Commit 0f9008e5 authored by Steffen Klassert's avatar Steffen Klassert

Merge branch 'Be explicit with XFRM offload direction'

Leon Romanovsky says:

====================
I may admit that the title of this series is not the best one as it
contains straightforward cleanups and code that converts flags to
something less confusing.

This series follows removal of FPGA IPsec code from the mlx5 driver and
based on net-next commit 4950b699 ("Merge branch
'ocelot-vcap-cleanups'").

As such, first two patches delete code that was used by mlx5 FPGA code
but isn't needed anymore.

Third patch is simple struct rename.

Rest of the patches separate user's provided flags variable from
driver's
usage. This allows us to created more simple in-kernel interface, that
supports type checking without blending different properties into one
variable. It is achieved by converting flags to specific bitfield
variables
with clear, meaningful names.

Such change allows us more clear addition of new input flags needed to
mark IPsec offload type.

The followup code uses this extensively:
https://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git/log/?h=xfrm-next
====================
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parents 949dfdcf 254c4a82
...@@ -585,7 +585,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs) ...@@ -585,7 +585,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)
return -EINVAL; return -EINVAL;
} }
if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) { if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
struct rx_sa rsa; struct rx_sa rsa;
if (xs->calg) { if (xs->calg) {
...@@ -757,7 +757,7 @@ static void ixgbe_ipsec_del_sa(struct xfrm_state *xs) ...@@ -757,7 +757,7 @@ static void ixgbe_ipsec_del_sa(struct xfrm_state *xs)
u32 zerobuf[4] = {0, 0, 0, 0}; u32 zerobuf[4] = {0, 0, 0, 0};
u16 sa_idx; u16 sa_idx;
if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) { if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
struct rx_sa *rsa; struct rx_sa *rsa;
u8 ipi; u8 ipi;
...@@ -903,8 +903,7 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) ...@@ -903,8 +903,7 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
/* Tx IPsec offload doesn't seem to work on this /* Tx IPsec offload doesn't seem to work on this
* device, so block these requests for now. * device, so block these requests for now.
*/ */
sam->flags = sam->flags & ~XFRM_OFFLOAD_IPV6; if (sam->dir != XFRM_DEV_OFFLOAD_IN) {
if (sam->flags != XFRM_OFFLOAD_INBOUND) {
err = -EOPNOTSUPP; err = -EOPNOTSUPP;
goto err_out; goto err_out;
} }
...@@ -915,7 +914,7 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) ...@@ -915,7 +914,7 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
goto err_out; goto err_out;
} }
xs->xso.flags = sam->flags; xs->xso.dir = sam->dir;
xs->id.spi = sam->spi; xs->id.spi = sam->spi;
xs->id.proto = sam->proto; xs->id.proto = sam->proto;
xs->props.family = sam->family; xs->props.family = sam->family;
......
...@@ -74,7 +74,7 @@ struct ixgbe_ipsec { ...@@ -74,7 +74,7 @@ struct ixgbe_ipsec {
struct sa_mbx_msg { struct sa_mbx_msg {
__be32 spi; __be32 spi;
u8 flags; u8 dir;
u8 proto; u8 proto;
u16 family; u16 family;
__be32 addr[4]; __be32 addr[4];
......
...@@ -25,7 +25,7 @@ static int ixgbevf_ipsec_set_pf_sa(struct ixgbevf_adapter *adapter, ...@@ -25,7 +25,7 @@ static int ixgbevf_ipsec_set_pf_sa(struct ixgbevf_adapter *adapter,
/* send the important bits to the PF */ /* send the important bits to the PF */
sam = (struct sa_mbx_msg *)(&msgbuf[1]); sam = (struct sa_mbx_msg *)(&msgbuf[1]);
sam->flags = xs->xso.flags; sam->dir = xs->xso.dir;
sam->spi = xs->id.spi; sam->spi = xs->id.spi;
sam->proto = xs->id.proto; sam->proto = xs->id.proto;
sam->family = xs->props.family; sam->family = xs->props.family;
...@@ -280,7 +280,7 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs) ...@@ -280,7 +280,7 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs)
