projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 35b4b6d 58dbd64)
Merge branch 'mlx5-next' of https://git.kernel.org/pub/scm/linux/kernel/git/mellanox...
authorJakub Kicinski <kuba@kernel.org>
Thu, 24 Aug 2023 18:32:17 +0000 (11:32 -0700)
committerJakub Kicinski <kuba@kernel.org>
Thu, 24 Aug 2023 18:32:18 +0000 (11:32 -0700)
Leon Romanovsky says:

====================
mlx5 MACsec RoCEv2 support

From Patrisious:

This series extends previously added MACsec offload support
to cover RoCE traffic either.

In order to achieve that, we need configure MACsec with offload between
the two endpoints, like below:

REMOTE_MAC=10:70:fd:43:71:c0

* ip addr add 1.1.1.1/16 dev eth2
* ip link set dev eth2 up
* ip link add link eth2 macsec0 type macsec encrypt on
* ip macsec offload macsec0 mac
* ip macsec add macsec0 tx sa 0 pn 1 on key 00 dffafc8d7b9a43d5b9a3dfbbf6a30c16
* ip macsec add macsec0 rx port 1 address $REMOTE_MAC
* ip macsec add macsec0 rx port 1 address $REMOTE_MAC sa 0 pn 1 on key 01 ead3664f508eb06c40ac7104cdae4ce5
* ip addr add 10.1.0.1/16 dev macsec0
* ip link set dev macsec0 up

And in a similar manner on the other machine, while noting the keys order
would be reversed and the MAC address of the other machine.

RDMA traffic is separated through relevant GID entries and in case
of IP ambiguity issue - meaning we have a physical GIDs and a MACsec
GIDs with the same IP/GID, we disable our physical GID in order
to force the user to only use the MACsec GID.

v0: https://lore.kernel.org/netdev/20230813064703.574082-1-leon@kernel.org/

* 'mlx5-next' of https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux:
  RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion
  net/mlx5: Add RoCE MACsec steering infrastructure in core
  net/mlx5: Configure MACsec steering for ingress RoCEv2 traffic
  net/mlx5: Configure MACsec steering for egress RoCEv2 traffic
  IB/core: Reorder GID delete code for RoCE
  net/mlx5: Add MACsec priorities in RDMA namespaces
  RDMA/mlx5: Implement MACsec gid addition and deletion
  net/mlx5: Maintain fs_id xarray per MACsec device inside macsec steering
  net/mlx5: Remove netdevice from MACsec steering
  net/mlx5e: Move MACsec flow steering and statistics database from ethernet to core
  net/mlx5e: Rename MACsec flow steering functions/parameters to suit core naming style
  net/mlx5: Remove dependency of macsec flow steering on ethernet
  net/mlx5e: Move MACsec flow steering operations to be used as core library
  macsec: add functions to get macsec real netdevice and check offload
====================

Link: https://lore.kernel.org/r/20230821073833.59042-1-leon@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
1  2 
drivers/infiniband/hw/mlx5/main.c patch | diff1 | diff2 | blob | history
drivers/net/ethernet/mellanox/mlx5/core/Kconfig patch | diff1 | diff2 | blob | history
drivers/net/ethernet/mellanox/mlx5/core/Makefile patch | diff1 | diff2 | blob | history
drivers/net/ethernet/mellanox/mlx5/core/en.h patch | diff1 | diff2 | blob | history
drivers/net/ethernet/mellanox/mlx5/core/en_stats.c patch | diff1 | diff2 | blob | history
drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c patch | diff1 | diff2 | blob | history
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c patch | diff1 | diff2 | blob | history
drivers/net/macsec.c patch | diff1 | diff2 | blob | history
include/linux/mlx5/device.h patch | diff1 | diff2 | blob | history
include/linux/mlx5/driver.h patch | diff1 | diff2 | blob | history
include/linux/mlx5/fs.h patch | diff1 | diff2 | blob | history

diff --cc drivers/infiniband/hw/mlx5/main.c
Simple merge
diff --cc drivers/net/macsec.c
Simple merge
diff --cc include/linux/mlx5/device.h
Simple merge
diff --cc include/linux/mlx5/driver.h
index c9d82e7,728bcd6..e95f100
--- 1/include/linux/mlx5/driver.h
--- 2/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@@ -727,7 -725,7 +727,6 @@@ struct mlx5_fw_tracer
  struct mlx5_vxlan;
  struct mlx5_geneve;
  struct mlx5_hv_vhca;
--struct mlx5_thermal;
  
  #define MLX5_LOG_SW_ICM_BLOCK_SIZE(dev) (MLX5_CAP_DEV_MEM(dev, log_sw_icm_alloc_granularity))
  #define MLX5_SW_ICM_BLOCK_SIZE(dev) (1 << MLX5_LOG_SW_ICM_BLOCK_SIZE(dev))
@@@ -806,9 -804,12 +805,14 @@@ struct mlx5_core_dev 
        struct mlx5_rsc_dump    *rsc_dump;
        u32                      vsc_addr;
        struct mlx5_hv_vhca     *hv_vhca;
 -      struct mlx5_thermal     *thermal;
 +      struct mlx5_hwmon       *hwmon;
 +      u64                     num_block_tc;
 +      u64                     num_block_ipsec;
+ #ifdef CONFIG_MLX5_MACSEC
+       struct mlx5_macsec_fs *macsec_fs;
+       /* MACsec notifier chain to sync MACsec core and IB database */
+       struct blocking_notifier_head macsec_nh;
+ #endif
  };
  
  struct mlx5_db {
diff --cc include/linux/mlx5/fs.h
Simple merge
Domain: System / Kernel;