| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240514104626.GE2787@kernel.org>
Date: Tue, 14 May 2024 11:46:26 +0100
From: Simon Horman <horms@...nel.org>
To: Bharat Bhushan <bbhushan2@...vell.com>
Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Sunil Kovvuri Goutham <sgoutham@...vell.com>,
Geethasowjanya Akula <gakula@...vell.com>,
Subbaraya Sundeep Bhatta <sbhatta@...vell.com>,
Hariprasad Kelam <hkelam@...vell.com>,
"davem@...emloft.net" <davem@...emloft.net>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"pabeni@...hat.com" <pabeni@...hat.com>,
Jerin Jacob <jerinj@...vell.com>,
Linu Cherian <lcherian@...vell.com>,
"richardcochran@...il.com" <richardcochran@...il.com>
Subject: Re: [EXTERNAL] Re: [net-next,v2 5/8] cn10k-ipsec: Add SA add/delete
support for outb inline ipsec
On Tue, May 14, 2024 at 06:52:38AM +0000, Bharat Bhushan wrote:
> Please see inline
>
> > -----Original Message-----
> > From: Simon Horman <horms@...nel.org>
..
> > > +static const struct xfrmdev_ops cn10k_ipsec_xfrmdev_ops = {
> > > + .xdo_dev_state_add = cn10k_ipsec_add_state,
> > > + .xdo_dev_state_delete = cn10k_ipsec_del_state,
> > > +};
> > > +
> >
> > cn10k_ipsec_xfrmdev_ops is unused.
> > Perhaps it, along with it's callbacks,
> > should be added by the function that uses it?
>
> I wanted to enable ipsec offload in last patch of the series
> ("[net-next,v2 8/8] cn10k-ipsec: Enable outbound inline ipsec offload")
I appreciate the patchset being split up like this.
> Is it okay to set xfrmdev_ops in this patch without setting NETIF_F_HW_ESP (below two lines of last patch)
> + /* Set xfrm device ops */
> + netdev->xfrmdev_ops = &cn10k_ipsec_xfrmdev_ops;
>
> Last patch will set below flags.
> + netdev->hw_features |= NETIF_F_HW_ESP;
> + netdev->hw_enc_features |= NETIF_F_HW_ESP;
> +
IMHO, yes, something like that would be fine, as long as it leads to a
working system (with a feature not enabled). Perhaps it would be good to
include a comment in the code about this to make it clear what is going on.
..
Powered by blists - more mailing lists