return -EINVAL; return -EINVAL;
} }
if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) { if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
struct rx_sa rsa; struct rx_sa rsa;
if (xs->calg) { if (xs->calg) {
...@@ -394,7 +394,7 @@ static void ixgbevf_ipsec_del_sa(struct xfrm_state *xs) ...@@ -394,7 +394,7 @@ static void ixgbevf_ipsec_del_sa(struct xfrm_state *xs)
adapter = netdev_priv(dev); adapter = netdev_priv(dev);
ipsec = adapter->ipsec; ipsec = adapter->ipsec;
if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) { if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_RX_INDEX; sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_RX_INDEX;
if (!ipsec->rx_tbl[sa_idx].used) { if (!ipsec->rx_tbl[sa_idx].used) {
......
...@@ -57,7 +57,7 @@ struct ixgbevf_ipsec { ...@@ -57,7 +57,7 @@ struct ixgbevf_ipsec {
struct sa_mbx_msg { struct sa_mbx_msg {
__be32 spi; __be32 spi;
u8 flags; u8 dir;
u8 proto; u8 proto;
u16 family; u16 family;
__be32 addr[4]; __be32 addr[4];
......
...@@ -172,7 +172,7 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry, ...@@ -172,7 +172,7 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
} }
/* action */ /* action */
attrs->action = (!(x->xso.flags & XFRM_OFFLOAD_INBOUND)) ? attrs->action = (x->xso.dir == XFRM_DEV_OFFLOAD_OUT) ?
MLX5_ACCEL_ESP_ACTION_ENCRYPT : MLX5_ACCEL_ESP_ACTION_ENCRYPT :
MLX5_ACCEL_ESP_ACTION_DECRYPT; MLX5_ACCEL_ESP_ACTION_DECRYPT;
/* flags */ /* flags */
...@@ -306,7 +306,7 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x) ...@@ -306,7 +306,7 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x)
if (err) if (err)
goto err_hw_ctx; goto err_hw_ctx;
if (x->xso.flags & XFRM_OFFLOAD_INBOUND) { if (x->xso.dir == XFRM_DEV_OFFLOAD_IN) {
err = mlx5e_ipsec_sadb_rx_add(sa_entry); err = mlx5e_ipsec_sadb_rx_add(sa_entry);
if (err) if (err)
goto err_add_rule; goto err_add_rule;
...@@ -333,7 +333,7 @@ static void mlx5e_xfrm_del_state(struct xfrm_state *x) ...@@ -333,7 +333,7 @@ static void mlx5e_xfrm_del_state(struct xfrm_state *x)
{ {
struct mlx5e_ipsec_sa_entry *sa_entry = to_ipsec_sa_entry(x); struct mlx5e_ipsec_sa_entry *sa_entry = to_ipsec_sa_entry(x);
if (x->xso.flags & XFRM_OFFLOAD_INBOUND) if (x->xso.dir == XFRM_DEV_OFFLOAD_IN)
mlx5e_ipsec_sadb_rx_del(sa_entry); mlx5e_ipsec_sadb_rx_del(sa_entry);
} }
......
...@@ -171,7 +171,7 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs) ...@@ -171,7 +171,7 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs)
return ret; return ret;
} }
if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) { if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
sa.rx = true; sa.rx = true;
if (xs->props.family == AF_INET6) if (xs->props.family == AF_INET6)
......
...@@ -126,13 +126,17 @@ struct xfrm_state_walk { ...@@ -126,13 +126,17 @@ struct xfrm_state_walk {
struct xfrm_address_filter *filter; struct xfrm_address_filter *filter;
}; };
struct xfrm_state_offload { enum {
XFRM_DEV_OFFLOAD_IN = 1,
XFRM_DEV_OFFLOAD_OUT,
};
struct xfrm_dev_offload {
struct net_device *dev; struct net_device *dev;
netdevice_tracker dev_tracker; netdevice_tracker dev_tracker;
struct net_device *real_dev; struct net_device *real_dev;
unsigned long offload_handle; unsigned long offload_handle;
unsigned int num_exthdrs; u8 dir : 2;
u8 flags;
}; };
struct xfrm_mode { struct xfrm_mode {
...@@ -247,7 +251,7 @@ struct xfrm_state { ...@@ -247,7 +251,7 @@ struct xfrm_state {
struct xfrm_lifetime_cur curlft; struct xfrm_lifetime_cur curlft;
struct hrtimer mtimer; struct hrtimer mtimer;
struct xfrm_state_offload xso; struct xfrm_dev_offload xso;
/* used to fix curlft->add_time when changing date */ /* used to fix curlft->add_time when changing date */
long saved_tmo; long saved_tmo;
...@@ -1006,7 +1010,7 @@ struct xfrm_offload { ...@@ -1006,7 +1010,7 @@ struct xfrm_offload {
#define CRYPTO_FALLBACK 8 #define CRYPTO_FALLBACK 8
