diff mbox series

[ipsec-next,1/2] xfrm: Support ESN context update to hardware for TX

Message ID 874f965d786606b0b4351c976f50271349f68b03.1734611621.git.leon@kernel.org (mailing list archive)
State Awaiting Upstream
Delegated to: Netdev Maintainers
Headers show
Series [ipsec-next,1/2] xfrm: Support ESN context update to hardware for TX | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 2 maintainers not CCed: borisp@nvidia.com horms@kernel.org
netdev/build_clang success Errors and warnings before: 3 this patch: 3
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 11 this patch: 11
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 34 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 13 this patch: 13
netdev/source_inline success Was 0 now: 0

Commit Message

Leon Romanovsky Dec. 19, 2024, 12:37 p.m. UTC 
From: Jianbo Liu <jianbol@nvidia.com>

Previously xfrm_dev_state_advance_esn() was added for RX only. But
it's possible that ESN context also need to be synced to hardware for
TX, so call it for outbound in this patch.

Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 Documentation/networking/xfrm_device.rst                 | 3 ++-
 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c          | 3 +++
 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
 net/xfrm/xfrm_replay.c                                   | 1 +
 4 files changed, 9 insertions(+), 1 deletion(-)

Comments

Leon Romanovsky Jan. 7, 2025, 10:22 a.m. UTC | #1 
On Thu, Dec 19, 2024 at 02:37:29PM +0200, Leon Romanovsky wrote:
> From: Jianbo Liu <jianbol@nvidia.com>
> 
> Previously xfrm_dev_state_advance_esn() was added for RX only. But
> it's possible that ESN context also need to be synced to hardware for
> TX, so call it for outbound in this patch.
> 
> Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> ---
>  Documentation/networking/xfrm_device.rst                 | 3 ++-
>  drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c          | 3 +++
>  drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
>  net/xfrm/xfrm_replay.c                                   | 1 +
>  4 files changed, 9 insertions(+), 1 deletion(-)

Steffen,

This is kindly reminder.

Thanks

> 
> diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
> index bfea9d8579ed..66f6e9a9b59a 100644
> --- a/Documentation/networking/xfrm_device.rst
> +++ b/Documentation/networking/xfrm_device.rst
> @@ -169,7 +169,8 @@ the stack in xfrm_input().
>  
>  	hand the packet to napi_gro_receive() as usual
>  
> -In ESN mode, xdo_dev_state_advance_esn() is called from xfrm_replay_advance_esn().
> +In ESN mode, xdo_dev_state_advance_esn() is called from
> +xfrm_replay_advance_esn() for RX, and xfrm_replay_overflow_offload_esn for TX.
>  Driver will check packet seq number and update HW ESN state machine if needed.
>  
>  Packet offload mode:
> diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
> index bc3af0054406..e56e4f238795 100644
> --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
> +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
> @@ -6559,6 +6559,9 @@ static void cxgb4_advance_esn_state(struct xfrm_state *x)
>  {
>  	struct adapter *adap = netdev2adap(x->xso.dev);
>  
> +	if (x->xso.dir != XFRM_DEV_OFFLOAD_IN)
> +		return;
> +
>  	if (!mutex_trylock(&uld_mutex)) {
>  		dev_dbg(adap->pdev_dev,
>  			"crypto uld critical resource is under use\n");
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
> index ca92e518be76..3dd4f2492090 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
> @@ -980,6 +980,9 @@ static void mlx5e_xfrm_advance_esn_state(struct xfrm_state *x)
>  	struct mlx5e_ipsec_sa_entry *sa_entry_shadow;
>  	bool need_update;
>  
> +	if (x->xso.dir != XFRM_DEV_OFFLOAD_IN)
> +		return;
> +
>  	need_update = mlx5e_ipsec_update_esn_state(sa_entry);
>  	if (!need_update)
>  		return;
> diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
> index bc56c6305725..e500aebbad22 100644
> --- a/net/xfrm/xfrm_replay.c
> +++ b/net/xfrm/xfrm_replay.c
> @@ -729,6 +729,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
>  		}
>  
>  		replay_esn->oseq = oseq;
> +		xfrm_dev_state_advance_esn(x);
>  
>  		if (xfrm_aevent_is_on(net))
>  			xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
> -- 
> 2.47.0
> 
>
Steffen Klassert Jan. 7, 2025, 11:56 a.m. UTC | #2 
On Tue, Jan 07, 2025 at 12:22:04PM +0200, Leon Romanovsky wrote:
> On Thu, Dec 19, 2024 at 02:37:29PM +0200, Leon Romanovsky wrote:
> > From: Jianbo Liu <jianbol@nvidia.com>
> > 
> > Previously xfrm_dev_state_advance_esn() was added for RX only. But
> > it's possible that ESN context also need to be synced to hardware for
> > TX, so call it for outbound in this patch.
> > 
> > Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > ---
> >  Documentation/networking/xfrm_device.rst                 | 3 ++-
> >  drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c          | 3 +++
> >  drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
> >  net/xfrm/xfrm_replay.c                                   | 1 +
> >  4 files changed, 9 insertions(+), 1 deletion(-)
> 
> Steffen,
> 
> This is kindly reminder.

