Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp101934imu; Tue, 8 Jan 2019 15:30:31 -0800 (PST) X-Google-Smtp-Source: ALg8bN4zalFuYtFlE6N3QZRJWSQvnzWOyzCcsvbtVPxQ3PESS8qb5ecgLqgLyfZjk2h9dfOHE9oB X-Received: by 2002:a62:c505:: with SMTP id j5mr3690615pfg.149.1546990231438; Tue, 08 Jan 2019 15:30:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546990231; cv=none; d=google.com; s=arc-20160816; b=lkJMELxJON7avEFLLMMkp3SPSWMiiGFqaUAA5cWlYEiEEJ/wppQRBDnv4ERG5BHoam NxglcO5muJVY5GgklQ/kMSobaQW/zcaDMJIITfVxw0/kYcb2NeY/tOzJfmlAOjoUQqdr JsPi6Flaj3UFn0XYzPlEFzu9dUu8A0XK0Kl/c6bfRctNDJ3nMydXRU/cuiVHdwusHCLI 3bMtN/tiiv6K3egYOZS1thp4+dW+dwElHLYQqCgKca1b2K2o7O+nJOMvucj2LLwenhZZ FDhksu4cLyJycHlf7w9H6sb76mEznqaweG5fKySgF2Ns0ymEzFb48keu4SDZ8VhjXDuL W4UA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Wk8AykTyZC+5tFNvf9RxqOls2WcB+6myrLqRc18KX3E=; b=xXj26Wr961aULxCVx+P0wRrLEeePVD0ZxOtwWWcKHsxQkPj6IH81HhBNjGwdJgdMSr WvmZ0Y0uXH5F3bFBwF8WXpvK3EVtqH6SfvxFBfFhB9fD2ABmE8liH4kya15IEAWM10Ny udLp8M9Na7EFCn+itkDYvVuZIw8+HdCS68ax1zWnKht6f8tGvNkFzh5ktdpmlh/xUzAo T9vdeydP9N/TR4iXKBEscyjtDxdmCXiDik3Qo3Z5tWOw1J2qrO+7a+bQnKGWz05ciBx+ nAO3+NtbPum4MJZlPJoyLftZOrtTgsEUoVB0XwABP74n5ZnZUvwnqhVsFtSx26h6eUGV 1jLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sBaEAd7d; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i90si4440559pli.135.2019.01.08.15.30.16; Tue, 08 Jan 2019 15:30:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sBaEAd7d; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730954AbfAHUKv (ORCPT + 99 others); Tue, 8 Jan 2019 15:10:51 -0500 Received: from mail.kernel.org ([198.145.29.99]:60732 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729067AbfAHT0o (ORCPT ); Tue, 8 Jan 2019 14:26:44 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5653B20883; Tue, 8 Jan 2019 19:26:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1546975604; bh=xlI0R4Ox4wufRGX11R62rp2BAJQhu9zGLi5LH784ynY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sBaEAd7do9KdRyuSrU/t7OZVZ0T/7sEPPrGrq028bI7TcBr2fPmlkTNO2z5zTD9aZ xDmkw3ax7ROR5g3TXGlsLLejurJ3/fJ7UAC0VjchbCno48N8MdwATa6oGRWjNCtNWg wrm5eQFAkyuUKb850R+Ot5HHLYPsRkpkxQNml+Vw= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Shannon Nelson , Jeff Kirsher , Sasha Levin , netdev@vger.kernel.org Subject: [PATCH AUTOSEL 4.20 007/117] ixgbe: allow IPsec Tx offload in VEPA mode Date: Tue, 8 Jan 2019 14:24:35 -0500 Message-Id: <20190108192628.121270-7-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190108192628.121270-1-sashal@kernel.org> References: <20190108192628.121270-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Shannon Nelson [ Upstream commit 7fa57ca443cffe81ce8416b57966bfb0370678a1 ] When it's possible that the PF might end up trying to send a packet to one of its own VFs, we have to forbid IPsec offload because the device drops the packets into a black hole. See commit 47b6f50077e6 ("ixgbe: disallow IPsec Tx offload when in SR-IOV mode") for more info. This really is only necessary when the device is in the default VEB mode. If instead the device is running in VEPA mode, the packets will go through the encryption engine and out the MAC/PHY as normal, and get "hairpinned" as needed by the switch. So let's not block IPsec offload when in VEPA mode. To get there with the ixgbe device, use the handy 'bridge' command: bridge link set dev eth1 hwmode vepa Signed-off-by: Shannon Nelson Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: Sasha Levin --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index fd1b0546fd67..4d77f42e035c 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -4,6 +4,7 @@ #include "ixgbe.h" #include #include +#include #define IXGBE_IPSEC_KEY_BITS 160 static const char aes_gcm_name[] = "rfc4106(gcm(aes))"; @@ -693,7 +694,8 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs) } else { struct tx_sa tsa; - if (adapter->num_vfs) + if (adapter->num_vfs && + adapter->bridge_mode != BRIDGE_MODE_VEPA) return -EOPNOTSUPP; /* find the first unused index */ -- 2.19.1