Commit bdfd2d1f authored by Jarod Wilson's avatar Jarod Wilson Committed by David S. Miller
Browse files

bonding/xfrm: use real_dev instead of slave_dev 



Rather than requiring every hw crypto capable NIC driver to do a check for
slave_dev being set, set real_dev in the xfrm layer and xso init time, and
then override it in the bonding driver as needed. Then NIC drivers can
always use real_dev, and at the same time, we eliminate the use of a
variable name that probably shouldn't have been used in the first place,
particularly given recent current events.

CC: Boris Pismenny <borisp@mellanox.com>
CC: Saeed Mahameed <saeedm@mellanox.com>
CC: Leon Romanovsky <leon@kernel.org>
CC: Jay Vosburgh <j.vosburgh@gmail.com>
CC: Veaceslav Falico <vfalico@gmail.com>
CC: Andy Gospodarek <andy@greyhouse.net>
CC: "David S. Miller" <davem@davemloft.net>
CC: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
CC: Jakub Kicinski <kuba@kernel.org>
CC: Steffen Klassert <steffen.klassert@secunet.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: netdev@vger.kernel.org
Suggested-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
Signed-off-by: default avatarJarod Wilson <jarod@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 2d538c19

drivers/net/bonding/bond_main.c

+3 −3
Original line number Original line Diff line number Diff line
@@ -386,7 +386,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs) 
	struct bonding *bond = netdev_priv(bond_dev);

	struct bonding *bond = netdev_priv(bond_dev);

	struct slave *slave = rtnl_dereference(bond->curr_active_slave);

	struct slave *slave = rtnl_dereference(bond->curr_active_slave);





	xs->xso.slave_dev = slave->dev;

	xs->xso.real_dev = slave->dev;

	bond->xs = xs;

	bond->xs = xs;





	if (!(slave->dev->xfrmdev_ops

	if (!(slave->dev->xfrmdev_ops
@@ -411,7 +411,7 @@ static void bond_ipsec_del_sa(struct xfrm_state *xs) 
	if (!slave)

	if (!slave)

		return;

		return;





	xs->xso.slave_dev = slave->dev;

	xs->xso.real_dev = slave->dev;





	if (!(slave->dev->xfrmdev_ops

	if (!(slave->dev->xfrmdev_ops

	      && slave->dev->xfrmdev_ops->xdo_dev_state_delete)) {

	      && slave->dev->xfrmdev_ops->xdo_dev_state_delete)) {
@@ -440,7 +440,7 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs) 
		return false;

		return false;

	}

	}





	xs->xso.slave_dev = slave_dev;

	xs->xso.real_dev = slave_dev;

	return slave_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);

	return slave_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);

}

}

drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c

+12 −35
Original line number Original line Diff line number Diff line
@@ -427,14 +427,11 @@ static struct xfrm_state *ixgbe_ipsec_find_rx_state(struct ixgbe_ipsec *ipsec, 
static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs,

static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs,

					u32 *mykey, u32 *mysalt)

					u32 *mykey, u32 *mysalt)

{

{

	struct net_device *dev = xs->xso.dev;

	struct net_device *dev = xs->xso.real_dev;

	unsigned char *key_data;

	unsigned char *key_data;

	char *alg_name = NULL;

	char *alg_name = NULL;

	int key_len;

	int key_len;





	if (xs->xso.slave_dev)

		dev = xs->xso.slave_dev;



	if (!xs->aead) {

	if (!xs->aead) {

		netdev_err(dev, "Unsupported IPsec algorithm\n");

		netdev_err(dev, "Unsupported IPsec algorithm\n");

		return -EINVAL;

		return -EINVAL;
@@ -480,9 +477,9 @@ static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs, 
 **/

 **/

static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)

static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)

{

{

	struct net_device *dev = xs->xso.dev;

	struct net_device *dev = xs->xso.real_dev;

	struct ixgbe_adapter *adapter;

	struct ixgbe_adapter *adapter = netdev_priv(dev);

	struct ixgbe_hw *hw;

	struct ixgbe_hw *hw = &adapter->hw;

	u32 mfval, manc, reg;

	u32 mfval, manc, reg;

	int num_filters = 4;

	int num_filters = 4;

	bool manc_ipv4;

	bool manc_ipv4;
@@ -500,12 +497,6 @@ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs) 
#define BMCIP_V6                 0x3

#define BMCIP_V6                 0x3

#define BMCIP_MASK               0x3

#define BMCIP_MASK               0x3





	if (xs->xso.slave_dev)

		dev = xs->xso.slave_dev;



	adapter = netdev_priv(dev);

	hw = &adapter->hw;



	manc = IXGBE_READ_REG(hw, IXGBE_MANC);

	manc = IXGBE_READ_REG(hw, IXGBE_MANC);

	manc_ipv4 = !!(manc & MANC_EN_IPV4_FILTER);

	manc_ipv4 = !!(manc & MANC_EN_IPV4_FILTER);

	mfval = IXGBE_READ_REG(hw, IXGBE_MFVAL);

	mfval = IXGBE_READ_REG(hw, IXGBE_MFVAL);
@@ -569,22 +560,15 @@ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs) 
 **/

 **/

static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)

static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)

