Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7436915rwb; Tue, 6 Dec 2022 05:55:17 -0800 (PST) X-Google-Smtp-Source: AA0mqf7yS6YW4Ua9k8R6ubnmKigFOE3k05r3F7Bk3k7EjJ00ysSuZDl0Gbaaaz4kBSvh5rWfB/9Z X-Received: by 2002:a17:907:7f8e:b0:7bb:52b2:4162 with SMTP id qk14-20020a1709077f8e00b007bb52b24162mr2549953ejc.608.1670334916886; Tue, 06 Dec 2022 05:55:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670334916; cv=none; d=google.com; s=arc-20160816; b=OPIITfyDkgOzHLY1Rdw8ap/abZh3zb0UR+suug+ZpRW0YbD1kgZ9gNRp99ANV58nYi xE50clvnN1Wg+7SqHk/dUfDdtQlTFHApXnJAsbxCQ7IZP0k18tzIQkIl5uszVpt2u9sQ cY6VneERxHhugSEvfj6cZrIUOslrHyZ6cWiihuJ0ZNCxvxhP+5sWS11ZbNAGQB0vJJW2 Zs66hcGHsdWj2Q4nllBzowIICBQkwF8cj2yW4Mo7ik6mYz+TnAzaGWgd6BYS6Ib/nBlD s8WainW2/wPHpVxZMtJwJ10K9w0pLgPvwvLg1C63kmn5G/a84uhhKxicEEng8hcJXQoB nXNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=p9xwVOTAYpGb0BgYtRUwe5NfJ2iUdS8LM9rIfOZm+pk=; b=skto0PpmrgUnGUhjreqnXavm//yYTGb8ltbxqVlxyaLg3iSwQQD7tkvDqZTSo+gZFl 8cqYS+ypwyP/HOX16zv99rLCW6l5P1MgvZLVxLyF3MpyvFPHlitBzhXgRb3sJqjyW2Es FxcAuId2mqy3fEgvFdp08zNAt30ASn40DpX+pkCYHoQTFCNFEIQ3gOmjo2f4WzcFiK3p kgDh56qEVD8loX6LcBv3s9EyiO3cdnIIZKaqUpnuTtoYL4bZDbXI4SJfpwUrFmHWZIKf uLibQc3JCJWuvDUZIf/NILGGO5AXF78d9M+bucd/lNmJbbnYhYa9npwRQyoDk5OtUC1X W/Kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@resnulli-us.20210112.gappssmtp.com header.s=20210112 header.b=LTfmUOoX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k15-20020aa7c04f000000b004673015ab88si1752237edo.19.2022.12.06.05.54.56; Tue, 06 Dec 2022 05:55:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@resnulli-us.20210112.gappssmtp.com header.s=20210112 header.b=LTfmUOoX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231190AbiLFNfh (ORCPT + 79 others); Tue, 6 Dec 2022 08:35:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230313AbiLFNfa (ORCPT ); Tue, 6 Dec 2022 08:35:30 -0500 Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EFA8625EB6 for ; Tue, 6 Dec 2022 05:35:26 -0800 (PST) Received: by mail-wr1-x42a.google.com with SMTP id m14so23466672wrh.7 for ; Tue, 06 Dec 2022 05:35:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=resnulli-us.20210112.gappssmtp.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=p9xwVOTAYpGb0BgYtRUwe5NfJ2iUdS8LM9rIfOZm+pk=; b=LTfmUOoXz31VqYHf1vqOug6OF5ojsYHK8Qj0G0E4jV7muimMdKSjk4odCvGzacYUSo bR+0JTH8/4SV/p0hRkcR+PgDd64tDycnvStl1C5ruKOtfsm1SPrPHtl7oDcyGcxMEatV RDiSa6mUCRzuqkF1NqqKgSUk4UWz70ktip22SSfdcazhM1hRfvso5GNNXpLDvWYABSRa oKoYn+g3E2rOctJ2TVK5JfVEtFIeespVWkKWgAJLXYuOJ4/wwFBtyzphUzDIXy6klX1O lJrpOnmqOyLJnlClChslM5If120Q9ky07q8HYLL+YKN/JCwPdGc3mr1yzbKpPSBwK8Yz dtAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=p9xwVOTAYpGb0BgYtRUwe5NfJ2iUdS8LM9rIfOZm+pk=; b=NvztjqNiL8/7B16m4AIwjK/WeyOcDO42NI2xt0HRXXUFW2K3t6m5MWqJxeONSsWSlB EltsbxAT1DsTWYRoAwrt7Ec7ZIp5wIBpl4PdXichwn9/3tq2Nwq1jTTXjGz7CjkMBQaN evTDLIMzO5VIfvuPni47mfI51HZpC+WZZ+o8gDWmZfKscDDKUa0fOKOA9gFbYvEHVAAV jE10essmRg963c14TcNKxS5nE1zEnPf1T7uMLDqAqB/UlnEeT2dXz5yxoKE7RMOrLCF/ SQVpmNoKOzD2LxU+EIOpLlKnmyhQa0+V92XW/np1Ql+AmaSJQDowARu4xQmrg7hvcZAV Yr9Q== X-Gm-Message-State: ANoB5pk7Xhz1i17OkWzNGa661ciMeJQbAOqKE3Y01VxPnyUxlb0T9gnn 3hi/0olYRsHG6sE4MXkIVYHiBY0hmJP1sRaKLhLYUg== X-Received: by 2002:a5d:4344:0:b0:22e:3430:475d with SMTP id u4-20020a5d4344000000b0022e3430475dmr53828566wrr.65.1670333725389; Tue, 06 Dec 2022 05:35:25 -0800 (PST) Received: from localhost (host-213-179-129-39.customer.m-online.net. [213.179.129.39]) by smtp.gmail.com with ESMTPSA id g13-20020a5d554d000000b002365cd93d05sm16781071wrw.102.2022.12.06.05.35.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Dec 2022 05:35:24 -0800 (PST) Date: Tue, 6 Dec 2022 14:35:23 +0100 From: Jiri Pirko To: Emeel Hakim Cc: "linux-kernel@vger.kernel.org" , Raed Salem , "davem@davemloft.net" , "edumazet@google.com" , "kuba@kernel.org" , "pabeni@redhat.com" , "netdev@vger.kernel.org" , "sd@queasysnail.net" Subject: Re: [PATCH net-next v2] macsec: Add support for IFLA_MACSEC_OFFLOAD in the netlink layer Message-ID: References: <20221206085757.5816-1-ehakim@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Tue, Dec 06, 2022 at 01:31:54PM CET, ehakim@nvidia.com wrote: > > >> -----Original Message----- >> From: Jiri Pirko >> Sent: Tuesday, 6 December 2022 11:16 >> To: Emeel Hakim >> Cc: linux-kernel@vger.kernel.org; Raed Salem ; >> davem@davemloft.net; edumazet@google.com; kuba@kernel.org; >> pabeni@redhat.com; netdev@vger.kernel.org; sd@queasysnail.net >> Subject: Re: [PATCH net-next v2] macsec: Add support for IFLA_MACSEC_OFFLOAD >> in the netlink layer >> >> External email: Use caution opening links or attachments >> >> >> Tue, Dec 06, 2022 at 09:57:57AM CET, ehakim@nvidia.com wrote: >> >From: Emeel Hakim >> > >> >This adds support for configuring Macsec offload through the >> >> Tell the codebase what to do. Be imperative in your patch descriptions so it is clear >> what are the intensions of the patch. > >Ack > >> >> >> >netlink layer by: >> >- Considering IFLA_MACSEC_OFFLOAD in macsec_fill_info. >> >- Handling IFLA_MACSEC_OFFLOAD in macsec_changelink. >> >- Adding IFLA_MACSEC_OFFLOAD to the netlink policy. >> >- Adjusting macsec_get_size. >> >> 4 patches then? > >Ack, I will change the commit message to be imperative and will replace the list with a good description. >I still believe it should be a one patch since splitting this could break a bisect process. Well, when you split, you have to make sure you don't break bisection, always. Please try to figure that out. > >> I mean really, not a macsec person, but I should be able to follow what are your >> intensions looking and description&code right away. >> >> > >> >The handling in macsec_changlink is similar to >> >> s/macsec_changlink/macsec_changelink/ > >Ack > >> >macsec_upd_offload. >> >Update macsec_upd_offload to use a common helper function to avoid >> >duplication. >> > >> >Example for setting offload for a macsec device >> > ip link set macsec0 type macsec offload mac >> > >> >Reviewed-by: Raed Salem >> >Signed-off-by: Emeel Hakim >> >--- >> >V1 -> V2: Add common helper to avoid duplicating code >> >drivers/net/macsec.c | 114 ++++++++++++++++++++++++++++--------------- >> > 1 file changed, 74 insertions(+), 40 deletions(-) >> > >> >diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index >> >d73b9d535b7a..afd6ff47ba56 100644 >> >--- a/drivers/net/macsec.c >> >+++ b/drivers/net/macsec.c >> >@@ -2583,16 +2583,45 @@ static bool macsec_is_configured(struct macsec_dev >> *macsec) >> > return false; >> > } >> > >> >+static int macsec_update_offload(struct macsec_dev *macsec, enum >> >+macsec_offload offload) { >> >+ enum macsec_offload prev_offload; >> >+ const struct macsec_ops *ops; >> >+ struct macsec_context ctx; >> >+ int ret = 0; >> >+ >> >+ prev_offload = macsec->offload; >> >+ >> >+ /* Check if the device already has rules configured: we do not support >> >+ * rules migration. >> >+ */ >> >+ if (macsec_is_configured(macsec)) >> >+ return -EBUSY; >> >+ >> >+ ops = __macsec_get_ops(offload == MACSEC_OFFLOAD_OFF ? prev_offload : >> offload, >> >+ macsec, &ctx); >> >+ if (!ops) >> >+ return -EOPNOTSUPP; >> >+ >> >+ macsec->offload = offload; >> >+ >> >+ ctx.secy = &macsec->secy; >> >+ ret = (offload == MACSEC_OFFLOAD_OFF) ? macsec_offload(ops- >> >mdo_del_secy, &ctx) : >> >+ macsec_offload(ops->mdo_add_secy, &ctx); >> >+ >> >+ if (ret) >> >+ macsec->offload = prev_offload; >> >+ >> >+ return ret; >> >+} >> >+ >> > static int macsec_upd_offload(struct sk_buff *skb, struct genl_info >> >*info) { >> > struct nlattr *tb_offload[MACSEC_OFFLOAD_ATTR_MAX + 1]; >> >- enum macsec_offload offload, prev_offload; >> >- int (*func)(struct macsec_context *ctx); >> > struct nlattr **attrs = info->attrs; >> >- struct net_device *dev; >> >- const struct macsec_ops *ops; >> >- struct macsec_context ctx; >> >+ enum macsec_offload offload; >> > struct macsec_dev *macsec; >> >+ struct net_device *dev; >> > int ret; >> > >> > if (!attrs[MACSEC_ATTR_IFINDEX]) @@ -2629,39 +2658,7 @@ static >> >int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info) >> > >> > rtnl_lock(); >> > >> >- prev_offload = macsec->offload; >> >- macsec->offload = offload; >> >- >> >- /* Check if the device already has rules configured: we do not support >> >- * rules migration. >> >- */ >> >- if (macsec_is_configured(macsec)) { >> >- ret = -EBUSY; >> >- goto rollback; >> >- } >> >- >> >- ops = __macsec_get_ops(offload == MACSEC_OFFLOAD_OFF ? prev_offload : >> offload, >> >- macsec, &ctx); >> >- if (!ops) { >> >- ret = -EOPNOTSUPP; >> >- goto rollback; >> >- } >> >- >> >- if (prev_offload == MACSEC_OFFLOAD_OFF) >> >- func = ops->mdo_add_secy; >> >- else >> >- func = ops->mdo_del_secy; >> >- >> >- ctx.secy = &macsec->secy; >> >- ret = macsec_offload(func, &ctx); >> >- if (ret) >> >- goto rollback; >> >- >> >- rtnl_unlock(); >> >- return 0; >> >- >> >-rollback: >> >- macsec->offload = prev_offload; >> >+ ret = macsec_update_offload(macsec, offload); >> > >> > rtnl_unlock(); >> > return ret; >> >@@ -3698,6 +3695,7 @@ static const