diff options
| author | David S. Miller <davem@davemloft.net> | 2023-04-21 11:49:47 +0100 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2023-04-21 11:49:47 +0100 |
| commit | 156c93986d940e0c55a9aec8b77387f7bb4eb790 (patch) | |
| tree | e3f0bad10e659a50a5c6add96edb185e6e731585 | |
| parent | 35226750f7ab9d49140d95bc7d38a2a9b0f4fdfc (diff) | |
| parent | 45fd01f2fbf1119d083931b095ad6d0f13443d0e (diff) | |
Merge branch 'mlx5-ipsec-fixes'
Leon Romanovsky says:
====================
Fixes to mlx5 IPsec implementation
This small patchset includes various fixes and one refactoring patch
which I collected for the features sent in this cycle, with one exception -
first patch.
First patch fixes code which was introduced in previous cycle, however I
was able to trigger FW error only in custom debug code, so don't see a
need to send it to net-rc.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
3 files changed, 35 insertions, 36 deletions
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c index 5fd609d1120e..55b38544422f 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c @@ -252,6 +252,8 @@ static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry, struct net_device *netdev; struct neighbour *n; u8 addr[ETH_ALEN]; + const void *pkey; + u8 *dst, *src; if (attrs->mode != XFRM_MODE_TUNNEL || attrs->type != XFRM_DEV_OFFLOAD_PACKET) @@ -262,36 +264,31 @@ static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry, mlx5_query_mac_address(mdev, addr); switch (attrs->dir) { case XFRM_DEV_OFFLOAD_IN: - ether_addr_copy(attrs->dmac, addr); - n = neigh_lookup(&arp_tbl, &attrs->saddr.a4, netdev); - if (!n) { - n = neigh_create(&arp_tbl, &attrs->saddr.a4, netdev); - if (IS_ERR(n)) - return; - neigh_event_send(n, NULL); - attrs->drop = true; - break; - } - neigh_ha_snapshot(addr, n, netdev); - ether_addr_copy(attrs->smac, addr); + src = attrs->dmac; + dst = attrs->smac; + pkey = &attrs->saddr.a4; break; case XFRM_DEV_OFFLOAD_OUT: - ether_addr_copy(attrs->smac, addr); - n = neigh_lookup(&arp_tbl, &attrs->daddr.a4, netdev); - if (!n) { - n = neigh_create(&arp_tbl, &attrs->daddr.a4, netdev); - if (IS_ERR(n)) - return; - neigh_event_send(n, NULL); - attrs->drop = true; - break; - } - neigh_ha_snapshot(addr, n, netdev); - ether_addr_copy(attrs->dmac, addr); + src = attrs->smac; + dst = attrs->dmac; + pkey = &attrs->daddr.a4; break; default: return; } + + ether_addr_copy(src, addr); + n = neigh_lookup(&arp_tbl, pkey, netdev); + if (!n) { + n = neigh_create(&arp_tbl, pkey, netdev); + if (IS_ERR(n)) + return; + neigh_event_send(n, NULL); + attrs->drop = true; + } else { + neigh_ha_snapshot(addr, n, netdev); + ether_addr_copy(dst, addr); + } neigh_release(n); } @@ -708,11 +705,12 @@ err_hw_ctx: release_dwork: kfree(sa_entry->dwork); release_work: - kfree(sa_entry->work->data); + if (sa_entry->work) + kfree(sa_entry->work->data); kfree(sa_entry->work); err_xfrm: kfree(sa_entry); - NL_SET_ERR_MSG_MOD(extack, "Device failed to offload this policy"); + NL_SET_ERR_MSG_WEAK_MOD(extack, "Device failed to offload this state"); return err; } @@ -752,7 +750,8 @@ static void mlx5e_xfrm_free_state(struct xfrm_state *x) mlx5e_accel_ipsec_fs_del_rule(sa_entry); mlx5_ipsec_free_sa_ctx(sa_entry); kfree(sa_entry->dwork); - kfree(sa_entry->work->data); + if (sa_entry->work) + kfree(sa_entry->work->data); kfree(sa_entry->work); sa_entry_free: kfree(sa_entry); diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h index f7f7c09d2b32..4e9887171508 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h @@ -287,7 +287,7 @@ static inline bool addr6_all_zero(__be32 *addr6) { static const __be32 zaddr6[4] = {}; - return !memcmp(addr6, zaddr6, sizeof(*zaddr6)); + return !memcmp(addr6, zaddr6, sizeof(zaddr6)); } #else static inline void mlx5e_ipsec_init(struct mlx5e_priv *priv) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c index 5a8fcd30fcb1..dbe87bf89c0d 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c @@ -1252,16 +1252,16 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry) setup_fte_no_frags(spec); setup_fte_upper_proto_match(spec, &attrs->upspec); - if (attrs->reqid) { + switch (attrs->action) { + case XFRM_POLICY_ALLOW: + flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST; + if (!attrs->reqid) + break; + err = setup_modify_header(mdev, attrs->reqid, XFRM_DEV_OFFLOAD_OUT, &flow_act); if (err) goto err_mod_header; - } - - switch (attrs->action) { - case XFRM_POLICY_ALLOW: - flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST; break; case XFRM_POLICY_BLOCK: flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_DROP | @@ -1273,7 +1273,7 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry) default: WARN_ON(true); err = -EINVAL; - goto err_action; + goto err_mod_header; } flow_act.flags |= FLOW_ACT_NO_APPEND; @@ -1293,7 +1293,7 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry) return 0; err_action: - if (attrs->reqid) + if (flow_act.modify_hdr) mlx5_modify_header_dealloc(mdev, flow_act.modify_hdr); err_mod_header: kvfree(spec); |