* [PATCH net-next 00/10] Convert drivers to return XFRM configuration errors through extack
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Andy Gospodarek, Ayush Sawal, Eric Dumazet, Herbert Xu,
intel-wired-lan, Jay Vosburgh, Jesse Brandeburg, Jonathan Corbet,
linux-doc, linux-kernel, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
Hi,
This series continues effort started by Sabrina to return XFRM configuration
errors through extack. It allows for user space software stack easily present
driver failure reasons to users.
As a note, Intel drivers have a path where extack is equal to NULL, and error
prints won't be available in current patchset. If it is needed, it can be
changed by adding special to Intel macro to print to dmesg in case of
extack == NULL.
Thanks
Leon Romanovsky (10):
xfrm: extend add policy callback to set failure reason
net/mlx5e: Fill IPsec policy validation failure reason
xfrm: extend add state callback to set failure reason
net/mlx5e: Fill IPsec state validation failure reason
netdevsim: Fill IPsec state validation failure reason
nfp: fill IPsec state validation failure reason
ixgbevf: fill IPsec state validation failure reason
ixgbe: fill IPsec state validation failure reason
bonding: fill IPsec state validation failure reason
cxgb4: fill IPsec state validation failure reason
Documentation/networking/xfrm_device.rst | 4 +-
drivers/net/bonding/bond_main.c | 10 +-
.../net/ethernet/chelsio/cxgb4/cxgb4_main.c | 8 +-
.../inline_crypto/ch_ipsec/chcr_ipsec.c | 34 +++---
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 27 ++---
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 21 ++--
.../mellanox/mlx5/core/en_accel/ipsec.c | 103 ++++++++----------
.../net/ethernet/netronome/nfp/crypto/ipsec.c | 41 +++----
drivers/net/netdevsim/ipsec.c | 14 +--
include/linux/netdevice.h | 4 +-
net/xfrm/xfrm_device.c | 9 +-
net/xfrm/xfrm_state.c | 2 +-
12 files changed, 137 insertions(+), 140 deletions(-)
--
2.39.1
^ permalink raw reply [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 00/10] Convert drivers to return XFRM configuration errors through extack
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
linux-kernel, Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal,
Simon Horman, Tony Nguyen, Paolo Abeni, Saeed Mahameed,
Andy Gospodarek
Hi,
This series continues effort started by Sabrina to return XFRM configuration
errors through extack. It allows for user space software stack easily present
driver failure reasons to users.
As a note, Intel drivers have a path where extack is equal to NULL, and error
prints won't be available in current patchset. If it is needed, it can be
changed by adding special to Intel macro to print to dmesg in case of
extack == NULL.
Thanks
Leon Romanovsky (10):
xfrm: extend add policy callback to set failure reason
net/mlx5e: Fill IPsec policy validation failure reason
xfrm: extend add state callback to set failure reason
net/mlx5e: Fill IPsec state validation failure reason
netdevsim: Fill IPsec state validation failure reason
nfp: fill IPsec state validation failure reason
ixgbevf: fill IPsec state validation failure reason
ixgbe: fill IPsec state validation failure reason
bonding: fill IPsec state validation failure reason
cxgb4: fill IPsec state validation failure reason
Documentation/networking/xfrm_device.rst | 4 +-
drivers/net/bonding/bond_main.c | 10 +-
.../net/ethernet/chelsio/cxgb4/cxgb4_main.c | 8 +-
.../inline_crypto/ch_ipsec/chcr_ipsec.c | 34 +++---
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 27 ++---
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 21 ++--
.../mellanox/mlx5/core/en_accel/ipsec.c | 103 ++++++++----------
.../net/ethernet/netronome/nfp/crypto/ipsec.c | 41 +++----
drivers/net/netdevsim/ipsec.c | 14 +--
include/linux/netdevice.h | 4 +-
net/xfrm/xfrm_device.c | 9 +-
net/xfrm/xfrm_state.c | 2 +-
12 files changed, 137 insertions(+), 140 deletions(-)
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply [flat|nested] 36+ messages in thread
* [PATCH net-next 01/10] xfrm: extend add policy callback to set failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Almost all validation logic is in the drivers, but they are
missing reliable way to convey failure reason to userspace
applications.
Let's use extack to return this information to users.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
Documentation/networking/xfrm_device.rst | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 ++-
include/linux/netdevice.h | 2 +-
net/xfrm/xfrm_device.c | 3 +--
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
index c43ace79e320..b9c53e626982 100644
--- a/Documentation/networking/xfrm_device.rst
+++ b/Documentation/networking/xfrm_device.rst
@@ -73,7 +73,7 @@ Callbacks to implement
/* Solely packet offload callbacks */
void (*xdo_dev_state_update_curlft) (struct xfrm_state *x);
- int (*xdo_dev_policy_add) (struct xfrm_policy *x);
+ int (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack);
void (*xdo_dev_policy_delete) (struct xfrm_policy *x);
void (*xdo_dev_policy_free) (struct xfrm_policy *x);
};
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index bb9023957f74..83e0f874484e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -550,7 +550,8 @@ mlx5e_ipsec_build_accel_pol_attrs(struct mlx5e_ipsec_pol_entry *pol_entry,
attrs->reqid = x->xfrm_vec[0].reqid;
}
-static int mlx5e_xfrm_add_policy(struct xfrm_policy *x)
+static int mlx5e_xfrm_add_policy(struct xfrm_policy *x,
+ struct netlink_ext_ack *extack)
{
struct net_device *netdev = x->xdo.real_dev;
struct mlx5e_ipsec_pol_entry *pol_entry;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index aad12a179e54..7c43b9fb9aae 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1042,7 +1042,7 @@ struct xfrmdev_ops {
struct xfrm_state *x);
void (*xdo_dev_state_advance_esn) (struct xfrm_state *x);
void (*xdo_dev_state_update_curlft) (struct xfrm_state *x);
- int (*xdo_dev_policy_add) (struct xfrm_policy *x);
+ int (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack);
void (*xdo_dev_policy_delete) (struct xfrm_policy *x);
void (*xdo_dev_policy_free) (struct xfrm_policy *x);
};
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 4aff76c6f12e..2cec637a4a9c 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -383,14 +383,13 @@ int xfrm_dev_policy_add(struct net *net, struct xfrm_policy *xp,
return -EINVAL;
}
- err = dev->xfrmdev_ops->xdo_dev_policy_add(xp);
+ err = dev->xfrmdev_ops->xdo_dev_policy_add(xp, extack);
if (err) {
xdo->dev = NULL;
xdo->real_dev = NULL;
xdo->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
xdo->dir = 0;
netdev_put(dev, &xdo->dev_tracker);
- NL_SET_ERR_MSG(extack, "Device failed to offload this policy");
return err;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 01/10] xfrm: extend add policy callback to set failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Almost all validation logic is in the drivers, but they are
missing reliable way to convey failure reason to userspace
applications.
Let's use extack to return this information to users.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
Documentation/networking/xfrm_device.rst | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 ++-
include/linux/netdevice.h | 2 +-
net/xfrm/xfrm_device.c | 3 +--
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
index c43ace79e320..b9c53e626982 100644
--- a/Documentation/networking/xfrm_device.rst
+++ b/Documentation/networking/xfrm_device.rst
@@ -73,7 +73,7 @@ Callbacks to implement
/* Solely packet offload callbacks */
void (*xdo_dev_state_update_curlft) (struct xfrm_state *x);
- int (*xdo_dev_policy_add) (struct xfrm_policy *x);
+ int (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack);
void (*xdo_dev_policy_delete) (struct xfrm_policy *x);
void (*xdo_dev_policy_free) (struct xfrm_policy *x);
};
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index bb9023957f74..83e0f874484e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -550,7 +550,8 @@ mlx5e_ipsec_build_accel_pol_attrs(struct mlx5e_ipsec_pol_entry *pol_entry,
attrs->reqid = x->xfrm_vec[0].reqid;
}
-static int mlx5e_xfrm_add_policy(struct xfrm_policy *x)
+static int mlx5e_xfrm_add_policy(struct xfrm_policy *x,
+ struct netlink_ext_ack *extack)
{
struct net_device *netdev = x->xdo.real_dev;
struct mlx5e_ipsec_pol_entry *pol_entry;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index aad12a179e54..7c43b9fb9aae 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1042,7 +1042,7 @@ struct xfrmdev_ops {
struct xfrm_state *x);
void (*xdo_dev_state_advance_esn) (struct xfrm_state *x);
void (*xdo_dev_state_update_curlft) (struct xfrm_state *x);
- int (*xdo_dev_policy_add) (struct xfrm_policy *x);
+ int (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack);
void (*xdo_dev_policy_delete) (struct xfrm_policy *x);
void (*xdo_dev_policy_free) (struct xfrm_policy *x);
};
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 4aff76c6f12e..2cec637a4a9c 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -383,14 +383,13 @@ int xfrm_dev_policy_add(struct net *net, struct xfrm_policy *xp,
return -EINVAL;
}
- err = dev->xfrmdev_ops->xdo_dev_policy_add(xp);
+ err = dev->xfrmdev_ops->xdo_dev_policy_add(xp, extack);
if (err) {
xdo->dev = NULL;
xdo->real_dev = NULL;
xdo->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
xdo->dir = 0;
netdev_put(dev, &xdo->dev_tracker);
- NL_SET_ERR_MSG(extack, "Device failed to offload this policy");
return err;
}
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 02/10] net/mlx5e: Fill IPsec policy validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../mellanox/mlx5/core/en_accel/ipsec.c | 22 ++++++++++---------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 83e0f874484e..3236c3b43149 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -497,34 +497,33 @@ static void mlx5e_xfrm_update_curlft(struct xfrm_state *x)
mlx5e_ipsec_aso_update_curlft(sa_entry, &x->curlft.packets);
}
-static int mlx5e_xfrm_validate_policy(struct xfrm_policy *x)
+static int mlx5e_xfrm_validate_policy(struct xfrm_policy *x,
+ struct netlink_ext_ack *extack)
{
- struct net_device *netdev = x->xdo.real_dev;
-
if (x->type != XFRM_POLICY_TYPE_MAIN) {
- netdev_info(netdev, "Cannot offload non-main policy types\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload non-main policy types");
return -EINVAL;
}
/* Please pay attention that we support only one template */
if (x->xfrm_nr > 1) {
- netdev_info(netdev, "Cannot offload more than one template\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload more than one template");
return -EINVAL;
}
if (x->xdo.dir != XFRM_DEV_OFFLOAD_IN &&
x->xdo.dir != XFRM_DEV_OFFLOAD_OUT) {
- netdev_info(netdev, "Cannot offload forward policy\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload forward policy");
return -EINVAL;
}
if (!x->xfrm_vec[0].reqid) {
- netdev_info(netdev, "Cannot offload policy without reqid\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload policy without reqid");
return -EINVAL;
}
if (x->xdo.type != XFRM_DEV_OFFLOAD_PACKET) {
- netdev_info(netdev, "Unsupported xfrm offload type\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload type");
return -EINVAL;
}
@@ -559,10 +558,12 @@ static int mlx5e_xfrm_add_policy(struct xfrm_policy *x,
int err;
priv = netdev_priv(netdev);
- if (!priv->ipsec)
+ if (!priv->ipsec) {
+ NL_SET_ERR_MSG_MOD(extack, "Device doesn't support IPsec packet offload");
return -EOPNOTSUPP;
+ }
- err = mlx5e_xfrm_validate_policy(x);
+ err = mlx5e_xfrm_validate_policy(x, extack);
if (err)
return err;
@@ -583,6 +584,7 @@ static int mlx5e_xfrm_add_policy(struct xfrm_policy *x,
err_fs:
kfree(pol_entry);
+ NL_SET_ERR_MSG_MOD(extack, "Device failed to offload this policy");
return err;
}
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH net-next 02/10] net/mlx5e: Fill IPsec policy validation failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../mellanox/mlx5/core/en_accel/ipsec.c | 22 ++++++++++---------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 83e0f874484e..3236c3b43149 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -497,34 +497,33 @@ static void mlx5e_xfrm_update_curlft(struct xfrm_state *x)
mlx5e_ipsec_aso_update_curlft(sa_entry, &x->curlft.packets);
}
-static int mlx5e_xfrm_validate_policy(struct xfrm_policy *x)
+static int mlx5e_xfrm_validate_policy(struct xfrm_policy *x,
+ struct netlink_ext_ack *extack)
{
- struct net_device *netdev = x->xdo.real_dev;
-
if (x->type != XFRM_POLICY_TYPE_MAIN) {
- netdev_info(netdev, "Cannot offload non-main policy types\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload non-main policy types");
return -EINVAL;
}
/* Please pay attention that we support only one template */
if (x->xfrm_nr > 1) {
- netdev_info(netdev, "Cannot offload more than one template\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload more than one template");
return -EINVAL;
}
if (x->xdo.dir != XFRM_DEV_OFFLOAD_IN &&
x->xdo.dir != XFRM_DEV_OFFLOAD_OUT) {
- netdev_info(netdev, "Cannot offload forward policy\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload forward policy");
return -EINVAL;
}
if (!x->xfrm_vec[0].reqid) {
- netdev_info(netdev, "Cannot offload policy without reqid\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload policy without reqid");
return -EINVAL;
}
if (x->xdo.type != XFRM_DEV_OFFLOAD_PACKET) {
- netdev_info(netdev, "Unsupported xfrm offload type\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload type");
return -EINVAL;
}
@@ -559,10 +558,12 @@ static int mlx5e_xfrm_add_policy(struct xfrm_policy *x,
int err;
priv = netdev_priv(netdev);
- if (!priv->ipsec)
+ if (!priv->ipsec) {
+ NL_SET_ERR_MSG_MOD(extack, "Device doesn't support IPsec packet offload");
return -EOPNOTSUPP;
+ }
- err = mlx5e_xfrm_validate_policy(x);
+ err = mlx5e_xfrm_validate_policy(x, extack);
if (err)
return err;
@@ -583,6 +584,7 @@ static int mlx5e_xfrm_add_policy(struct xfrm_policy *x,
err_fs:
kfree(pol_entry);
+ NL_SET_ERR_MSG_MOD(extack, "Device failed to offload this policy");
return err;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 03/10] xfrm: extend add state callback to set failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Almost all validation logic is in the drivers, but they are
missing reliable way to convey failure reason to userspace
applications.
