| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c8020dae-50ec-436b-b3df-a4ceab259806@intel.com>
Date: Tue, 30 Jul 2024 11:45:01 +0200
From: Wojciech Drewek <wojciech.drewek@...el.com>
To: Tariq Toukan <tariqt@...dia.com>, "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, "Eric
Dumazet" <edumazet@...gle.com>
CC: <netdev@...r.kernel.org>, Saeed Mahameed <saeedm@...dia.com>, Gal Pressman
<gal@...dia.com>, Leon Romanovsky <leonro@...dia.com>, Rahul Rameshbabu
<rrameshbabu@...dia.com>
Subject: Re: [PATCH net 6/8] net/mlx5e: Require mlx5 tc classifier action
support for IPsec prio capability
On 30.07.2024 08:16, Tariq Toukan wrote:
> From: Rahul Rameshbabu <rrameshbabu@...dia.com>
>
> Require mlx5 classifier action support when creating IPSec chains in
> offload path. MLX5_IPSEC_CAP_PRIO should only be set if CONFIG_MLX5_CLS_ACT
> is enabled. If CONFIG_MLX5_CLS_ACT=n and MLX5_IPSEC_CAP_PRIO is set,
> configuring IPsec offload will fail due to the mlxx5 ipsec chain rules
> failing to be created due to lack of classifier action support.
>
> Fixes: fa5aa2f89073 ("net/mlx5e: Use chains for IPsec policy priority offload")
> Signed-off-by: Rahul Rameshbabu <rrameshbabu@...dia.com>
> Reviewed-by: Leon Romanovsky <leonro@...dia.com>
> Signed-off-by: Tariq Toukan <tariqt@...dia.com>
> ---
Reviewed-by: Wojciech Drewek <wojciech.drewek@...el.com>
> .../ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
> index 6e00afe4671b..797db853de36 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
> @@ -51,9 +51,10 @@ u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev)
> MLX5_CAP_FLOWTABLE_NIC_RX(mdev, decap))
> caps |= MLX5_IPSEC_CAP_PACKET_OFFLOAD;
>
> - if ((MLX5_CAP_FLOWTABLE_NIC_TX(mdev, ignore_flow_level) &&
> - MLX5_CAP_FLOWTABLE_NIC_RX(mdev, ignore_flow_level)) ||
> - MLX5_CAP_ESW_FLOWTABLE_FDB(mdev, ignore_flow_level))
> + if (IS_ENABLED(CONFIG_MLX5_CLS_ACT) &&
> + ((MLX5_CAP_FLOWTABLE_NIC_TX(mdev, ignore_flow_level) &&
> + MLX5_CAP_FLOWTABLE_NIC_RX(mdev, ignore_flow_level)) ||
> + MLX5_CAP_ESW_FLOWTABLE_FDB(mdev, ignore_flow_level)))
> caps |= MLX5_IPSEC_CAP_PRIO;
>
> if (MLX5_CAP_FLOWTABLE_NIC_TX(mdev,
Powered by blists - more mailing lists