Commit 762a55a5 authored by Chris Mi's avatar Chris Mi Committed by Saeed Mahameed
Browse files

net/mlx5e: Disable IPsec offload support if not FW steering 



IPsec FDB offload can only work with FW steering as of now,
disable the cap upon non FW steering.

And since the IPSec cap is dynamic now based on steering mode.
Cleanup the resources if they exist instead of checking the
IPsec cap again.

Fixes: edd8b295 ("Merge branch 'mlx5-ipsec-packet-offload-support-in-eswitch-mode'")
Signed-off-by: default avatarChris Mi <cmi@nvidia.com>
Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
parent 4e25b661

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

+11 −15
Original line number Diff line number Diff line
@@ -935,9 +935,11 @@ void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv) 
		return;



	mlx5e_accel_ipsec_fs_cleanup(ipsec);

	if (mlx5_ipsec_device_caps(priv->mdev) & MLX5_IPSEC_CAP_TUNNEL)

	if (ipsec->netevent_nb.notifier_call) {

		unregister_netevent_notifier(&ipsec->netevent_nb);

	if (mlx5_ipsec_device_caps(priv->mdev) & MLX5_IPSEC_CAP_PACKET_OFFLOAD)

		ipsec->netevent_nb.notifier_call = NULL;

	}

	if (ipsec->aso)

		mlx5e_ipsec_aso_cleanup(ipsec);

	destroy_workqueue(ipsec->wq);

	kfree(ipsec);
@@ -1046,6 +1048,12 @@ static int mlx5e_xfrm_validate_policy(struct mlx5_core_dev *mdev, 
		}

	}



	if (x->xdo.type == XFRM_DEV_OFFLOAD_PACKET &&

	    !(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_PACKET_OFFLOAD)) {

		NL_SET_ERR_MSG_MOD(extack, "Packet offload is not supported");

		return -EINVAL;

	}



	return 0;

}
@@ -1141,14 +1149,6 @@ static const struct xfrmdev_ops mlx5e_ipsec_xfrmdev_ops = { 
	.xdo_dev_state_free	= mlx5e_xfrm_free_state,

	.xdo_dev_offload_ok	= mlx5e_ipsec_offload_ok,

	.xdo_dev_state_advance_esn = mlx5e_xfrm_advance_esn_state,

};



static const struct xfrmdev_ops mlx5e_ipsec_packet_xfrmdev_ops = {

	.xdo_dev_state_add	= mlx5e_xfrm_add_state,

	.xdo_dev_state_delete	= mlx5e_xfrm_del_state,

	.xdo_dev_state_free	= mlx5e_xfrm_free_state,

	.xdo_dev_offload_ok	= mlx5e_ipsec_offload_ok,

	.xdo_dev_state_advance_esn = mlx5e_xfrm_advance_esn_state,



	.xdo_dev_state_update_curlft = mlx5e_xfrm_update_curlft,

	.xdo_dev_policy_add = mlx5e_xfrm_add_policy,
@@ -1166,11 +1166,7 @@ void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv) 


	mlx5_core_info(mdev, "mlx5e: IPSec ESP acceleration enabled\n");



	if (mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_PACKET_OFFLOAD)

		netdev->xfrmdev_ops = &mlx5e_ipsec_packet_xfrmdev_ops;

	else

	netdev->xfrmdev_ops = &mlx5e_ipsec_xfrmdev_ops;



	netdev->features |= NETIF_F_HW_ESP;

	netdev->hw_enc_features |= NETIF_F_HW_ESP;

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c

+7 −1
Original line number Diff line number Diff line
@@ -6,6 +6,8 @@ 
#include "ipsec.h"

#include "lib/crypto.h"

#include "lib/ipsec_fs_roce.h"

#include "fs_core.h"

#include "eswitch.h"



enum {

	MLX5_IPSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET,
@@ -38,7 +40,10 @@ u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev) 
	    MLX5_CAP_ETH(mdev, insert_trailer) && MLX5_CAP_ETH(mdev, swp))

		caps |= MLX5_IPSEC_CAP_CRYPTO;



	if (MLX5_CAP_IPSEC(mdev, ipsec_full_offload)) {

	if (MLX5_CAP_IPSEC(mdev, ipsec_full_offload) &&

	    (mdev->priv.steering->mode == MLX5_FLOW_STEERING_MODE_DMFS ||

	     (mdev->priv.steering->mode == MLX5_FLOW_STEERING_MODE_SMFS &&

	     is_mdev_legacy_mode(mdev)))) {

		if (MLX5_CAP_FLOWTABLE_NIC_TX(mdev,

					      reformat_add_esp_trasport) &&

		    MLX5_CAP_FLOWTABLE_NIC_RX(mdev,
@@ -559,6 +564,7 @@ void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec) 
	dma_unmap_single(pdev, aso->dma_addr, sizeof(aso->ctx),

			 DMA_BIDIRECTIONAL);

	kfree(aso);

	ipsec->aso = NULL;

}



static void mlx5e_ipsec_aso_copy(struct mlx5_wqe_aso_ctrl_seg *ctrl,