#define XFRM_GSO_SEGMENT 16 #define XFRM_GSO_SEGMENT 16
#define XFRM_GRO 32 #define XFRM_GRO 32
#define XFRM_ESP_NO_TRAILER 64 /* 64 is free */
#define XFRM_DEV_RESUME 128 #define XFRM_DEV_RESUME 128
#define XFRM_XMIT 256 #define XFRM_XMIT 256
...@@ -1866,7 +1870,7 @@ bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x); ...@@ -1866,7 +1870,7 @@ bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x);
static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x) static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x)
{ {
struct xfrm_state_offload *xso = &x->xso; struct xfrm_dev_offload *xso = &x->xso;
if (xso->dev && xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn) if (xso->dev && xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn)
xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn(x); xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn(x);
...@@ -1892,7 +1896,7 @@ static inline bool xfrm_dst_offload_ok(struct dst_entry *dst) ...@@ -1892,7 +1896,7 @@ static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
static inline void xfrm_dev_state_delete(struct xfrm_state *x) static inline void xfrm_dev_state_delete(struct xfrm_state *x)
{ {
struct xfrm_state_offload *xso = &x->xso; struct xfrm_dev_offload *xso = &x->xso;
if (xso->dev) if (xso->dev)
xso->dev->xfrmdev_ops->xdo_dev_state_delete(x); xso->dev->xfrmdev_ops->xdo_dev_state_delete(x);
...@@ -1900,7 +1904,7 @@ static inline void xfrm_dev_state_delete(struct xfrm_state *x) ...@@ -1900,7 +1904,7 @@ static inline void xfrm_dev_state_delete(struct xfrm_state *x)
static inline void xfrm_dev_state_free(struct xfrm_state *x) static inline void xfrm_dev_state_free(struct xfrm_state *x)
{ {
struct xfrm_state_offload *xso = &x->xso; struct xfrm_dev_offload *xso = &x->xso;
struct net_device *dev = xso->dev; struct net_device *dev = xso->dev;
if (dev && dev->xfrmdev_ops) { if (dev && dev->xfrmdev_ops) {
......
...@@ -705,7 +705,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -705,7 +705,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
static inline int esp_remove_trailer(struct sk_buff *skb) static inline int esp_remove_trailer(struct sk_buff *skb)
{ {
struct xfrm_state *x = xfrm_input_state(skb); struct xfrm_state *x = xfrm_input_state(skb);
struct xfrm_offload *xo = xfrm_offload(skb);
struct crypto_aead *aead = x->data; struct crypto_aead *aead = x->data;
int alen, hlen, elen; int alen, hlen, elen;
int padlen, trimlen; int padlen, trimlen;
...@@ -717,11 +716,6 @@ static inline int esp_remove_trailer(struct sk_buff *skb) ...@@ -717,11 +716,6 @@ static inline int esp_remove_trailer(struct sk_buff *skb)
hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
elen = skb->len - hlen; elen = skb->len - hlen;
if (xo && (xo->flags & XFRM_ESP_NO_TRAILER)) {
ret = xo->proto;
goto out;
}
if (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2)) if (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2))
BUG(); BUG();
......
...@@ -741,7 +741,6 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -741,7 +741,6 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
static inline int esp_remove_trailer(struct sk_buff *skb) static inline int esp_remove_trailer(struct sk_buff *skb)
{ {
struct xfrm_state *x = xfrm_input_state(skb); struct xfrm_state *x = xfrm_input_state(skb);
struct xfrm_offload *xo = xfrm_offload(skb);
struct crypto_aead *aead = x->data; struct crypto_aead *aead = x->data;
int alen, hlen, elen; int alen, hlen, elen;
int padlen, trimlen; int padlen, trimlen;
...@@ -753,11 +752,6 @@ static inline int esp_remove_trailer(struct sk_buff *skb) ...@@ -753,11 +752,6 @@ static inline int esp_remove_trailer(struct sk_buff *skb)
hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
elen = skb->len - hlen; elen = skb->len - hlen;
if (xo && (xo->flags & XFRM_ESP_NO_TRAILER)) {
ret = xo->proto;
goto out;
}