Let's use extack to return this information to users.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
Documentation/networking/xfrm_device.rst | 2 +-
drivers/net/bonding/bond_main.c | 8 +++++---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 5 +++--
.../ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 6 ++++--
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 ++++--
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 4 +++-
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 ++-
drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 3 ++-
drivers/net/netdevsim/ipsec.c | 3 ++-
include/linux/netdevice.h | 2 +-
net/xfrm/xfrm_device.c | 6 ++----
net/xfrm/xfrm_state.c | 2 +-
12 files changed, 30 insertions(+), 20 deletions(-)
diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
index b9c53e626982..83abdfef4ec3 100644
--- a/Documentation/networking/xfrm_device.rst
+++ b/Documentation/networking/xfrm_device.rst
@@ -64,7 +64,7 @@ Callbacks to implement
/* from include/linux/netdevice.h */
struct xfrmdev_ops {
/* Crypto and Packet offload callbacks */
- int (*xdo_dev_state_add) (struct xfrm_state *x);
+ int (*xdo_dev_state_add) (struct xfrm_state *x, struct netlink_ext_ack *extack);
void (*xdo_dev_state_delete) (struct xfrm_state *x);
void (*xdo_dev_state_free) (struct xfrm_state *x);
bool (*xdo_dev_offload_ok) (struct sk_buff *skb,
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 0363ce597661..686b2a6fd674 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -419,8 +419,10 @@ static int bond_vlan_rx_kill_vid(struct net_device *bond_dev,
/**
* bond_ipsec_add_sa - program device with a security association
* @xs: pointer to transformer state struct
+ * @extack: extack point to fill failure reason
**/
-static int bond_ipsec_add_sa(struct xfrm_state *xs)
+static int bond_ipsec_add_sa(struct xfrm_state *xs,
+ struct netlink_ext_ack *extack)
{
struct net_device *bond_dev = xs->xso.dev;
struct bond_ipsec *ipsec;
@@ -454,7 +456,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs)
}
xs->xso.real_dev = slave->dev;
- err = slave->dev->xfrmdev_ops->xdo_dev_state_add(xs);
+ err = slave->dev->xfrmdev_ops->xdo_dev_state_add(xs, extack);
if (!err) {
ipsec->xs = xs;
INIT_LIST_HEAD(&ipsec->list);
@@ -494,7 +496,7 @@ static void bond_ipsec_add_sa_all(struct bonding *bond)
spin_lock_bh(&bond->ipsec_lock);
list_for_each_entry(ipsec, &bond->ipsec_list, list) {
ipsec->xs->xso.real_dev = slave->dev;
- if (slave->dev->xfrmdev_ops->xdo_dev_state_add(ipsec->xs)) {
+ if (slave->dev->xfrmdev_ops->xdo_dev_state_add(ipsec->xs, NULL)) {
slave_warn(bond_dev, slave->dev, "%s: failed to add SA\n", __func__);
ipsec->xs->xso.real_dev = NULL;
}
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index 9cbce1faab26..6c0a41f3ae44 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -6490,7 +6490,8 @@ static const struct tlsdev_ops cxgb4_ktls_ops = {
#if IS_ENABLED(CONFIG_CHELSIO_IPSEC_INLINE)
-static int cxgb4_xfrm_add_state(struct xfrm_state *x)
+static int cxgb4_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
struct adapter *adap = netdev2adap(x->xso.dev);
int ret;
@@ -6504,7 +6505,7 @@ static int cxgb4_xfrm_add_state(struct xfrm_state *x)
if (ret)
goto out_unlock;
- ret = adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_add(x);
+ ret = adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_add(x, extack);
out_unlock:
mutex_unlock(&uld_mutex);
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
index ca21794281d6..ac2ea6206af1 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
@@ -80,7 +80,8 @@ static void *ch_ipsec_uld_add(const struct cxgb4_lld_info *infop);
static void ch_ipsec_advance_esn_state(struct xfrm_state *x);
static void ch_ipsec_xfrm_free_state(struct xfrm_state *x);
static void ch_ipsec_xfrm_del_state(struct xfrm_state *x);
-static int ch_ipsec_xfrm_add_state(struct xfrm_state *x);
+static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack);
static const struct xfrmdev_ops ch_ipsec_xfrmdev_ops = {
.xdo_dev_state_add = ch_ipsec_xfrm_add_state,
@@ -226,7 +227,8 @@ static int ch_ipsec_setkey(struct xfrm_state *x,
* returns 0 on success, negative error if failed to send message to FPGA
* positive error if FPGA returned a bad response
*/
-static int ch_ipsec_xfrm_add_state(struct xfrm_state *x)
+static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
struct ipsec_sa_entry *sa_entry;
int res = 0;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 53a969e34883..07c37dc619e8 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -557,8 +557,10 @@ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)
/**
* ixgbe_ipsec_add_sa - program device with a security association
* @xs: pointer to transformer state struct
+ * @extack: extack point to fill failure reason
**/
-static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)
+static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
+ struct netlink_ext_ack *extack)
{
struct net_device *dev = xs->xso.real_dev;
struct ixgbe_adapter *adapter = netdev_priv(dev);
@@ -950,7 +952,7 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
memcpy(xs->aead->alg_name, aes_gcm_name, sizeof(aes_gcm_name));
/* set up the HW offload */
- err = ixgbe_ipsec_add_sa(xs);
+ err = ixgbe_ipsec_add_sa(xs, NULL);
if (err)
goto err_aead;
diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
index c1cf540d162a..752b9df4fb51 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
@@ -257,8 +257,10 @@ static int ixgbevf_ipsec_parse_proto_keys(struct xfrm_state *xs,
/**
* ixgbevf_ipsec_add_sa - program device with a security association
* @xs: pointer to transformer state struct
+ * @extack: extack point to fill failure reason
**/
-static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs)
+static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
+ struct netlink_ext_ack *extack)
{
struct net_device *dev = xs->xso.real_dev;
struct ixgbevf_adapter *adapter;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 3236c3b43149..a889df77dd2d 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -298,7 +298,8 @@ static void _update_xfrm_state(struct work_struct *work)
mlx5_accel_esp_modify_xfrm(sa_entry, &modify_work->attrs);
}
-static int mlx5e_xfrm_add_state(struct xfrm_state *x)
+static int mlx5e_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
struct mlx5e_ipsec_sa_entry *sa_entry = NULL;
struct net_device *netdev = x->xso.real_dev;
diff --git a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
index 4632268695cb..41b98f2b7402 100644
--- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
+++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
@@ -260,7 +260,8 @@ static void set_sha2_512hmac(struct nfp_ipsec_cfg_add_sa *cfg, int *trunc_len)
}
}
-static int nfp_net_xfrm_add_state(struct xfrm_state *x)
+static int nfp_net_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
struct net_device *netdev = x->xso.dev;
struct nfp_ipsec_cfg_mssg msg = {};
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index b93baf5c8bee..84a02d69abad 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -125,7 +125,8 @@ static int nsim_ipsec_parse_proto_keys(struct xfrm_state *xs,
return 0;
}
-static int nsim_ipsec_add_sa(struct xfrm_state *xs)
+static int nsim_ipsec_add_sa(struct xfrm_state *xs,
+ struct netlink_ext_ack *extack)
{
struct nsim_ipsec *ipsec;
struct net_device *dev;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 7c43b9fb9aae..63b77cbc947e 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1035,7 +1035,7 @@ struct netdev_bpf {
#ifdef CONFIG_XFRM_OFFLOAD
struct xfrmdev_ops {
- int (*xdo_dev_state_add) (struct xfrm_state *x);
+ int (*xdo_dev_state_add) (struct xfrm_state *x, struct netlink_ext_ack *extack);
void (*xdo_dev_state_delete) (struct xfrm_state *x);
void (*xdo_dev_state_free) (struct xfrm_state *x);
bool (*xdo_dev_offload_ok) (struct sk_buff *skb,
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 2cec637a4a9c..562b9d951598 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -309,7 +309,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
else
xso->type = XFRM_DEV_OFFLOAD_CRYPTO;
- err = dev->xfrmdev_ops->xdo_dev_state_add(x);
+ err = dev->xfrmdev_ops->xdo_dev_state_add(x, extack);
if (err) {
xso->dev = NULL;
xso->dir = 0;
@@ -325,10 +325,8 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
* authors to do not return -EOPNOTSUPP in packet offload mode.
*/
WARN_ON(err == -EOPNOTSUPP && is_packet_offload);
- if (err != -EOPNOTSUPP || is_packet_offload) {
- NL_SET_ERR_MSG(extack, "Device failed to offload this state");
+ if (err != -EOPNOTSUPP || is_packet_offload)
return err;
- }
}
return 0;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 89c731f4f0c7..59fffa02d1cc 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1274,7 +1274,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
xso->real_dev = xdo->real_dev;
netdev_tracker_alloc(xso->dev, &xso->dev_tracker,
GFP_ATOMIC);
- error = xso->dev->xfrmdev_ops->xdo_dev_state_add(x);
+ error = xso->dev->xfrmdev_ops->xdo_dev_state_add(x, NULL);
if (error) {
xso->dir = 0;
netdev_put(xso->dev, &xso->dev_tracker);
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH net-next 03/10] xfrm: extend add state callback to set failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Almost all validation logic is in the drivers, but they are
missing reliable way to convey failure reason to userspace
applications.
Let's use extack to return this information to users.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
Documentation/networking/xfrm_device.rst | 2 +-
drivers/net/bonding/bond_main.c | 8 +++++---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 5 +++--
.../ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 6 ++++--
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 ++++--
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 4 +++-
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 ++-
drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 3 ++-
drivers/net/netdevsim/ipsec.c | 3 ++-
include/linux/netdevice.h | 2 +-
net/xfrm/xfrm_device.c | 6 ++----
net/xfrm/xfrm_state.c | 2 +-
12 files changed, 30 insertions(+), 20 deletions(-)
diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
index b9c53e626982..83abdfef4ec3 100644
--- a/Documentation/networking/xfrm_device.rst
+++ b/Documentation/networking/xfrm_device.rst
@@ -64,7 +64,7 @@ Callbacks to implement
/* from include/linux/netdevice.h */
struct xfrmdev_ops {
/* Crypto and Packet offload callbacks */
- int (*xdo_dev_state_add) (struct xfrm_state *x);
+ int (*xdo_dev_state_add) (struct xfrm_state *x, struct netlink_ext_ack *extack);
void (*xdo_dev_state_delete) (struct xfrm_state *x);
void (*xdo_dev_state_free) (struct xfrm_state *x);
bool (*xdo_dev_offload_ok) (struct sk_buff *skb,
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 0363ce597661..686b2a6fd674 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -419,8 +419,10 @@ static int bond_vlan_rx_kill_vid(struct net_device *bond_dev,
/**
* bond_ipsec_add_sa - program device with a security association
* @xs: pointer to transformer state struct
+ * @extack: extack point to fill failure reason
**/
-static int bond_ipsec_add_sa(struct xfrm_state *xs)
+static int bond_ipsec_add_sa(struct xfrm_state *xs,
+ struct netlink_ext_ack *extack)
{
struct net_device *bond_dev = xs->xso.dev;
struct bond_ipsec *ipsec;
@@ -454,7 +456,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs)
}
xs->xso.real_dev = slave->dev;
- err = slave->dev->xfrmdev_ops->xdo_dev_state_add(xs);
+ err = slave->dev->xfrmdev_ops->xdo_dev_state_add(xs, extack);
if (!err) {
ipsec->xs = xs;
INIT_LIST_HEAD(&ipsec->list);
@@ -494,7 +496,7 @@ static void bond_ipsec_add_sa_all(struct bonding *bond)
spin_lock_bh(&bond->ipsec_lock);
list_for_each_entry(ipsec, &bond->ipsec_list, list) {
ipsec->xs->xso.real_dev = slave->dev;
- if (slave->dev->xfrmdev_ops->xdo_dev_state_add(ipsec->xs)) {
+ if (slave->dev->xfrmdev_ops->xdo_dev_state_add(ipsec->xs, NULL)) {
slave_warn(bond_dev, slave->dev, "%s: failed to add SA\n", __func__);
ipsec->xs->xso.real_dev = NULL;
}
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index 9cbce1faab26..6c0a41f3ae44 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -6490,7 +6490,8 @@ static const struct tlsdev_ops cxgb4_ktls_ops = {
#if IS_ENABLED(CONFIG_CHELSIO_IPSEC_INLINE)
-static int cxgb4_xfrm_add_state(struct xfrm_state *x)
+static int cxgb4_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
struct adapter *adap = netdev2adap(x->xso.dev);
int ret;
@@ -6504,7 +6505,7 @@ static int cxgb4_xfrm_add_state(struct xfrm_state *x)
if (ret)
goto out_unlock;
- ret = adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_add(x);
+ ret = adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_add(x, extack);
out_unlock:
mutex_unlock(&uld_mutex);
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
index ca21794281d6..ac2ea6206af1 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
@@ -80,7 +80,8 @@ static void *ch_ipsec_uld_add(const struct cxgb4_lld_info *infop);
static void ch_ipsec_advance_esn_state(struct xfrm_state *x);
static void ch_ipsec_xfrm_free_state(struct xfrm_state *x);
static void ch_ipsec_xfrm_del_state(struct xfrm_state *x);
-static int ch_ipsec_xfrm_add_state(struct xfrm_state *x);
+static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack);
static const struct xfrmdev_ops ch_ipsec_xfrmdev_ops = {
.xdo_dev_state_add = ch_ipsec_xfrm_add_state,
@@ -226,7 +227,8 @@ static int ch_ipsec_setkey(struct xfrm_state *x,
* returns 0 on success, negative error if failed to send message to FPGA
* positive error if FPGA returned a bad response
*/
-static int ch_ipsec_xfrm_add_state(struct xfrm_state *x)
+static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
struct ipsec_sa_entry *sa_entry;
int res = 0;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 53a969e34883..07c37dc619e8 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -557,8 +557,10 @@ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)
/**
* ixgbe_ipsec_add_sa - program device with a security association
* @xs: pointer to transformer state struct
+ * @extack: extack point to fill failure reason
**/
-static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)
+static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
+ struct netlink_ext_ack *extack)
{
struct net_device *dev = xs->xso.real_dev;
struct ixgbe_adapter *adapter = netdev_priv(dev);
@@ -950,7 +952,7 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
memcpy(xs->aead->alg_name, aes_gcm_name, sizeof(aes_gcm_name));
/* set up the HW offload */
- err = ixgbe_ipsec_add_sa(xs);
+ err = ixgbe_ipsec_add_sa(xs, NULL);
if (err)
goto err_aead;
diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
index c1cf540d162a..752b9df4fb51 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
@@ -257,8 +257,10 @@ static int ixgbevf_ipsec_parse_proto_keys(struct xfrm_state *xs,
/**
* ixgbevf_ipsec_add_sa - program device with a security association
* @xs: pointer to transformer state struct
+ * @extack: extack point to fill failure reason
**/
-static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs)
+static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
+ struct netlink_ext_ack *extack)
{
struct net_device *dev = xs->xso.real_dev;
struct ixgbevf_adapter *adapter;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 3236c3b43149..a889df77dd2d 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -298,7 +298,8 @@ static void _update_xfrm_state(struct work_struct *work)
mlx5_accel_esp_modify_xfrm(sa_entry, &modify_work->attrs);
}
-static int mlx5e_xfrm_add_state(struct xfrm_state *x)
+static int mlx5e_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
struct mlx5e_ipsec_sa_entry *sa_entry = NULL;
struct net_device *netdev = x->xso.real_dev;
diff --git a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
index 4632268695cb..41b98f2b7402 100644
--- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
+++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
@@ -260,7 +260,8 @@ static void set_sha2_512hmac(struct nfp_ipsec_cfg_add_sa *cfg, int *trunc_len)
}
}
-static int nfp_net_xfrm_add_state(struct xfrm_state *x)
+static int nfp_net_xfrm_add_state(struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
struct net_device *netdev = x->xso.dev;
struct nfp_ipsec_cfg_mssg msg = {};
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index b93baf5c8bee..84a02d69abad 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -125,7 +125,8 @@ static int nsim_ipsec_parse_proto_keys(struct xfrm_state *xs,
return 0;
}
-static int nsim_ipsec_add_sa(struct xfrm_state *xs)
+static int nsim_ipsec_add_sa(struct xfrm_state *xs,
+ struct netlink_ext_ack *extack)
{
struct nsim_ipsec *ipsec;
struct net_device *dev;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 7c43b9fb9aae..63b77cbc947e 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1035,7 +1035,7 @@ struct netdev_bpf {
#ifdef CONFIG_XFRM_OFFLOAD
struct xfrmdev_ops {
- int (*xdo_dev_state_add) (struct xfrm_state *x);
+ int (*xdo_dev_state_add) (struct xfrm_state *x, struct netlink_ext_ack *extack);
void (*xdo_dev_state_delete) (struct xfrm_state *x);
void (*xdo_dev_state_free) (struct xfrm_state *x);
bool (*xdo_dev_offload_ok) (struct sk_buff *skb,
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 2cec637a4a9c..562b9d951598 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -309,7 +309,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
else
xso->type = XFRM_DEV_OFFLOAD_CRYPTO;
- err = dev->xfrmdev_ops->xdo_dev_state_add(x);
+ err = dev->xfrmdev_ops->xdo_dev_state_add(x, extack);
if (err) {
xso->dev = NULL;
xso->dir = 0;
@@ -325,10 +325,8 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
* authors to do not return -EOPNOTSUPP in packet offload mode.
