Received: by 2002:a05:6512:2355:0:0:0:0 with SMTP id p21csp204129lfu;
        Wed, 30 Mar 2022 20:50:47 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwDIP5YDOtPAjksoSMtOsNwMqBMhc3cF4MirJUplFMYN79Aj5xDP+PdoyMNaQi9z+45BJKl
X-Received: by 2002:a63:7702:0:b0:382:24f1:b70f with SMTP id s2-20020a637702000000b0038224f1b70fmr8895788pgc.144.1648698647247;
        Wed, 30 Mar 2022 20:50:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1648698647; cv=none;
        d=google.com; s=arc-20160816;
        b=CHkhUwrd5natvBN000V91qj0Db9YjDPhe+jnLR3TISpTSuCxrgc+6euB7dyc2ddZtT
         oSLclKp6zRRDv7KNPlWwMoJ6OfqllW8wtHfLh1Q9JKWHJzwL4pYHKJXTiBUrJDVFtrPy
         3TvcBEoNn5hfHhzPvGrpy/hnVPQP2Uhs9IDOWajd/hBl6YI6F4El0lUPLW4JOsN7e6KH
         Gc0hcW6WgXbEaZ8mwYp1b3XXn2IZVV45vrDINo+5kj5toYv1j95fwtKHMaiW94Fb7jqw
         OTCbSvNajvAkya1+PYhocXk3RiGqegUGOv2hj9udYv1skgXFHBm4UWwGqXk3GW7Bz07E
         Dw1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=qrYwm/RKGHgcCNFDkaBVLBp4wjQyVEgoj/p7m3JoJ8w=;
        b=m30YLeaePIU5idhXqjDiN68v/n6Zv5MNLqpkB5qqR5e4Pds8iFGCKWIk8MS+dw2WiM
         zDmIMtwm+cOWv+DAdBjz6yJaVTwQ4FduOCTpd9vPRZamBR0oyjTJ5lFMkluC5ShDHkpr
         VGyMwj5HmnrlU4fZXu9TAl9p60rRZPl7sMPuVqP66Z00heH4pJr8b5DWyNERlTUp5w8b
         RAt83WiGCTaZpaEBVnnMB7fUc3HHKX7FHxDVM1HtLFB58tEb8uzfi6PdaNg0Z0T+Khp8
         noIhufnn+JfYhEI/cCBg6vLR/rgXaq3YD+UImUyBEYzvOSoP+fTp/YpBhNrmsemzM4Qw
         QS+Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WY7KW85Y;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id l4-20020a170902d04400b00153b2d16621si19271389pll.553.2022.03.30.20.50.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 30 Mar 2022 20:50:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WY7KW85Y;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 790AD4EA28;
	Wed, 30 Mar 2022 20:04:39 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S245721AbiC3LDp (ORCPT <rfc822;2014014876lha@gmail.com>
        + 99 others); Wed, 30 Mar 2022 07:03:45 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58668 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S245736AbiC3LDj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 30 Mar 2022 07:03:39 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AA8326C2C2;
        Wed, 30 Mar 2022 04:01:53 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id BF798B81C27;
        Wed, 30 Mar 2022 11:01:51 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 12FB6C340F3;
        Wed, 30 Mar 2022 11:01:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1648638110;
        bh=gRh7a2BgCxKwCeVP5kBE5nBoHRn+C0n8pARpFClb7lQ=;
        h=From:To:Cc:Subject:Date:From;
        b=WY7KW85Y2qFWDx4IbqQU+VuevwpOmv44CqfPSUv7DR3MtCbY+k8/Z9YTV2WLzPI8L
         esmVPq9ixBeb7fUC9W50wQw0LKT7T1upySft8Fw8s1G5eueRuikinYYymYnT6ckZ9d
         LUKCQIwO+0kW3G7NVpdC7tsvzGdNfy4GSMGGYySJGi/b9xq4u4SMsZ/j/Rry3FVfL0
         RhQrDueZqK9zEfxQRQIyqa+Dfs+Geg2MJYg7iQ1yz9dglKNSNKhVdUf3K0M/XUDQim
         r7LzyCD5yJhlzAew9Mf+XR7MnN8MbDsgui5r8opgwRBLMCm6bH+3dk98Q1biB31/9O
         Q9fyFwmHxFQhA==
From:   Leon Romanovsky <leon@kernel.org>
To:     "David S . Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>
Cc:     Leon Romanovsky <leonro@nvidia.com>,
        intel-wired-lan@lists.osuosl.org,
        Jeff Kirsher <jeffrey.t.kirsher@intel.com>,
        Jesse Brandeburg <jesse.brandeburg@intel.com>,
        linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
        Paolo Abeni <pabeni@redhat.com>, Raed Salem <raeds@nvidia.com>,
        Shannon Nelson <shannon.nelson@oracle.com>,
        Tony Nguyen <anthony.l.nguyen@intel.com>,
        Steffen Klassert <steffen.klassert@secunet.com>
Subject: [PATCH net] ixgbe: ensure IPsec VF<->PF compatibility
Date:   Wed, 30 Mar 2022 14:01:44 +0300
Message-Id: <3702fad8a016170947da5f3c521a9251cf0f4a22.1648637865.git.leonro@nvidia.com>
X-Mailer: git-send-email 2.35.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Leon Romanovsky <leonro@nvidia.com>

The VF driver can forward any IPsec flags and such makes the function
is not extendable and prone to backward/forward incompatibility.

If new software runs on VF, it won't know that PF configured something
completely different as it "knows" only XFRM_OFFLOAD_INBOUND flag.

Fixes: eda0333ac293 ("ixgbe: add VF IPsec management")
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
There is no simple fix for this VF/PF incompatibility as long as FW
doesn't filter/decline unsupported options when convey mailbox from VF
to PF.
---
 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index e596e1a9fc75..236f244e3f65 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -903,7 +903,9 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
 	/* Tx IPsec offload doesn't seem to work on this
 	 * device, so block these requests for now.
 	 */
-	if (!(sam->flags & XFRM_OFFLOAD_INBOUND)) {
+	sam->flags = sam->flags & ~XFRM_OFFLOAD_IPV6;
+	if (!(sam->flags & XFRM_OFFLOAD_INBOUND) ||
+	    sam->flags & ~XFRM_OFFLOAD_INBOUND) {
 		err = -EOPNOTSUPP;
 		goto err_out;
 	}
-- 
2.35.1