tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
xfrm: Add explicit dev to .xdo_dev_state_{add,delete,free}
Previously, device driver IPSec offload implementations would fall into
two categories:
1. Those that used xso.dev to determine the offload device.
2. Those that used xso.real_dev to determine the offload device.
The first category didn't work with bonding while the second did.
In a non-bonding setup the two pointers are the same.
This commit adds explicit pointers for the offload netdevice to
.xdo_dev_state_add() / .xdo_dev_state_delete() / .xdo_dev_state_free()
which eliminates the confusion and allows drivers from the first
category to work with bonding.
xso.real_dev now becomes a private pointer managed by the bonding
driver.
Signed-off-by: Cosmin Ratiu <cratiu@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
authored by
Cosmin Ratiu
and committed by
Steffen Klassert
43eca05b
d53dda29
+136
-99
+7
-3
Documentation/networking/xfrm_device.rst
+7
-3
Documentation/networking/xfrm_device.rst
···
65
65
/* from include/linux/netdevice.h */
66
66
struct xfrmdev_ops {
67
67
/* Crypto and Packet offload callbacks */
68
-
int (*xdo_dev_state_add) (struct xfrm_state *x, struct netlink_ext_ack *extack);
69
-
void (*xdo_dev_state_delete) (struct xfrm_state *x);
70
-
void (*xdo_dev_state_free) (struct xfrm_state *x);
68
+
int (*xdo_dev_state_add)(struct net_device *dev,
69
+
struct xfrm_state *x,
70
+
struct netlink_ext_ack *extack);
71
+
void (*xdo_dev_state_delete)(struct net_device *dev,
72
+
struct xfrm_state *x);
73
+
void (*xdo_dev_state_free)(struct net_device *dev,
74
+
struct xfrm_state *x);
71
75
bool (*xdo_dev_offload_ok) (struct sk_buff *skb,
72
76
struct xfrm_state *x);
73
77
void (*xdo_dev_state_advance_esn) (struct xfrm_state *x);
+19
-14
drivers/net/bonding/bond_main.c
+19
-14
drivers/net/bonding/bond_main.c
···
453
453
454
454
/**
455
455
* bond_ipsec_add_sa - program device with a security association
456
+
* @bond_dev: pointer to the bond net device
456
457
* @xs: pointer to transformer state struct
457
458
* @extack: extack point to fill failure reason
458
459
**/
459
-
static int bond_ipsec_add_sa(struct xfrm_state *xs,
460
+
static int bond_ipsec_add_sa(struct net_device *bond_dev,
461
+
struct xfrm_state *xs,
460
462
struct netlink_ext_ack *extack)
461
463
{
462
-
struct net_device *bond_dev = xs->xso.dev;
463
464
struct net_device *real_dev;
464
465
netdevice_tracker tracker;
465
466
struct bond_ipsec *ipsec;
···
497
496
}
498
497
499
498
xs->xso.real_dev = real_dev;
500
-
err = real_dev->xfrmdev_ops->xdo_dev_state_add(xs, extack);
499
+
err = real_dev->xfrmdev_ops->xdo_dev_state_add(real_dev, xs, extack);
501
500
if (!err) {
502
501
ipsec->xs = xs;
503
502
INIT_LIST_HEAD(&ipsec->list);
···
541
540
continue;
542
541
543
542
ipsec->xs->xso.real_dev = real_dev;
544
-
if (real_dev->xfrmdev_ops->xdo_dev_state_add(ipsec->xs, NULL)) {
543
+
if (real_dev->xfrmdev_ops->xdo_dev_state_add(real_dev,
544
+
ipsec->xs, NULL)) {
545
545
slave_warn(bond_dev, real_dev, "%s: failed to add SA\n", __func__);
546
546
ipsec->xs->xso.real_dev = NULL;
547
547
}
···
553
551
554
552
/**
555
553
* bond_ipsec_del_sa - clear out this specific SA
554
+
* @bond_dev: pointer to the bond net device
556
555
* @xs: pointer to transformer state struct
557
556
**/
558
-
static void bond_ipsec_del_sa(struct xfrm_state *xs)
557
+
static void bond_ipsec_del_sa(struct net_device *bond_dev,
558
+
struct xfrm_state *xs)
559
559
{
560
-
struct net_device *bond_dev = xs->xso.dev;
561
560
struct net_device *real_dev;
562
561
netdevice_tracker tracker;
563
562
struct bond_ipsec *ipsec;
···
590