*/
WARN_ON(err == -EOPNOTSUPP && is_packet_offload);
- if (err != -EOPNOTSUPP || is_packet_offload) {
- NL_SET_ERR_MSG(extack, "Device failed to offload this state");
+ if (err != -EOPNOTSUPP || is_packet_offload)
return err;
- }
}
return 0;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 89c731f4f0c7..59fffa02d1cc 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1274,7 +1274,7 @@ xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
xso->real_dev = xdo->real_dev;
netdev_tracker_alloc(xso->dev, &xso->dev_tracker,
GFP_ATOMIC);
- error = xso->dev->xfrmdev_ops->xdo_dev_state_add(x);
+ error = xso->dev->xfrmdev_ops->xdo_dev_state_add(x, NULL);
if (error) {
xso->dir = 0;
netdev_put(xso->dev, &xso->dev_tracker);
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../mellanox/mlx5/core/en_accel/ipsec.c | 75 ++++++++-----------
1 file changed, 32 insertions(+), 43 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index a889df77dd2d..4f8b0eae80a1 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -162,91 +162,87 @@ void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
mlx5e_ipsec_init_limits(sa_entry, attrs);
}
-static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
+static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
+ struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
- struct net_device *netdev = x->xso.real_dev;
- struct mlx5e_priv *priv;
-
- priv = netdev_priv(netdev);
-
if (x->props.aalgo != SADB_AALG_NONE) {
- netdev_info(netdev, "Cannot offload authenticated xfrm states\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");
return -EINVAL;
}
if (x->props.ealgo != SADB_X_EALG_AES_GCM_ICV16) {
- netdev_info(netdev, "Only AES-GCM-ICV16 xfrm state may be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only AES-GCM-ICV16 xfrm state may be offloaded");
return -EINVAL;
}
if (x->props.calgo != SADB_X_CALG_NONE) {
- netdev_info(netdev, "Cannot offload compressed xfrm states\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");
return -EINVAL;
}
if (x->props.flags & XFRM_STATE_ESN &&
- !(mlx5_ipsec_device_caps(priv->mdev) & MLX5_IPSEC_CAP_ESN)) {
- netdev_info(netdev, "Cannot offload ESN xfrm states\n");
+ !(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_ESN)) {
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload ESN xfrm states");
return -EINVAL;
}
if (x->props.family != AF_INET &&
x->props.family != AF_INET6) {
- netdev_info(netdev, "Only IPv4/6 xfrm states may be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm states may be offloaded");
return -EINVAL;
}
if (x->id.proto != IPPROTO_ESP) {
- netdev_info(netdev, "Only ESP xfrm state may be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state may be offloaded");
return -EINVAL;
}
if (x->encap) {
- netdev_info(netdev, "Encapsulated xfrm state may not be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state may not be offloaded");
return -EINVAL;
}
if (!x->aead) {
- netdev_info(netdev, "Cannot offload xfrm states without aead\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without aead");
return -EINVAL;
}
if (x->aead->alg_icv_len != 128) {
- netdev_info(netdev, "Cannot offload xfrm states with AEAD ICV length other than 128bit\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 128bit");
return -EINVAL;
}
if ((x->aead->alg_key_len != 128 + 32) &&
(x->aead->alg_key_len != 256 + 32)) {
- netdev_info(netdev, "Cannot offload xfrm states with AEAD key length other than 128/256 bit\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD key length other than 128/256 bit");
return -EINVAL;
}
if (x->tfcpad) {
- netdev_info(netdev, "Cannot offload xfrm states with tfc padding\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");
return -EINVAL;
}
if (!x->geniv) {
- netdev_info(netdev, "Cannot offload xfrm states without geniv\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");
return -EINVAL;
}
if (strcmp(x->geniv, "seqiv")) {
- netdev_info(netdev, "Cannot offload xfrm states with geniv other than seqiv\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");
return -EINVAL;
}
switch (x->xso.type) {
case XFRM_DEV_OFFLOAD_CRYPTO:
- if (!(mlx5_ipsec_device_caps(priv->mdev) &
- MLX5_IPSEC_CAP_CRYPTO)) {
- netdev_info(netdev, "Crypto offload is not supported\n");
+ if (!(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_CRYPTO)) {
+ NL_SET_ERR_MSG_MOD(extack, "Crypto offload is not supported");
return -EINVAL;
}
if (x->props.mode != XFRM_MODE_TRANSPORT &&
x->props.mode != XFRM_MODE_TUNNEL) {
- netdev_info(netdev, "Only transport and tunnel xfrm states may be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm states may be offloaded");
return -EINVAL;
}
break;
case XFRM_DEV_OFFLOAD_PACKET:
- if (!(mlx5_ipsec_device_caps(priv->mdev) &
+ if (!(mlx5_ipsec_device_caps(mdev) &
MLX5_IPSEC_CAP_PACKET_OFFLOAD)) {
- netdev_info(netdev, "Packet offload is not supported\n");
+ NL_SET_ERR_MSG_MOD(extack, "Packet offload is not supported");
return -EINVAL;
}
if (x->props.mode != XFRM_MODE_TRANSPORT) {
- netdev_info(netdev, "Only transport xfrm states may be offloaded in packet mode\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only transport xfrm states may be offloaded in packet mode");
return -EINVAL;
}
@@ -254,35 +250,30 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
x->replay_esn->replay_window != 64 &&
x->replay_esn->replay_window != 128 &&
x->replay_esn->replay_window != 256) {
- netdev_info(netdev,
- "Unsupported replay window size %u\n",
- x->replay_esn->replay_window);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported replay window size");
return -EINVAL;
}
if (!x->props.reqid) {
- netdev_info(netdev, "Cannot offload without reqid\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload without reqid");
return -EINVAL;
}
if (x->lft.hard_byte_limit != XFRM_INF ||
x->lft.soft_byte_limit != XFRM_INF) {
- netdev_info(netdev,
- "Device doesn't support limits in bytes\n");
+ NL_SET_ERR_MSG_MOD(extack, "Device doesn't support limits in bytes");
return -EINVAL;
}
if (x->lft.soft_packet_limit >= x->lft.hard_packet_limit &&
x->lft.hard_packet_limit != XFRM_INF) {
/* XFRM stack doesn't prevent such configuration :(. */
- netdev_info(netdev,
- "Hard packet limit must be greater than soft one\n");
+ NL_SET_ERR_MSG_MOD(extack, "Hard packet limit must be greater than soft one");
return -EINVAL;
}
break;
default:
- netdev_info(netdev, "Unsupported xfrm offload type %d\n",
- x->xso.type);
+ NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
return -EINVAL;
}
return 0;
@@ -312,15 +303,13 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x,
return -EOPNOTSUPP;
ipsec = priv->ipsec;
- err = mlx5e_xfrm_validate_state(x);
+ err = mlx5e_xfrm_validate_state(priv->mdev, x, extack);
if (err)
return err;
sa_entry = kzalloc(sizeof(*sa_entry), GFP_KERNEL);
- if (!sa_entry) {
- err = -ENOMEM;
- goto out;
- }
+ if (!sa_entry)
+ return -ENOMEM;
sa_entry->x = x;
sa_entry->ipsec = ipsec;
@@ -361,7 +350,7 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x,
mlx5_ipsec_free_sa_ctx(sa_entry);
err_xfrm:
kfree(sa_entry);
-out:
+ NL_SET_ERR_MSG_MOD(extack, "Device failed to offload this policy");
return err;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../mellanox/mlx5/core/en_accel/ipsec.c | 75 ++++++++-----------
1 file changed, 32 insertions(+), 43 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index a889df77dd2d..4f8b0eae80a1 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -162,91 +162,87 @@ void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
mlx5e_ipsec_init_limits(sa_entry, attrs);
}
-static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
+static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
+ struct xfrm_state *x,
+ struct netlink_ext_ack *extack)
{
- struct net_device *netdev = x->xso.real_dev;
- struct mlx5e_priv *priv;
-
- priv = netdev_priv(netdev);
-
if (x->props.aalgo != SADB_AALG_NONE) {
- netdev_info(netdev, "Cannot offload authenticated xfrm states\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");
return -EINVAL;
}
if (x->props.ealgo != SADB_X_EALG_AES_GCM_ICV16) {
- netdev_info(netdev, "Only AES-GCM-ICV16 xfrm state may be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only AES-GCM-ICV16 xfrm state may be offloaded");
return -EINVAL;
}
if (x->props.calgo != SADB_X_CALG_NONE) {
- netdev_info(netdev, "Cannot offload compressed xfrm states\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");
return -EINVAL;
}
if (x->props.flags & XFRM_STATE_ESN &&
- !(mlx5_ipsec_device_caps(priv->mdev) & MLX5_IPSEC_CAP_ESN)) {
- netdev_info(netdev, "Cannot offload ESN xfrm states\n");
+ !(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_ESN)) {
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload ESN xfrm states");
return -EINVAL;
}
if (x->props.family != AF_INET &&
x->props.family != AF_INET6) {
- netdev_info(netdev, "Only IPv4/6 xfrm states may be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm states may be offloaded");
return -EINVAL;
}
if (x->id.proto != IPPROTO_ESP) {
- netdev_info(netdev, "Only ESP xfrm state may be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state may be offloaded");
return -EINVAL;
}
if (x->encap) {
- netdev_info(netdev, "Encapsulated xfrm state may not be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state may not be offloaded");
return -EINVAL;
}
if (!x->aead) {
- netdev_info(netdev, "Cannot offload xfrm states without aead\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without aead");
return -EINVAL;
}
if (x->aead->alg_icv_len != 128) {
- netdev_info(netdev, "Cannot offload xfrm states with AEAD ICV length other than 128bit\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 128bit");
return -EINVAL;
}
if ((x->aead->alg_key_len != 128 + 32) &&
(x->aead->alg_key_len != 256 + 32)) {
- netdev_info(netdev, "Cannot offload xfrm states with AEAD key length other than 128/256 bit\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD key length other than 128/256 bit");
return -EINVAL;
}
if (x->tfcpad) {
- netdev_info(netdev, "Cannot offload xfrm states with tfc padding\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");
return -EINVAL;
}
if (!x->geniv) {
- netdev_info(netdev, "Cannot offload xfrm states without geniv\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");
return -EINVAL;
}
if (strcmp(x->geniv, "seqiv")) {
- netdev_info(netdev, "Cannot offload xfrm states with geniv other than seqiv\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");
return -EINVAL;
}
switch (x->xso.type) {
case XFRM_DEV_OFFLOAD_CRYPTO:
- if (!(mlx5_ipsec_device_caps(priv->mdev) &
- MLX5_IPSEC_CAP_CRYPTO)) {
- netdev_info(netdev, "Crypto offload is not supported\n");
+ if (!(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_CRYPTO)) {
+ NL_SET_ERR_MSG_MOD(extack, "Crypto offload is not supported");
return -EINVAL;
}
if (x->props.mode != XFRM_MODE_TRANSPORT &&
x->props.mode != XFRM_MODE_TUNNEL) {
- netdev_info(netdev, "Only transport and tunnel xfrm states may be offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm states may be offloaded");
return -EINVAL;
}
break;
case XFRM_DEV_OFFLOAD_PACKET:
- if (!(mlx5_ipsec_device_caps(priv->mdev) &
+ if (!(mlx5_ipsec_device_caps(mdev) &
MLX5_IPSEC_CAP_PACKET_OFFLOAD)) {
- netdev_info(netdev, "Packet offload is not supported\n");
+ NL_SET_ERR_MSG_MOD(extack, "Packet offload is not supported");
return -EINVAL;
}
if (x->props.mode != XFRM_MODE_TRANSPORT) {
- netdev_info(netdev, "Only transport xfrm states may be offloaded in packet mode\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only transport xfrm states may be offloaded in packet mode");
return -EINVAL;
}
@@ -254,35 +250,30 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
x->replay_esn->replay_window != 64 &&
x->replay_esn->replay_window != 128 &&
x->replay_esn->replay_window != 256) {
- netdev_info(netdev,
- "Unsupported replay window size %u\n",
- x->replay_esn->replay_window);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported replay window size");
return -EINVAL;
}
if (!x->props.reqid) {
- netdev_info(netdev, "Cannot offload without reqid\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload without reqid");
return -EINVAL;
}
if (x->lft.hard_byte_limit != XFRM_INF ||
x->lft.soft_byte_limit != XFRM_INF) {
- netdev_info(netdev,
- "Device doesn't support limits in bytes\n");
+ NL_SET_ERR_MSG_MOD(extack, "Device doesn't support limits in bytes");
return -EINVAL;
}
if (x->lft.soft_packet_limit >= x->lft.hard_packet_limit &&
x->lft.hard_packet_limit != XFRM_INF) {
/* XFRM stack doesn't prevent such configuration :(. */
- netdev_info(netdev,
- "Hard packet limit must be greater than soft one\n");
+ NL_SET_ERR_MSG_MOD(extack, "Hard packet limit must be greater than soft one");
return -EINVAL;
}
break;
default:
- netdev_info(netdev, "Unsupported xfrm offload type %d\n",
- x->xso.type);
+ NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
return -EINVAL;
}
return 0;
@@ -312,15 +303,13 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x,
return -EOPNOTSUPP;
ipsec = priv->ipsec;
- err = mlx5e_xfrm_validate_state(x);
+ err = mlx5e_xfrm_validate_state(priv->mdev, x, extack);
if (err)
return err;
sa_entry = kzalloc(sizeof(*sa_entry), GFP_KERNEL);
- if (!sa_entry) {
- err = -ENOMEM;
- goto out;
- }
+ if (!sa_entry)
+ return -ENOMEM;
sa_entry->x = x;
sa_entry->ipsec = ipsec;
@@ -361,7 +350,7 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x,
mlx5_ipsec_free_sa_ctx(sa_entry);
err_xfrm:
kfree(sa_entry);
-out:
+ NL_SET_ERR_MSG_MOD(extack, "Device failed to offload this policy");
return err;
}
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH net-next 05/10] netdevsim: Fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
drivers/net/netdevsim/ipsec.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index 84a02d69abad..f0d58092e7e9 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -140,25 +140,24 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs,
ipsec = &ns->ipsec;
if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
- netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n",
- xs->id.proto);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for ipsec offload");
return -EINVAL;
}
if (xs->calg) {
- netdev_err(dev, "Compression offload not supported\n");
+ NL_SET_ERR_MSG_MOD(extack, "Compression offload not supported");
return -EINVAL;
}
if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- netdev_err(dev, "Unsupported ipsec offload type\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type");
return -EINVAL;
}
/* find the first unused index */
ret = nsim_ipsec_find_empty_idx(ipsec);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Rx table!\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx table!");
return ret;
}
sa_idx = (u16)ret;
@@ -173,7 +172,7 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs,
/* get the key and salt */
ret = nsim_ipsec_parse_proto_keys(xs, sa.key, &sa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for SA table");
return ret;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 05/10] netdevsim: Fill IPsec state validation failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
drivers/net/netdevsim/ipsec.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index 84a02d69abad..f0d58092e7e9 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -140,25 +140,24 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs,
ipsec = &ns->ipsec;
if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
- netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n",
- xs->id.proto);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for ipsec offload");
return -EINVAL;
}
if (xs->calg) {
