net/mlx5e: macsec: use update_pn flag instead of PN comparation

When updating the SA, use the new update_pn flags instead of comparing the
new PN with the initial one.

Comparing the initial PN value with the new value will allow the user
to update the SA using the initial PN value as a parameter like this:
$ ip macsec add macsec0 tx sa 0 pn 1 on key 00 \
ead3664f508eb06c40ac7104cdae4ce5
$ ip macsec set macsec0 tx sa 0 pn 1 off

Fixes: 8ff0ac5be144 ("net/mlx5: Add MACsec offload Tx command support")
Fixes: aae3454e4d4c ("net/mlx5e: Add MACsec offload Rx command support")
Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
index c9c1db9..d4ebd87 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
@@ -580,7 +580,7 @@ static int mlx5e_macsec_upd_txsa(struct macsec_context *ctx)
                goto out;
        }
 
-       if (tx_sa->next_pn != ctx_tx_sa->next_pn_halves.lower) {
+       if (ctx->sa.update_pn) {
                netdev_err(netdev, "MACsec offload: update TX sa %d PN isn't supported\n",
                           assoc_num);
                err = -EINVAL;
@@ -973,7 +973,7 @@ static int mlx5e_macsec_upd_rxsa(struct macsec_context *ctx)
                goto out;
        }
 
-       if (rx_sa->next_pn != ctx_rx_sa->next_pn_halves.lower) {
+       if (ctx->sa.update_pn) {
                netdev_err(ctx->netdev,
                           "MACsec offload update RX sa %d PN isn't supported\n",
                           assoc_num);