From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
netdev@vger.kernel.org, Tariq Toukan <tariqt@nvidia.com>,
Chris Mi <cmi@nvidia.com>, Leon Romanovsky <leonro@nvidia.com>
Subject: [net 10/15] net/mlx5e: Disable IPsec offload support if not FW steering
Date: Tue, 21 Nov 2023 17:47:59 -0800 [thread overview]
Message-ID: <20231122014804.27716-11-saeed@kernel.org> (raw)
In-Reply-To: <20231122014804.27716-1-saeed@kernel.org>
From: Chris Mi <cmi@nvidia.com>
IPsec FDB offload can only work with FW steering as of now,
disable the cap upon non FW steering.
And since the IPSec cap is dynamic now based on steering mode.
Cleanup the resources if they exist instead of checking the
IPsec cap again.
Fixes: edd8b295f9e2 ("Merge branch 'mlx5-ipsec-packet-offload-support-in-eswitch-mode'")
Signed-off-by: Chris Mi <cmi@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
.../mellanox/mlx5/core/en_accel/ipsec.c | 26 ++++++++-----------
.../mlx5/core/en_accel/ipsec_offload.c | 8 +++++-
2 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 914b9e6eb7db..161c5190c236 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -935,9 +935,11 @@ void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv)
return;
mlx5e_accel_ipsec_fs_cleanup(ipsec);
- if (mlx5_ipsec_device_caps(priv->mdev) & MLX5_IPSEC_CAP_TUNNEL)
+ if (ipsec->netevent_nb.notifier_call) {
unregister_netevent_notifier(&ipsec->netevent_nb);
- if (mlx5_ipsec_device_caps(priv->mdev) & MLX5_IPSEC_CAP_PACKET_OFFLOAD)
+ ipsec->netevent_nb.notifier_call = NULL;
+ }
+ if (ipsec->aso)
mlx5e_ipsec_aso_cleanup(ipsec);
destroy_workqueue(ipsec->wq);
kfree(ipsec);
@@ -1046,6 +1048,12 @@ static int mlx5e_xfrm_validate_policy(struct mlx5_core_dev *mdev,
}
}
+ if (x->xdo.type == XFRM_DEV_OFFLOAD_PACKET &&
+ !(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_PACKET_OFFLOAD)) {
+ NL_SET_ERR_MSG_MOD(extack, "Packet offload is not supported");
+ return -EINVAL;
+ }
+
return 0;
}
@@ -1141,14 +1149,6 @@ static const struct xfrmdev_ops mlx5e_ipsec_xfrmdev_ops = {
.xdo_dev_state_free = mlx5e_xfrm_free_state,
.xdo_dev_offload_ok = mlx5e_ipsec_offload_ok,
.xdo_dev_state_advance_esn = mlx5e_xfrm_advance_esn_state,
-};
-
-static const struct xfrmdev_ops mlx5e_ipsec_packet_xfrmdev_ops = {
- .xdo_dev_state_add = mlx5e_xfrm_add_state,
- .xdo_dev_state_delete = mlx5e_xfrm_del_state,
- .xdo_dev_state_free = mlx5e_xfrm_free_state,
- .xdo_dev_offload_ok = mlx5e_ipsec_offload_ok,
- .xdo_dev_state_advance_esn = mlx5e_xfrm_advance_esn_state,
.xdo_dev_state_update_curlft = mlx5e_xfrm_update_curlft,
.xdo_dev_policy_add = mlx5e_xfrm_add_policy,
@@ -1166,11 +1166,7 @@ void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv)
mlx5_core_info(mdev, "mlx5e: IPSec ESP acceleration enabled\n");
- if (mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_PACKET_OFFLOAD)
- netdev->xfrmdev_ops = &mlx5e_ipsec_packet_xfrmdev_ops;
- else
- netdev->xfrmdev_ops = &mlx5e_ipsec_xfrmdev_ops;
-
+ netdev->xfrmdev_ops = &mlx5e_ipsec_xfrmdev_ops;
netdev->features |= NETIF_F_HW_ESP;
netdev->hw_enc_features |= NETIF_F_HW_ESP;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
index 4e018fba2d5f..6e00afe4671b 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
@@ -6,6 +6,8 @@
#include "ipsec.h"
#include "lib/crypto.h"
#include "lib/ipsec_fs_roce.h"
+#include "fs_core.h"