- netdev_err(dev, "Compression offload not supported\n");
+ NL_SET_ERR_MSG_MOD(extack, "Compression offload not supported");
return -EINVAL;
}
if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- netdev_err(dev, "Unsupported ipsec offload type\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type");
return -EINVAL;
}
/* find the first unused index */
ret = nsim_ipsec_find_empty_idx(ipsec);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Rx table!\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx table!");
return ret;
}
sa_idx = (u16)ret;
@@ -173,7 +172,7 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs,
/* get the key and salt */
ret = nsim_ipsec_parse_proto_keys(xs, sa.key, &sa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for SA table");
return ret;
}
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 06/10] nfp: fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../net/ethernet/netronome/nfp/crypto/ipsec.c | 38 +++++++++----------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
index 41b98f2b7402..7af41cbc8c0b 100644
--- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
+++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
@@ -282,7 +282,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
cfg->ctrl_word.mode = NFP_IPSEC_PROTMODE_TRANSPORT;
break;
default:
- nn_err(nn, "Unsupported mode for xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported mode for xfrm offload");
return -EINVAL;
}
@@ -294,17 +294,17 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
cfg->ctrl_word.proto = NFP_IPSEC_PROTOCOL_AH;
break;
default:
- nn_err(nn, "Unsupported protocol for xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for xfrm offload");
return -EINVAL;
}
if (x->props.flags & XFRM_STATE_ESN) {
- nn_err(nn, "Unsupported XFRM_REPLAY_MODE_ESN for xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported XFRM_REPLAY_MODE_ESN for xfrm offload");
return -EINVAL;
}
if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- nn_err(nn, "Unsupported xfrm offload tyoe\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload tyoe");
return -EINVAL;
}
@@ -321,7 +321,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
if (x->aead) {
trunc_len = -1;
} else {
- nn_err(nn, "Unsupported authentication algorithm\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported authentication algorithm");
return -EINVAL;
}
break;
@@ -345,19 +345,19 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
set_sha2_512hmac(cfg, &trunc_len);
break;
default:
- nn_err(nn, "Unsupported authentication algorithm\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported authentication algorithm");
return -EINVAL;
}
if (!trunc_len) {
- nn_err(nn, "Unsupported authentication algorithm trunc length\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported authentication algorithm trunc length");
return -EINVAL;
}
if (x->aalg) {
key_len = DIV_ROUND_UP(x->aalg->alg_key_len, BITS_PER_BYTE);
if (key_len > sizeof(cfg->auth_key)) {
- nn_err(nn, "Insufficient space for offloaded auth key\n");
+ NL_SET_ERR_MSG_MOD(extack, "Insufficient space for offloaded auth key");
return -EINVAL;
}
for (i = 0; i < key_len / sizeof(cfg->auth_key[0]) ; i++)
@@ -379,12 +379,12 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
case SADB_X_EALG_AES_GCM_ICV16:
case SADB_X_EALG_NULL_AES_GMAC:
if (!x->aead) {
- nn_err(nn, "Invalid AES key data\n");
+ NL_SET_ERR_MSG_MOD(extack, "Invalid AES key data");
return -EINVAL;
}
if (x->aead->alg_icv_len != 128) {
- nn_err(nn, "ICV must be 128bit with SADB_X_EALG_AES_GCM_ICV16\n");
+ NL_SET_ERR_MSG_MOD(extack, "ICV must be 128bit with SADB_X_EALG_AES_GCM_ICV16");
return -EINVAL;
}
cfg->ctrl_word.cimode = NFP_IPSEC_CIMODE_CTR;
@@ -392,23 +392,23 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
/* Aead->alg_key_len includes 32-bit salt */
if (set_aes_keylen(cfg, x->props.ealgo, x->aead->alg_key_len - 32)) {
- nn_err(nn, "Unsupported AES key length %d\n", x->aead->alg_key_len);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported AES key length");
return -EINVAL;
}
break;
case SADB_X_EALG_AESCBC:
cfg->ctrl_word.cimode = NFP_IPSEC_CIMODE_CBC;
if (!x->ealg) {
- nn_err(nn, "Invalid AES key data\n");
+ NL_SET_ERR_MSG_MOD(extack, "Invalid AES key data");
return -EINVAL;
}
if (set_aes_keylen(cfg, x->props.ealgo, x->ealg->alg_key_len) < 0) {
- nn_err(nn, "Unsupported AES key length %d\n", x->ealg->alg_key_len);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported AES key length");
return -EINVAL;
}
break;
default:
- nn_err(nn, "Unsupported encryption algorithm for offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported encryption algorithm for offload");
return -EINVAL;
}
@@ -419,7 +419,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
key_len -= salt_len;
if (key_len > sizeof(cfg->ciph_key)) {
- nn_err(nn, "aead: Insufficient space for offloaded key\n");
+ NL_SET_ERR_MSG_MOD(extack, "aead: Insufficient space for offloaded key");
return -EINVAL;
}
@@ -435,7 +435,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
key_len = DIV_ROUND_UP(x->ealg->alg_key_len, BITS_PER_BYTE);
if (key_len > sizeof(cfg->ciph_key)) {
- nn_err(nn, "ealg: Insufficient space for offloaded key\n");
+ NL_SET_ERR_MSG_MOD(extack, "ealg: Insufficient space for offloaded key");
return -EINVAL;
}
for (i = 0; i < key_len / sizeof(cfg->ciph_key[0]) ; i++)
@@ -458,7 +458,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
}
break;
default:
- nn_err(nn, "Unsupported address family\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported address family");
return -EINVAL;
}
@@ -473,7 +473,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
err = xa_alloc(&nn->xa_ipsec, &saidx, x,
XA_LIMIT(0, NFP_NET_IPSEC_MAX_SA_CNT - 1), GFP_KERNEL);
if (err < 0) {
- nn_err(nn, "Unable to get sa_data number for IPsec\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unable to get sa_data number for IPsec");
return err;
}
@@ -481,7 +481,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
err = nfp_ipsec_cfg_cmd_issue(nn, NFP_IPSEC_CFG_MSSG_ADD_SA, saidx, &msg);
if (err) {
xa_erase(&nn->xa_ipsec, saidx);
- nn_err(nn, "Failed to issue IPsec command err ret=%d\n", err);
+ NL_SET_ERR_MSG_MOD(extack, "Failed to issue IPsec command");
return err;
}
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH net-next 06/10] nfp: fill IPsec state validation failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../net/ethernet/netronome/nfp/crypto/ipsec.c | 38 +++++++++----------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
index 41b98f2b7402..7af41cbc8c0b 100644
--- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
+++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
@@ -282,7 +282,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
cfg->ctrl_word.mode = NFP_IPSEC_PROTMODE_TRANSPORT;
break;
default:
- nn_err(nn, "Unsupported mode for xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported mode for xfrm offload");
return -EINVAL;
}
@@ -294,17 +294,17 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
cfg->ctrl_word.proto = NFP_IPSEC_PROTOCOL_AH;
break;
default:
- nn_err(nn, "Unsupported protocol for xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for xfrm offload");
return -EINVAL;
}
if (x->props.flags & XFRM_STATE_ESN) {
- nn_err(nn, "Unsupported XFRM_REPLAY_MODE_ESN for xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported XFRM_REPLAY_MODE_ESN for xfrm offload");
return -EINVAL;
}
if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- nn_err(nn, "Unsupported xfrm offload tyoe\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload tyoe");
return -EINVAL;
}
@@ -321,7 +321,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
if (x->aead) {
trunc_len = -1;
} else {
- nn_err(nn, "Unsupported authentication algorithm\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported authentication algorithm");
return -EINVAL;
}
break;
@@ -345,19 +345,19 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
set_sha2_512hmac(cfg, &trunc_len);
break;
default:
- nn_err(nn, "Unsupported authentication algorithm\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported authentication algorithm");
return -EINVAL;
}
if (!trunc_len) {
- nn_err(nn, "Unsupported authentication algorithm trunc length\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported authentication algorithm trunc length");
return -EINVAL;
}
if (x->aalg) {
key_len = DIV_ROUND_UP(x->aalg->alg_key_len, BITS_PER_BYTE);
if (key_len > sizeof(cfg->auth_key)) {
- nn_err(nn, "Insufficient space for offloaded auth key\n");
+ NL_SET_ERR_MSG_MOD(extack, "Insufficient space for offloaded auth key");
return -EINVAL;
}
for (i = 0; i < key_len / sizeof(cfg->auth_key[0]) ; i++)
@@ -379,12 +379,12 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
case SADB_X_EALG_AES_GCM_ICV16:
case SADB_X_EALG_NULL_AES_GMAC:
if (!x->aead) {
- nn_err(nn, "Invalid AES key data\n");
+ NL_SET_ERR_MSG_MOD(extack, "Invalid AES key data");
return -EINVAL;
}
if (x->aead->alg_icv_len != 128) {
- nn_err(nn, "ICV must be 128bit with SADB_X_EALG_AES_GCM_ICV16\n");
+ NL_SET_ERR_MSG_MOD(extack, "ICV must be 128bit with SADB_X_EALG_AES_GCM_ICV16");
return -EINVAL;
}
cfg->ctrl_word.cimode = NFP_IPSEC_CIMODE_CTR;
@@ -392,23 +392,23 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
/* Aead->alg_key_len includes 32-bit salt */
if (set_aes_keylen(cfg, x->props.ealgo, x->aead->alg_key_len - 32)) {
- nn_err(nn, "Unsupported AES key length %d\n", x->aead->alg_key_len);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported AES key length");
return -EINVAL;
}
break;
case SADB_X_EALG_AESCBC:
cfg->ctrl_word.cimode = NFP_IPSEC_CIMODE_CBC;
if (!x->ealg) {
- nn_err(nn, "Invalid AES key data\n");
+ NL_SET_ERR_MSG_MOD(extack, "Invalid AES key data");
return -EINVAL;
}
if (set_aes_keylen(cfg, x->props.ealgo, x->ealg->alg_key_len) < 0) {
- nn_err(nn, "Unsupported AES key length %d\n", x->ealg->alg_key_len);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported AES key length");
return -EINVAL;
}
break;
default:
- nn_err(nn, "Unsupported encryption algorithm for offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported encryption algorithm for offload");
return -EINVAL;
}
@@ -419,7 +419,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
key_len -= salt_len;
if (key_len > sizeof(cfg->ciph_key)) {
- nn_err(nn, "aead: Insufficient space for offloaded key\n");
+ NL_SET_ERR_MSG_MOD(extack, "aead: Insufficient space for offloaded key");
return -EINVAL;
}
@@ -435,7 +435,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
key_len = DIV_ROUND_UP(x->ealg->alg_key_len, BITS_PER_BYTE);
if (key_len > sizeof(cfg->ciph_key)) {
- nn_err(nn, "ealg: Insufficient space for offloaded key\n");
+ NL_SET_ERR_MSG_MOD(extack, "ealg: Insufficient space for offloaded key");
return -EINVAL;
}
for (i = 0; i < key_len / sizeof(cfg->ciph_key[0]) ; i++)
@@ -458,7 +458,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
}
break;
default:
- nn_err(nn, "Unsupported address family\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported address family");
return -EINVAL;
}
@@ -473,7 +473,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
err = xa_alloc(&nn->xa_ipsec, &saidx, x,
XA_LIMIT(0, NFP_NET_IPSEC_MAX_SA_CNT - 1), GFP_KERNEL);
if (err < 0) {
- nn_err(nn, "Unable to get sa_data number for IPsec\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unable to get sa_data number for IPsec");
return err;
}
@@ -481,7 +481,7 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
err = nfp_ipsec_cfg_cmd_issue(nn, NFP_IPSEC_CFG_MSSG_ADD_SA, saidx, &msg);
if (err) {
xa_erase(&nn->xa_ipsec, saidx);
- nn_err(nn, "Failed to issue IPsec command err ret=%d\n", err);
+ NL_SET_ERR_MSG_MOD(extack, "Failed to issue IPsec command");
return err;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH net-next 07/10] ixgbevf: fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
index 752b9df4fb51..66cf17f19408 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
@@ -272,18 +272,17 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
ipsec = adapter->ipsec;
if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
- netdev_err(dev, "Unsupported protocol 0x%04x for IPsec offload\n",
- xs->id.proto);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for IPsec offload");
return -EINVAL;
}
if (xs->props.mode != XFRM_MODE_TRANSPORT) {
- netdev_err(dev, "Unsupported mode for ipsec offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported mode for ipsec offload");
return -EINVAL;
}
if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- netdev_err(dev, "Unsupported ipsec offload type\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type");
return -EINVAL;
}
@@ -291,14 +290,14 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
struct rx_sa rsa;
if (xs->calg) {
- netdev_err(dev, "Compression offload not supported\n");
+ NL_SET_ERR_MSG_MOD(extack, "Compression offload not supported");
return -EINVAL;
}
/* find the first unused index */
ret = ixgbevf_ipsec_find_empty_idx(ipsec, true);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Rx table!\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx table!");
return ret;
}
sa_idx = (u16)ret;
@@ -313,7 +312,7 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
/* get the key and salt */
ret = ixgbevf_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for Rx SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Rx SA table");
return ret;
}
@@ -352,7 +351,7 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
/* find the first unused index */
ret = ixgbevf_ipsec_find_empty_idx(ipsec, false);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Tx table\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Tx table");
return ret;
}
sa_idx = (u16)ret;
@@ -366,7 +365,7 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
ret = ixgbevf_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for Tx SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Tx SA table");
memset(&tsa, 0, sizeof(tsa));
return ret;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 07/10] ixgbevf: fill IPsec state validation failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
index 752b9df4fb51..66cf17f19408 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
@@ -272,18 +272,17 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
ipsec = adapter->ipsec;
if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
- netdev_err(dev, "Unsupported protocol 0x%04x for IPsec offload\n",
- xs->id.proto);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for IPsec offload");
return -EINVAL;
}
if (xs->props.mode != XFRM_MODE_TRANSPORT) {
- netdev_err(dev, "Unsupported mode for ipsec offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported mode for ipsec offload");
return -EINVAL;
}
if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- netdev_err(dev, "Unsupported ipsec offload type\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type");
return -EINVAL;
}
@@ -291,14 +290,14 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
struct rx_sa rsa;
if (xs->calg) {
- netdev_err(dev, "Compression offload not supported\n");
+ NL_SET_ERR_MSG_MOD(extack, "Compression offload not supported");
return -EINVAL;
}
/* find the first unused index */
ret = ixgbevf_ipsec_find_empty_idx(ipsec, true);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Rx table!\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx table!");
return ret;
}
sa_idx = (u16)ret;
@@ -313,7 +312,7 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
/* get the key and salt */
ret = ixgbevf_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for Rx SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Rx SA table");
