From bdfd2d1fa79acd03e18d1683419572f3682b39fd Mon Sep 17 00:00:00 2001 From: Jarod Wilson Date: Tue, 23 Jun 2020 16:40:01 -0400 Subject: [PATCH] bonding/xfrm: use real_dev instead of slave_dev Rather than requiring every hw crypto capable NIC driver to do a check for slave_dev being set, set real_dev in the xfrm layer and xso init time, and then override it in the bonding driver as needed. Then NIC drivers can always use real_dev, and at the same time, we eliminate the use of a variable name that probably shouldn't have been used in the first place, particularly given recent current events. CC: Boris Pismenny CC: Saeed Mahameed CC: Leon Romanovsky CC: Jay Vosburgh CC: Veaceslav Falico CC: Andy Gospodarek CC: "David S. Miller" CC: Jeff Kirsher CC: Jakub Kicinski CC: Steffen Klassert CC: Herbert Xu CC: netdev@vger.kernel.org Suggested-by: Saeed Mahameed Signed-off-by: Jarod Wilson Signed-off-by: David S. Miller --- drivers/net/bonding/bond_main.c | 6 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 47 ++++++---------------- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 10 +---- include/net/xfrm.h | 2 +- net/xfrm/xfrm_device.c | 5 ++- 5 files changed, 21 insertions(+), 49 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 90939cc..4ef99ef 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -386,7 +386,7 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs) struct bonding *bond = netdev_priv(bond_dev); struct slave *slave = rtnl_dereference(bond->curr_active_slave); - xs->xso.slave_dev = slave->dev; + xs->xso.real_dev = slave->dev; bond->xs = xs; if (!(slave->dev->xfrmdev_ops @@ -411,7 +411,7 @@ static void bond_ipsec_del_sa(struct xfrm_state *xs) if (!slave) return; - xs->xso.slave_dev = slave->dev; + xs->xso.real_dev = slave->dev; if (!(slave->dev->xfrmdev_ops && slave->dev->xfrmdev_ops->xdo_dev_state_delete)) { @@ -440,7 +440,7 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs) return false; } - xs->xso.slave_dev = slave_dev; + xs->xso.real_dev = slave_dev; return slave_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs); } diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index 26b0a58..6516980 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -427,14 +427,11 @@ static struct xfrm_state *ixgbe_ipsec_find_rx_state(struct ixgbe_ipsec *ipsec, static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs, u32 *mykey, u32 *mysalt) { - struct net_device *dev = xs->xso.dev; + struct net_device *dev = xs->xso.real_dev; unsigned char *key_data; char *alg_name = NULL; int key_len; - if (xs->xso.slave_dev) - dev = xs->xso.slave_dev; - if (!xs->aead) { netdev_err(dev, "Unsupported IPsec algorithm\n"); return -EINVAL; @@ -480,9 +477,9 @@ static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs, **/ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs) { - struct net_device *dev = xs->xso.dev; - struct ixgbe_adapter *adapter; - struct ixgbe_hw *hw; + struct net_device *dev = xs->xso.real_dev; + struct ixgbe_adapter *adapter = netdev_priv(dev); + struct ixgbe_hw *hw = &adapter->hw; u32 mfval, manc, reg; int num_filters = 4; bool manc_ipv4; @@ -500,12 +497,6 @@ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs) #define BMCIP_V6 0x3 #define BMCIP_MASK 0x3 - if (xs->xso.slave_dev) - dev = xs->xso.slave_dev; - - adapter = netdev_priv(dev); - hw = &adapter->hw; - manc = IXGBE_READ_REG(hw, IXGBE_MANC); manc_ipv4 = !!(manc & MANC_EN_IPV4_FILTER); mfval = IXGBE_READ_REG(hw, IXGBE_MFVAL); @@ -569,22 +560,15 @@ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs) **/ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs) { - struct net_device *dev = xs->xso.dev; - struct ixgbe_adapter *adapter; - struct ixgbe_ipsec *ipsec; - struct ixgbe_hw *hw; + struct net_device *dev = xs->xso.real_dev; + struct ixgbe_adapter *adapter = netdev_priv(dev); + struct ixgbe_ipsec *ipsec = adapter->ipsec; + struct ixgbe_hw *hw = &adapter->hw; int checked, match, first; u16 sa_idx; int ret; int i; - if (xs->xso.slave_dev) - dev = xs->xso.slave_dev; - - adapter = netdev_priv(dev); - ipsec = adapter->ipsec; - hw = &adapter->hw; - if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) { netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n", xs->id.proto); @@ -761,20 +745,13 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs) **/ static void ixgbe_ipsec_del_sa(struct xfrm_state *xs) { - struct net_device *dev = xs->xso.dev; - struct ixgbe_adapter *adapter; - struct ixgbe_ipsec *ipsec; - struct ixgbe_hw *hw; + struct net_device *dev = xs->xso.real_dev; + struct ixgbe_adapter *adapter = netdev_priv(dev); + struct ixgbe_ipsec *ipsec = adapter->ipsec; + struct ixgbe_hw *hw = &adapter->hw; u32 zerobuf[4] = {0, 0, 0, 0}; u16 sa_idx; - if (xs->xso.slave_dev) - dev = xs->xso.slave_dev; - - adapter = netdev_priv(dev); - ipsec = adapter->ipsec; - hw = &adapter->hw; - if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) { struct rx_sa *rsa; u8 ipi; diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c index 72ad666..bc55c82 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c @@ -207,12 +207,9 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry, static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) { - struct net_device *netdev = x->xso.dev; + struct net_device *netdev = x->xso.real_dev; struct mlx5e_priv *priv; - if (x->xso.slave_dev) - netdev = x->xso.slave_dev; - priv = netdev_priv(netdev); if (x->props.aalgo != SADB_AALG_NONE) { @@ -288,15 +285,12 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) static int mlx5e_xfrm_add_state(struct xfrm_state *x) { struct mlx5e_ipsec_sa_entry *sa_entry = NULL; - struct net_device *netdev = x->xso.dev; + struct net_device *netdev = x->xso.real_dev; struct mlx5_accel_esp_xfrm_attrs attrs; struct mlx5e_priv *priv; unsigned int sa_handle; int err; - if (x->xso.slave_dev) - netdev = x->xso.slave_dev; - priv = netdev_priv(netdev); err = mlx5e_xfrm_validate_state(x); diff --git a/include/net/xfrm.h b/include/net/xfrm.h index e20b2b2..e648c9e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -127,7 +127,7 @@ struct xfrm_state_walk { struct xfrm_state_offload { struct net_device *dev; - struct net_device *slave_dev; + struct net_device *real_dev; unsigned long offload_handle; unsigned int num_exthdrs; u8 flags; diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index b8918fc..7b64bb6 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -120,8 +120,8 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND) return skb; - /* This skb was already validated on the master dev */ - if ((x->xso.dev != dev) && (x->xso.slave_dev == dev)) + /* This skb was already validated on the upper/virtual dev */ + if ((x->xso.dev != dev) && (x->xso.real_dev == dev)) return skb; local_irq_save(flags); @@ -259,6 +259,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, } xso->dev = dev; + xso->real_dev = dev; xso->num_exthdrs = 1; xso->flags = xuo->flags; -- 2.7.4