struct nla_policy >> macsec_rtnl_policy[IFLA_MACSEC_MAX + 1] = { >> > [IFLA_MACSEC_SCB] = { .type = NLA_U8 }, >> > [IFLA_MACSEC_REPLAY_PROTECT] = { .type = NLA_U8 }, >> > [IFLA_MACSEC_VALIDATION] = { .type = NLA_U8 }, >> >+ [IFLA_MACSEC_OFFLOAD] = { .type = NLA_U8 }, >> > }; >> > >> > static void macsec_free_netdev(struct net_device *dev) @@ -3803,6 >> >+3801,29 @@ static int macsec_changelink_common(struct net_device *dev, >> > return 0; >> > } >> > >> >+static int macsec_changelink_upd_offload(struct net_device *dev, >> >+struct nlattr *data[]) { >> >+ enum macsec_offload offload; >> >+ struct macsec_dev *macsec; >> >+ >> >+ macsec = macsec_priv(dev); >> >+ offload = nla_get_u8(data[IFLA_MACSEC_OFFLOAD]); >> >+ >> >+ if (macsec->offload == offload) >> >+ return 0; >> >+ >> >+ /* Check if the offloading mode is supported by the underlying layers */ >> >+ if (offload != MACSEC_OFFLOAD_OFF && >> >+ !macsec_check_offload(offload, macsec)) >> >+ return -EOPNOTSUPP; >> >+ >> >+ /* Check if the net device is busy. */ >> >+ if (netif_running(dev)) >> >+ return -EBUSY; >> >+ >> >+ return macsec_update_offload(macsec, offload); } >> >+ >> > static int macsec_changelink(struct net_device *dev, struct nlattr *tb[], >> > struct nlattr *data[], >> > struct netlink_ext_ack *extack) @@ -3831,6 >> >+3852,12 @@ static int macsec_changelink(struct net_device *dev, struct nlattr >> *tb[], >> > if (ret) >> > goto cleanup; >> > >> >+ if (data[IFLA_MACSEC_OFFLOAD]) { >> >+ ret = macsec_changelink_upd_offload(dev, data); >> >+ if (ret) >> >+ goto cleanup; >> >+ } >> >+ >> > /* If h/w offloading is available, propagate to the device */ >> > if (macsec_is_offloaded(macsec)) { >> > const struct macsec_ops *ops; @@ -4231,16 +4258,22 @@ >> >static size_t macsec_get_size(const struct net_device *dev) >> > nla_total_size(1) + /* IFLA_MACSEC_SCB */ >> > nla_total_size(1) + /* IFLA_MACSEC_REPLAY_PROTECT */ >> > nla_total_size(1) + /* IFLA_MACSEC_VALIDATION */ >> >+ nla_total_size(1) + /* IFLA_MACSEC_OFFLOAD */ >> > 0; >> > } >> > >> > static int macsec_fill_info(struct sk_buff *skb, >> > const struct net_device *dev) { >> >- struct macsec_secy *secy = &macsec_priv(dev)->secy; >> >- struct macsec_tx_sc *tx_sc = &secy->tx_sc; >> >+ struct macsec_tx_sc *tx_sc; >> >+ struct macsec_dev *macsec; >> >+ struct macsec_secy *secy; >> > u64 csid; >> > >> >+ macsec = macsec_priv(dev); >> >+ secy = &macsec->secy; >> >+ tx_sc = &secy->tx_sc; >> >+ >> > switch (secy->key_len) { >> > case MACSEC_GCM_AES_128_SAK_LEN: >> > csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_128 : >> >MACSEC_DEFAULT_CIPHER_ID; @@ -4265,6 +4298,7 @@ static int >> macsec_fill_info(struct sk_buff *skb, >> > nla_put_u8(skb, IFLA_MACSEC_SCB, tx_sc->scb) || >> > nla_put_u8(skb, IFLA_MACSEC_REPLAY_PROTECT, secy->replay_protect) || >> > nla_put_u8(skb, IFLA_MACSEC_VALIDATION, >> >secy->validate_frames) || >> >+ nla_put_u8(skb, IFLA_MACSEC_OFFLOAD, macsec->offload) || >> > 0) >> > goto nla_put_failure; >> > >> >-- >> >2.21.3 >> >