return ret;
}
@@ -352,7 +351,7 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
/* find the first unused index */
ret = ixgbevf_ipsec_find_empty_idx(ipsec, false);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Tx table\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Tx table");
return ret;
}
sa_idx = (u16)ret;
@@ -366,7 +365,7 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
ret = ixgbevf_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for Tx SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Tx SA table");
memset(&tsa, 0, sizeof(tsa));
return ret;
}
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 08/10] ixgbe: fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 21 +++++++++----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 07c37dc619e8..13a6fca31004 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -572,23 +572,22 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
int i;
if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
- netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n",
- xs->id.proto);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for ipsec offload");
return -EINVAL;
}
if (xs->props.mode != XFRM_MODE_TRANSPORT) {
- netdev_err(dev, "Unsupported mode for ipsec offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported mode for ipsec offload");
return -EINVAL;
}
if (ixgbe_ipsec_check_mgmt_ip(xs)) {
- netdev_err(dev, "IPsec IP addr clash with mgmt filters\n");
+ NL_SET_ERR_MSG_MOD(extack, "IPsec IP addr clash with mgmt filters");
return -EINVAL;
}
if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- netdev_err(dev, "Unsupported ipsec offload type\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type");
return -EINVAL;
}
@@ -596,14 +595,14 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
struct rx_sa rsa;
if (xs->calg) {
- netdev_err(dev, "Compression offload not supported\n");
+ NL_SET_ERR_MSG_MOD(extack, "Compression offload not supported");
return -EINVAL;
}
/* find the first unused index */
ret = ixgbe_ipsec_find_empty_idx(ipsec, true);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Rx table!\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx table!");
return ret;
}
sa_idx = (u16)ret;
@@ -618,7 +617,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
/* get the key and salt */
ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for Rx SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Rx SA table");
return ret;
}
@@ -678,7 +677,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
} else {
/* no match and no empty slot */
- netdev_err(dev, "No space for SA in Rx IP SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx IP SA table");
memset(&rsa, 0, sizeof(rsa));
return -ENOSPC;
}
@@ -713,7 +712,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
/* find the first unused index */
ret = ixgbe_ipsec_find_empty_idx(ipsec, false);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Tx table\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Tx table");
return ret;
}
sa_idx = (u16)ret;
@@ -727,7 +726,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
ret = ixgbe_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for Tx SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Tx SA table");
memset(&tsa, 0, sizeof(tsa));
return ret;
}
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH net-next 08/10] ixgbe: fill IPsec state validation failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 21 +++++++++----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 07c37dc619e8..13a6fca31004 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -572,23 +572,22 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
int i;
if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
- netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n",
- xs->id.proto);
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for ipsec offload");
return -EINVAL;
}
if (xs->props.mode != XFRM_MODE_TRANSPORT) {
- netdev_err(dev, "Unsupported mode for ipsec offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported mode for ipsec offload");
return -EINVAL;
}
if (ixgbe_ipsec_check_mgmt_ip(xs)) {
- netdev_err(dev, "IPsec IP addr clash with mgmt filters\n");
+ NL_SET_ERR_MSG_MOD(extack, "IPsec IP addr clash with mgmt filters");
return -EINVAL;
}
if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- netdev_err(dev, "Unsupported ipsec offload type\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type");
return -EINVAL;
}
@@ -596,14 +595,14 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
struct rx_sa rsa;
if (xs->calg) {
- netdev_err(dev, "Compression offload not supported\n");
+ NL_SET_ERR_MSG_MOD(extack, "Compression offload not supported");
return -EINVAL;
}
/* find the first unused index */
ret = ixgbe_ipsec_find_empty_idx(ipsec, true);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Rx table!\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx table!");
return ret;
}
sa_idx = (u16)ret;
@@ -618,7 +617,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
/* get the key and salt */
ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for Rx SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Rx SA table");
return ret;
}
@@ -678,7 +677,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
} else {
/* no match and no empty slot */
- netdev_err(dev, "No space for SA in Rx IP SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx IP SA table");
memset(&rsa, 0, sizeof(rsa));
return -ENOSPC;
}
@@ -713,7 +712,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
/* find the first unused index */
ret = ixgbe_ipsec_find_empty_idx(ipsec, false);
if (ret < 0) {
- netdev_err(dev, "No space for SA in Tx table\n");
+ NL_SET_ERR_MSG_MOD(extack, "No space for SA in Tx table");
return ret;
}
sa_idx = (u16)ret;
@@ -727,7 +726,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
ret = ixgbe_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);
if (ret) {
- netdev_err(dev, "Failed to get key data for Tx SA table\n");
+ NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Tx SA table");
memset(&tsa, 0, sizeof(tsa));
return ret;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 09/10] bonding: fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
drivers/net/bonding/bond_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 686b2a6fd674..00646aa315c3 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -444,7 +444,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs,
if (!slave->dev->xfrmdev_ops ||
!slave->dev->xfrmdev_ops->xdo_dev_state_add ||
netif_is_bond_master(slave->dev)) {
- slave_warn(bond_dev, slave->dev, "Slave does not support ipsec offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Slave does not support ipsec offload");
rcu_read_unlock();
return -EINVAL;
}
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH net-next 09/10] bonding: fill IPsec state validation failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
drivers/net/bonding/bond_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 686b2a6fd674..00646aa315c3 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -444,7 +444,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs,
if (!slave->dev->xfrmdev_ops ||
!slave->dev->xfrmdev_ops->xdo_dev_state_add ||
netif_is_bond_master(slave->dev)) {
- slave_warn(bond_dev, slave->dev, "Slave does not support ipsec offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Slave does not support ipsec offload");
rcu_read_unlock();
return -EINVAL;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [PATCH net-next 10/10] cxgb4: fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 14:00 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Simon Horman, Tony Nguyen,
Veaceslav Falico
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../net/ethernet/chelsio/cxgb4/cxgb4_main.c | 3 +-
.../inline_crypto/ch_ipsec/chcr_ipsec.c | 28 +++++++++----------
2 files changed, 15 insertions(+), 16 deletions(-)
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index 6c0a41f3ae44..7db2403c4c9c 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -6497,8 +6497,7 @@ static int cxgb4_xfrm_add_state(struct xfrm_state *x,
int ret;
if (!mutex_trylock(&uld_mutex)) {
- dev_dbg(adap->pdev_dev,
- "crypto uld critical resource is under use\n");
+ NL_SET_ERR_MSG_MOD(extack, "crypto uld critical resource is under use");
return -EBUSY;
}
ret = chcr_offload_state(adap, CXGB4_XFRMDEV_OPS);
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
index ac2ea6206af1..98222b67d036 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
@@ -234,59 +234,59 @@ static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
int res = 0;
if (x->props.aalgo != SADB_AALG_NONE) {
- pr_debug("Cannot offload authenticated xfrm states\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");
return -EINVAL;
}
if (x->props.calgo != SADB_X_CALG_NONE) {
- pr_debug("Cannot offload compressed xfrm states\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");
return -EINVAL;
}
if (x->props.family != AF_INET &&
x->props.family != AF_INET6) {
- pr_debug("Only IPv4/6 xfrm state offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm state offloaded");
return -EINVAL;
}
if (x->props.mode != XFRM_MODE_TRANSPORT &&
x->props.mode != XFRM_MODE_TUNNEL) {
- pr_debug("Only transport and tunnel xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm offload");
return -EINVAL;
}
if (x->id.proto != IPPROTO_ESP) {
- pr_debug("Only ESP xfrm state offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state offloaded");
return -EINVAL;
}
if (x->encap) {
- pr_debug("Encapsulated xfrm state not offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state not offloaded");
return -EINVAL;
}
if (!x->aead) {
- pr_debug("Cannot offload xfrm states without aead\n");
+ NL_SET_ERR_MSG_MOD("Cannot offload xfrm states without aead");
return -EINVAL;
}
if (x->aead->alg_icv_len != 128 &&
x->aead->alg_icv_len != 96) {
- pr_debug("Cannot offload xfrm states with AEAD ICV length other than 96b & 128b\n");
- return -EINVAL;
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 96b & 128b");
+ return -EINVAL;
}
if ((x->aead->alg_key_len != 128 + 32) &&
(x->aead->alg_key_len != 256 + 32)) {
- pr_debug("cannot offload xfrm states with AEAD key length other than 128/256 bit\n");
+ NL_SET_ERR_MSG_MOD(extack, "cannot offload xfrm states with AEAD key length other than 128/256 bit");
return -EINVAL;
}
if (x->tfcpad) {
- pr_debug("Cannot offload xfrm states with tfc padding\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");
return -EINVAL;
}
if (!x->geniv) {
- pr_debug("Cannot offload xfrm states without geniv\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");
return -EINVAL;
}
if (strcmp(x->geniv, "seqiv")) {
- pr_debug("Cannot offload xfrm states with geniv other than seqiv\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");
return -EINVAL;
}
if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- pr_debug("Unsupported xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload");
return -EINVAL;
}
--
2.39.1
^ permalink raw reply related [flat|nested] 36+ messages in thread
* [Intel-wired-lan] [PATCH net-next 10/10] cxgb4: fill IPsec state validation failure reason
@ 2023-01-23 14:00 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 14:00 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Leon Romanovsky, Saeed Mahameed,
Andy Gospodarek
From: Leon Romanovsky <leonro@nvidia.com>
Rely on extack to return failure reason.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
.../net/ethernet/chelsio/cxgb4/cxgb4_main.c | 3 +-
.../inline_crypto/ch_ipsec/chcr_ipsec.c | 28 +++++++++----------
2 files changed, 15 insertions(+), 16 deletions(-)
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index 6c0a41f3ae44..7db2403c4c9c 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -6497,8 +6497,7 @@ static int cxgb4_xfrm_add_state(struct xfrm_state *x,
int ret;
if (!mutex_trylock(&uld_mutex)) {
- dev_dbg(adap->pdev_dev,
- "crypto uld critical resource is under use\n");
+ NL_SET_ERR_MSG_MOD(extack, "crypto uld critical resource is under use");
return -EBUSY;
}
ret = chcr_offload_state(adap, CXGB4_XFRMDEV_OPS);
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
index ac2ea6206af1..98222b67d036 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
@@ -234,59 +234,59 @@ static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
int res = 0;
if (x->props.aalgo != SADB_AALG_NONE) {
- pr_debug("Cannot offload authenticated xfrm states\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");
return -EINVAL;
}
if (x->props.calgo != SADB_X_CALG_NONE) {
- pr_debug("Cannot offload compressed xfrm states\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");
return -EINVAL;
}
if (x->props.family != AF_INET &&
x->props.family != AF_INET6) {
- pr_debug("Only IPv4/6 xfrm state offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm state offloaded");
return -EINVAL;
}
if (x->props.mode != XFRM_MODE_TRANSPORT &&
x->props.mode != XFRM_MODE_TUNNEL) {
- pr_debug("Only transport and tunnel xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm offload");
return -EINVAL;
}
if (x->id.proto != IPPROTO_ESP) {
- pr_debug("Only ESP xfrm state offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state offloaded");
return -EINVAL;
}
if (x->encap) {
- pr_debug("Encapsulated xfrm state not offloaded\n");
+ NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state not offloaded");
return -EINVAL;
}
if (!x->aead) {
- pr_debug("Cannot offload xfrm states without aead\n");
+ NL_SET_ERR_MSG_MOD("Cannot offload xfrm states without aead");
return -EINVAL;
}
if (x->aead->alg_icv_len != 128 &&
x->aead->alg_icv_len != 96) {
- pr_debug("Cannot offload xfrm states with AEAD ICV length other than 96b & 128b\n");
- return -EINVAL;
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 96b & 128b");
+ return -EINVAL;
}
if ((x->aead->alg_key_len != 128 + 32) &&
(x->aead->alg_key_len != 256 + 32)) {
- pr_debug("cannot offload xfrm states with AEAD key length other than 128/256 bit\n");
+ NL_SET_ERR_MSG_MOD(extack, "cannot offload xfrm states with AEAD key length other than 128/256 bit");
return -EINVAL;
}
if (x->tfcpad) {
- pr_debug("Cannot offload xfrm states with tfc padding\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");
return -EINVAL;
}
if (!x->geniv) {
- pr_debug("Cannot offload xfrm states without geniv\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");
return -EINVAL;
}
if (strcmp(x->geniv, "seqiv")) {
- pr_debug("Cannot offload xfrm states with geniv other than seqiv\n");
+ NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");
return -EINVAL;
}
if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
- pr_debug("Unsupported xfrm offload\n");
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload");
return -EINVAL;
}
--
2.39.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply related [flat|nested] 36+ messages in thread
* Re: [PATCH net-next 06/10] nfp: fill IPsec state validation failure reason
2023-01-23 14:00 ` Leon Romanovsky
@ 2023-01-23 15:09 ` Simon Horman
-1 siblings, 0 replies; 36+ messages in thread
From: Simon Horman @ 2023-01-23 15:09 UTC (permalink / raw)
To: Leon Romanovsky
Cc: David S . Miller, Jakub Kicinski, Steffen Klassert,
Leon Romanovsky, Andy Gospodarek, Ayush Sawal, Eric Dumazet,
Herbert Xu, intel-wired-lan, Jay Vosburgh, Jesse Brandeburg,
Jonathan Corbet, linux-doc, netdev, oss-drivers, Paolo Abeni,
Raju Rangoju, Saeed Mahameed, Tony Nguyen, Veaceslav Falico
On Mon, Jan 23, 2023 at 04:00:19PM +0200, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
>
> Rely on extack to return failure reason.
>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> Signed-off-by: Leon Romanovsky <leon@kernel.org>
One minor suggestion below, but regardless this looks good to me.
Reviewed-by: Simon Horman <simon.horman@corigine.com>
> ---
> .../net/ethernet/netronome/nfp/crypto/ipsec.c | 38 +++++++++----------
> 1 file changed, 19 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
> index 41b98f2b7402..7af41cbc8c0b 100644
> --- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
> +++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
...
> if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
> - nn_err(nn, "Unsupported xfrm offload tyoe\n");
> + NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload tyoe");
While we are here, maybe s/tyoe/type/ ?
...
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 06/10] nfp: fill IPsec state validation failure reason
@ 2023-01-23 15:09 ` Simon Horman
0 siblings, 0 replies; 36+ messages in thread
From: Simon Horman @ 2023-01-23 15:09 UTC (permalink / raw)
To: Leon Romanovsky
Cc: Steffen Klassert, Veaceslav Falico, Herbert Xu, Jonathan Corbet,
Tony Nguyen, Jay Vosburgh, oss-drivers, linux-doc, Raju Rangoju,
Jesse Brandeburg, Saeed Mahameed, Eric Dumazet, netdev,
intel-wired-lan, Ayush Sawal, Jakub Kicinski, Paolo Abeni,
Leon Romanovsky, David S . Miller, Andy Gospodarek
On Mon, Jan 23, 2023 at 04:00:19PM +0200, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
>
> Rely on extack to return failure reason.
>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> Signed-off-by: Leon Romanovsky <leon@kernel.org>
One minor suggestion below, but regardless this looks good to me.
Reviewed-by: Simon Horman <simon.horman@corigine.com>
> ---
> .../net/ethernet/netronome/nfp/crypto/ipsec.c | 38 +++++++++----------
> 1 file changed, 19 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
> index 41b98f2b7402..7af41cbc8c0b 100644
> --- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
> +++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
...
> if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
> - nn_err(nn, "Unsupported xfrm offload tyoe\n");
> + NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload tyoe");
While we are here, maybe s/tyoe/type/ ?
...
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH net-next 06/10] nfp: fill IPsec state validation failure reason
2023-01-23 15:09 ` [Intel-wired-lan] " Simon Horman
@ 2023-01-23 16:34 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 16:34 UTC (permalink / raw)
To: Simon Horman
Cc: David S . Miller, Jakub Kicinski, Steffen Klassert,
Andy Gospodarek, Ayush Sawal, Eric Dumazet, Herbert Xu,
intel-wired-lan, Jay Vosburgh, Jesse Brandeburg, Jonathan Corbet,
linux-doc, netdev, oss-drivers, Paolo Abeni, Raju Rangoju,
Saeed Mahameed, Tony Nguyen, Veaceslav Falico
On Mon, Jan 23, 2023 at 04:09:20PM +0100, Simon Horman wrote:
> On Mon, Jan 23, 2023 at 04:00:19PM +0200, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@nvidia.com>
> >
> > Rely on extack to return failure reason.
> >
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > Signed-off-by: Leon Romanovsky <leon@kernel.org>
>
> One minor suggestion below, but regardless this looks good to me.
>
> Reviewed-by: Simon Horman <simon.horman@corigine.com>
>
> > ---
> > .../net/ethernet/netronome/nfp/crypto/ipsec.c | 38 +++++++++----------
> > 1 file changed, 19 insertions(+), 19 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
> > index 41b98f2b7402..7af41cbc8c0b 100644
> > --- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
> > +++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
>
> ...
>
> > if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
> > - nn_err(nn, "Unsupported xfrm offload tyoe\n");
> > + NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload tyoe");
>
> While we are here, maybe s/tyoe/type/ ?
Sure, will fix.
Thanks
>
> ...
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 06/10] nfp: fill IPsec state validation failure reason
@ 2023-01-23 16:34 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 16:34 UTC (permalink / raw)
To: Simon Horman
Cc: Steffen Klassert, Veaceslav Falico, Herbert Xu, Jonathan Corbet,
Tony Nguyen, Jay Vosburgh, oss-drivers, linux-doc, Raju Rangoju,
Jesse Brandeburg, Eric Dumazet, netdev, intel-wired-lan,
Ayush Sawal, Jakub Kicinski, Paolo Abeni, Saeed Mahameed,
David S . Miller, Andy Gospodarek
On Mon, Jan 23, 2023 at 04:09:20PM +0100, Simon Horman wrote:
> On Mon, Jan 23, 2023 at 04:00:19PM +0200, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@nvidia.com>
> >
> > Rely on extack to return failure reason.
> >
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > Signed-off-by: Leon Romanovsky <leon@kernel.org>
>
> One minor suggestion below, but regardless this looks good to me.
>
> Reviewed-by: Simon Horman <simon.horman@corigine.com>
>
> > ---
> > .../net/ethernet/netronome/nfp/crypto/ipsec.c | 38 +++++++++----------
> > 1 file changed, 19 insertions(+), 19 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
> > index 41b98f2b7402..7af41cbc8c0b 100644
> > --- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
> > +++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
>
> ...
>
> > if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
> > - nn_err(nn, "Unsupported xfrm offload tyoe\n");
> > + NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload tyoe");
>
> While we are here, maybe s/tyoe/type/ ?
Sure, will fix.
Thanks
>
> ...
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-23 17:12 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 17:12 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Veaceslav Falico, Herbert Xu, Jonathan Corbet, Jay Vosburgh,
oss-drivers, linux-doc, Raju Rangoju, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Paolo Abeni, Saeed Mahameed, Andy Gospodarek
On Mon, Jan 23, 2023 at 04:00:17PM +0200, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
>
> Rely on extack to return failure reason.
>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> Signed-off-by: Leon Romanovsky <leon@kernel.org>
Ohh, I need to fix my scripts.
<...>
> break;
> default:
> - netdev_info(netdev, "Unsupported xfrm offload type %d\n",
> - x->xso.type);
> + NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
It is rebase error, will resend.
Thanks
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation failure reason
@ 2023-01-23 17:12 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-23 17:12 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Andy Gospodarek, Ayush Sawal, Eric Dumazet, Herbert Xu,
intel-wired-lan, Jay Vosburgh, Jesse Brandeburg, Jonathan Corbet,
linux-doc, netdev, oss-drivers, Paolo Abeni, Raju Rangoju,
Saeed Mahameed, Simon Horman, Tony Nguyen, Veaceslav Falico
On Mon, Jan 23, 2023 at 04:00:17PM +0200, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
>
> Rely on extack to return failure reason.
>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> Signed-off-by: Leon Romanovsky <leon@kernel.org>
Ohh, I need to fix my scripts.
<...>
> break;
> default:
> - netdev_info(netdev, "Unsupported xfrm offload type %d\n",
> - x->xso.type);
> + NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
It is rebase error, will resend.
Thanks
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 09/10] bonding: fill IPsec state validation failure reason
2023-01-23 14:00 ` Leon Romanovsky
@ 2023-01-23 23:01 ` Jay Vosburgh
-1 siblings, 0 replies; 36+ messages in thread
From: Jay Vosburgh @ 2023-01-23 23:01 UTC (permalink / raw)
To: Leon Romanovsky
Cc: Steffen Klassert, Paolo Abeni, Ayush Sawal, Herbert Xu,
Eric Dumazet, Jonathan Corbet, Tony Nguyen, netdev, linux-doc,
Jesse Brandeburg, Saeed Mahameed, oss-drivers, Veaceslav Falico,
Raju Rangoju, Simon Horman, Jakub Kicinski, intel-wired-lan,
Leon Romanovsky, David S . Miller, Andy Gospodarek
Leon Romanovsky <leon@kernel.org> wrote:
>From: Leon Romanovsky <leonro@nvidia.com>
>
>Rely on extack to return failure reason.
>
>Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
>Signed-off-by: Leon Romanovsky <leon@kernel.org>
>---
> drivers/net/bonding/bond_main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
>index 686b2a6fd674..00646aa315c3 100644
>--- a/drivers/net/bonding/bond_main.c
>+++ b/drivers/net/bonding/bond_main.c
>@@ -444,7 +444,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs,
> if (!slave->dev->xfrmdev_ops ||
> !slave->dev->xfrmdev_ops->xdo_dev_state_add ||
> netif_is_bond_master(slave->dev)) {
>- slave_warn(bond_dev, slave->dev, "Slave does not support ipsec offload\n");
>+ NL_SET_ERR_MSG_MOD(extack, "Slave does not support ipsec offload");
> rcu_read_unlock();
> return -EINVAL;
> }
Why only this one, and not include the other similar
slave_warn() calls in the bond_ipsec_* functions? That would seem to
make some failures show up in dmesg, and others returned to the caller
via extack.
-J
---
-Jay Vosburgh, jay.vosburgh@canonical.com
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 09/10] bonding: fill IPsec state validation failure reason
@ 2023-01-23 23:01 ` Jay Vosburgh
0 siblings, 0 replies; 36+ messages in thread
From: Jay Vosburgh @ 2023-01-23 23:01 UTC (permalink / raw)
To: Leon Romanovsky
Cc: David S . Miller, Jakub Kicinski, Steffen Klassert,
Veaceslav Falico, Herbert Xu, Jonathan Corbet, oss-drivers,
linux-doc, Raju Rangoju, Jesse Brandeburg, Eric Dumazet, netdev,
intel-wired-lan, Ayush Sawal, Simon Horman, Tony Nguyen,
Paolo Abeni, Leon Romanovsky, Saeed Mahameed, Andy Gospodarek
Leon Romanovsky <leon@kernel.org> wrote:
>From: Leon Romanovsky <leonro@nvidia.com>
>
>Rely on extack to return failure reason.
>
>Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
>Signed-off-by: Leon Romanovsky <leon@kernel.org>
>---
> drivers/net/bonding/bond_main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
>index 686b2a6fd674..00646aa315c3 100644
>--- a/drivers/net/bonding/bond_main.c
>+++ b/drivers/net/bonding/bond_main.c
>@@ -444,7 +444,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs,
> if (!slave->dev->xfrmdev_ops ||
> !slave->dev->xfrmdev_ops->xdo_dev_state_add ||
> netif_is_bond_master(slave->dev)) {
>- slave_warn(bond_dev, slave->dev, "Slave does not support ipsec offload\n");
>+ NL_SET_ERR_MSG_MOD(extack, "Slave does not support ipsec offload");
> rcu_read_unlock();
> return -EINVAL;
> }
Why only this one, and not include the other similar
slave_warn() calls in the bond_ipsec_* functions? That would seem to
make some failures show up in dmesg, and others returned to the caller
via extack.
-J
---
-Jay Vosburgh, jay.vosburgh@canonical.com
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 09/10] bonding: fill IPsec state validation failure reason
2023-01-23 23:01 ` Jay Vosburgh
@ 2023-01-24 6:22 ` Leon Romanovsky
-1 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-24 6:22 UTC (permalink / raw)
To: Jay Vosburgh
Cc: David S . Miller, Jakub Kicinski, Steffen Klassert,
Veaceslav Falico, Herbert Xu, Jonathan Corbet, oss-drivers,
linux-doc, Raju Rangoju, Jesse Brandeburg, Eric Dumazet, netdev,
intel-wired-lan, Ayush Sawal, Simon Horman, Tony Nguyen,
Paolo Abeni, Saeed Mahameed, Andy Gospodarek
On Mon, Jan 23, 2023 at 03:01:32PM -0800, Jay Vosburgh wrote:
> Leon Romanovsky <leon@kernel.org> wrote:
>
> >From: Leon Romanovsky <leonro@nvidia.com>
> >
> >Rely on extack to return failure reason.
