From: Paolo Abeni <pabeni@redhat.com>
To: Simon Horman <horms@kernel.org>, tariqt@nvidia.com
Cc: edumazet@google.com, kuba@kernel.org, andrew+netdev@lunn.ch,
davem@davemloft.net, borisp@nvidia.com, saeedm@nvidia.com,
leon@kernel.org, mbloch@nvidia.com, jianbol@nvidia.com,
cjubran@nvidia.com, acassen@corp.free.fr, kees@kernel.org,
Jason@zx2c4.com, michal.swiatkowski@linux.intel.com,
fmancera@suse.de, antonio@openvpn.net, cratiu@nvidia.com,
ecree.xilinx@gmail.com, sridhar.samudrala@intel.com,
netdev@vger.kernel.org, linux-rdma@vger.kernel.org,
linux-kernel@vger.kernel.org, gal@nvidia.com, leonro@nvidia.com
Subject: Re: [PATCH net] net/mlx5e: Skip IPsec flow modify when MAC address is unchanged
Date: Tue, 19 May 2026 10:09:57 +0200 [thread overview]
Message-ID: <c7e0dd4f-e34b-42a6-ae4d-8060a59e9b8f@redhat.com> (raw)
In-Reply-To: <20260518112710.510979-2-horms@kernel.org>
On 5/18/26 1:27 PM, Simon Horman wrote:
> From: 'Simon Horman' <horms@kernel.org>
>
> This is an AI-generated review of your patch. The human sending this
> email has considered the AI review valid, or at least plausible.
> Full review at: https://sashiko.dev
> ---
> net/mlx5e: Skip IPsec flow modify when MAC address is unchanged
>
> When a netdev event fires for an IPsec SA, skip calling
> mlx5e_accel_ipsec_fs_modify() if the MAC address has not changed and
> the rule is not in drop mode. This avoids redundant hardware updates.
>
>> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
>> index a52e12c3c95a2..f567cd801adb3 100644
>> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
>> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
>> @@ -674,19 +674,26 @@ static void mlx5e_ipsec_handle_netdev_event(struct work_struct *_work)
>> struct mlx5e_ipsec_sa_entry *sa_entry = work->sa_entry;
>> struct mlx5e_ipsec_netevent_data *data = work->data;
>> struct mlx5_accel_esp_xfrm_attrs *attrs;
> [ ... ]
>> +
>> + if (ether_addr_equal(mac, data->addr) && !attrs->drop)
>> + return;
>> +
>> + ether_addr_copy(mac, data->addr);
>> attrs->drop = false;
>> mlx5e_accel_ipsec_fs_modify(sa_entry);
>
> If mlx5e_accel_ipsec_fs_modify() fails (for example, due to a memory
> allocation failure), does this early return prevent the hardware state
> from recovering?
>
> Since attrs->drop and the mac address are updated before calling
> mlx5e_accel_ipsec_fs_modify(), a failure in the hardware update leaves the
> software state out of sync with the hardware.
>
> Prior to this patch, a subsequent netdev event for the same neighbor would
> unconditionally retry the hardware update. With this patch, the early return
> sees the optimistically updated software state, matches it, and skips the
> retry, potentially leaving the hardware permanently stuck in a dropped or
> failed state.
@Tariq, @Jianbo: I tend to think that the above qualifies as
pre-existing issue: when mlx5e_accel_ipsec_fs_modify() failed the S/W
and the H/W ended-up in out-of-sync state for a potentially unlimited
time even before this patch. WDYT?
/P
prev parent reply other threads:[~2026-05-19 8:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 19:02 [PATCH net] net/mlx5e: Skip IPsec flow modify when MAC address is unchanged Tariq Toukan
2026-05-18 11:27 ` Simon Horman
2026-05-19 8:09 ` Paolo Abeni [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c7e0dd4f-e34b-42a6-ae4d-8060a59e9b8f@redhat.com \
--to=pabeni@redhat.com \
--cc=Jason@zx2c4.com \
--cc=acassen@corp.free.fr \
--cc=andrew+netdev@lunn.ch \
--cc=antonio@openvpn.net \
--cc=borisp@nvidia.com \
--cc=cjubran@nvidia.com \
--cc=cratiu@nvidia.com \
--cc=davem@davemloft.net \
--cc=ecree.xilinx@gmail.com \
--cc=edumazet@google.com \
--cc=fmancera@suse.de \
--cc=gal@nvidia.com \
--cc=horms@kernel.org \
--cc=jianbol@nvidia.com \
--cc=kees@kernel.org \
--cc=kuba@kernel.org \
--cc=leon@kernel.org \
--cc=leonro@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=mbloch@nvidia.com \
--cc=michal.swiatkowski@linux.intel.com \
--cc=netdev@vger.kernel.org \
--cc=saeedm@nvidia.com \
--cc=sridhar.samudrala@intel.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox