* [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction
@ 2022-05-05 10:06 Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 1/8] xfrm: free not used XFRM_ESP_NO_TRAILER flag Leon Romanovsky
` (8 more replies)
0 siblings, 9 replies; 14+ messages in thread
From: Leon Romanovsky @ 2022-05-05 10:06 UTC (permalink / raw)
To: Steffen Klassert
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
From: Leon Romanovsky <leonro@nvidia.com>
Hi Steffen,
I may admit that the title of this series is not the best one as it
contains straightforward cleanups and code that converts flags to
something less confusing.
This series follows removal of FPGA IPsec code from the mlx5 driver and
based on net-next commit 4950b6990e3b ("Merge branch 'ocelot-vcap-cleanups'").
As such, first two patches delete code that was used by mlx5 FPGA code
but isn't needed anymore.
Third patch is simple struct rename.
Rest of the patches separate user's provided flags variable from driver's
usage. This allows us to created more simple in-kernel interface, that
supports type checking without blending different properties into one
variable. It is achieved by converting flags to specific bitfield variables
with clear, meaningful names.
Such change allows us more clear addition of new input flags needed to
mark IPsec offload type.
The followup code uses this extensively:
https://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git/log/?h=xfrm-next
Thanks
Leon Romanovsky (8):
xfrm: free not used XFRM_ESP_NO_TRAILER flag
xfrm: delete not used number of external headers
xfrm: rename xfrm_state_offload struct to allow reuse
xfrm: store and rely on direction to construct offload flags
ixgbe: propagate XFRM offload state direction instead of flags
netdevsim: rely on XFRM state direction instead of flags
net/mlx5e: Use XFRM state direction instead of flags
xfrm: drop not needed flags variable in XFRM offload struct
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 ++++-----
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.h | 2 +-
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 6 +++---
drivers/net/ethernet/intel/ixgbevf/ipsec.h | 2 +-
.../mellanox/mlx5/core/en_accel/ipsec.c | 10 +++++-----
drivers/net/netdevsim/ipsec.c | 2 +-
include/net/xfrm.h | 20 +++++++++++--------
net/ipv4/esp4.c | 6 ------
net/ipv6/esp6.c | 6 ------
net/xfrm/xfrm_device.c | 15 +++++++-------
net/xfrm/xfrm_state.c | 4 ++--
net/xfrm/xfrm_user.c | 5 +++--
12 files changed, 40 insertions(+), 47 deletions(-)
--
2.35.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH ipsec-next 1/8] xfrm: free not used XFRM_ESP_NO_TRAILER flag
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
@ 2022-05-05 10:06 ` Leon Romanovsky
2022-05-05 11:02 ` David Miller
2022-05-05 10:06 ` [PATCH ipsec-next 2/8] xfrm: delete not used number of external headers Leon Romanovsky
` (7 subsequent siblings)
8 siblings, 1 reply; 14+ messages in thread
From: Leon Romanovsky @ 2022-05-05 10:06 UTC (permalink / raw)
To: Steffen Klassert
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
From: Leon Romanovsky <leonro@nvidia.com>
After removal of Innova IPsec support from mlx5 driver, the last user
of this XFRM_ESP_NO_TRAILER was gone too. This means that we can safely
remove it as no other hardware is capable (or need) to remove ESP trailer.
