From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
netdev@vger.kernel.org, Tariq Toukan <tariqt@nvidia.com>,
Raed Salem <raeds@nvidia.com>, Emeel Hakim <ehakim@nvidia.com>
Subject: [net 08/15] net/mlx5e: MACsec, fix RX data path 16 RX security channel limit
Date: Thu, 24 Nov 2022 00:10:33 -0800 [thread overview]
Message-ID: <20221124081040.171790-9-saeed@kernel.org> (raw)
In-Reply-To: <20221124081040.171790-1-saeed@kernel.org>
From: Raed Salem <raeds@nvidia.com>
Currently the data path metadata flow id mask wrongly limits the
number of different RX security channels (SC) to 16, whereas in
adding RX SC the limit is "2^16 - 1" this cause an overlap in
metadata flow id once more than 16 RX SCs is added, this corrupts
MACsec RX offloaded flow handling.
Fix by using the correct mask, while at it improve code to use this
mask when adding the Rx rule and improve visibility of such errors
by adding debug massage.
Fixes: b7c9400cbc48 ("net/mlx5e: Implement MACsec Rx data path using MACsec skb_metadata_dst")
Signed-off-by: Raed Salem <raeds@nvidia.com>
Reviewed-by: Emeel Hakim <ehakim@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
.../net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 11 ++++++++---
.../net/ethernet/mellanox/mlx5/core/en_accel/macsec.h | 6 ++++--
.../ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c | 4 ++--
3 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
index 3dc6c987b8da..96fa553ef93a 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
@@ -736,9 +736,14 @@ static int mlx5e_macsec_add_rxsc(struct macsec_context *ctx)
sc_xarray_element->rx_sc = rx_sc;
err = xa_alloc(&macsec->sc_xarray, &sc_xarray_element->fs_id, sc_xarray_element,
- XA_LIMIT(1, USHRT_MAX), GFP_KERNEL);
- if (err)
+ XA_LIMIT(1, MLX5_MACEC_RX_FS_ID_MAX), GFP_KERNEL);
+ if (err) {
+ if (err == -EBUSY)
+ netdev_err(ctx->netdev,
+ "MACsec offload: unable to create entry for RX SC (%d Rx SCs already allocated)\n",
+ MLX5_MACEC_RX_FS_ID_MAX);
goto destroy_sc_xarray_elemenet;
+ }
rx_sc->md_dst = metadata_dst_alloc(0, METADATA_MACSEC, GFP_KERNEL);
if (!rx_sc->md_dst) {
@@ -1748,7 +1753,7 @@ void mlx5e_macsec_offload_handle_rx_skb(struct net_device *netdev,
if (!macsec)
return;
- fs_id = MLX5_MACSEC_METADATA_HANDLE(macsec_meta_data);
+ fs_id = MLX5_MACSEC_RX_METADAT_HANDLE(macsec_meta_data);
rcu_read_lock();
sc_xarray_element = xa_load(&macsec->sc_xarray, fs_id);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.h
index d580b4a91253..347380a2cd9c 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.h
@@ -10,9 +10,11 @@
#include <net/macsec.h>
#include <net/dst_metadata.h>
-/* Bit31 - 30: MACsec marker, Bit3-0: MACsec id */
+/* Bit31 - 30: MACsec marker, Bit15-0: MACsec id */
+#define MLX5_MACEC_RX_FS_ID_MAX USHRT_MAX /* Must be power of two */
+#define MLX5_MACSEC_RX_FS_ID_MASK MLX5_MACEC_RX_FS_ID_MAX
#define MLX5_MACSEC_METADATA_MARKER(metadata) ((((metadata) >> 30) & 0x3) == 0x1)
-#define MLX5_MACSEC_METADATA_HANDLE(metadata) ((metadata) & GENMASK(3, 0))
+#define MLX5_MACSEC_RX_METADAT_HANDLE(metadata) ((metadata) & MLX5_MACSEC_RX_FS_ID_MASK)
struct mlx5e_priv;
struct mlx5e_macsec;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c
