Commit 156c9398 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'mlx5-ipsec-fixes' 



Leon Romanovsky says:

====================
Fixes to mlx5 IPsec implementation

This small patchset includes various fixes and one refactoring patch
which I collected for the features sent in this cycle, with one exception -
first patch.

First patch fixes code which was introduced in previous cycle, however I
was able to trigger FW error only in custom debug code, so don't see a
need to send it to net-rc.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 35226750 45fd01f2

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

+26 −27
Original line number Diff line number Diff line
@@ -252,6 +252,8 @@ static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry, 
	struct net_device *netdev;

	struct neighbour *n;

	u8 addr[ETH_ALEN];

	const void *pkey;

	u8 *dst, *src;



	if (attrs->mode != XFRM_MODE_TUNNEL ||

	    attrs->type != XFRM_DEV_OFFLOAD_PACKET)
@@ -262,35 +264,30 @@ static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry, 
	mlx5_query_mac_address(mdev, addr);

	switch (attrs->dir) {

	case XFRM_DEV_OFFLOAD_IN:

		ether_addr_copy(attrs->dmac, addr);

		n = neigh_lookup(&arp_tbl, &attrs->saddr.a4, netdev);

		if (!n) {

			n = neigh_create(&arp_tbl, &attrs->saddr.a4, netdev);

			if (IS_ERR(n))

				return;

			neigh_event_send(n, NULL);

			attrs->drop = true;

			break;

		}

		neigh_ha_snapshot(addr, n, netdev);

		ether_addr_copy(attrs->smac, addr);

		src = attrs->dmac;

		dst = attrs->smac;

		pkey = &attrs->saddr.a4;

		break;

	case XFRM_DEV_OFFLOAD_OUT:

		ether_addr_copy(attrs->smac, addr);

		n = neigh_lookup(&arp_tbl, &attrs->daddr.a4, netdev);

		src = attrs->smac;

		dst = attrs->dmac;

		pkey = &attrs->daddr.a4;

		break;

	default:

		return;

	}



	ether_addr_copy(src, addr);

	n = neigh_lookup(&arp_tbl, pkey, netdev);

	if (!n) {

			n = neigh_create(&arp_tbl, &attrs->daddr.a4, netdev);

		n = neigh_create(&arp_tbl, pkey, netdev);

		if (IS_ERR(n))

			return;

		neigh_event_send(n, NULL);

		attrs->drop = true;

			break;

		}

	} else {

		neigh_ha_snapshot(addr, n, netdev);

		ether_addr_copy(attrs->dmac, addr);

		break;

	default:

		return;

		ether_addr_copy(dst, addr);

	}

	neigh_release(n);

}
@@ -708,11 +705,12 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x, 
release_dwork:

	kfree(sa_entry->dwork);

release_work:

	if (sa_entry->work)

		kfree(sa_entry->work->data);

	kfree(sa_entry->work);

err_xfrm:

	kfree(sa_entry);

	NL_SET_ERR_MSG_MOD(extack, "Device failed to offload this policy");

	NL_SET_ERR_MSG_WEAK_MOD(extack, "Device failed to offload this state");

	return err;

}
@@ -752,6 +750,7 @@ static void mlx5e_xfrm_free_state(struct xfrm_state *x) 
	mlx5e_accel_ipsec_fs_del_rule(sa_entry);

	mlx5_ipsec_free_sa_ctx(sa_entry);

	kfree(sa_entry->dwork);

	if (sa_entry->work)

		kfree(sa_entry->work->data);

	kfree(sa_entry->work);

sa_entry_free:

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h

+1 −1
Original line number Diff line number Diff line
@@ -287,7 +287,7 @@ static inline bool addr6_all_zero(__be32 *addr6) 
{

	static const __be32 zaddr6[4] = {};



	return !memcmp(addr6, zaddr6, sizeof(*zaddr6));

	return !memcmp(addr6, zaddr6, sizeof(zaddr6));

}

#else

static inline void mlx5e_ipsec_init(struct mlx5e_priv *priv)

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c

+8 −8
Original line number Diff line number Diff line
@@ -1252,16 +1252,16 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry) 
	setup_fte_no_frags(spec);

	setup_fte_upper_proto_match(spec, &attrs->upspec);



	if (attrs->reqid) {

	switch (attrs->action) {

	case XFRM_POLICY_ALLOW:

		flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;

		if (!attrs->reqid)

			break;



		err = setup_modify_header(mdev, attrs->reqid,

					  XFRM_DEV_OFFLOAD_OUT, &flow_act);

		if (err)

			goto err_mod_header;

	}



	switch (attrs->action) {

	case XFRM_POLICY_ALLOW:

		flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;

		break;

	case XFRM_POLICY_BLOCK:

		flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_DROP |
@@ -1273,7 +1273,7 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry) 
	default:

		WARN_ON(true);

		err = -EINVAL;

		goto err_action;

		goto err_mod_header;

	}



	flow_act.flags |= FLOW_ACT_NO_APPEND;
@@ -1293,7 +1293,7 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry) 
	return 0;



err_action:

	if (attrs->reqid)

	if (flow_act.modify_hdr)

		mlx5_modify_header_dealloc(mdev, flow_act.modify_hdr);

err_mod_header:

	kvfree(spec);