| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20221024141714.7ritk6j3eprzkfpm@sx1>
Date: Mon, 24 Oct 2022 15:17:14 +0100
From: Saeed Mahameed <saeed@...nel.org>
To: Leon Romanovsky <leon@...nel.org>
Cc: "David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Leon Romanovsky <leonro@...dia.com>,
Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org,
Paolo Abeni <pabeni@...hat.com>,
Saeed Mahameed <saeedm@...dia.com>
Subject: Re: [PATCH net-next 1/6] net/mlx5e: Support devlink reload of IPsec
core
On 23 Oct 20:22, Leon Romanovsky wrote:
>From: Leon Romanovsky <leonro@...dia.com>
>
>Change IPsec initialization flow to allow future creation of hardware
>resources that should be released and allocated during devlink reload
>operation. As part of that change, update function signature to be
>void as no callers are actually interested in it.
>
>Signed-off-by: Leon Romanovsky <leonro@...dia.com>
>---
> .../mellanox/mlx5/core/en_accel/ipsec.c | 17 ++++++++---------
> .../mellanox/mlx5/core/en_accel/ipsec.h | 5 ++---
> .../net/ethernet/mellanox/mlx5/core/en_main.c | 8 +++-----
> .../net/ethernet/mellanox/mlx5/core/en_rep.c | 13 +++++++------
> 4 files changed, 20 insertions(+), 23 deletions(-)
>
>diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
>index 2a8fd7020622..325b56ff3e8c 100644
>--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
>+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
>@@ -348,29 +348,27 @@ static void mlx5e_xfrm_free_state(struct xfrm_state *x)
> kfree(sa_entry);
> }
>
>-int mlx5e_ipsec_init(struct mlx5e_priv *priv)
>+void mlx5e_ipsec_init(struct mlx5e_priv *priv)
> {
> struct mlx5e_ipsec *ipsec;
>- int ret;
>+ int ret = -ENOMEM;
>
> if (!mlx5_ipsec_device_caps(priv->mdev)) {
> netdev_dbg(priv->netdev, "Not an IPSec offload device\n");
>- return 0;
>+ return;
> }
>
> ipsec = kzalloc(sizeof(*ipsec), GFP_KERNEL);
> if (!ipsec)
>- return -ENOMEM;
>+ return;
>
> hash_init(ipsec->sadb_rx);
> spin_lock_init(&ipsec->sadb_rx_lock);
> ipsec->mdev = priv->mdev;
> ipsec->wq = alloc_ordered_workqueue("mlx5e_ipsec: %s", 0,
> priv->netdev->name);
>- if (!ipsec->wq) {
>- ret = -ENOMEM;
>+ if (!ipsec->wq)
> goto err_wq;
>- }
>
> ret = mlx5e_accel_ipsec_fs_init(ipsec);
> if (ret)
>@@ -378,13 +376,14 @@ int mlx5e_ipsec_init(struct mlx5e_priv *priv)
>
> priv->ipsec = ipsec;
> netdev_dbg(priv->netdev, "IPSec attached to netdevice\n");
>- return 0;
>+ return;
>
> err_fs_init:
> destroy_workqueue(ipsec->wq);
> err_wq:
> kfree(ipsec);
>- return (ret != -EOPNOTSUPP) ? ret : 0;
>+ mlx5_core_err(priv->mdev, "IPSec initialization failed, %d\n", ret);
>+ return;
> }
>
> void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv)
>diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
>index 16bcceec16c4..4c47347d0ee2 100644
>--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
>+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
>@@ -146,7 +146,7 @@ struct mlx5e_ipsec_sa_entry {
> struct mlx5e_ipsec_modify_state_work modify_work;
> };
>
>-int mlx5e_ipsec_init(struct mlx5e_priv *priv);
>+void mlx5e_ipsec_init(struct mlx5e_priv *priv);
> void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv);
> void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv);
>
>@@ -174,9 +174,8 @@ mlx5e_ipsec_sa2dev(struct mlx5e_ipsec_sa_entry *sa_entry)
> return sa_entry->ipsec->mdev;
> }
> #else
>-static inline int mlx5e_ipsec_init(struct mlx5e_priv *priv)
>+static inline void mlx5e_ipsec_init(struct mlx5e_priv *priv)
> {
>- return 0;
> }
>
> static inline void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv)
>diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
>index 364f04309149..8867fee0db1c 100644
>--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
>+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
>@@ -5225,10 +5225,6 @@ static int mlx5e_nic_init(struct mlx5_core_dev *mdev,
> }
> priv->fs = fs;
>
>- err = mlx5e_ipsec_init(priv);
>- if (err)
>- mlx5_core_err(mdev, "IPSec initialization failed, %d\n", err);
>-
> err = mlx5e_ktls_init(priv);
> if (err)
> mlx5_core_err(mdev, "TLS initialization failed, %d\n", err);
>@@ -5241,7 +5237,6 @@ static void mlx5e_nic_cleanup(struct mlx5e_priv *priv)
> {
> mlx5e_health_destroy_reporters(priv);
> mlx5e_ktls_cleanup(priv);
>- mlx5e_ipsec_cleanup(priv);
> mlx5e_fs_cleanup(priv->fs);
> }
>
>@@ -5370,6 +5365,7 @@ static void mlx5e_nic_enable(struct mlx5e_priv *priv)
> int err;
>
> mlx5e_fs_init_l2_addr(priv->fs, netdev);
>+ mlx5e_ipsec_init(priv);
>
> err = mlx5e_macsec_init(priv);
> if (err)
>@@ -5433,6 +5429,7 @@ static void mlx5e_nic_disable(struct mlx5e_priv *priv)
> mlx5_lag_remove_netdev(mdev, priv->netdev);
> mlx5_vxlan_reset_to_default(mdev->vxlan);
> mlx5e_macsec_cleanup(priv);
>+ mlx5e_ipsec_cleanup(priv);
> }
>
> int mlx5e_update_nic_rx(struct mlx5e_priv *priv)
>@@ -5885,6 +5882,7 @@ static int mlx5e_suspend(struct auxiliary_device *adev, pm_message_t state)
> return -ENODEV;
>
> mlx5e_detach_netdev(priv);
>+
unrelated change.
