net/mlx5: Handle IPsec steering upon master unbind/bind

#define mlx5e_state_dereference(priv, p) \

	rcu_dereference_protected((p), lockdep_is_held(&(priv)->state_lock))

enum mlx5e_devcom_events {

	MPV_DEVCOM_MASTER_UP,

	MPV_DEVCOM_MASTER_DOWN,

	MPV_DEVCOM_IPSEC_MASTER_UP,

	MPV_DEVCOM_IPSEC_MASTER_DOWN,

};

static inline u8 mlx5e_get_num_lag_ports(struct mlx5_core_dev *mdev)

{

	if (mlx5_lag_is_lacp_owner(mdev))

	xa_init_flags(&ipsec->sadb, XA_FLAGS_ALLOC);

	ipsec->mdev = priv->mdev;

	init_completion(&ipsec->comp);

	ipsec->wq = alloc_workqueue("mlx5e_ipsec: %s", WQ_UNBOUND, 0,

				    priv->netdev->name);

	if (!ipsec->wq)

#define MLX5E_IPSEC_SADB_RX_BITS 10

#define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L

#define MPV_DEVCOM_MASTER_UP 1

struct aes_gcm_keymat {

	u64   seq_iv;

	enum mlx5_flow_namespace_type chains_ns;

};

struct mlx5e_ipsec_mpv_work {

	int event;

	struct work_struct work;

	struct mlx5e_priv *slave_priv;

	struct mlx5e_priv *master_priv;

};

struct mlx5e_ipsec {

	struct mlx5_core_dev *mdev;

	struct xarray sadb;

	struct mlx5e_ipsec_sw_stats sw_stats;

	struct mlx5e_ipsec_hw_stats hw_stats;

	struct workqueue_struct *wq;

	struct completion comp;

	struct mlx5e_flow_steering *fs;

	struct mlx5e_ipsec_rx *rx_ipv4;

	struct mlx5e_ipsec_rx *rx_ipv6;

	struct notifier_block netevent_nb;

	struct mlx5_ipsec_fs *roce;

	u8 is_uplink_rep: 1;

	struct mlx5e_ipsec_mpv_work mpv_work;

};

struct mlx5e_ipsec_esn_state {

void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,

					struct mlx5_accel_esp_xfrm_attrs *attrs);

void mlx5e_ipsec_handle_mpv_event(int event, struct mlx5e_priv *slave_priv,

				  struct mlx5e_priv *master_priv);

void mlx5e_ipsec_send_event(struct mlx5e_priv *priv, int event);

static inline struct mlx5_core_dev *

mlx5e_ipsec_sa2dev(struct mlx5e_ipsec_sa_entry *sa_entry)

{

{

	return 0;

}

static inline void mlx5e_ipsec_handle_mpv_event(int event, struct mlx5e_priv *slave_priv,

						struct mlx5e_priv *master_priv)

{

}

static inline void mlx5e_ipsec_send_event(struct mlx5e_priv *priv, int event)

{

}

#endif

#endif	/* __MLX5E_IPSEC_H__ */

	return err;

}

static void handle_ipsec_rx_bringup(struct mlx5e_ipsec *ipsec, u32 family)

{

	struct mlx5e_ipsec_rx *rx = ipsec_rx(ipsec, family, XFRM_DEV_OFFLOAD_PACKET);

	struct mlx5_flow_namespace *ns = mlx5e_fs_get_ns(ipsec->fs, false);

	struct mlx5_flow_destination old_dest, new_dest;

	old_dest = mlx5_ttc_get_default_dest(mlx5e_fs_get_ttc(ipsec->fs, false),

					     family2tt(family));

	mlx5_ipsec_fs_roce_rx_create(ipsec->mdev, ipsec->roce, ns, &old_dest, family,

				     MLX5E_ACCEL_FS_ESP_FT_ROCE_LEVEL, MLX5E_NIC_PRIO);

	new_dest.ft = mlx5_ipsec_fs_roce_ft_get(ipsec->roce, family);

	new_dest.type = MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE;

	mlx5_modify_rule_destination(rx->status.rule, &new_dest, &old_dest);

	mlx5_modify_rule_destination(rx->sa.rule, &new_dest, &old_dest);

}

static void handle_ipsec_rx_cleanup(struct mlx5e_ipsec *ipsec, u32 family)

{

	struct mlx5e_ipsec_rx *rx = ipsec_rx(ipsec, family, XFRM_DEV_OFFLOAD_PACKET);

	struct mlx5_flow_destination old_dest, new_dest;

	old_dest.ft = mlx5_ipsec_fs_roce_ft_get(ipsec->roce, family);

	old_dest.type = MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE;

	new_dest = mlx5_ttc_get_default_dest(mlx5e_fs_get_ttc(ipsec->fs, false),

					     family2tt(family));

	mlx5_modify_rule_destination(rx->sa.rule, &new_dest, &old_dest);

	mlx5_modify_rule_destination(rx->status.rule, &new_dest, &old_dest);

	mlx5_ipsec_fs_roce_rx_destroy(ipsec->roce, family, ipsec->mdev);

