netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Yinjun Zhang <yinjun.zhang@corigine.com>
To: Leon Romanovsky <leon@kernel.org>
Cc: Simon Horman <simon.horman@corigine.com>,
	David Miller <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	netdev@vger.kernel.org, oss-drivers@corigine.com,
	Huanhuan Wang <huanhuan.wang@corigine.com>,
	chengtian.liu@corigine.com
Subject: Re: [PATCH net-next v2 3/3] nfp: implement xfrm callbacks and expose ipsec offload feature to upper layer
Date: Mon, 10 Oct 2022 15:14:34 +0800	[thread overview]
Message-ID: <20221010071434.GB21559@nj-rack01-04.nji.corigine.com> (raw)
In-Reply-To: <YzVWsOP1R/FGPYgF@unreal>

On Thu, Sep 29, 2022 at 11:26:24AM +0300, Leon Romanovsky wrote:
> On Tue, Sep 27, 2022 at 12:27:07PM +0200, Simon Horman wrote:
> 
> > +	mutex_lock(&ipd->lock);
> > +
> > +	if (ipd->sa_free_cnt == 0) {
> > +		nn_err(nn, "No space for xfrm offload\n");
> > +		err = -ENOSPC;
> 
> Why don't you return EOPNOTSUPP?
> 

Here means no available sa. I think ENOSPC is more appropriate than
EOPNOTSUPP, and it looks like xfrm will fall back to software mode
when driver returns EOPNOTSUPP.

> > +static void xfrm_invalidate(struct nfp_net *nn, unsigned int saidx, int is_del)
> > +{
> > +	struct nfp_net_ipsec_data *ipd = nn->ipsec_data;
> > +	struct nfp_net_ipsec_sa_data *sa_data;
> > +	struct nfp_ipsec_cfg_mssg msg;
> > +	int err;
> > +
> > +	sa_data = &ipd->sa_entries[saidx];
> > +	if (!sa_data->invalidated) {
> > +		err = nfp_ipsec_cfg_cmd_issue(nn, NFP_IPSEC_CFG_MSSG_INV_SA, saidx, &msg);
> > +		if (err)
> > +			nn_warn(nn, "Failed to invalidate SA in hardware\n");
> > +		sa_data->invalidated = 1;
> > +	} else if (is_del) {
> > +		nn_warn(nn, "Unexpected invalidate state for offloaded saidx %d\n", saidx);
> 
> You definitely need to clean all these not-possible flows.
> 

Do you mean clean those sa entries? We clean them by invalidating them.
You can see `xfrm_invalidate` is called in `nfp_net_xfrm_del_state`.

> > +	}
> >  }
> >  
> >  static void nfp_net_xfrm_del_state(struct xfrm_state *x)
> >  {
> > +	struct net_device *netdev = x->xso.dev;
> > +	struct nfp_net_ipsec_data *ipd;
> > +	struct nfp_net *nn;
> > +
> > +	nn = netdev_priv(netdev);
> > +	ipd = nn->ipsec_data;
> > +
> > +	nn_dbg(nn, "XFRM del state!\n");
> > +
> > +	if (x->xso.offload_handle == OFFLOAD_HANDLE_ERROR) {
> > +		nn_err(nn, "Invalid xfrm offload handle\n");
> > +		return;
> > +	}
> > +
> > +	mutex_lock(&ipd->lock);
> > +	xfrm_invalidate(nn, x->xso.offload_handle - 1, 1);
> > +	mutex_unlock(&ipd->lock);
> >  }
> >  
> >  static void nfp_net_xfrm_free_state(struct xfrm_state *x)
> >  {
> > +	struct net_device *netdev = x->xso.dev;
> > +	struct nfp_net_ipsec_data *ipd;
> > +	struct nfp_net *nn;
> > +	int saidx;
> > +
> > +	nn = netdev_priv(netdev);
> > +	ipd = nn->ipsec_data;
> > +
> > +	nn_dbg(nn, "XFRM free state!\n");
> > +
> > +	if (x->xso.offload_handle == OFFLOAD_HANDLE_ERROR) {
> > +		nn_err(nn, "Invalid xfrm offload handle\n");
> > +		return;
> > +	}
> > +
> > +	mutex_lock(&ipd->lock);
> > +	saidx = x->xso.offload_handle - 1;
> > +	xfrm_invalidate(nn, saidx, 0);
> > +	ipd->sa_entries[saidx].x = NULL;
> > +	/* Return saidx to free list */
> > +	ipd->sa_free_stack[ipd->sa_free_cnt] = saidx;
> > +	ipd->sa_free_cnt++;
> > +
> > +	mutex_unlock(&ipd->lock);
> >  }

  reply	other threads:[~2022-10-10  7:23 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-27 10:27 [PATCH net-next v2 0/3] nfp: IPsec offload support Simon Horman
2022-09-27 10:27 ` [PATCH net-next v2 1/3] nfp: extend capability and control words Simon Horman
2022-09-27 10:27 ` [PATCH net-next v2 2/3] nfp: add framework to support ipsec offloading Simon Horman
2022-09-29  8:10   ` Leon Romanovsky
     [not found]     ` <20221010070512.GA21559@nj-rack01-04.nji.corigine.com>
2022-10-11  8:41       ` Leon Romanovsky
2022-10-13  8:21         ` Yinjun Zhang
2022-09-27 10:27 ` [PATCH net-next v2 3/3] nfp: implement xfrm callbacks and expose ipsec offload feature to upper layer Simon Horman
2022-09-29  8:26   ` Leon Romanovsky
2022-10-10  7:14     ` Yinjun Zhang [this message]
2022-10-11  8:36       ` Leon Romanovsky
2022-09-29  2:42 ` [PATCH net-next v2 0/3] nfp: IPsec offload support Jakub Kicinski
2022-09-29  8:48   ` Simon Horman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221010071434.GB21559@nj-rack01-04.nji.corigine.com \
    --to=yinjun.zhang@corigine.com \
    --cc=chengtian.liu@corigine.com \
    --cc=davem@davemloft.net \
    --cc=huanhuan.wang@corigine.com \
    --cc=kuba@kernel.org \
    --cc=leon@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=oss-drivers@corigine.com \
    --cc=pabeni@redhat.com \
    --cc=simon.horman@corigine.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).