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
include/net/xfrm.h | 2 +-
net/ipv4/esp4.c | 6 ------
net/ipv6/esp6.c | 6 ------
3 files changed, 1 insertion(+), 13 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 6fb899ff5afc..b41278abeeaa 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1006,7 +1006,7 @@ struct xfrm_offload {
#define CRYPTO_FALLBACK 8
#define XFRM_GSO_SEGMENT 16
#define XFRM_GRO 32
-#define XFRM_ESP_NO_TRAILER 64
+/* 64 is free */
#define XFRM_DEV_RESUME 128
#define XFRM_XMIT 256
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index d747166bb291..b21238df3301 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -705,7 +705,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
static inline int esp_remove_trailer(struct sk_buff *skb)
{
struct xfrm_state *x = xfrm_input_state(skb);
- struct xfrm_offload *xo = xfrm_offload(skb);
struct crypto_aead *aead = x->data;
int alen, hlen, elen;
int padlen, trimlen;
@@ -717,11 +716,6 @@ static inline int esp_remove_trailer(struct sk_buff *skb)
hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
elen = skb->len - hlen;
- if (xo && (xo->flags & XFRM_ESP_NO_TRAILER)) {
- ret = xo->proto;
- goto out;
- }
-
if (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2))
BUG();
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index f2120e92caf1..36e1d0f8dd06 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -741,7 +741,6 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
static inline int esp_remove_trailer(struct sk_buff *skb)
{
struct xfrm_state *x = xfrm_input_state(skb);
- struct xfrm_offload *xo = xfrm_offload(skb);
struct crypto_aead *aead = x->data;
int alen, hlen, elen;
int padlen, trimlen;
@@ -753,11 +752,6 @@ static inline int esp_remove_trailer(struct sk_buff *skb)
hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
elen = skb->len - hlen;
- if (xo && (xo->flags & XFRM_ESP_NO_TRAILER)) {
- ret = xo->proto;
- goto out;
- }
-
ret = skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2);
BUG_ON(ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH ipsec-next 2/8] xfrm: delete not used number of external headers
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 1/8] xfrm: free not used XFRM_ESP_NO_TRAILER flag Leon Romanovsky
@ 2022-05-05 10:06 ` Leon Romanovsky
2022-05-05 11:03 ` David Miller
2022-05-05 10:06 ` [PATCH ipsec-next 3/8] xfrm: rename xfrm_state_offload struct to allow reuse Leon Romanovsky
` (6 subsequent siblings)
8 siblings, 1 reply; 14+ messages in thread
From: Leon Romanovsky @ 2022-05-05 10:06 UTC (permalink / raw)
To: Steffen Klassert
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
From: Leon Romanovsky <leonro@nvidia.com>
num_exthdrs is set but never used, so delete it.
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
include/net/xfrm.h | 1 -
net/xfrm/xfrm_device.c | 2 --
2 files changed, 3 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index b41278abeeaa..4e097423116c 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -131,7 +131,6 @@ struct xfrm_state_offload {
netdevice_tracker dev_tracker;
struct net_device *real_dev;
unsigned long offload_handle;
- unsigned int num_exthdrs;
u8 flags;
};
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 36aa01d92b65..dbd923e1d5f0 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -264,13 +264,11 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
xso->dev = dev;
netdev_tracker_alloc(dev, &xso->dev_tracker, GFP_ATOMIC);
xso->real_dev = dev;
- xso->num_exthdrs = 1;
/* Don't forward bit that is not implemented */
xso->flags = xuo->flags & ~XFRM_OFFLOAD_IPV6;
err = dev->xfrmdev_ops->xdo_dev_state_add(x);
if (err) {
- xso->num_exthdrs = 0;
xso->flags = 0;
xso->dev = NULL;
xso->real_dev = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH ipsec-next 3/8] xfrm: rename xfrm_state_offload struct to allow reuse
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 1/8] xfrm: free not used XFRM_ESP_NO_TRAILER flag Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 2/8] xfrm: delete not used number of external headers Leon Romanovsky
@ 2022-05-05 10:06 ` Leon Romanovsky
2022-05-05 11:03 ` David Miller
2022-05-05 10:06 ` [PATCH ipsec-next 4/8] xfrm: store and rely on direction to construct offload flags Leon Romanovsky
` (5 subsequent siblings)
8 siblings, 1 reply; 14+ messages in thread
From: Leon Romanovsky @ 2022-05-05 10:06 UTC (permalink / raw)
To: Steffen Klassert
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
From: Leon Romanovsky <leonro@nvidia.com>
The struct xfrm_state_offload has all fields needed to hold information
for offloaded policies too. In order to do not create new struct with
same fields, let's rename existing one and reuse it later.
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
include/net/xfrm.h | 10 +++++-----
net/xfrm/xfrm_device.c | 2 +-
net/xfrm/xfrm_state.c | 4 ++--
net/xfrm/xfrm_user.c | 2 +-
4 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 4e097423116c..bb20278d689c 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -126,7 +126,7 @@ struct xfrm_state_walk {
struct xfrm_address_filter *filter;
};
-struct xfrm_state_offload {
+struct xfrm_dev_offload {
struct net_device *dev;
netdevice_tracker dev_tracker;
struct net_device *real_dev;
@@ -246,7 +246,7 @@ struct xfrm_state {
struct xfrm_lifetime_cur curlft;
struct hrtimer mtimer;
- struct xfrm_state_offload xso;
+ struct xfrm_dev_offload xso;
/* used to fix curlft->add_time when changing date */
long saved_tmo;
@@ -1865,7 +1865,7 @@ bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x);
static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x)
{
- struct xfrm_state_offload *xso = &x->xso;
+ struct xfrm_dev_offload *xso = &x->xso;
if (xso->dev && xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn)
xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn(x);
@@ -1891,7 +1891,7 @@ static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
static inline void xfrm_dev_state_delete(struct xfrm_state *x)
{
- struct xfrm_state_offload *xso = &x->xso;
+ struct xfrm_dev_offload *xso = &x->xso;
if (xso->dev)
xso->dev->xfrmdev_ops->xdo_dev_state_delete(x);
@@ -1899,7 +1899,7 @@ static inline void xfrm_dev_state_delete(struct xfrm_state *x)
static inline void xfrm_dev_state_free(struct xfrm_state *x)
{
- struct xfrm_state_offload *xso = &x->xso;
+ struct xfrm_dev_offload *xso = &x->xso;
struct net_device *dev = xso->dev;
if (dev && dev->xfrmdev_ops) {
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index dbd923e1d5f0..6e4d3cb2e24d 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -212,7 +212,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
int err;
struct dst_entry *dst;
struct net_device *dev;
- struct xfrm_state_offload *xso = &x->xso;
+ struct xfrm_dev_offload *xso = &x->xso;
xfrm_address_t *saddr;
xfrm_address_t *daddr;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index b749935152ba..08564e0eef20 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -751,7 +751,7 @@ xfrm_dev_state_flush_secctx_check(struct net *net, struct net_device *dev, bool
for (i = 0; i <= net->xfrm.state_hmask; i++) {
struct xfrm_state *x;
- struct xfrm_state_offload *xso;
+ struct xfrm_dev_offload *xso;
hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
xso = &x->xso;
@@ -835,7 +835,7 @@ int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_vali
err = -ESRCH;
for (i = 0; i <= net->xfrm.state_hmask; i++) {
struct xfrm_state *x;
- struct xfrm_state_offload *xso;
+ struct xfrm_dev_offload *xso;
restart:
hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
xso = &x->xso;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 64fa8fdd6bbd..7217c57a76e9 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -840,7 +840,7 @@ static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb)
return 0;
}
-static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb)
+static int copy_user_offload(struct xfrm_dev_offload *xso, struct sk_buff *skb)
{
struct xfrm_user_offload *xuo;
struct nlattr *attr;
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH ipsec-next 4/8] xfrm: store and rely on direction to construct offload flags
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
` (2 preceding siblings ...)
2022-05-05 10:06 ` [PATCH ipsec-next 3/8] xfrm: rename xfrm_state_offload struct to allow reuse Leon Romanovsky
@ 2022-05-05 10:06 ` Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 5/8] ixgbe: propagate XFRM offload state direction instead of flags Leon Romanovsky
` (4 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Leon Romanovsky @ 2022-05-05 10:06 UTC (permalink / raw)
To: Steffen Klassert
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
From: Leon Romanovsky <leonro@nvidia.com>
XFRM state doesn't need anything from flags except to understand
direction, so store it separately. For future patches, such change
will allow us to reuse xfrm_dev_offload for policy offload too, which
has three possible directions instead of two.
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
include/net/xfrm.h | 6 ++++++
net/xfrm/xfrm_device.c | 8 +++++++-
net/xfrm/xfrm_user.c | 3 ++-
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index bb20278d689c..45422f7be0c5 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -126,12 +126,18 @@ struct xfrm_state_walk {
struct xfrm_address_filter *filter;
};
+enum {
+ XFRM_DEV_OFFLOAD_IN = 1,
+ XFRM_DEV_OFFLOAD_OUT,
+};
+
struct xfrm_dev_offload {
struct net_device *dev;
netdevice_tracker dev_tracker;
struct net_device *real_dev;
unsigned long offload_handle;
u8 flags;
+ u8 dir : 2;
};
struct xfrm_mode {
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 6e4d3cb2e24d..c818afca9137 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -117,7 +117,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
sp = skb_sec_path(skb);
x = sp->xvec[sp->len - 1];
- if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND)
+ if (xo->flags & XFRM_GRO || x->xso.dir == XFRM_DEV_OFFLOAD_IN)
return skb;
/* This skb was already validated on the upper/virtual dev */
@@ -267,10 +267,16 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
/* Don't forward bit that is not implemented */
xso->flags = xuo->flags & ~XFRM_OFFLOAD_IPV6;
+ if (xuo->flags & XFRM_OFFLOAD_INBOUND)
+ xso->dir = XFRM_DEV_OFFLOAD_IN;
+ else
+ xso->dir = XFRM_DEV_OFFLOAD_OUT;
+
err = dev->xfrmdev_ops->xdo_dev_state_add(x);
if (err) {
xso->flags = 0;
xso->dev = NULL;
+ xso->dir = 0;
xso->real_dev = NULL;
dev_put_track(dev, &xso->dev_tracker);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 7217c57a76e9..6a58fec6a1fb 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -852,7 +852,8 @@ static int copy_user_offload(struct xfrm_dev_offload *xso, struct sk_buff *skb)
xuo = nla_data(attr);
memset(xuo, 0, sizeof(*xuo));
xuo->ifindex = xso->dev->ifindex;
- xuo->flags = xso->flags;
+ if (xso->dir == XFRM_DEV_OFFLOAD_IN)
+ xuo->flags = XFRM_OFFLOAD_INBOUND;
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH ipsec-next 5/8] ixgbe: propagate XFRM offload state direction instead of flags
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
` (3 preceding siblings ...)
2022-05-05 10:06 ` [PATCH ipsec-next 4/8] xfrm: store and rely on direction to construct offload flags Leon Romanovsky
@ 2022-05-05 10:06 ` Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 6/8] netdevsim: rely on XFRM " Leon Romanovsky
` (3 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Leon Romanovsky @ 2022-05-05 10:06 UTC (permalink / raw)
To: Steffen Klassert
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
From: Leon Romanovsky <leonro@nvidia.com>
Convert the ixgbe driver to rely on XFRM offload state direction instead
of flags bits that were not checked at all.
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 ++++-----
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h | 2 +-
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 6 +++---
drivers/net/ethernet/intel/ixgbevf/ipsec.h | 2 +-
4 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 69d11ff7677d..774de63dd93a 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -585,7 +585,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)
return -EINVAL;
}
- if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
+ if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
struct rx_sa rsa;
if (xs->calg) {
@@ -757,7 +757,7 @@ static void ixgbe_ipsec_del_sa(struct xfrm_state *xs)
u32 zerobuf[4] = {0, 0, 0, 0};
u16 sa_idx;
- if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
+ if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
struct rx_sa *rsa;
u8 ipi;
@@ -903,8 +903,7 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
/* Tx IPsec offload doesn't seem to work on this
* device, so block these requests for now.
*/
- sam->flags = sam->flags & ~XFRM_OFFLOAD_IPV6;
- if (sam->flags != XFRM_OFFLOAD_INBOUND) {
+ if (sam->dir != XFRM_DEV_OFFLOAD_IN) {
err = -EOPNOTSUPP;
goto err_out;
}
@@ -915,7 +914,7 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
goto err_out;
}
- xs->xso.flags = sam->flags;
+ xs->xso.dir = sam->dir;
xs->id.spi = sam->spi;
xs->id.proto = sam->proto;
xs->props.family = sam->family;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
index d2b64ff8eb4e..809ab51a7842 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
@@ -74,7 +74,7 @@ struct ixgbe_ipsec {
struct sa_mbx_msg {
__be32 spi;
- u8 flags;
+ u8 dir;
u8 proto;
u16 family;
__be32 addr[4];
diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
index e763cee0695e..9984ebc62d78 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c
@@ -25,7 +25,7 @@ static int ixgbevf_ipsec_set_pf_sa(struct ixgbevf_adapter *adapter,
/* send the important bits to the PF */
sam = (struct sa_mbx_msg *)(&msgbuf[1]);
- sam->flags = xs->xso.flags;
+ sam->dir = xs->xso.dir;
sam->spi = xs->id.spi;
sam->proto = xs->id.proto;
sam->family = xs->props.family;
@@ -280,7 +280,7 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs)
return -EINVAL;
}
- if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
+ if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
struct rx_sa rsa;
if (xs->calg) {
@@ -394,7 +394,7 @@ static void ixgbevf_ipsec_del_sa(struct xfrm_state *xs)
adapter = netdev_priv(dev);
ipsec = adapter->ipsec;
- if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
+ if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_RX_INDEX;
if (!ipsec->rx_tbl[sa_idx].used) {
diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.h b/drivers/net/ethernet/intel/ixgbevf/ipsec.h
index 3740725041c3..d22990165353 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ipsec.h
+++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.h
@@ -57,7 +57,7 @@ struct ixgbevf_ipsec {
struct sa_mbx_msg {
__be32 spi;
- u8 flags;
+ u8 dir;
u8 proto;
u16 family;
__be32 addr[4];
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH ipsec-next 6/8] netdevsim: rely on XFRM state direction instead of flags
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
` (4 preceding siblings ...)
2022-05-05 10:06 ` [PATCH ipsec-next 5/8] ixgbe: propagate XFRM offload state direction instead of flags Leon Romanovsky
@ 2022-05-05 10:06 ` Leon Romanovsky
2022-05-05 16:53 ` Jakub Kicinski
2022-05-05 10:06 ` [PATCH ipsec-next 7/8] net/mlx5e: Use " Leon Romanovsky
` (2 subsequent siblings)
8 siblings, 1 reply; 14+ messages in thread
From: Leon Romanovsky @ 2022-05-05 10:06 UTC (permalink / raw)
To: Steffen Klassert
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
From: Leon Romanovsky <leonro@nvidia.com>
Make sure that netdevsim relies on direction and not on flags.
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
drivers/net/netdevsim/ipsec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index b80ed2ffd45e..386336a38f34 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -171,7 +171,7 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs)
return ret;
}
- if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
+ if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
sa.rx = true;
if (xs->props.family == AF_INET6)
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH ipsec-next 7/8] net/mlx5e: Use XFRM state direction instead of flags
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
` (5 preceding siblings ...)
2022-05-05 10:06 ` [PATCH ipsec-next 6/8] netdevsim: rely on XFRM " Leon Romanovsky
@ 2022-05-05 10:06 ` Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 8/8] xfrm: drop not needed flags variable in XFRM offload struct Leon Romanovsky
2022-05-07 7:28 ` [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Steffen Klassert
8 siblings, 0 replies; 14+ messages in thread
From: Leon Romanovsky @ 2022-05-05 10:06 UTC (permalink / raw)
To: Steffen Klassert
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
From: Leon Romanovsky <leonro@nvidia.com>
Convert mlx5 driver to use XFRM state direction.
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
.../net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 35e2bb301c26..2a8fd7020622 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -172,9 +172,9 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
}
/* action */
- attrs->action = (!(x->xso.flags & XFRM_OFFLOAD_INBOUND)) ?
- MLX5_ACCEL_ESP_ACTION_ENCRYPT :
- MLX5_ACCEL_ESP_ACTION_DECRYPT;
+ attrs->action = (x->xso.dir == XFRM_DEV_OFFLOAD_OUT) ?
+ MLX5_ACCEL_ESP_ACTION_ENCRYPT :
+ MLX5_ACCEL_ESP_ACTION_DECRYPT;
/* flags */
attrs->flags |= (x->props.mode == XFRM_MODE_TRANSPORT) ?
MLX5_ACCEL_ESP_FLAGS_TRANSPORT :
@@ -306,7 +306,7 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x)
if (err)
goto err_hw_ctx;
- if (x->xso.flags & XFRM_OFFLOAD_INBOUND) {
+ if (x->xso.dir == XFRM_DEV_OFFLOAD_IN) {
err = mlx5e_ipsec_sadb_rx_add(sa_entry);
if (err)
goto err_add_rule;
@@ -333,7 +333,7 @@ static void mlx5e_xfrm_del_state(struct xfrm_state *x)
{
struct mlx5e_ipsec_sa_entry *sa_entry = to_ipsec_sa_entry(x);
- if (x->xso.flags & XFRM_OFFLOAD_INBOUND)
+ if (x->xso.dir == XFRM_DEV_OFFLOAD_IN)
mlx5e_ipsec_sadb_rx_del(sa_entry);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH ipsec-next 8/8] xfrm: drop not needed flags variable in XFRM offload struct
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
` (6 preceding siblings ...)
2022-05-05 10:06 ` [PATCH ipsec-next 7/8] net/mlx5e: Use " Leon Romanovsky
@ 2022-05-05 10:06 ` Leon Romanovsky
2022-05-07 7:28 ` [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Steffen Klassert
8 siblings, 0 replies; 14+ messages in thread
From: Leon Romanovsky @ 2022-05-05 10:06 UTC (permalink / raw)
To: Steffen Klassert
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
From: Leon Romanovsky <leonro@nvidia.com>
After drivers were converted to rely on direction, the flags is not
used anymore and can be removed.
