From: Sabrina Dubroca <sd@queasysnail.net>
To: Tanmay Jagdale <tanmay@marvell.com>
Cc: davem@davemloft.net, horms@kernel.org, leon@kernel.org,
herbert@gondor.apana.org.au, bbhushan2@marvell.com,
sgoutham@marvell.com, linux-crypto@vger.kernel.org,
netdev@vger.kernel.org
Subject: Re: [PATCH net-next v5 15/15] octeontx2-pf: ipsec: Add XFRM state and policy hooks for inbound flows
Date: Tue, 28 Oct 2025 12:39:04 +0100 [thread overview]
Message-ID: <aQCrWAVZh2VlOl54@krikkit> (raw)
In-Reply-To: <20251026150916.352061-16-tanmay@marvell.com>
2025-10-26, 20:39:10 +0530, Tanmay Jagdale wrote:
> +static int cn10k_ipsec_policy_add(struct xfrm_policy *x,
> + struct netlink_ext_ack *extack)
> +{
> + struct cn10k_inb_sw_ctx_info *inb_ctx_info = NULL, *inb_ctx;
> + struct net_device *netdev = x->xdo.dev;
> + bool disable_rule = true;
> + struct otx2_nic *pf;
> + int ret = 0;
> +
> + if (x->xdo.dir != XFRM_DEV_OFFLOAD_IN) {
> + netdev_err(netdev, "ERR: Can only offload Inbound policies\n");
> + ret = -EINVAL;
missing goto/return?
> + }
> +
> + if (x->xdo.type != XFRM_DEV_OFFLOAD_PACKET) {
> + netdev_err(netdev, "ERR: Only Packet mode supported\n");
> + ret = -EINVAL;
missing goto/return?
> + }
> +
> + pf = netdev_priv(netdev);
> +
> + /* If XFRM state was added before policy, then the inb_ctx_info instance
> + * would be allocated there.
> + */
> + list_for_each_entry(inb_ctx, &pf->ipsec.inb_sw_ctx_list, list) {
> + if (inb_ctx->reqid == x->xfrm_vec[0].reqid) {
> + inb_ctx_info = inb_ctx;
> + disable_rule = false;
> + break;
> + }
> + }
> +
> + if (!inb_ctx_info) {
> + /* Allocate a structure to track SA related info in driver */
> + inb_ctx_info = devm_kzalloc(pf->dev, sizeof(*inb_ctx_info), GFP_KERNEL);
I'm not so familiar with devm_*, but according to the kdoc for
devm_kmalloc, this will get freed automatically when the driver goes
away (but not earlier). This could take a long time. Shouldn't this be
manually freed in the error path of this function, and somewhere
during the policy_delete/policy_free calls?
I see that you've got a devm_kfree in cn10k_ipsec_inb_add_state, so
something similar here?
[...]
> +static void cn10k_ipsec_policy_free(struct xfrm_policy *x)
> +{
> + return;
> }
The stack can handle a NULL .xdo_dev_policy_free, so this empty
implementation is not needed. But I'm not sure releasing all
policy-related resources at delete time (even via WQ) is safe, so
possibly some of the work done in cn10k_ipsec_policy_delete should be
moved here (similar comment for the existing cn10k_ipsec_del_state
code vs adding .xdo_dev_state_free).
--
Sabrina
next prev parent reply other threads:[~2025-10-28 11:39 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-26 15:08 [PATCH net-next v5 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC Tanmay Jagdale
2025-10-26 15:08 ` [PATCH net-next v5 01/15] crypto: octeontx2: Share engine group info with AF driver Tanmay Jagdale
2025-10-28 11:08 ` Simon Horman
2025-10-29 17:28 ` Tanmay Jagdale
2025-10-26 15:08 ` [PATCH net-next v5 02/15] octeontx2-af: Configure crypto hardware for inline ipsec Tanmay Jagdale
2025-10-26 15:08 ` [PATCH net-next v5 03/15] octeontx2-af: Setup Large Memory Transaction for crypto Tanmay Jagdale
2025-10-26 15:08 ` [PATCH net-next v5 04/15] octeontx2-af: Handle inbound inline ipsec config in AF Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 05/15] octeontx2-af: Add support for CPT second pass Tanmay Jagdale
2025-10-28 11:07 ` Simon Horman
2025-10-29 17:09 ` Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 06/15] octeontx2-af: Add support for SPI to SA index translation Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 07/15] octeontx2-af: Add mbox to alloc/free BPIDs Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 08/15] octeontx2-pf: ipsec: Setup NIX HW resources for inbound flows Tanmay Jagdale
2025-10-28 10:45 ` Simon Horman
2025-10-29 17:06 ` [EXTERNAL] " Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 09/15] octeontx2-pf: ipsec: Allocate Ingress SA table Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 10/15] octeontx2-pf: ipsec: Handle NPA threshold interrupt Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 11/15] octeontx2-pf: ipsec: Initialize ingress IPsec Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 12/15] octeontx2-pf: ipsec: Configure backpressure Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 13/15] octeontx2-pf: ipsec: Process CPT metapackets Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 14/15] octeontx2-pf: ipsec: Manage NPC rules and SPI-to-SA table entries Tanmay Jagdale
2025-10-26 15:09 ` [PATCH net-next v5 15/15] octeontx2-pf: ipsec: Add XFRM state and policy hooks for inbound flows Tanmay Jagdale
2025-10-28 11:39 ` Sabrina Dubroca [this message]
2025-10-29 17:36 ` [EXTERNAL] " Tanmay Jagdale
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aQCrWAVZh2VlOl54@krikkit \
--to=sd@queasysnail.net \
--cc=bbhushan2@marvell.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=horms@kernel.org \
--cc=leon@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sgoutham@marvell.com \
--cc=tanmay@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).