Re: [PATCH net v2 0/5] macsec: offload-related fixes

[Antoine Tenart <atenart@kernel.org>]

Quoting Sabrina Dubroca (2022-10-26 23:56:22)
> I'm working on a dummy offload for macsec on netdevsim. It just has a
> small SecY and RXSC table so I can trigger failures easily on the
> ndo_* side. It has exposed a couple of issues.
> 
> The first patch is a revert of commit c850240b6c41 ("net: macsec:
> report real_dev features when HW offloading is enabled"). That commit
> tried to improve the performance of macsec offload by taking advantage
> of some of the NIC's features, but in doing so, broke macsec offload
> when the lower device supports both macsec and ipsec offload, as the
> ipsec offload feature flags were copied from the real device. Since
> the macsec device doesn't provide xdo_* ops, the XFRM core rejects the
> registration of the new macsec device in xfrm_api_check.
> 
> I'm working on re-adding those feature flags when offload is
> available, but I haven't fully solved that yet. I think it would be
> safer to do that second part in net-next considering how complex
> feature interactions tend to be.
> 
> v2:
>  - better describe the issue introduced by commit c850240b6c41 (Leon
>    Romanovsky)
>  - drop unnecessary !! (Leon Romanovsky)
> 
> Sabrina Dubroca (5):
>   Revert "net: macsec: report real_dev features when HW offloading is
>     enabled"
>   macsec: delete new rxsc when offload fails
>   macsec: fix secy->n_rx_sc accounting
>   macsec: fix detection of RXSCs when toggling offloading
>   macsec: clear encryption keys from the stack after setting up offload

Series,
Reviewed-by: Antoine Tenart <atenart@kernel.org>

Thanks!