Rather than requiring every hw crypto capable NIC driver to do a check for
slave_dev being set, set real_dev in the xfrm layer and xso init time, and
then override it in the bonding driver as needed. Then NIC drivers can
always use real_dev, and at the same time, we eliminate the use of a
variable name that probably shouldn't have been used in the first place,
particularly given recent current events.
CC: Boris Pismenny <[email protected]>
CC: Saeed Mahameed <[email protected]>
CC: Leon Romanovsky <[email protected]>
CC: Jay Vosburgh <[email protected]>
CC: Veaceslav Falico <[email protected]>
CC: Andy Gospodarek <[email protected]>
CC: "David S. Miller" <[email protected]>
CC: Jeff Kirsher <[email protected]>
CC: Jakub Kicinski <[email protected]>
CC: Steffen Klassert <[email protected]>
CC: Herbert Xu <[email protected]>
CC: [email protected]
Suggested-by: Saeed Mahameed <[email protected]>
Signed-off-by: Jarod Wilson <[email protected]>
---
drivers/net/bonding/bond_main.c | 6 +--
.../net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 47 +++++--------------
.../mellanox/mlx5/core/en_accel/ipsec.c | 10 +---
include/net/xfrm.h | 2 +-
net/xfrm/xfrm_device.c | 5 +-
5 files changed, 21 insertions(+), 49 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 90939ccf2a94..4ef99efc37f6 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -386,7 +386,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs)
struct bonding *bond = netdev_priv(bond_dev);
struct slave *slave = rtnl_dereference(bond->curr_active_slave);
- xs->xso.slave_dev = slave->dev;
+ xs->xso.real_dev = slave->dev;
bond->xs = xs;
if (!(slave->dev->xfrmdev_ops
@@ -411,7 +411,7 @@ static void bond_ipsec_del_sa(struct xfrm_state *xs)
if (!slave)
return;
- xs->xso.slave_dev = slave->dev;
+ xs->xso.real_dev = slave->dev;
if (!(slave->dev->xfrmdev_ops
&& slave->dev->xfrmdev_ops->xdo_dev_state_delete)) {
@@ -440,7 +440,7 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
return false;
}
- xs->xso.slave_dev = slave_dev;
+ xs->xso.real_dev = slave_dev;
return slave_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);
}
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 26b0a58a064d..6516980965a2 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -427,14 +427,11 @@ static struct xfrm_state *ixgbe_ipsec_find_rx_state(struct ixgbe_ipsec *ipsec,
static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs,
u32 *mykey, u32 *mysalt)
{
- struct net_device *dev = xs->xso.dev;
+ struct net_device *dev = xs->xso.real_dev;
unsigned char *key_data;
char *alg_name = NULL;
int key_len;
- if (xs->xso.slave_dev)
- dev = xs->xso.slave_dev;
-
if (!xs->aead) {
netdev_err(dev, "Unsupported IPsec algorithm\n");
return -EINVAL;
@@ -480,9 +477,9 @@ static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs,
**/
static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)
{
- struct net_device *dev = xs->xso.dev;
- struct ixgbe_adapter *adapter;
- struct ixgbe_hw *hw;
+ struct net_device *dev = xs->xso.real_dev;
+ struct ixgbe_adapter *adapter = netdev_priv(dev);
+ struct ixgbe_hw *hw = &adapter->hw;
u32 mfval, manc, reg;
int num_filters = 4;
bool manc_ipv4;
@@ -500,12 +497,6 @@ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)
#define BMCIP_V6 0x3
#define BMCIP_MASK 0x3
- if (xs->xso.slave_dev)
- dev = xs->xso.slave_dev;
-
- adapter = netdev_priv(dev);
- hw = &adapter->hw;
-
manc = IXGBE_READ_REG(hw, IXGBE_MANC);
manc_ipv4 = !!(manc & MANC_EN_IPV4_FILTER);
mfval = IXGBE_READ_REG(hw, IXGBE_MFVAL);
@@ -569,22 +560,15 @@ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)
**/
static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)
{
- struct net_device *dev = xs->xso.dev;
- struct ixgbe_adapter *adapter;
- struct ixgbe_ipsec *ipsec;
- struct ixgbe_hw *hw;
+ struct net_device *dev = xs->xso.real_dev;
+ struct ixgbe_adapter *adapter = netdev_priv(dev);
+ struct ixgbe_ipsec *ipsec = adapter->ipsec;
+ struct ixgbe_hw *hw = &adapter->hw;
int checked, match, first;
u16 sa_idx;
int ret;
int i;
- if (xs->xso.slave_dev)
- dev = xs->xso.slave_dev;
-
- adapter = netdev_priv(dev);
- ipsec = adapter->ipsec;
- hw = &adapter->hw;
-
if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n",
xs->id.proto);
@@ -761,20 +745,13 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)
**/
static void ixgbe_ipsec_del_sa(struct xfrm_state *xs)
{
- struct net_device *dev = xs->xso.dev;
- struct ixgbe_adapter *adapter;
- struct ixgbe_ipsec *ipsec;
- struct ixgbe_hw *hw;
+ struct net_device *dev = xs->xso.real_dev;
+ struct ixgbe_adapter *adapter = netdev_priv(dev);
+ struct ixgbe_ipsec *ipsec = adapter->ipsec;
+ struct ixgbe_hw *hw = &adapter->hw;
u32 zerobuf[4] = {0, 0, 0, 0};
u16 sa_idx;
- if (xs->xso.slave_dev)
- dev = xs->xso.slave_dev;
-
- adapter = netdev_priv(dev);
- ipsec = adapter->ipsec;
- hw = &adapter->hw;
-
if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
struct rx_sa *rsa;
u8 ipi;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 72ad6664bd73..bc55c82b55ba 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -207,12 +207,9 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
{
- struct net_device *netdev = x->xso.dev;
+ struct net_device *netdev = x->xso.real_dev;
struct mlx5e_priv *priv;
- if (x->xso.slave_dev)
- netdev = x->xso.slave_dev;
-
priv = netdev_priv(netdev);
if (x->props.aalgo != SADB_AALG_NONE) {
@@ -288,15 +285,12 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
static int mlx5e_xfrm_add_state(struct xfrm_state *x)
{
struct mlx5e_ipsec_sa_entry *sa_entry = NULL;
- struct net_device *netdev = x->xso.dev;
+ struct net_device *netdev = x->xso.real_dev;
struct mlx5_accel_esp_xfrm_attrs attrs;
struct mlx5e_priv *priv;
unsigned int sa_handle;
int err;
- if (x->xso.slave_dev)
- netdev = x->xso.slave_dev;
-
priv = netdev_priv(netdev);
err = mlx5e_xfrm_validate_state(x);
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index e20b2b27ec48..e648c9e6c919 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -127,7 +127,7 @@ struct xfrm_state_walk {
struct xfrm_state_offload {
struct net_device *dev;
- struct net_device *slave_dev;
+ struct net_device *real_dev;
unsigned long offload_handle;
unsigned int num_exthdrs;
u8 flags;
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index b8918fc5248b..7b64bb64c822 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -120,8 +120,8 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND)
return skb;
- /* This skb was already validated on the master dev */
- if ((x->xso.dev != dev) && (x->xso.slave_dev == dev))
+ /* This skb was already validated on the upper/virtual dev */
+ if ((x->xso.dev != dev) && (x->xso.real_dev == dev))
return skb;
local_irq_save(flags);
@@ -259,6 +259,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
}
xso->dev = dev;
+ xso->real_dev = dev;
xso->num_exthdrs = 1;
xso->flags = xuo->flags;
--
2.20.1
From: Jarod Wilson <[email protected]>
Date: Tue, 23 Jun 2020 16:40:01 -0400
> Rather than requiring every hw crypto capable NIC driver to do a check for
> slave_dev being set, set real_dev in the xfrm layer and xso init time, and
> then override it in the bonding driver as needed. Then NIC drivers can
> always use real_dev, and at the same time, we eliminate the use of a
> variable name that probably shouldn't have been used in the first place,
> particularly given recent current events.
>
> CC: Boris Pismenny <[email protected]>
> CC: Saeed Mahameed <[email protected]>
> CC: Leon Romanovsky <[email protected]>
> CC: Jay Vosburgh <[email protected]>
> CC: Veaceslav Falico <[email protected]>
> CC: Andy Gospodarek <[email protected]>
> CC: "David S. Miller" <[email protected]>
> CC: Jeff Kirsher <[email protected]>
> CC: Jakub Kicinski <[email protected]>
> CC: Steffen Klassert <[email protected]>
> CC: Herbert Xu <[email protected]>
> CC: [email protected]
> Suggested-by: Saeed Mahameed <[email protected]>
> Signed-off-by: Jarod Wilson <[email protected]>
Yes this is much nicer.
Applied, thank you.