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
include/net/xfrm.h | 1 -
net/xfrm/xfrm_device.c | 3 ---
2 files changed, 4 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 45422f7be0c5..736c349de8bf 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -136,7 +136,6 @@ struct xfrm_dev_offload {
netdevice_tracker dev_tracker;
struct net_device *real_dev;
unsigned long offload_handle;
- u8 flags;
u8 dir : 2;
};
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index c818afca9137..35c7e89b2e7d 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -264,8 +264,6 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
xso->dev = dev;
netdev_tracker_alloc(dev, &xso->dev_tracker, GFP_ATOMIC);
xso->real_dev = dev;
- /* Don't forward bit that is not implemented */
- xso->flags = xuo->flags & ~XFRM_OFFLOAD_IPV6;
if (xuo->flags & XFRM_OFFLOAD_INBOUND)
xso->dir = XFRM_DEV_OFFLOAD_IN;
@@ -274,7 +272,6 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
err = dev->xfrmdev_ops->xdo_dev_state_add(x);
if (err) {
- xso->flags = 0;
xso->dev = NULL;
xso->dir = 0;
xso->real_dev = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH ipsec-next 1/8] xfrm: free not used XFRM_ESP_NO_TRAILER flag
2022-05-05 10:06 ` [PATCH ipsec-next 1/8] xfrm: free not used XFRM_ESP_NO_TRAILER flag Leon Romanovsky
@ 2022-05-05 11:02 ` David Miller
0 siblings, 0 replies; 14+ messages in thread
From: David Miller @ 2022-05-05 11:02 UTC (permalink / raw)
To: leon
Cc: steffen.klassert, leonro, kuba, dsahern, herbert,
intel-wired-lan, jesse.brandeburg, netdev, pabeni, raeds, saeedm,
anthony.l.nguyen
From: Leon Romanovsky <leon@kernel.org>
Date: Thu, 5 May 2022 13:06:38 +0300
> From: Leon Romanovsky <leonro@nvidia.com>
>
> After removal of Innova IPsec support from mlx5 driver, the last user
> of this XFRM_ESP_NO_TRAILER was gone too. This means that we can safely
> remove it as no other hardware is capable (or need) to remove ESP trailer.
>
> Reviewed-by: Raed Salem <raeds@nvidia.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Acked-by: David S. Miller <davem@davemloft.net>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH ipsec-next 2/8] xfrm: delete not used number of external headers
2022-05-05 10:06 ` [PATCH ipsec-next 2/8] xfrm: delete not used number of external headers Leon Romanovsky
@ 2022-05-05 11:03 ` David Miller
0 siblings, 0 replies; 14+ messages in thread
From: David Miller @ 2022-05-05 11:03 UTC (permalink / raw)
To: leon
Cc: steffen.klassert, leonro, kuba, dsahern, herbert,
intel-wired-lan, jesse.brandeburg, netdev, pabeni, raeds, saeedm,
anthony.l.nguyen
From: Leon Romanovsky <leon@kernel.org>
Date: Thu, 5 May 2022 13:06:39 +0300
> From: Leon Romanovsky <leonro@nvidia.com>
>
> num_exthdrs is set but never used, so delete it.
>
> Reviewed-by: Raed Salem <raeds@nvidia.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Acked-by: David S. Miller <davem@davemloft.net>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH ipsec-next 3/8] xfrm: rename xfrm_state_offload struct to allow reuse
2022-05-05 10:06 ` [PATCH ipsec-next 3/8] xfrm: rename xfrm_state_offload struct to allow reuse Leon Romanovsky
@ 2022-05-05 11:03 ` David Miller
0 siblings, 0 replies; 14+ messages in thread
From: David Miller @ 2022-05-05 11:03 UTC (permalink / raw)
To: leon
Cc: steffen.klassert, leonro, kuba, dsahern, herbert,
intel-wired-lan, jesse.brandeburg, netdev, pabeni, raeds, saeedm,
anthony.l.nguyen
From: Leon Romanovsky <leon@kernel.org>
Date: Thu, 5 May 2022 13:06:40 +0300
> From: Leon Romanovsky <leonro@nvidia.com>
>
> The struct xfrm_state_offload has all fields needed to hold information
> for offloaded policies too. In order to do not create new struct with
> same fields, let's rename existing one and reuse it later.
>
> Reviewed-by: Raed Salem <raeds@nvidia.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Acked-by: David S. Miller <davem@davemloft.net>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH ipsec-next 6/8] netdevsim: rely on XFRM state direction instead of flags
2022-05-05 10:06 ` [PATCH ipsec-next 6/8] netdevsim: rely on XFRM " Leon Romanovsky
@ 2022-05-05 16:53 ` Jakub Kicinski
0 siblings, 0 replies; 14+ messages in thread
From: Jakub Kicinski @ 2022-05-05 16:53 UTC (permalink / raw)
To: Leon Romanovsky
Cc: Steffen Klassert, Leon Romanovsky, David S . Miller, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
On Thu, 5 May 2022 13:06:43 +0300 Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
>
> Make sure that netdevsim relies on direction and not on flags.
>
> Reviewed-by: Raed Salem <raeds@nvidia.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Acked-by: Jakub Kicinski <kuba@kernel.org>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
` (7 preceding siblings ...)
2022-05-05 10:06 ` [PATCH ipsec-next 8/8] xfrm: drop not needed flags variable in XFRM offload struct Leon Romanovsky
@ 2022-05-07 7:28 ` Steffen Klassert
8 siblings, 0 replies; 14+ messages in thread
From: Steffen Klassert @ 2022-05-07 7:28 UTC (permalink / raw)
To: Leon Romanovsky
Cc: Leon Romanovsky, David S . Miller, Jakub Kicinski, David Ahern,
Herbert Xu, intel-wired-lan, Jesse Brandeburg, netdev,
Paolo Abeni, Raed Salem, Saeed Mahameed, Tony Nguyen
On Thu, May 05, 2022 at 01:06:37PM +0300, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
>
> Hi Steffen,
>
> I may admit that the title of this series is not the best one as it
> contains straightforward cleanups and code that converts flags to
> something less confusing.
>
> This series follows removal of FPGA IPsec code from the mlx5 driver and
> based on net-next commit 4950b6990e3b ("Merge branch 'ocelot-vcap-cleanups'").
>
> As such, first two patches delete code that was used by mlx5 FPGA code
> but isn't needed anymore.
>
> Third patch is simple struct rename.
>
> Rest of the patches separate user's provided flags variable from driver's
> usage. This allows us to created more simple in-kernel interface, that
> supports type checking without blending different properties into one
> variable. It is achieved by converting flags to specific bitfield variables
> with clear, meaningful names.
>
> Such change allows us more clear addition of new input flags needed to
> mark IPsec offload type.
>
> The followup code uses this extensively:
> https://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git/log/?h=xfrm-next
>
> Thanks
>
> Leon Romanovsky (8):
> xfrm: free not used XFRM_ESP_NO_TRAILER flag
> xfrm: delete not used number of external headers
> xfrm: rename xfrm_state_offload struct to allow reuse
> xfrm: store and rely on direction to construct offload flags
> ixgbe: propagate XFRM offload state direction instead of flags
> netdevsim: rely on XFRM state direction instead of flags
> net/mlx5e: Use XFRM state direction instead of flags
> xfrm: drop not needed flags variable in XFRM offload struct
Series applied, thanks a lot Leon!
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2022-05-07 7:28 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-05 10:06 [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 1/8] xfrm: free not used XFRM_ESP_NO_TRAILER flag Leon Romanovsky
2022-05-05 11:02 ` David Miller
2022-05-05 10:06 ` [PATCH ipsec-next 2/8] xfrm: delete not used number of external headers Leon Romanovsky
2022-05-05 11:03 ` David Miller
2022-05-05 10:06 ` [PATCH ipsec-next 3/8] xfrm: rename xfrm_state_offload struct to allow reuse Leon Romanovsky
2022-05-05 11:03 ` David Miller
2022-05-05 10:06 ` [PATCH ipsec-next 4/8] xfrm: store and rely on direction to construct offload flags Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 5/8] ixgbe: propagate XFRM offload state direction instead of flags Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 6/8] netdevsim: rely on XFRM " Leon Romanovsky
2022-05-05 16:53 ` Jakub Kicinski
2022-05-05 10:06 ` [PATCH ipsec-next 7/8] net/mlx5e: Use " Leon Romanovsky
2022-05-05 10:06 ` [PATCH ipsec-next 8/8] xfrm: drop not needed flags variable in XFRM offload struct Leon Romanovsky
2022-05-07 7:28 ` [PATCH ipsec-next 0/8] Be explicit with XFRM offload direction Steffen Klassert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).