{

{

	struct net_device *dev = xs->xso.dev;

	struct net_device *dev = xs->xso.real_dev;

	struct ixgbe_adapter *adapter;

	struct ixgbe_adapter *adapter = netdev_priv(dev);

	struct ixgbe_ipsec *ipsec;

	struct ixgbe_ipsec *ipsec = adapter->ipsec;

	struct ixgbe_hw *hw;

	struct ixgbe_hw *hw = &adapter->hw;

	int checked, match, first;

	int checked, match, first;

	u16 sa_idx;

	u16 sa_idx;

	int ret;

	int ret;

	int i;

	int i;





	if (xs->xso.slave_dev)

		dev = xs->xso.slave_dev;



	adapter = netdev_priv(dev);

	ipsec = adapter->ipsec;

	hw = &adapter->hw;



	if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {

	if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {

		netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n",

		netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n",

			   xs->id.proto);

			   xs->id.proto);
@@ -761,20 +745,13 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs) 
 **/

 **/

static void ixgbe_ipsec_del_sa(struct xfrm_state *xs)

static void ixgbe_ipsec_del_sa(struct xfrm_state *xs)

{

{

	struct net_device *dev = xs->xso.dev;

	struct net_device *dev = xs->xso.real_dev;

	struct ixgbe_adapter *adapter;

	struct ixgbe_adapter *adapter = netdev_priv(dev);

	struct ixgbe_ipsec *ipsec;

	struct ixgbe_ipsec *ipsec = adapter->ipsec;

	struct ixgbe_hw *hw;

	struct ixgbe_hw *hw = &adapter->hw;

	u32 zerobuf[4] = {0, 0, 0, 0};

	u32 zerobuf[4] = {0, 0, 0, 0};

	u16 sa_idx;

	u16 sa_idx;





	if (xs->xso.slave_dev)

		dev = xs->xso.slave_dev;



	adapter = netdev_priv(dev);

	ipsec = adapter->ipsec;

	hw = &adapter->hw;



	if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {

	if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {

		struct rx_sa *rsa;

		struct rx_sa *rsa;

		u8 ipi;

		u8 ipi;

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

+2 −8
Original line number Original line Diff line number Diff line
@@ -207,12 +207,9 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry, 




static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)

static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)

{

{

	struct net_device *netdev = x->xso.dev;

	struct net_device *netdev = x->xso.real_dev;

	struct mlx5e_priv *priv;

	struct mlx5e_priv *priv;





	if (x->xso.slave_dev)

		netdev = x->xso.slave_dev;



	priv = netdev_priv(netdev);

	priv = netdev_priv(netdev);





	if (x->props.aalgo != SADB_AALG_NONE) {

	if (x->props.aalgo != SADB_AALG_NONE) {
@@ -288,15 +285,12 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) 
static int mlx5e_xfrm_add_state(struct xfrm_state *x)

static int mlx5e_xfrm_add_state(struct xfrm_state *x)

{

{

	struct mlx5e_ipsec_sa_entry *sa_entry = NULL;

	struct mlx5e_ipsec_sa_entry *sa_entry = NULL;

	struct net_device *netdev = x->xso.dev;

	struct net_device *netdev = x->xso.real_dev;

	struct mlx5_accel_esp_xfrm_attrs attrs;

	struct mlx5_accel_esp_xfrm_attrs attrs;

	struct mlx5e_priv *priv;

	struct mlx5e_priv *priv;

	unsigned int sa_handle;

	unsigned int sa_handle;

	int err;

	int err;





	if (x->xso.slave_dev)

		netdev = x->xso.slave_dev;



	priv = netdev_priv(netdev);

	priv = netdev_priv(netdev);





	err = mlx5e_xfrm_validate_state(x);

	err = mlx5e_xfrm_validate_state(x);

include/net/xfrm.h

+1 −1
Original line number Original line Diff line number Diff line
@@ -127,7 +127,7 @@ struct xfrm_state_walk { 




struct xfrm_state_offload {

struct xfrm_state_offload {

	struct net_device	*dev;

	struct net_device	*dev;

	struct net_device	*slave_dev;

	struct net_device	*real_dev;

	unsigned long		offload_handle;

	unsigned long		offload_handle;

	unsigned int		num_exthdrs;

	unsigned int		num_exthdrs;

	u8			flags;

	u8			flags;

net/xfrm/xfrm_device.c

+3 −2
Original line number Original line Diff line number Diff line
@@ -120,8 +120,8 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur 
	if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND)

	if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND)

		return skb;

		return skb;





	/* This skb was already validated on the master dev */

	/* This skb was already validated on the upper/virtual dev */

	if ((x->xso.dev != dev) && (x->xso.slave_dev == dev))

	if ((x->xso.dev != dev) && (x->xso.real_dev == dev))

		return skb;

		return skb;





	local_irq_save(flags);

	local_irq_save(flags);
@@ -259,6 +259,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, 
	}

	}





	xso->dev = dev;

	xso->dev = dev;

	xso->real_dev = dev;

	xso->num_exthdrs = 1;

	xso->num_exthdrs = 1;

	xso->flags = xuo->flags;

	xso->flags = xuo->flags;

CRA Git | Maintained and supported by SUSTech CRA and CCSE