> mlx5e_destroy_mdev_resources(mdev);
> return 0;
> }
>diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
>index 794cd8dfe9c9..061240e4eaf5 100644
>--- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
>+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
>@@ -761,7 +761,6 @@ static int mlx5e_init_ul_rep(struct mlx5_core_dev *mdev,
> struct net_device *netdev)
> {
> struct mlx5e_priv *priv = netdev_priv(netdev);
>- int err;
>
> priv->fs = mlx5e_fs_init(priv->profile, mdev,
> !test_bit(MLX5E_STATE_DESTROYING, &priv->state));
>@@ -770,10 +769,6 @@ static int mlx5e_init_ul_rep(struct mlx5_core_dev *mdev,
> return -ENOMEM;
> }
>
>- err = mlx5e_ipsec_init(priv);
>- if (err)
>- mlx5_core_err(mdev, "Uplink rep IPsec initialization failed, %d\n", err);
>-
> mlx5e_vxlan_set_netdev_info(priv);
> mlx5e_build_rep_params(netdev);
> mlx5e_timestamp_init(priv);
>@@ -783,7 +778,6 @@ static int mlx5e_init_ul_rep(struct mlx5_core_dev *mdev,
> static void mlx5e_cleanup_rep(struct mlx5e_priv *priv)
> {
> mlx5e_fs_cleanup(priv->fs);
>- mlx5e_ipsec_cleanup(priv);
> }
>
> static int mlx5e_create_rep_ttc_table(struct mlx5e_priv *priv)
>@@ -1074,6 +1068,8 @@ static void mlx5e_rep_enable(struct mlx5e_priv *priv)
> {
> struct mlx5e_rep_priv *rpriv = priv->ppriv;
>
>+ mlx5e_ipsec_init(priv);
>+
we don't want ipsec for vport representors, only uplink.
> mlx5e_set_netdev_mtu_boundaries(priv);
> mlx5e_rep_neigh_init(rpriv);
> }
>@@ -1083,6 +1079,7 @@ static void mlx5e_rep_disable(struct mlx5e_priv *priv)
> struct mlx5e_rep_priv *rpriv = priv->ppriv;
>
> mlx5e_rep_neigh_cleanup(rpriv);
>+ mlx5e_ipsec_cleanup(priv);
> }
>
> static int mlx5e_update_rep_rx(struct mlx5e_priv *priv)
>@@ -1122,6 +1119,8 @@ static void mlx5e_uplink_rep_enable(struct mlx5e_priv *priv)
> struct mlx5_core_dev *mdev = priv->mdev;
> u16 max_mtu;
>
>+ mlx5e_ipsec_init(priv);
>+
> netdev->min_mtu = ETH_MIN_MTU;
> mlx5_query_port_max_mtu(priv->mdev, &max_mtu, 1);
> netdev->max_mtu = MLX5E_HW2SW_MTU(&priv->channels.params, max_mtu);
>@@ -1168,6 +1167,8 @@ static void mlx5e_uplink_rep_disable(struct mlx5e_priv *priv)
> mlx5e_rep_tc_disable(priv);
> mlx5_lag_remove_netdev(mdev, priv->netdev);
> mlx5_vxlan_reset_to_default(mdev->vxlan);
>+
>+ mlx5e_ipsec_cleanup(priv);
> }
>
> static MLX5E_DEFINE_STATS_GRP(sw_rep, 0);
>--
>2.37.3
>
Powered by blists - more mailing lists