}

static void ipsec_mpv_work_handler(struct work_struct *_work)

{

	struct mlx5e_ipsec_mpv_work *work = container_of(_work, struct mlx5e_ipsec_mpv_work, work);

	struct mlx5e_ipsec *ipsec = work->slave_priv->ipsec;

	switch (work->event) {

	case MPV_DEVCOM_IPSEC_MASTER_UP:

		mutex_lock(&ipsec->tx->ft.mutex);

		if (ipsec->tx->ft.refcnt)

			mlx5_ipsec_fs_roce_tx_create(ipsec->mdev, ipsec->roce, ipsec->tx->ft.pol,

						     true);

		mutex_unlock(&ipsec->tx->ft.mutex);

		mutex_lock(&ipsec->rx_ipv4->ft.mutex);

		if (ipsec->rx_ipv4->ft.refcnt)

			handle_ipsec_rx_bringup(ipsec, AF_INET);

		mutex_unlock(&ipsec->rx_ipv4->ft.mutex);

		mutex_lock(&ipsec->rx_ipv6->ft.mutex);

		if (ipsec->rx_ipv6->ft.refcnt)

			handle_ipsec_rx_bringup(ipsec, AF_INET6);

		mutex_unlock(&ipsec->rx_ipv6->ft.mutex);

		break;

	case MPV_DEVCOM_IPSEC_MASTER_DOWN:

		mutex_lock(&ipsec->tx->ft.mutex);

		if (ipsec->tx->ft.refcnt)

			mlx5_ipsec_fs_roce_tx_destroy(ipsec->roce, ipsec->mdev);

		mutex_unlock(&ipsec->tx->ft.mutex);

		mutex_lock(&ipsec->rx_ipv4->ft.mutex);

		if (ipsec->rx_ipv4->ft.refcnt)

			handle_ipsec_rx_cleanup(ipsec, AF_INET);

		mutex_unlock(&ipsec->rx_ipv4->ft.mutex);

		mutex_lock(&ipsec->rx_ipv6->ft.mutex);

		if (ipsec->rx_ipv6->ft.refcnt)

			handle_ipsec_rx_cleanup(ipsec, AF_INET6);

		mutex_unlock(&ipsec->rx_ipv6->ft.mutex);

		break;

	}

	complete(&work->master_priv->ipsec->comp);

}

static void ipsec_rx_ft_disconnect(struct mlx5e_ipsec *ipsec, u32 family)

{

	struct mlx5_ttc_table *ttc = mlx5e_fs_get_ttc(ipsec->fs, false);

	}

connect_roce:

	err = mlx5_ipsec_fs_roce_tx_create(mdev, roce, tx->ft.pol);

	err = mlx5_ipsec_fs_roce_tx_create(mdev, roce, tx->ft.pol, false);

	if (err)

		goto err_roce;

	return 0;

		xa_init_flags(&ipsec->rx_esw->ipsec_obj_id_map, XA_FLAGS_ALLOC1);

	} else if (mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_ROCE) {

		ipsec->roce = mlx5_ipsec_fs_roce_init(mdev, devcom);

	} else {

		mlx5_core_warn(mdev, "IPsec was initialized without RoCE support\n");

	}

	return 0;

	return rx->allow_tunnel_mode;

}

void mlx5e_ipsec_handle_mpv_event(int event, struct mlx5e_priv *slave_priv,

				  struct mlx5e_priv *master_priv)

{

	struct mlx5e_ipsec_mpv_work *work;

	reinit_completion(&master_priv->ipsec->comp);

	if (!slave_priv->ipsec) {

		complete(&master_priv->ipsec->comp);

		return;

	}

	work = &slave_priv->ipsec->mpv_work;

	INIT_WORK(&work->work, ipsec_mpv_work_handler);

	work->event = event;

	work->slave_priv = slave_priv;

	work->master_priv = master_priv;

	queue_work(slave_priv->ipsec->wq, &work->work);

}

void mlx5e_ipsec_send_event(struct mlx5e_priv *priv, int event)

{

	if (!priv->ipsec)

		return; /* IPsec not supported */

	mlx5_devcom_send_event(priv->devcom, event, event, priv);

	wait_for_completion(&priv->ipsec->comp);

}

#include "en.h"

#include "ipsec.h"

#include "lib/crypto.h"

#include "lib/ipsec_fs_roce.h"

enum {

	MLX5_IPSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET,

			caps |= MLX5_IPSEC_CAP_ESPINUDP;

	}

	if (mlx5_get_roce_state(mdev) &&

	if (mlx5_get_roce_state(mdev) && mlx5_ipsec_fs_is_mpv_roce_supported(mdev) &&

	    MLX5_CAP_GEN_2(mdev, flow_table_type_2_type) & MLX5_FT_NIC_RX_2_NIC_RX_RDMA &&

	    MLX5_CAP_GEN_2(mdev, flow_table_type_2_type) & MLX5_FT_NIC_TX_RDMA_2_NIC_TX)

		caps |= MLX5_IPSEC_CAP_ROCE;