ret = skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2); ret = skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2);
BUG_ON(ret); BUG_ON(ret);
......
...@@ -117,7 +117,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur ...@@ -117,7 +117,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
sp = skb_sec_path(skb); sp = skb_sec_path(skb);
x = sp->xvec[sp->len - 1]; x = sp->xvec[sp->len - 1];
if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND) if (xo->flags & XFRM_GRO || x->xso.dir == XFRM_DEV_OFFLOAD_IN)
return skb; return skb;
/* This skb was already validated on the upper/virtual dev */ /* This skb was already validated on the upper/virtual dev */
...@@ -212,7 +212,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, ...@@ -212,7 +212,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
int err; int err;
struct dst_entry *dst; struct dst_entry *dst;
struct net_device *dev; struct net_device *dev;
struct xfrm_state_offload *xso = &x->xso; struct xfrm_dev_offload *xso = &x->xso;
xfrm_address_t *saddr; xfrm_address_t *saddr;
xfrm_address_t *daddr; xfrm_address_t *daddr;
...@@ -264,15 +264,16 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, ...@@ -264,15 +264,16 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
xso->dev = dev; xso->dev = dev;
netdev_tracker_alloc(dev, &xso->dev_tracker, GFP_ATOMIC); netdev_tracker_alloc(dev, &xso->dev_tracker, GFP_ATOMIC);
xso->real_dev = dev; xso->real_dev = dev;
xso->num_exthdrs = 1;
/* Don't forward bit that is not implemented */ if (xuo->flags & XFRM_OFFLOAD_INBOUND)
xso->flags = xuo->flags & ~XFRM_OFFLOAD_IPV6; xso->dir = XFRM_DEV_OFFLOAD_IN;
else
xso->dir = XFRM_DEV_OFFLOAD_OUT;
err = dev->xfrmdev_ops->xdo_dev_state_add(x); err = dev->xfrmdev_ops->xdo_dev_state_add(x);
if (err) { if (err) {
xso->num_exthdrs = 0;
xso->flags = 0;
xso->dev = NULL; xso->dev = NULL;
xso->dir = 0;
xso->real_dev = NULL; xso->real_dev = NULL;
dev_put_track(dev, &xso->dev_tracker); dev_put_track(dev, &xso->dev_tracker);
......
...@@ -751,7 +751,7 @@ xfrm_dev_state_flush_secctx_check(struct net *net, struct net_device *dev, bool ...@@ -751,7 +751,7 @@ xfrm_dev_state_flush_secctx_check(struct net *net, struct net_device *dev, bool
for (i = 0; i <= net->xfrm.state_hmask; i++) { for (i = 0; i <= net->xfrm.state_hmask; i++) {
struct xfrm_state *x; struct xfrm_state *x;
struct xfrm_state_offload *xso; struct xfrm_dev_offload *xso;
hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
xso = &x->xso; xso = &x->xso;
...@@ -835,7 +835,7 @@ int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_vali ...@@ -835,7 +835,7 @@ int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_vali
err = -ESRCH; err = -ESRCH;
for (i = 0; i <= net->xfrm.state_hmask; i++) { for (i = 0; i <= net->xfrm.state_hmask; i++) {
struct xfrm_state *x; struct xfrm_state *x;
struct xfrm_state_offload *xso; struct xfrm_dev_offload *xso;
restart: restart:
hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
xso = &x->xso; xso = &x->xso;
......
...@@ -840,7 +840,7 @@ static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) ...@@ -840,7 +840,7 @@ static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb)
return 0; return 0;
} }
static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb) static int copy_user_offload(struct xfrm_dev_offload *xso, struct sk_buff *skb)
{ {
struct xfrm_user_offload *xuo; struct xfrm_user_offload *xuo;
struct nlattr *attr; struct nlattr *attr;
...@@ -852,7 +852,8 @@ static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb ...@@ -852,7 +852,8 @@ static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb
xuo = nla_data(attr); xuo = nla_data(attr);
memset(xuo, 0, sizeof(*xuo)); memset(xuo, 0, sizeof(*xuo));
xuo->ifindex = xso->dev->ifindex; xuo->ifindex = xso->dev->ifindex;
xuo->flags = xso->flags; if (xso->dir == XFRM_DEV_OFFLOAD_IN)
xuo->flags = XFRM_OFFLOAD_INBOUND;
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment