Received: by 2002:a05:6512:2355:0:0:0:0 with SMTP id p21csp204129lfu; Wed, 30 Mar 2022 20:50:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwDIP5YDOtPAjksoSMtOsNwMqBMhc3cF4MirJUplFMYN79Aj5xDP+PdoyMNaQi9z+45BJKl X-Received: by 2002:a63:7702:0:b0:382:24f1:b70f with SMTP id s2-20020a637702000000b0038224f1b70fmr8895788pgc.144.1648698647247; Wed, 30 Mar 2022 20:50:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648698647; cv=none; d=google.com; s=arc-20160816; b=CHkhUwrd5natvBN000V91qj0Db9YjDPhe+jnLR3TISpTSuCxrgc+6euB7dyc2ddZtT oSLclKp6zRRDv7KNPlWwMoJ6OfqllW8wtHfLh1Q9JKWHJzwL4pYHKJXTiBUrJDVFtrPy 3TvcBEoNn5hfHhzPvGrpy/hnVPQP2Uhs9IDOWajd/hBl6YI6F4El0lUPLW4JOsN7e6KH Gc0hcW6WgXbEaZ8mwYp1b3XXn2IZVV45vrDINo+5kj5toYv1j95fwtKHMaiW94Fb7jqw OTCbSvNajvAkya1+PYhocXk3RiGqegUGOv2hj9udYv1skgXFHBm4UWwGqXk3GW7Bz07E Dw1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=qrYwm/RKGHgcCNFDkaBVLBp4wjQyVEgoj/p7m3JoJ8w=; b=m30YLeaePIU5idhXqjDiN68v/n6Zv5MNLqpkB5qqR5e4Pds8iFGCKWIk8MS+dw2WiM zDmIMtwm+cOWv+DAdBjz6yJaVTwQ4FduOCTpd9vPRZamBR0oyjTJ5lFMkluC5ShDHkpr VGyMwj5HmnrlU4fZXu9TAl9p60rRZPl7sMPuVqP66Z00heH4pJr8b5DWyNERlTUp5w8b RAt83WiGCTaZpaEBVnnMB7fUc3HHKX7FHxDVM1HtLFB58tEb8uzfi6PdaNg0Z0T+Khp8 noIhufnn+JfYhEI/cCBg6vLR/rgXaq3YD+UImUyBEYzvOSoP+fTp/YpBhNrmsemzM4Qw QS+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WY7KW85Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id l4-20020a170902d04400b00153b2d16621si19271389pll.553.2022.03.30.20.50.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Mar 2022 20:50:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WY7KW85Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 790AD4EA28; Wed, 30 Mar 2022 20:04:39 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245721AbiC3LDp (ORCPT + 99 others); Wed, 30 Mar 2022 07:03:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58668 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245736AbiC3LDj (ORCPT ); Wed, 30 Mar 2022 07:03:39 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AA8326C2C2; Wed, 30 Mar 2022 04:01:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id BF798B81C27; Wed, 30 Mar 2022 11:01:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 12FB6C340F3; Wed, 30 Mar 2022 11:01:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1648638110; bh=gRh7a2BgCxKwCeVP5kBE5nBoHRn+C0n8pARpFClb7lQ=; h=From:To:Cc:Subject:Date:From; b=WY7KW85Y2qFWDx4IbqQU+VuevwpOmv44CqfPSUv7DR3MtCbY+k8/Z9YTV2WLzPI8L esmVPq9ixBeb7fUC9W50wQw0LKT7T1upySft8Fw8s1G5eueRuikinYYymYnT6ckZ9d LUKCQIwO+0kW3G7NVpdC7tsvzGdNfy4GSMGGYySJGi/b9xq4u4SMsZ/j/Rry3FVfL0 RhQrDueZqK9zEfxQRQIyqa+Dfs+Geg2MJYg7iQ1yz9dglKNSNKhVdUf3K0M/XUDQim r7LzyCD5yJhlzAew9Mf+XR7MnN8MbDsgui5r8opgwRBLMCm6bH+3dk98Q1biB31/9O Q9fyFwmHxFQhA== From: Leon Romanovsky To: "David S . Miller" , Jakub Kicinski Cc: Leon Romanovsky , intel-wired-lan@lists.osuosl.org, Jeff Kirsher , Jesse Brandeburg , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Paolo Abeni , Raed Salem , Shannon Nelson , Tony Nguyen , Steffen Klassert Subject: [PATCH net] ixgbe: ensure IPsec VF<->PF compatibility Date: Wed, 30 Mar 2022 14:01:44 +0300 Message-Id: <3702fad8a016170947da5f3c521a9251cf0f4a22.1648637865.git.leonro@nvidia.com> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Leon Romanovsky The VF driver can forward any IPsec flags and such makes the function is not extendable and prone to backward/forward incompatibility. If new software runs on VF, it won't know that PF configured something completely different as it "knows" only XFRM_OFFLOAD_INBOUND flag. Fixes: eda0333ac293 ("ixgbe: add VF IPsec management") Reviewed-by: Raed Salem Signed-off-by: Leon Romanovsky --- There is no simple fix for this VF/PF incompatibility as long as FW doesn't filter/decline unsupported options when convey mailbox from VF to PF. --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index e596e1a9fc75..236f244e3f65 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -903,7 +903,9 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) /* Tx IPsec offload doesn't seem to work on this * device, so block these requests for now. */ - if (!(sam->flags & XFRM_OFFLOAD_INBOUND)) { + sam->flags = sam->flags & ~XFRM_OFFLOAD_IPV6; + if (!(sam->flags & XFRM_OFFLOAD_INBOUND) || + sam->flags & ~XFRM_OFFLOAD_INBOUND) { err = -EOPNOTSUPP; goto err_out; } -- 2.35.1