* [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX
@ 2024-12-19 12:37 Leon Romanovsky
2024-12-19 12:37 ` [PATCH ipsec-next 2/2] net/mlx5e: Update TX ESN context for IPSec hardware offload Leon Romanovsky
2025-01-07 10:22 ` [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX Leon Romanovsky
0 siblings, 2 replies; 6+ messages in thread
From: Leon Romanovsky @ 2024-12-19 12:37 UTC (permalink / raw)
To: Steffen Klassert
Cc: Jianbo Liu, Andrew Lunn, Eric Dumazet, Herbert Xu, Jakub Kicinski,
Jonathan Corbet, linux-doc, linux-rdma, netdev, Paolo Abeni,
Potnuri Bharat Teja, Saeed Mahameed, Tariq Toukan
From: Jianbo Liu <jianbol@nvidia.com>
Previously xfrm_dev_state_advance_esn() was added for RX only. But
it's possible that ESN context also need to be synced to hardware for
TX, so call it for outbound in this patch.
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
Documentation/networking/xfrm_device.rst | 3 ++-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 3 +++
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
net/xfrm/xfrm_replay.c | 1 +
4 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
index bfea9d8579ed..66f6e9a9b59a 100644
--- a/Documentation/networking/xfrm_device.rst
+++ b/Documentation/networking/xfrm_device.rst
@@ -169,7 +169,8 @@ the stack in xfrm_input().
hand the packet to napi_gro_receive() as usual
-In ESN mode, xdo_dev_state_advance_esn() is called from xfrm_replay_advance_esn().
+In ESN mode, xdo_dev_state_advance_esn() is called from
+xfrm_replay_advance_esn() for RX, and xfrm_replay_overflow_offload_esn for TX.
Driver will check packet seq number and update HW ESN state machine if needed.
Packet offload mode:
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index bc3af0054406..e56e4f238795 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -6559,6 +6559,9 @@ static void cxgb4_advance_esn_state(struct xfrm_state *x)
{
struct adapter *adap = netdev2adap(x->xso.dev);
+ if (x->xso.dir != XFRM_DEV_OFFLOAD_IN)
+ return;
+
if (!mutex_trylock(&uld_mutex)) {
dev_dbg(adap->pdev_dev,
"crypto uld critical resource is under use\n");
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index ca92e518be76..3dd4f2492090 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -980,6 +980,9 @@ static void mlx5e_xfrm_advance_esn_state(struct xfrm_state *x)
struct mlx5e_ipsec_sa_entry *sa_entry_shadow;
bool need_update;
+ if (x->xso.dir != XFRM_DEV_OFFLOAD_IN)
+ return;
+
need_update = mlx5e_ipsec_update_esn_state(sa_entry);
if (!need_update)
return;
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index bc56c6305725..e500aebbad22 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -729,6 +729,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
}
replay_esn->oseq = oseq;
+ xfrm_dev_state_advance_esn(x);
if (xfrm_aevent_is_on(net))
xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
--
2.47.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH ipsec-next 2/2] net/mlx5e: Update TX ESN context for IPSec hardware offload
2024-12-19 12:37 [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX Leon Romanovsky
@ 2024-12-19 12:37 ` Leon Romanovsky
2025-01-07 10:22 ` [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX Leon Romanovsky
1 sibling, 0 replies; 6+ messages in thread
From: Leon Romanovsky @ 2024-12-19 12:37 UTC (permalink / raw)
To: Steffen Klassert
Cc: Jianbo Liu, Andrew Lunn, Eric Dumazet, Jakub Kicinski, linux-rdma,
netdev, Paolo Abeni, Saeed Mahameed, Tariq Toukan
From: Jianbo Liu <jianbol@nvidia.com>
ESN context must be synced between software and hardware for both RX
and TX. As the call to xfrm_dev_state_advance_esn() is added for TX,
this patch add the missing logic for TX. So the update is also checked
on every packet sent, to see if need to trigger ESN update worker.