> >
> >Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> >Signed-off-by: Leon Romanovsky <leon@kernel.org>
> >---
> > drivers/net/bonding/bond_main.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> >diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> >index 686b2a6fd674..00646aa315c3 100644
> >--- a/drivers/net/bonding/bond_main.c
> >+++ b/drivers/net/bonding/bond_main.c
> >@@ -444,7 +444,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs,
> > if (!slave->dev->xfrmdev_ops ||
> > !slave->dev->xfrmdev_ops->xdo_dev_state_add ||
> > netif_is_bond_master(slave->dev)) {
> >- slave_warn(bond_dev, slave->dev, "Slave does not support ipsec offload\n");
> >+ NL_SET_ERR_MSG_MOD(extack, "Slave does not support ipsec offload");
> > rcu_read_unlock();
> > return -EINVAL;
> > }
>
> Why only this one, and not include the other similar
> slave_warn() calls in the bond_ipsec_* functions?
Which functions did you have in mind?
The extack was added to XFRM .xdo_dev_state_add() call, which is
translated to bond_ipsec_add_sa() with only one slave_warn() print.
If you are talking about bond_ipsec_add_sa_all(), that function isn't
directly connected to netlink and doesn't have extack pointer to fill.
If you are talking about bond_ipsec_del_sai*() and slave_warn() there, it
will be better to be deleted/changed to make sure what ipsec_list have
only valid devices.
Thanks
> That would seem to make some failures show up in dmesg,
> and others returned to the caller via extack.
>
> -J
>
> ---
> -Jay Vosburgh, jay.vosburgh@canonical.com
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 09/10] bonding: fill IPsec state validation failure reason
@ 2023-01-24 6:22 ` Leon Romanovsky
0 siblings, 0 replies; 36+ messages in thread
From: Leon Romanovsky @ 2023-01-24 6:22 UTC (permalink / raw)
To: Jay Vosburgh
Cc: Steffen Klassert, Paolo Abeni, Ayush Sawal, Herbert Xu,
Eric Dumazet, Jonathan Corbet, Tony Nguyen, netdev, linux-doc,
Jesse Brandeburg, oss-drivers, Veaceslav Falico, Raju Rangoju,
Simon Horman, Jakub Kicinski, intel-wired-lan, Saeed Mahameed,
David S . Miller, Andy Gospodarek
On Mon, Jan 23, 2023 at 03:01:32PM -0800, Jay Vosburgh wrote:
> Leon Romanovsky <leon@kernel.org> wrote:
>
> >From: Leon Romanovsky <leonro@nvidia.com>
> >
> >Rely on extack to return failure reason.
> >
> >Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> >Signed-off-by: Leon Romanovsky <leon@kernel.org>
> >---
> > drivers/net/bonding/bond_main.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> >diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> >index 686b2a6fd674..00646aa315c3 100644
> >--- a/drivers/net/bonding/bond_main.c
> >+++ b/drivers/net/bonding/bond_main.c
> >@@ -444,7 +444,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs,
> > if (!slave->dev->xfrmdev_ops ||
> > !slave->dev->xfrmdev_ops->xdo_dev_state_add ||
> > netif_is_bond_master(slave->dev)) {
> >- slave_warn(bond_dev, slave->dev, "Slave does not support ipsec offload\n");
> >+ NL_SET_ERR_MSG_MOD(extack, "Slave does not support ipsec offload");
> > rcu_read_unlock();
> > return -EINVAL;
> > }
>
> Why only this one, and not include the other similar
> slave_warn() calls in the bond_ipsec_* functions?
Which functions did you have in mind?
The extack was added to XFRM .xdo_dev_state_add() call, which is
translated to bond_ipsec_add_sa() with only one slave_warn() print.
If you are talking about bond_ipsec_add_sa_all(), that function isn't
directly connected to netlink and doesn't have extack pointer to fill.
If you are talking about bond_ipsec_del_sai*() and slave_warn() there, it
will be better to be deleted/changed to make sure what ipsec_list have
only valid devices.
Thanks
> That would seem to make some failures show up in dmesg,
> and others returned to the caller via extack.
>
> -J
>
> ---
> -Jay Vosburgh, jay.vosburgh@canonical.com
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-24 7:59 ` kernel test robot
-1 siblings, 0 replies; 36+ messages in thread
From: kernel test robot @ 2023-01-24 7:59 UTC (permalink / raw)
To: Leon Romanovsky, David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: llvm, oe-kbuild-all, Veaceslav Falico, Herbert Xu,
Jonathan Corbet, Jay Vosburgh, oss-drivers, linux-doc,
Raju Rangoju, Jesse Brandeburg, Eric Dumazet, netdev,
intel-wired-lan, Ayush Sawal, Simon Horman, Tony Nguyen,
Paolo Abeni, Leon Romanovsky, Saeed Mahameed, Andy Gospodarek
Hi Leon,
I love your patch! Yet something to improve:
[auto build test ERROR on net-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
patch link: https://lore.kernel.org/r/a5426033528ccef6e0e71fe06b55ae56c5596e85.1674481435.git.leon%40kernel.org
patch subject: [Intel-wired-lan] [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation failure reason
config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20230124/202301241552.GWkgnAH7-lkp@intel.com/config)
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/bd6a3bcc8978f551f83f85b9c18d199c71c29d7c
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
git checkout bd6a3bcc8978f551f83f85b9c18d199c71c29d7c
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/ drivers/net/ethernet/mellanox/mlx5/core/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
>> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c:276:22: error: use of undeclared identifier 'extackx'; did you mean 'extack'?
NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
^~~~~~~
extack
include/linux/netlink.h:128:18: note: expanded from macro 'NL_SET_ERR_MSG_MOD'
NL_SET_ERR_MSG((extack), KBUILD_MODNAME ": " msg)
^
include/linux/netlink.h:100:38: note: expanded from macro 'NL_SET_ERR_MSG'
struct netlink_ext_ack *__extack = (extack); \
^
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c:167:34: note: 'extack' declared here
struct netlink_ext_ack *extack)
^
1 error generated.
vim +276 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
164
165 static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
166 struct xfrm_state *x,
167 struct netlink_ext_ack *extack)
168 {
169 if (x->props.aalgo != SADB_AALG_NONE) {
170 NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");
171 return -EINVAL;
172 }
173 if (x->props.ealgo != SADB_X_EALG_AES_GCM_ICV16) {
174 NL_SET_ERR_MSG_MOD(extack, "Only AES-GCM-ICV16 xfrm state may be offloaded");
175 return -EINVAL;
176 }
177 if (x->props.calgo != SADB_X_CALG_NONE) {
178 NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");
179 return -EINVAL;
180 }
181 if (x->props.flags & XFRM_STATE_ESN &&
182 !(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_ESN)) {
183 NL_SET_ERR_MSG_MOD(extack, "Cannot offload ESN xfrm states");
184 return -EINVAL;
185 }
186 if (x->props.family != AF_INET &&
187 x->props.family != AF_INET6) {
188 NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm states may be offloaded");
189 return -EINVAL;
190 }
191 if (x->id.proto != IPPROTO_ESP) {
192 NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state may be offloaded");
193 return -EINVAL;
194 }
195 if (x->encap) {
196 NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state may not be offloaded");
197 return -EINVAL;
198 }
199 if (!x->aead) {
200 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without aead");
201 return -EINVAL;
202 }
203 if (x->aead->alg_icv_len != 128) {
204 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 128bit");
205 return -EINVAL;
206 }
207 if ((x->aead->alg_key_len != 128 + 32) &&
208 (x->aead->alg_key_len != 256 + 32)) {
209 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD key length other than 128/256 bit");
210 return -EINVAL;
211 }
212 if (x->tfcpad) {
213 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");
214 return -EINVAL;
215 }
216 if (!x->geniv) {
217 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");
218 return -EINVAL;
219 }
220 if (strcmp(x->geniv, "seqiv")) {
221 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");
222 return -EINVAL;
223 }
224 switch (x->xso.type) {
225 case XFRM_DEV_OFFLOAD_CRYPTO:
226 if (!(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_CRYPTO)) {
227 NL_SET_ERR_MSG_MOD(extack, "Crypto offload is not supported");
228 return -EINVAL;
229 }
230
231 if (x->props.mode != XFRM_MODE_TRANSPORT &&
232 x->props.mode != XFRM_MODE_TUNNEL) {
233 NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm states may be offloaded");
234 return -EINVAL;
235 }
236 break;
237 case XFRM_DEV_OFFLOAD_PACKET:
238 if (!(mlx5_ipsec_device_caps(mdev) &
239 MLX5_IPSEC_CAP_PACKET_OFFLOAD)) {
240 NL_SET_ERR_MSG_MOD(extack, "Packet offload is not supported");
241 return -EINVAL;
242 }
243
244 if (x->props.mode != XFRM_MODE_TRANSPORT) {
245 NL_SET_ERR_MSG_MOD(extack, "Only transport xfrm states may be offloaded in packet mode");
246 return -EINVAL;
247 }
248
249 if (x->replay_esn && x->replay_esn->replay_window != 32 &&
250 x->replay_esn->replay_window != 64 &&
251 x->replay_esn->replay_window != 128 &&
252 x->replay_esn->replay_window != 256) {
253 NL_SET_ERR_MSG_MOD(extack, "Unsupported replay window size");
254 return -EINVAL;
255 }
256
257 if (!x->props.reqid) {
258 NL_SET_ERR_MSG_MOD(extack, "Cannot offload without reqid");
259 return -EINVAL;
260 }
261
262 if (x->lft.hard_byte_limit != XFRM_INF ||
263 x->lft.soft_byte_limit != XFRM_INF) {
264 NL_SET_ERR_MSG_MOD(extack, "Device doesn't support limits in bytes");
265 return -EINVAL;
266 }
267
268 if (x->lft.soft_packet_limit >= x->lft.hard_packet_limit &&
269 x->lft.hard_packet_limit != XFRM_INF) {
270 /* XFRM stack doesn't prevent such configuration :(. */
271 NL_SET_ERR_MSG_MOD(extack, "Hard packet limit must be greater than soft one");
272 return -EINVAL;
273 }
274 break;
275 default:
> 276 NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
277 return -EINVAL;
278 }
279 return 0;
280 }
281
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation failure reason
@ 2023-01-24 7:59 ` kernel test robot
0 siblings, 0 replies; 36+ messages in thread
From: kernel test robot @ 2023-01-24 7:59 UTC (permalink / raw)
To: Leon Romanovsky, David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Ayush Sawal, Herbert Xu, Eric Dumazet, Jonathan Corbet,
Tony Nguyen, Jay Vosburgh, Raju Rangoju, llvm, linux-doc,
Jesse Brandeburg, oss-drivers, netdev, Veaceslav Falico,
oe-kbuild-all, Simon Horman, intel-wired-lan, Paolo Abeni,
Leon Romanovsky, Saeed Mahameed, Andy Gospodarek
Hi Leon,
I love your patch! Yet something to improve:
[auto build test ERROR on net-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
patch link: https://lore.kernel.org/r/a5426033528ccef6e0e71fe06b55ae56c5596e85.1674481435.git.leon%40kernel.org
patch subject: [Intel-wired-lan] [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation failure reason
config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20230124/202301241552.GWkgnAH7-lkp@intel.com/config)
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/bd6a3bcc8978f551f83f85b9c18d199c71c29d7c
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
git checkout bd6a3bcc8978f551f83f85b9c18d199c71c29d7c
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/ drivers/net/ethernet/mellanox/mlx5/core/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
>> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c:276:22: error: use of undeclared identifier 'extackx'; did you mean 'extack'?
NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
^~~~~~~
extack
include/linux/netlink.h:128:18: note: expanded from macro 'NL_SET_ERR_MSG_MOD'
NL_SET_ERR_MSG((extack), KBUILD_MODNAME ": " msg)
^
include/linux/netlink.h:100:38: note: expanded from macro 'NL_SET_ERR_MSG'
struct netlink_ext_ack *__extack = (extack); \
^
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c:167:34: note: 'extack' declared here
struct netlink_ext_ack *extack)
^
1 error generated.
vim +276 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
164
165 static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
166 struct xfrm_state *x,
167 struct netlink_ext_ack *extack)
168 {
169 if (x->props.aalgo != SADB_AALG_NONE) {
170 NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");
171 return -EINVAL;
172 }
173 if (x->props.ealgo != SADB_X_EALG_AES_GCM_ICV16) {
174 NL_SET_ERR_MSG_MOD(extack, "Only AES-GCM-ICV16 xfrm state may be offloaded");
175 return -EINVAL;
176 }
177 if (x->props.calgo != SADB_X_CALG_NONE) {
178 NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");
179 return -EINVAL;
180 }
181 if (x->props.flags & XFRM_STATE_ESN &&
182 !(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_ESN)) {
183 NL_SET_ERR_MSG_MOD(extack, "Cannot offload ESN xfrm states");
184 return -EINVAL;
185 }
186 if (x->props.family != AF_INET &&
187 x->props.family != AF_INET6) {
188 NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm states may be offloaded");
189 return -EINVAL;
190 }
191 if (x->id.proto != IPPROTO_ESP) {
192 NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state may be offloaded");
193 return -EINVAL;
194 }
195 if (x->encap) {
196 NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state may not be offloaded");
197 return -EINVAL;
198 }
199 if (!x->aead) {
200 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without aead");
201 return -EINVAL;
202 }
203 if (x->aead->alg_icv_len != 128) {
204 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 128bit");
205 return -EINVAL;
206 }
207 if ((x->aead->alg_key_len != 128 + 32) &&
208 (x->aead->alg_key_len != 256 + 32)) {
209 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD key length other than 128/256 bit");
210 return -EINVAL;
211 }
212 if (x->tfcpad) {
213 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");
214 return -EINVAL;
215 }
216 if (!x->geniv) {
217 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");
218 return -EINVAL;
219 }
220 if (strcmp(x->geniv, "seqiv")) {
221 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");
222 return -EINVAL;
223 }
224 switch (x->xso.type) {
225 case XFRM_DEV_OFFLOAD_CRYPTO:
226 if (!(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_CRYPTO)) {
227 NL_SET_ERR_MSG_MOD(extack, "Crypto offload is not supported");
228 return -EINVAL;
229 }
230
231 if (x->props.mode != XFRM_MODE_TRANSPORT &&
232 x->props.mode != XFRM_MODE_TUNNEL) {
233 NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm states may be offloaded");
234 return -EINVAL;
235 }
236 break;
237 case XFRM_DEV_OFFLOAD_PACKET:
238 if (!(mlx5_ipsec_device_caps(mdev) &
239 MLX5_IPSEC_CAP_PACKET_OFFLOAD)) {
240 NL_SET_ERR_MSG_MOD(extack, "Packet offload is not supported");
241 return -EINVAL;
242 }
243
244 if (x->props.mode != XFRM_MODE_TRANSPORT) {
245 NL_SET_ERR_MSG_MOD(extack, "Only transport xfrm states may be offloaded in packet mode");
246 return -EINVAL;
247 }
248
249 if (x->replay_esn && x->replay_esn->replay_window != 32 &&
250 x->replay_esn->replay_window != 64 &&
251 x->replay_esn->replay_window != 128 &&
252 x->replay_esn->replay_window != 256) {
253 NL_SET_ERR_MSG_MOD(extack, "Unsupported replay window size");
254 return -EINVAL;
255 }
256
257 if (!x->props.reqid) {
258 NL_SET_ERR_MSG_MOD(extack, "Cannot offload without reqid");
259 return -EINVAL;
260 }
261
262 if (x->lft.hard_byte_limit != XFRM_INF ||
263 x->lft.soft_byte_limit != XFRM_INF) {
264 NL_SET_ERR_MSG_MOD(extack, "Device doesn't support limits in bytes");
265 return -EINVAL;
266 }
267
268 if (x->lft.soft_packet_limit >= x->lft.hard_packet_limit &&
269 x->lft.hard_packet_limit != XFRM_INF) {
270 /* XFRM stack doesn't prevent such configuration :(. */
271 NL_SET_ERR_MSG_MOD(extack, "Hard packet limit must be greater than soft one");
272 return -EINVAL;
273 }
274 break;
275 default:
> 276 NL_SET_ERR_MSG_MOD(extackx, "Unsupported xfrm offload type");
277 return -EINVAL;
278 }
279 return 0;
280 }
281
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH net-next 10/10] cxgb4: fill IPsec state validation failure reason
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
@ 2023-01-24 9:42 ` kernel test robot
-1 siblings, 0 replies; 36+ messages in thread
From: kernel test robot @ 2023-01-24 9:42 UTC (permalink / raw)
To: Leon Romanovsky, David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: llvm, oe-kbuild-all, Leon Romanovsky, Andy Gospodarek,
Ayush Sawal, Eric Dumazet, Herbert Xu, intel-wired-lan,
Jay Vosburgh, Jesse Brandeburg, Jonathan Corbet, linux-doc,
netdev, oss-drivers, Paolo Abeni, Raju Rangoju, Saeed Mahameed,
Simon Horman, Tony Nguyen, Veaceslav Falico
Hi Leon,
I love your patch! Yet something to improve:
[auto build test ERROR on net-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
patch link: https://lore.kernel.org/r/9b45993fb96b6faa2b65f3dd78e677a54eeeec31.1674481435.git.leon%40kernel.org
patch subject: [PATCH net-next 10/10] cxgb4: fill IPsec state validation failure reason
config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20230124/202301241750.Qpv1Vuj6-lkp@intel.com/config)
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/7eb8edee0c687243325ffd27b20c0f5d429b76f0
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
git checkout 7eb8edee0c687243325ffd27b20c0f5d429b76f0
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
>> drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c:263:63: error: too few arguments provided to function-like macro invocation
NL_SET_ERR_MSG_MOD("Cannot offload xfrm states without aead");
^
include/linux/netlink.h:127:9: note: macro 'NL_SET_ERR_MSG_MOD' defined here
#define NL_SET_ERR_MSG_MOD(extack, msg) \
^
>> drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c:263:3: error: use of undeclared identifier 'NL_SET_ERR_MSG_MOD'
NL_SET_ERR_MSG_MOD("Cannot offload xfrm states without aead");
^
2 errors generated.
vim +263 drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
224
225 /*
226 * ch_ipsec_xfrm_add_state
227 * returns 0 on success, negative error if failed to send message to FPGA
228 * positive error if FPGA returned a bad response
229 */
230 static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
231 struct netlink_ext_ack *extack)
232 {
233 struct ipsec_sa_entry *sa_entry;
234 int res = 0;
235
236 if (x->props.aalgo != SADB_AALG_NONE) {
237 NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");
238 return -EINVAL;
239 }
240 if (x->props.calgo != SADB_X_CALG_NONE) {
241 NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");
242 return -EINVAL;
243 }
244 if (x->props.family != AF_INET &&
245 x->props.family != AF_INET6) {
246 NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm state offloaded");
247 return -EINVAL;
248 }
249 if (x->props.mode != XFRM_MODE_TRANSPORT &&
250 x->props.mode != XFRM_MODE_TUNNEL) {
251 NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm offload");
252 return -EINVAL;
253 }
254 if (x->id.proto != IPPROTO_ESP) {
255 NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state offloaded");
256 return -EINVAL;
257 }
258 if (x->encap) {
259 NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state not offloaded");
260 return -EINVAL;
261 }
262 if (!x->aead) {
> 263 NL_SET_ERR_MSG_MOD("Cannot offload xfrm states without aead");
264 return -EINVAL;
265 }
266 if (x->aead->alg_icv_len != 128 &&
267 x->aead->alg_icv_len != 96) {
268 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 96b & 128b");
269 return -EINVAL;
270 }
271 if ((x->aead->alg_key_len != 128 + 32) &&
272 (x->aead->alg_key_len != 256 + 32)) {
273 NL_SET_ERR_MSG_MOD(extack, "cannot offload xfrm states with AEAD key length other than 128/256 bit");
274 return -EINVAL;
275 }
276 if (x->tfcpad) {
277 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");
278 return -EINVAL;
279 }
280 if (!x->geniv) {
281 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");
282 return -EINVAL;
283 }
284 if (strcmp(x->geniv, "seqiv")) {
285 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");
286 return -EINVAL;
287 }
288 if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
289 NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload");
290 return -EINVAL;
291 }
292
293 sa_entry = kzalloc(sizeof(*sa_entry), GFP_KERNEL);
294 if (!sa_entry) {
295 res = -ENOMEM;
296 goto out;
297 }
298
299 sa_entry->hmac_ctrl = ch_ipsec_setauthsize(x, sa_entry);
300 if (x->props.flags & XFRM_STATE_ESN)
301 sa_entry->esn = 1;
302 ch_ipsec_setkey(x, sa_entry);
303 x->xso.offload_handle = (unsigned long)sa_entry;
304 try_module_get(THIS_MODULE);
305 out:
306 return res;
307 }
308
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [Intel-wired-lan] [PATCH net-next 10/10] cxgb4: fill IPsec state validation failure reason
@ 2023-01-24 9:42 ` kernel test robot
0 siblings, 0 replies; 36+ messages in thread
From: kernel test robot @ 2023-01-24 9:42 UTC (permalink / raw)
To: Leon Romanovsky, David S . Miller, Jakub Kicinski, Steffen Klassert
Cc: Raju Rangoju, Herbert Xu, oe-kbuild-all, Jonathan Corbet,
Jay Vosburgh, oss-drivers, llvm, linux-doc, Jesse Brandeburg,
Eric Dumazet, netdev, intel-wired-lan, Ayush Sawal, Simon Horman,
Tony Nguyen, Veaceslav Falico, Paolo Abeni, Leon Romanovsky,
Saeed Mahameed, Andy Gospodarek
Hi Leon,
I love your patch! Yet something to improve:
[auto build test ERROR on net-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
patch link: https://lore.kernel.org/r/9b45993fb96b6faa2b65f3dd78e677a54eeeec31.1674481435.git.leon%40kernel.org
patch subject: [PATCH net-next 10/10] cxgb4: fill IPsec state validation failure reason
config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20230124/202301241750.Qpv1Vuj6-lkp@intel.com/config)
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/7eb8edee0c687243325ffd27b20c0f5d429b76f0
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Leon-Romanovsky/xfrm-extend-add-policy-callback-to-set-failure-reason/20230123-220422
git checkout 7eb8edee0c687243325ffd27b20c0f5d429b76f0
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
>> drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c:263:63: error: too few arguments provided to function-like macro invocation
NL_SET_ERR_MSG_MOD("Cannot offload xfrm states without aead");
^
include/linux/netlink.h:127:9: note: macro 'NL_SET_ERR_MSG_MOD' defined here
#define NL_SET_ERR_MSG_MOD(extack, msg) \
^
>> drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c:263:3: error: use of undeclared identifier 'NL_SET_ERR_MSG_MOD'
NL_SET_ERR_MSG_MOD("Cannot offload xfrm states without aead");
^
2 errors generated.
vim +263 drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
224
225 /*
226 * ch_ipsec_xfrm_add_state
227 * returns 0 on success, negative error if failed to send message to FPGA
228 * positive error if FPGA returned a bad response
229 */
230 static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
231 struct netlink_ext_ack *extack)
232 {
233 struct ipsec_sa_entry *sa_entry;
234 int res = 0;
235
236 if (x->props.aalgo != SADB_AALG_NONE) {
237 NL_SET_ERR_MSG_MOD(extack, "Cannot offload authenticated xfrm states");
238 return -EINVAL;
239 }
240 if (x->props.calgo != SADB_X_CALG_NONE) {
241 NL_SET_ERR_MSG_MOD(extack, "Cannot offload compressed xfrm states");
242 return -EINVAL;
243 }
244 if (x->props.family != AF_INET &&
245 x->props.family != AF_INET6) {
246 NL_SET_ERR_MSG_MOD(extack, "Only IPv4/6 xfrm state offloaded");
247 return -EINVAL;
248 }
249 if (x->props.mode != XFRM_MODE_TRANSPORT &&
250 x->props.mode != XFRM_MODE_TUNNEL) {
251 NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm offload");
252 return -EINVAL;
253 }
254 if (x->id.proto != IPPROTO_ESP) {
255 NL_SET_ERR_MSG_MOD(extack, "Only ESP xfrm state offloaded");
256 return -EINVAL;
257 }
258 if (x->encap) {
259 NL_SET_ERR_MSG_MOD(extack, "Encapsulated xfrm state not offloaded");
260 return -EINVAL;
261 }
262 if (!x->aead) {
> 263 NL_SET_ERR_MSG_MOD("Cannot offload xfrm states without aead");
264 return -EINVAL;
265 }
266 if (x->aead->alg_icv_len != 128 &&
267 x->aead->alg_icv_len != 96) {
268 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with AEAD ICV length other than 96b & 128b");
269 return -EINVAL;
270 }
271 if ((x->aead->alg_key_len != 128 + 32) &&
272 (x->aead->alg_key_len != 256 + 32)) {
273 NL_SET_ERR_MSG_MOD(extack, "cannot offload xfrm states with AEAD key length other than 128/256 bit");
274 return -EINVAL;
275 }
276 if (x->tfcpad) {
277 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with tfc padding");
278 return -EINVAL;
279 }
280 if (!x->geniv) {
281 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states without geniv");
282 return -EINVAL;
283 }
284 if (strcmp(x->geniv, "seqiv")) {
285 NL_SET_ERR_MSG_MOD(extack, "Cannot offload xfrm states with geniv other than seqiv");
286 return -EINVAL;
287 }
288 if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
289 NL_SET_ERR_MSG_MOD(extack, "Unsupported xfrm offload");
290 return -EINVAL;
291 }
292
293 sa_entry = kzalloc(sizeof(*sa_entry), GFP_KERNEL);
294 if (!sa_entry) {
295 res = -ENOMEM;
296 goto out;
297 }
298
299 sa_entry->hmac_ctrl = ch_ipsec_setauthsize(x, sa_entry);
300 if (x->props.flags & XFRM_STATE_ESN)
301 sa_entry->esn = 1;
302 ch_ipsec_setkey(x, sa_entry);
303 x->xso.offload_handle = (unsigned long)sa_entry;
304 try_module_get(THIS_MODULE);
305 out:
306 return res;
307 }
308
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
^ permalink raw reply [flat|nested] 36+ messages in thread
end of thread, other threads:[~2023-01-24 9:42 UTC | newest]
Thread overview: 36+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-23 14:00 [PATCH net-next 00/10] Convert drivers to return XFRM configuration errors through extack Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
2023-01-23 14:00 ` [PATCH net-next 01/10] xfrm: extend add policy callback to set failure reason Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] [PATCH net-next 02/10] net/mlx5e: Fill IPsec policy validation " Leon Romanovsky
2023-01-23 14:00 ` Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] [PATCH net-next 03/10] xfrm: extend add state callback to set " Leon Romanovsky
2023-01-23 14:00 ` Leon Romanovsky
2023-01-23 14:00 ` [PATCH net-next 04/10] net/mlx5e: Fill IPsec state validation " Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
2023-01-23 17:12 ` Leon Romanovsky
2023-01-23 17:12 ` Leon Romanovsky
2023-01-24 7:59 ` [Intel-wired-lan] " kernel test robot
2023-01-24 7:59 ` kernel test robot
2023-01-23 14:00 ` [PATCH net-next 05/10] netdevsim: " Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] [PATCH net-next 06/10] nfp: fill " Leon Romanovsky
2023-01-23 14:00 ` Leon Romanovsky
2023-01-23 15:09 ` Simon Horman
2023-01-23 15:09 ` [Intel-wired-lan] " Simon Horman
2023-01-23 16:34 ` Leon Romanovsky
2023-01-23 16:34 ` [Intel-wired-lan] " Leon Romanovsky
2023-01-23 14:00 ` [PATCH net-next 07/10] ixgbevf: " Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] [PATCH net-next 08/10] ixgbe: " Leon Romanovsky
2023-01-23 14:00 ` Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] [PATCH net-next 09/10] bonding: " Leon Romanovsky
2023-01-23 14:00 ` Leon Romanovsky
2023-01-23 23:01 ` [Intel-wired-lan] " Jay Vosburgh
2023-01-23 23:01 ` Jay Vosburgh
2023-01-24 6:22 ` Leon Romanovsky
2023-01-24 6:22 ` Leon Romanovsky
2023-01-23 14:00 ` [PATCH net-next 10/10] cxgb4: " Leon Romanovsky
2023-01-23 14:00 ` [Intel-wired-lan] " Leon Romanovsky
2023-01-24 9:42 ` kernel test robot
2023-01-24 9:42 ` [Intel-wired-lan] " kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.