+#include "eswitch.h"
enum {
MLX5_IPSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET,
@@ -38,7 +40,10 @@ u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev)
MLX5_CAP_ETH(mdev, insert_trailer) && MLX5_CAP_ETH(mdev, swp))
caps |= MLX5_IPSEC_CAP_CRYPTO;
- if (MLX5_CAP_IPSEC(mdev, ipsec_full_offload)) {
+ if (MLX5_CAP_IPSEC(mdev, ipsec_full_offload) &&
+ (mdev->priv.steering->mode == MLX5_FLOW_STEERING_MODE_DMFS ||
+ (mdev->priv.steering->mode == MLX5_FLOW_STEERING_MODE_SMFS &&
+ is_mdev_legacy_mode(mdev)))) {
if (MLX5_CAP_FLOWTABLE_NIC_TX(mdev,
reformat_add_esp_trasport) &&
MLX5_CAP_FLOWTABLE_NIC_RX(mdev,
@@ -559,6 +564,7 @@ void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec)
dma_unmap_single(pdev, aso->dma_addr, sizeof(aso->ctx),
DMA_BIDIRECTIONAL);
kfree(aso);
+ ipsec->aso = NULL;
}
static void mlx5e_ipsec_aso_copy(struct mlx5_wqe_aso_ctrl_seg *ctrl,
--
2.42.0
next prev parent reply other threads:[~2023-11-22 1:48 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-22 1:47 [pull request][net 00/15] mlx5 fixes 2023-11-21 Saeed Mahameed
2023-11-22 1:47 ` [net 01/15] net/mlx5e: Honor user choice of IPsec replay window size Saeed Mahameed
2023-11-22 1:47 ` [net 02/15] net/mlx5e: Ensure that IPsec sequence packet number starts from 1 Saeed Mahameed
2023-11-22 1:47 ` [net 03/15] net/mlx5e: Unify esw and normal IPsec status table creation/destruction Saeed Mahameed
2023-11-22 1:47 ` [net 04/15] net/mlx5e: Remove exposure of IPsec RX flow steering struct Saeed Mahameed
2023-11-22 1:47 ` [net 05/15] net/mlx5e: Add IPsec and ASO syndromes check in HW Saeed Mahameed
2023-11-22 1:47 ` [net 06/15] net/mlx5e: Tidy up IPsec NAT-T SA discovery Saeed Mahameed
2023-11-22 1:47 ` [net 07/15] net/mlx5e: Reduce eswitch mode_lock protection context Saeed Mahameed
2023-11-22 1:47 ` [net 08/15] net/mlx5e: Check the number of elements before walk TC rhashtable Saeed Mahameed
2023-11-22 1:47 ` [net 09/15] net/mlx5e: Forbid devlink reload if IPSec rules are offloaded Saeed Mahameed
2023-11-22 9:13 ` Jiri Pirko
2023-11-22 9:35 ` Leon Romanovsky
2023-11-22 9:50 ` Jiri Pirko
2023-11-22 11:28 ` Leon Romanovsky
2023-11-22 12:25 ` Jiri Pirko
2023-11-23 3:53 ` Jakub Kicinski
2023-11-23 6:12 ` Saeed Mahameed
2023-11-23 18:33 ` Leon Romanovsky
2023-11-28 12:02 ` Jiri Pirko
2023-11-28 16:08 ` Leon Romanovsky
2023-11-29 14:51 ` Jiri Pirko
2023-12-04 17:05 ` Leon Romanovsky
2023-12-05 9:30 ` Jiri Pirko
2023-11-22 1:47 ` Saeed Mahameed [this message]
2023-11-22 1:48 ` [net 11/15] net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work Saeed Mahameed
2023-11-22 1:48 ` [net 12/15] net/mlx5e: TC, Don't offload post action rule if not supported Saeed Mahameed
2023-11-22 1:48 ` [net 13/15] net/mlx5: Nack sync reset request when HotPlug is enabled Saeed Mahameed
2023-11-22 1:48 ` [net 14/15] net/mlx5e: Check netdev pointer before checking its net ns Saeed Mahameed
2023-11-22 1:48 ` [net 15/15] net/mlx5: Fix a NULL vs IS_ERR() check Saeed Mahameed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231122014804.27716-11-saeed@kernel.org \
--to=saeed@kernel.org \
--cc=cmi@nvidia.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=leonro@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=saeedm@nvidia.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).