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
.../mellanox/mlx5/core/en_accel/ipsec.c | 40 +++++++------------
1 file changed, 15 insertions(+), 25 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 3dd4f2492090..8489b0a0e8bd 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -94,25 +94,14 @@ static bool mlx5e_ipsec_update_esn_state(struct mlx5e_ipsec_sa_entry *sa_entry)
u32 esn, esn_msb;
u8 overlap;
- switch (x->xso.type) {
- case XFRM_DEV_OFFLOAD_PACKET:
- switch (x->xso.dir) {
- case XFRM_DEV_OFFLOAD_IN:
- esn = x->replay_esn->seq;
- esn_msb = x->replay_esn->seq_hi;
- break;
- case XFRM_DEV_OFFLOAD_OUT:
- esn = x->replay_esn->oseq;
- esn_msb = x->replay_esn->oseq_hi;
- break;
- default:
- WARN_ON(true);
- return false;
- }
- break;
- case XFRM_DEV_OFFLOAD_CRYPTO:
- /* Already parsed by XFRM core */
+ switch (x->xso.dir) {
+ case XFRM_DEV_OFFLOAD_IN:
esn = x->replay_esn->seq;
+ esn_msb = x->replay_esn->seq_hi;
+ break;
+ case XFRM_DEV_OFFLOAD_OUT:
+ esn = x->replay_esn->oseq;
+ esn_msb = x->replay_esn->oseq_hi;
break;
default:
WARN_ON(true);
@@ -121,11 +110,15 @@ static bool mlx5e_ipsec_update_esn_state(struct mlx5e_ipsec_sa_entry *sa_entry)
overlap = sa_entry->esn_state.overlap;
- if (esn >= x->replay_esn->replay_window)
- seq_bottom = esn - x->replay_esn->replay_window + 1;
+ if (!x->replay_esn->replay_window) {
+ seq_bottom = esn;
+ } else {
+ if (esn >= x->replay_esn->replay_window)
+ seq_bottom = esn - x->replay_esn->replay_window + 1;
- if (x->xso.type == XFRM_DEV_OFFLOAD_CRYPTO)
- esn_msb = xfrm_replay_seqhi(x, htonl(seq_bottom));
+ if (x->xso.type == XFRM_DEV_OFFLOAD_CRYPTO)
+ esn_msb = xfrm_replay_seqhi(x, htonl(seq_bottom));
+ }
if (sa_entry->esn_state.esn_msb)
sa_entry->esn_state.esn = esn;
@@ -980,9 +973,6 @@ static void mlx5e_xfrm_advance_esn_state(struct xfrm_state *x)
struct mlx5e_ipsec_sa_entry *sa_entry_shadow;
bool need_update;
- if (x->xso.dir != XFRM_DEV_OFFLOAD_IN)
- return;
-
need_update = mlx5e_ipsec_update_esn_state(sa_entry);
if (!need_update)
return;
--
2.47.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX
2024-12-19 12:37 [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX Leon Romanovsky
2024-12-19 12:37 ` [PATCH ipsec-next 2/2] net/mlx5e: Update TX ESN context for IPSec hardware offload Leon Romanovsky
@ 2025-01-07 10:22 ` Leon Romanovsky
2025-01-07 11:56 ` Steffen Klassert
1 sibling, 1 reply; 6+ messages in thread
From: Leon Romanovsky @ 2025-01-07 10:22 UTC (permalink / raw)
To: Steffen Klassert
Cc: Jianbo Liu, Andrew Lunn, Eric Dumazet, Herbert Xu, Jakub Kicinski,
Jonathan Corbet, linux-doc, linux-rdma, netdev, Paolo Abeni,
Potnuri Bharat Teja, Saeed Mahameed, Tariq Toukan
On Thu, Dec 19, 2024 at 02:37:29PM +0200, Leon Romanovsky wrote:
> From: Jianbo Liu <jianbol@nvidia.com>
>
> Previously xfrm_dev_state_advance_esn() was added for RX only. But
> it's possible that ESN context also need to be synced to hardware for
> TX, so call it for outbound in this patch.
>
> Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> ---
> Documentation/networking/xfrm_device.rst | 3 ++-
> drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 3 +++
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
> net/xfrm/xfrm_replay.c | 1 +
> 4 files changed, 9 insertions(+), 1 deletion(-)
Steffen,
This is kindly reminder.
Thanks
>
> diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
> index bfea9d8579ed..66f6e9a9b59a 100644
> --- a/Documentation/networking/xfrm_device.rst
> +++ b/Documentation/networking/xfrm_device.rst
> @@ -169,7 +169,8 @@ the stack in xfrm_input().
>
> hand the packet to napi_gro_receive() as usual
>
> -In ESN mode, xdo_dev_state_advance_esn() is called from xfrm_replay_advance_esn().
> +In ESN mode, xdo_dev_state_advance_esn() is called from
> +xfrm_replay_advance_esn() for RX, and xfrm_replay_overflow_offload_esn for TX.
> Driver will check packet seq number and update HW ESN state machine if needed.
>
> Packet offload mode:
> diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
> index bc3af0054406..e56e4f238795 100644
> --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
> +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
> @@ -6559,6 +6559,9 @@ static void cxgb4_advance_esn_state(struct xfrm_state *x)
> {
> struct adapter *adap = netdev2adap(x->xso.dev);
>
> + if (x->xso.dir != XFRM_DEV_OFFLOAD_IN)
> + return;
> +
> if (!mutex_trylock(&uld_mutex)) {
> dev_dbg(adap->pdev_dev,
> "crypto uld critical resource is under use\n");
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
> index ca92e518be76..3dd4f2492090 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
> @@ -980,6 +980,9 @@ static void mlx5e_xfrm_advance_esn_state(struct xfrm_state *x)
> struct mlx5e_ipsec_sa_entry *sa_entry_shadow;
> bool need_update;
>
> + if (x->xso.dir != XFRM_DEV_OFFLOAD_IN)
> + return;
> +
> need_update = mlx5e_ipsec_update_esn_state(sa_entry);
> if (!need_update)
> return;
> diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
> index bc56c6305725..e500aebbad22 100644
> --- a/net/xfrm/xfrm_replay.c
> +++ b/net/xfrm/xfrm_replay.c
> @@ -729,6 +729,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
> }
>
> replay_esn->oseq = oseq;
> + xfrm_dev_state_advance_esn(x);
>
> if (xfrm_aevent_is_on(net))
> xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
> --
> 2.47.0
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX
2025-01-07 10:22 ` [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX Leon Romanovsky
@ 2025-01-07 11:56 ` Steffen Klassert
2025-01-07 12:09 ` Leon Romanovsky
0 siblings, 1 reply; 6+ messages in thread
From: Steffen Klassert @ 2025-01-07 11:56 UTC (permalink / raw)
To: Leon Romanovsky
Cc: Jianbo Liu, Andrew Lunn, Eric Dumazet, Herbert Xu, Jakub Kicinski,
Jonathan Corbet, linux-doc, linux-rdma, netdev, Paolo Abeni,
Potnuri Bharat Teja, Saeed Mahameed, Tariq Toukan
On Tue, Jan 07, 2025 at 12:22:04PM +0200, Leon Romanovsky wrote:
> On Thu, Dec 19, 2024 at 02:37:29PM +0200, Leon Romanovsky wrote:
> > From: Jianbo Liu <jianbol@nvidia.com>
> >
> > Previously xfrm_dev_state_advance_esn() was added for RX only. But
> > it's possible that ESN context also need to be synced to hardware for
> > TX, so call it for outbound in this patch.
> >
> > Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > ---
> > Documentation/networking/xfrm_device.rst | 3 ++-
> > drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 3 +++
> > drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
> > net/xfrm/xfrm_replay.c | 1 +
> > 4 files changed, 9 insertions(+), 1 deletion(-)
>
> Steffen,
>
> This is kindly reminder.
Sorry for the dealy, the holidays came faster than expected :)
> > diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
> > index bc56c6305725..e500aebbad22 100644
> > --- a/net/xfrm/xfrm_replay.c
> > +++ b/net/xfrm/xfrm_replay.c
> > @@ -729,6 +729,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
> > }
> >
> > replay_esn->oseq = oseq;
> > + xfrm_dev_state_advance_esn(x);
This is the only line of code that this patchset adds
to the xfrm stack, so merging this through mlx5 might
create less conflicts.
In case you want to do that, you can add my 'Acked-by'
to this patch. Otherwise I'll pull it into the ipsec-next
tree tomorrow.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX
2025-01-07 11:56 ` Steffen Klassert
@ 2025-01-07 12:09 ` Leon Romanovsky
2025-01-08 10:25 ` Steffen Klassert
0 siblings, 1 reply; 6+ messages in thread
From: Leon Romanovsky @ 2025-01-07 12:09 UTC (permalink / raw)
To: Steffen Klassert
Cc: Jianbo Liu, Andrew Lunn, Eric Dumazet, Herbert Xu, Jakub Kicinski,
Jonathan Corbet, linux-doc, linux-rdma, netdev, Paolo Abeni,
Potnuri Bharat Teja, Saeed Mahameed, Tariq Toukan
On Tue, Jan 07, 2025 at 12:56:33PM +0100, Steffen Klassert wrote:
> On Tue, Jan 07, 2025 at 12:22:04PM +0200, Leon Romanovsky wrote:
> > On Thu, Dec 19, 2024 at 02:37:29PM +0200, Leon Romanovsky wrote:
> > > From: Jianbo Liu <jianbol@nvidia.com>
> > >
> > > Previously xfrm_dev_state_advance_esn() was added for RX only. But
> > > it's possible that ESN context also need to be synced to hardware for
> > > TX, so call it for outbound in this patch.
