <20221124081040.171790-12-saeed@kernel.org> (raw)
In-Reply-To: <20221124081040.171790-1-saeed@kernel.org>

From: Raed Salem <raeds@nvidia.com>

Fix update Rx SA wrong bail condition, naturally update functionality
needs to check that something changed otherwise bailout currently the
active state check does just the opposite, furthermore unlike deactivate
path which remove the macsec rules to deactivate the offload, the
activation path does not include the counter part installation of the
macsec rules.

Fix by using correct bailout condition and when Rx SA changes state to
active then add the relevant macsec rules.

While at it, refine function name to reflect more precisely its role.

Fixes: aae3454e4d4c ("net/mlx5e: Add MACsec offload Rx command support")
Signed-off-by: Raed Salem <raeds@nvidia.com>
Reviewed-by: Emeel Hakim <ehakim@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
 .../mellanox/mlx5/core/en_accel/macsec.c      | 24 +++++++++----------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
index 9c891a877998..c19581f1f733 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
@@ -427,15 +427,15 @@ mlx5e_macsec_get_rx_sc_from_sc_list(const struct list_head *list, sci_t sci)
 	return NULL;
 }
 
-static int mlx5e_macsec_update_rx_sa(struct mlx5e_macsec *macsec,
-				     struct mlx5e_macsec_sa *rx_sa,
-				     bool active)
+static int macsec_rx_sa_active_update(struct macsec_context *ctx,
+				      struct mlx5e_macsec_sa *rx_sa,
+				      bool active)
 {
-	struct mlx5_core_dev *mdev = macsec->mdev;
-	struct mlx5_macsec_obj_attrs attrs = {};
+	struct mlx5e_priv *priv = netdev_priv(ctx->netdev);
+	struct mlx5e_macsec *macsec = priv->macsec;
 	int err = 0;
 
-	if (rx_sa->active != active)
+	if (rx_sa->active == active)
 		return 0;
 
 	rx_sa->active = active;
@@ -444,13 +444,11 @@ static int mlx5e_macsec_update_rx_sa(struct mlx5e_macsec *macsec,
 		return 0;
 	}
 
-	attrs.sci = cpu_to_be64((__force u64)rx_sa->sci);
-	attrs.enc_key_id = rx_sa->enc_key_id;
-	err = mlx5e_macsec_create_object(mdev, &attrs, false, &rx_sa->macsec_obj_id);
+	err = mlx5e_macsec_init_sa(ctx, rx_sa, true, false);
 	if (err)
-		return err;
+		rx_sa->active = false;
 
-	return 0;
+	return err;
 }
 
 static bool mlx5e_macsec_secy_features_validate(struct macsec_context *ctx)
@@ -812,7 +810,7 @@ static int mlx5e_macsec_upd_rxsc(struct macsec_context *ctx)
 		if (!rx_sa)
 			continue;
 
-		err = mlx5e_macsec_update_rx_sa(macsec, rx_sa, rx_sa->active && ctx_rx_sc->active);
+		err = macsec_rx_sa_active_update(ctx, rx_sa, rx_sa->active && ctx_rx_sc->active);
 		if (err)
 			goto out;
 	}
@@ -1023,7 +1021,7 @@ static int mlx5e_macsec_upd_rxsa(struct macsec_context *ctx)
 		goto out;
 	}
 
-	err = mlx5e_macsec_update_rx_sa(macsec, rx_sa, ctx_rx_sa->active);
+	err = macsec_rx_sa_active_update(ctx, rx_sa, ctx_rx_sa->active);
 out:
 	mutex_unlock(&macsec->lock);
 
-- 
2.38.1

next prev parent reply	other threads:[~2022-11-24  8:11 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-24  8:10 [pull request][net 00/15] mlx5 fixes 2022-11-24 Saeed Mahameed
2022-11-24  8:10 ` [net 01/15] net/mlx5: DR, Fix uninitialized var warning Saeed Mahameed
2022-11-24  8:10 ` [net 02/15] net/mlx5: E-switch, Destroy legacy fdb table when needed Saeed Mahameed
2022-11-24  8:10 ` [net 03/15] net/mlx5: E-switch, Fix duplicate lag creation Saeed Mahameed
2022-11-28 23:23   ` Jacob Keller
2022-11-29  5:51     ` Saeed Mahameed
2022-11-24  8:10 ` [net 04/15] net/mlx5: Fix uninitialized variable bug in outlen_write() Saeed Mahameed
2022-11-24  8:10 ` [net 05/15] net/mlx5e: Fix use-after-free when reverting termination table Saeed Mahameed
2022-11-28 23:26   ` Jacob Keller
2022-11-24  8:10 ` [net 06/15] net/mlx5e: Fix a couple error codes Saeed Mahameed
2022-11-28 23:26   ` Jacob Keller
2022-11-24  8:10 ` [net 07/15] net/mlx5e: Use kvfree() in mlx5e_accel_fs_tcp_create() Saeed Mahameed
2022-11-24  8:32   ` Tariq Toukan
2022-11-28 19:55     ` Saeed Mahameed
2022-11-28 23:34       ` Jacob Keller
2022-11-24  8:10 ` [net 08/15] net/mlx5e: MACsec, fix RX data path 16 RX security channel limit Saeed Mahameed
2022-11-24  8:10 ` [net 09/15] net/mlx5e: MACsec, fix memory leak when MACsec device is deleted Saeed Mahameed
2022-11-28 23:36   ` Jacob Keller
2022-11-24  8:10 ` [net 10/15] net/mlx5e: MACsec, fix update Rx secure channel active field Saeed Mahameed
2022-11-28 23:37   ` Jacob Keller
2022-11-24  8:10 ` Saeed Mahameed [this message]
2022-11-24  8:10 ` [net 12/15] net/mlx5e: MACsec, fix add Rx security association (SA) rule memory leak Saeed Mahameed
2022-11-28 23:37   ` Jacob Keller
2022-11-24  8:10 ` [net 13/15] net/mlx5e: MACsec, remove replay window size limitation in offload path Saeed Mahameed
2022-11-28 23:42   ` Jacob Keller
2022-11-29  3:35     ` Jakub Kicinski
2022-11-29  5:44       ` Saeed Mahameed
2022-11-29  8:12         ` Saeed Mahameed
2022-11-29 18:29           ` Jacob Keller
2022-11-24  8:10 ` [net 14/15] net/mlx5e: MACsec, fix Tx SA active field update Saeed Mahameed
2022-11-28 23:43   ` Jacob Keller
2022-11-24  8:10 ` [net 15/15] net/mlx5e: MACsec, block offload requests with encrypt off Saeed Mahameed
2022-11-28 23:43   ` Jacob Keller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9c891a87799 dfblob:c19581f1f73 )
 OR (
bs:"[net 11/15] net/mlx5e: MACsec, fix mlx5e_macsec_update_rxsa bail condition and functionality" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221124081040.171790-12-saeed@kernel.org \
    --to=saeed@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=ehakim@nvidia.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=raeds@nvidia.com \
    --cc=saeedm@nvidia.com \
    --cc=tariqt@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).