Sorry for the dealy, the holidays came faster than expected :)

> > diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
> > index bc56c6305725..e500aebbad22 100644
> > --- a/net/xfrm/xfrm_replay.c
> > +++ b/net/xfrm/xfrm_replay.c
> > @@ -729,6 +729,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
> >  		}
> >  
> >  		replay_esn->oseq = oseq;
> > +		xfrm_dev_state_advance_esn(x);

This is the only line of code that this patchset adds
to the xfrm stack, so merging this through mlx5 might
create less conflicts.

In case you want to do that, you can add my 'Acked-by'
to this patch. Otherwise I'll pull it into the ipsec-next
tree tomorrow.
Leon Romanovsky Jan. 7, 2025, 12:09 p.m. UTC | #3 
On Tue, Jan 07, 2025 at 12:56:33PM +0100, Steffen Klassert wrote:
> On Tue, Jan 07, 2025 at 12:22:04PM +0200, Leon Romanovsky wrote:
> > On Thu, Dec 19, 2024 at 02:37:29PM +0200, Leon Romanovsky wrote:
> > > From: Jianbo Liu <jianbol@nvidia.com>
> > > 
> > > Previously xfrm_dev_state_advance_esn() was added for RX only. But
> > > it's possible that ESN context also need to be synced to hardware for
> > > TX, so call it for outbound in this patch.
> > > 
> > > Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
> > > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > > ---
> > >  Documentation/networking/xfrm_device.rst                 | 3 ++-
> > >  drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c          | 3 +++
> > >  drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
> > >  net/xfrm/xfrm_replay.c                                   | 1 +
> > >  4 files changed, 9 insertions(+), 1 deletion(-)
> > 
> > Steffen,
> > 
> > This is kindly reminder.
> 
> Sorry for the dealy, the holidays came faster than expected :)
> 
> > > diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
> > > index bc56c6305725..e500aebbad22 100644
> > > --- a/net/xfrm/xfrm_replay.c
> > > +++ b/net/xfrm/xfrm_replay.c
> > > @@ -729,6 +729,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
> > >  		}
> > >  
> > >  		replay_esn->oseq = oseq;
> > > +		xfrm_dev_state_advance_esn(x);
> 
> This is the only line of code that this patchset adds
> to the xfrm stack, so merging this through mlx5 might
> create less conflicts.
> 
> In case you want to do that, you can add my 'Acked-by'
> to this patch. Otherwise I'll pull it into the ipsec-next
> tree tomorrow.

Let's do it through your tree, please. IMHO, it is more appropriate.