> > >
> > > Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
> > > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > > ---
> > > Documentation/networking/xfrm_device.rst | 3 ++-
> > > drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 3 +++
> > > drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
> > > net/xfrm/xfrm_replay.c | 1 +
> > > 4 files changed, 9 insertions(+), 1 deletion(-)
> >
> > Steffen,
> >
> > This is kindly reminder.
>
> Sorry for the dealy, the holidays came faster than expected :)
>
> > > diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
> > > index bc56c6305725..e500aebbad22 100644
> > > --- a/net/xfrm/xfrm_replay.c
> > > +++ b/net/xfrm/xfrm_replay.c
> > > @@ -729,6 +729,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
> > > }
> > >
> > > replay_esn->oseq = oseq;
> > > + xfrm_dev_state_advance_esn(x);
>
> This is the only line of code that this patchset adds
> to the xfrm stack, so merging this through mlx5 might
> create less conflicts.
>
> In case you want to do that, you can add my 'Acked-by'
> to this patch. Otherwise I'll pull it into the ipsec-next
> tree tomorrow.
Let's do it through your tree, please. IMHO, it is more appropriate.
Thanks
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX
2025-01-07 12:09 ` Leon Romanovsky
@ 2025-01-08 10:25 ` Steffen Klassert
0 siblings, 0 replies; 6+ messages in thread
From: Steffen Klassert @ 2025-01-08 10:25 UTC (permalink / raw)
To: Leon Romanovsky
Cc: Jianbo Liu, Andrew Lunn, Eric Dumazet, Herbert Xu, Jakub Kicinski,
Jonathan Corbet, linux-doc, linux-rdma, netdev, Paolo Abeni,
Potnuri Bharat Teja, Saeed Mahameed, Tariq Toukan
On Tue, Jan 07, 2025 at 02:09:05PM +0200, Leon Romanovsky wrote:
> On Tue, Jan 07, 2025 at 12:56:33PM +0100, Steffen Klassert wrote:
> > On Tue, Jan 07, 2025 at 12:22:04PM +0200, Leon Romanovsky wrote:
> > > On Thu, Dec 19, 2024 at 02:37:29PM +0200, Leon Romanovsky wrote:
> > > > From: Jianbo Liu <jianbol@nvidia.com>
> > > >
> > > > Previously xfrm_dev_state_advance_esn() was added for RX only. But
> > > > it's possible that ESN context also need to be synced to hardware for
> > > > TX, so call it for outbound in this patch.
> > > >
> > > > Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
> > > > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > > > ---
> > > > Documentation/networking/xfrm_device.rst | 3 ++-
> > > > drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 3 +++
> > > > drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
> > > > net/xfrm/xfrm_replay.c | 1 +
> > > > 4 files changed, 9 insertions(+), 1 deletion(-)
> > >
> > > Steffen,
> > >
> > > This is kindly reminder.
> >
> > Sorry for the dealy, the holidays came faster than expected :)
> >
> > > > diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
> > > > index bc56c6305725..e500aebbad22 100644
> > > > --- a/net/xfrm/xfrm_replay.c
> > > > +++ b/net/xfrm/xfrm_replay.c
> > > > @@ -729,6 +729,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
> > > > }
> > > >
> > > > replay_esn->oseq = oseq;
> > > > + xfrm_dev_state_advance_esn(x);
> >
> > This is the only line of code that this patchset adds
> > to the xfrm stack, so merging this through mlx5 might
> > create less conflicts.
> >
> > In case you want to do that, you can add my 'Acked-by'
> > to this patch. Otherwise I'll pull it into the ipsec-next
> > tree tomorrow.
>
> Let's do it through your tree, please. IMHO, it is more appropriate.
Ok, series applied to ipsec-next, thanks everyone!
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-01-08 10:25 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-19 12:37 [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX Leon Romanovsky
2024-12-19 12:37 ` [PATCH ipsec-next 2/2] net/mlx5e: Update TX ESN context for IPSec hardware offload Leon Romanovsky
2025-01-07 10:22 ` [PATCH ipsec-next 1/2] xfrm: Support ESN context update to hardware for TX Leon Romanovsky
2025-01-07 11:56 ` Steffen Klassert
2025-01-07 12:09 ` Leon Romanovsky
2025-01-08 10:25 ` Steffen Klassert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).