index 96cec6d826c2..f87a1c4021bc 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c
@@ -1146,10 +1146,10 @@ macsec_fs_rx_add_rule(struct mlx5e_macsec_fs *macsec_fs,
ft_crypto = &rx_tables->ft_crypto;
/* Set bit[31 - 30] macsec marker - 0x01 */
- /* Set bit[3-0] fs id */
+ /* Set bit[15-0] fs id */
MLX5_SET(set_action_in, action, action_type, MLX5_ACTION_TYPE_SET);
MLX5_SET(set_action_in, action, field, MLX5_ACTION_IN_FIELD_METADATA_REG_B);
- MLX5_SET(set_action_in, action, data, fs_id | BIT(30));
+ MLX5_SET(set_action_in, action, data, MLX5_MACSEC_RX_METADAT_HANDLE(fs_id) | BIT(30));
MLX5_SET(set_action_in, action, offset, 0);
MLX5_SET(set_action_in, action, length, 32);
--
2.38.1
next prev parent reply other threads:[~2022-11-24 8:11 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-24 8:10 [pull request][net 00/15] mlx5 fixes 2022-11-24 Saeed Mahameed
2022-11-24 8:10 ` [net 01/15] net/mlx5: DR, Fix uninitialized var warning Saeed Mahameed
2022-11-24 8:10 ` [net 02/15] net/mlx5: E-switch, Destroy legacy fdb table when needed Saeed Mahameed
2022-11-24 8:10 ` [net 03/15] net/mlx5: E-switch, Fix duplicate lag creation Saeed Mahameed
2022-11-28 23:23 ` Jacob Keller
2022-11-29 5:51 ` Saeed Mahameed
2022-11-24 8:10 ` [net 04/15] net/mlx5: Fix uninitialized variable bug in outlen_write() Saeed Mahameed
2022-11-24 8:10 ` [net 05/15] net/mlx5e: Fix use-after-free when reverting termination table Saeed Mahameed
2022-11-28 23:26 ` Jacob Keller
2022-11-24 8:10 ` [net 06/15] net/mlx5e: Fix a couple error codes Saeed Mahameed
2022-11-28 23:26 ` Jacob Keller
2022-11-24 8:10 ` [net 07/15] net/mlx5e: Use kvfree() in mlx5e_accel_fs_tcp_create() Saeed Mahameed
2022-11-24 8:32 ` Tariq Toukan
2022-11-28 19:55 ` Saeed Mahameed
2022-11-28 23:34 ` Jacob Keller
2022-11-24 8:10 ` Saeed Mahameed [this message]
2022-11-24 8:10 ` [net 09/15] net/mlx5e: MACsec, fix memory leak when MACsec device is deleted Saeed Mahameed
2022-11-28 23:36 ` Jacob Keller
2022-11-24 8:10 ` [net 10/15] net/mlx5e: MACsec, fix update Rx secure channel active field Saeed Mahameed
2022-11-28 23:37 ` Jacob Keller
2022-11-24 8:10 ` [net 11/15] net/mlx5e: MACsec, fix mlx5e_macsec_update_rxsa bail condition and functionality Saeed Mahameed
2022-11-24 8:10 ` [net 12/15] net/mlx5e: MACsec, fix add Rx security association (SA) rule memory leak Saeed Mahameed
2022-11-28 23:37 ` Jacob Keller
2022-11-24 8:10 ` [net 13/15] net/mlx5e: MACsec, remove replay window size limitation in offload path Saeed Mahameed
2022-11-28 23:42 ` Jacob Keller
2022-11-29 3:35 ` Jakub Kicinski
2022-11-29 5:44 ` Saeed Mahameed
2022-11-29 8:12 ` Saeed Mahameed
2022-11-29 18:29 ` Jacob Keller
2022-11-24 8:10 ` [net 14/15] net/mlx5e: MACsec, fix Tx SA active field update Saeed Mahameed
2022-11-28 23:43 ` Jacob Keller
2022-11-24 8:10 ` [net 15/15] net/mlx5e: MACsec, block offload requests with encrypt off Saeed Mahameed
2022-11-28 23:43 ` Jacob Keller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221124081040.171790-9-saeed@kernel.org \
--to=saeed@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=ehakim@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=raeds@nvidia.com \
--cc=saeedm@nvidia.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).