Thanks
Steffen Klassert Jan. 8, 2025, 10:25 a.m. UTC | #4 
On Tue, Jan 07, 2025 at 02:09:05PM +0200, Leon Romanovsky wrote:
> On Tue, Jan 07, 2025 at 12:56:33PM +0100, Steffen Klassert wrote:
> > On Tue, Jan 07, 2025 at 12:22:04PM +0200, Leon Romanovsky wrote:
> > > On Thu, Dec 19, 2024 at 02:37:29PM +0200, Leon Romanovsky wrote:
> > > > From: Jianbo Liu <jianbol@nvidia.com>
> > > > 
> > > > Previously xfrm_dev_state_advance_esn() was added for RX only. But
> > > > it's possible that ESN context also need to be synced to hardware for
> > > > TX, so call it for outbound in this patch.
> > > > 
> > > > Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
> > > > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > > > ---
> > > >  Documentation/networking/xfrm_device.rst                 | 3 ++-
> > > >  drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c          | 3 +++
> > > >  drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 +++
> > > >  net/xfrm/xfrm_replay.c                                   | 1 +
> > > >  4 files changed, 9 insertions(+), 1 deletion(-)
> > > 
> > > Steffen,
> > > 
> > > This is kindly reminder.
> > 
> > Sorry for the dealy, the holidays came faster than expected :)
> > 
> > > > diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
> > > > index bc56c6305725..e500aebbad22 100644
> > > > --- a/net/xfrm/xfrm_replay.c
> > > > +++ b/net/xfrm/xfrm_replay.c
> > > > @@ -729,6 +729,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
> > > >  		}
> > > >  
> > > >  		replay_esn->oseq = oseq;
> > > > +		xfrm_dev_state_advance_esn(x);
> > 
> > This is the only line of code that this patchset adds
> > to the xfrm stack, so merging this through mlx5 might
> > create less conflicts.
> > 
> > In case you want to do that, you can add my 'Acked-by'
> > to this patch. Otherwise I'll pull it into the ipsec-next
> > tree tomorrow.
> 
> Let's do it through your tree, please. IMHO, it is more appropriate.

Ok, series applied to ipsec-next, thanks everyone!
diff mbox series

Patch

diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
index bfea9d8579ed..66f6e9a9b59a 100644
--- a/Documentation/networking/xfrm_device.rst
+++ b/Documentation/networking/xfrm_device.rst
@@ -169,7 +169,8 @@  the stack in xfrm_input().
 
 	hand the packet to napi_gro_receive() as usual
 
-In ESN mode, xdo_dev_state_advance_esn() is called from xfrm_replay_advance_esn().
+In ESN mode, xdo_dev_state_advance_esn() is called from
+xfrm_replay_advance_esn() for RX, and xfrm_replay_overflow_offload_esn for TX.
 Driver will check packet seq number and update HW ESN state machine if needed.
 
 Packet offload mode:
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index bc3af0054406..e56e4f238795 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -6559,6 +6559,9 @@  static void cxgb4_advance_esn_state(struct xfrm_state *x)
 {
 	struct adapter *adap = netdev2adap(x->xso.dev);
 
+	if (x->xso.dir != XFRM_DEV_OFFLOAD_IN)
+		return;
+
 	if (!mutex_trylock(&uld_mutex)) {
 		dev_dbg(adap->pdev_dev,
 			"crypto uld critical resource is under use\n");
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index ca92e518be76..3dd4f2492090 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -980,6 +980,9 @@  static void mlx5e_xfrm_advance_esn_state(struct xfrm_state *x)
 	struct mlx5e_ipsec_sa_entry *sa_entry_shadow;
 	bool need_update;
 
+	if (x->xso.dir != XFRM_DEV_OFFLOAD_IN)
+		return;
+
 	need_update = mlx5e_ipsec_update_esn_state(sa_entry);
 	if (!need_update)
 		return;
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index bc56c6305725..e500aebbad22 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -729,6 +729,7 @@  static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
 		}
 
 		replay_esn->oseq = oseq;
+		xfrm_dev_state_advance_esn(x);
 
 		if (xfrm_aevent_is_on(net))
 			xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);