Commit 8c284ea4 authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Jakub Kicinski
Browse files

cxgb4: fill IPsec state validation failure reason 



Rely on extack to return failure reason.

Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 3fe57986

drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c

+1 −2
Original line number Diff line number Diff line
@@ -6497,8 +6497,7 @@ static int cxgb4_xfrm_add_state(struct xfrm_state *x, 
	int ret;



	if (!mutex_trylock(&uld_mutex)) {

		dev_dbg(adap->pdev_dev,

			"crypto uld critical resource is under use\n");

		NL_SET_ERR_MSG_MOD(extack, "crypto uld critical resource is under use");

		return -EBUSY;

	}

	ret = chcr_offload_state(adap, CXGB4_XFRMDEV_OPS);

drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c

+14 −14
Original line number Diff line number Diff line
@@ -234,59 +234,59 @@ static int ch_ipsec_xfrm_add_state(struct xfrm_state *x, 
	int res = 0;



	if (x->props.aalgo != SADB_AALG_NONE) {

		pr_debug("Cannot offload authenticated xfrm states\n");

		NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");

		return -EINVAL;

	}

	if (x->props.calgo != SADB_X_CALG_NONE) {

		pr_debug("Cannot offload compressed xfrm states\n");

		NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");

		return -EINVAL;

	}

	if (x->props.family != AF_INET &&

	    x->props.family != AF_INET6) {

		pr_debug("Only IPv4/6 xfrm state offloaded\n");

		NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm state offloaded");

		return -EINVAL;

	}

	if (x->props.mode != XFRM_MODE_TRANSPORT &&

	    x->props.mode != XFRM_MODE_TUNNEL) {

		pr_debug("Only transport and tunnel xfrm offload\n");

		NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm offload");

		return -EINVAL;

	}

	if (x->id.proto != IPPROTO_ESP) {

		pr_debug("Only ESP xfrm state offloaded\n");

		NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state offloaded");

		return -EINVAL;

	}

	if (x->encap) {

		pr_debug("Encapsulated xfrm state not offloaded\n");

		NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state not offloaded");

		return -EINVAL;

	}

	if (!x->aead) {

		pr_debug("Cannot offload xfrm states without aead\n");

		NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without aead");

		return -EINVAL;

	}

	if (x->aead->alg_icv_len != 128 &&

	    x->aead->alg_icv_len != 96) {

		pr_debug("Cannot offload xfrm states with AEAD ICV length other than 96b & 128b\n");

		NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 96b & 128b");

		return -EINVAL;

	}

	if ((x->aead->alg_key_len != 128 + 32) &&

	    (x->aead->alg_key_len != 256 + 32)) {

		pr_debug("cannot offload xfrm states with AEAD key length other than 128/256 bit\n");

		NL_SET_ERR_MSG_MOD(extack, "cannot offload xfrm states with AEAD key length other than 128/256 bit");

		return -EINVAL;

	}

	if (x->tfcpad) {

		pr_debug("Cannot offload xfrm states with tfc padding\n");

		NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");

		return -EINVAL;

	}

	if (!x->geniv) {

		pr_debug("Cannot offload xfrm states without geniv\n");

		NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");

		return -EINVAL;

	}

	if (strcmp(x->geniv, "seqiv")) {

		pr_debug("Cannot offload xfrm states with geniv other than seqiv\n");

		NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");

		return -EINVAL;

	}

	if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {

		pr_debug("Unsupported xfrm offload\n");

		NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload");

		return -EINVAL;

	}