587
goto out;
591
588
}
592
589
593
-
real_dev->xfrmdev_ops->xdo_dev_state_delete(xs);
590
+
real_dev->xfrmdev_ops->xdo_dev_state_delete(real_dev, xs);
594
591
out:
595
592
netdev_put(real_dev, &tracker);
596
593
mutex_lock(&bond->ipsec_lock);
···
627
624
slave_warn(bond_dev, real_dev,
628
625
"%s: no slave xdo_dev_state_delete\n",
629
626
__func__);
630
-
} else {
631
-
real_dev->xfrmdev_ops->xdo_dev_state_delete(ipsec->xs);
632
-
if (real_dev->xfrmdev_ops->xdo_dev_state_free)
633
-
real_dev->xfrmdev_ops->xdo_dev_state_free(ipsec->xs);
627
+
continue;
634
628
}
629
+
real_dev->xfrmdev_ops->xdo_dev_state_delete(real_dev,
630
+
ipsec->xs);
631
+
if (real_dev->xfrmdev_ops->xdo_dev_state_free)
632
+
real_dev->xfrmdev_ops->xdo_dev_state_free(real_dev,
633
+
ipsec->xs);
635
634
}
636
635
mutex_unlock(&bond->ipsec_lock);
637
636
}
638
637
639
-
static void bond_ipsec_free_sa(struct xfrm_state *xs)
638
+
static void bond_ipsec_free_sa(struct net_device *bond_dev,
639
+
struct xfrm_state *xs)
640
640
{
641
-
struct net_device *bond_dev = xs->xso.dev;
642
641
struct net_device *real_dev;
643
642
netdevice_tracker tracker;
644
643
struct bonding *bond;
···
666
661
667
662
if (real_dev && real_dev->xfrmdev_ops &&
668
663
real_dev->xfrmdev_ops->xdo_dev_state_free)
669
-
real_dev->xfrmdev_ops->xdo_dev_state_free(xs);
664
+
real_dev->xfrmdev_ops->xdo_dev_state_free(real_dev, xs);
670
665
out:
671
666
netdev_put(real_dev, &tracker);
672
667
}
+11
-9
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+11
-9
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
···
6480
6480
6481
6481
#if IS_ENABLED(CONFIG_CHELSIO_IPSEC_INLINE)
6482
6482
6483
-
static int cxgb4_xfrm_add_state(struct xfrm_state *x,
6483
+
static int cxgb4_xfrm_add_state(struct net_device *dev,
6484
+
struct xfrm_state *x,
6484
6485
struct netlink_ext_ack *extack)
6485
6486
{
6486
-
struct adapter *adap = netdev2adap(x->xso.dev);
6487
+
struct adapter *adap = netdev2adap(dev);
6487
6488
int ret;
6488
6489
6489
6490
if (!mutex_trylock(&uld_mutex)) {
···
6495
6494
if (ret)
6496
6495
goto out_unlock;
6497
6496
6498
-
ret = adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_add(x, extack);
6497
+
ret = adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_add(dev, x,
6498
+
extack);
6499
6499
6500
6500
out_unlock:
6501
6501
mutex_unlock(&uld_mutex);
···
6504
6502
return ret;
6505
6503
}
6506
6504
6507
-
static void cxgb4_xfrm_del_state(struct xfrm_state *x)
6505
+
static void cxgb4_xfrm_del_state(struct net_device *dev, struct xfrm_state *x)
6508
6506
{
6509
-
struct adapter *adap = netdev2adap(x->xso.dev);
6507
+
struct adapter *adap = netdev2adap(dev);
6510
6508
6511
6509
if (!mutex_trylock(&uld_mutex)) {
6512
6510
dev_dbg(adap->pdev_dev,
···
6516
6514
if (chcr_offload_state(adap, CXGB4_XFRMDEV_OPS))
6517
6515
goto out_unlock;
6518
6516
6519
-
adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_delete(x);
6517
+
adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_delete(dev, x);
6520
6518
6521
6519
out_unlock:
6522
6520
mutex_unlock(&uld_mutex);
6523
6521
}
6524
6522
6525
-
static void cxgb4_xfrm_free_state(struct xfrm_state *x)
6523
+
static void cxgb4_xfrm_free_state(struct net_device *dev, struct xfrm_state *x)
6526
6524
{
6527
-
struct adapter *adap = netdev2adap(x->xso.dev);
6525
+
struct adapter *adap = netdev2adap(dev);
6528
6526
6529
6527
if (!mutex_trylock(&uld_mutex)) {
6530
6528
dev_dbg(adap->pdev_dev,
···
6534
6532
if (chcr_offload_state(adap, CXGB4_XFRMDEV_OPS))
6535
6533
goto out_unlock;
6536
6534
6537
-
adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_free(x);
6535
+
adap->uld[CXGB4_ULD_IPSEC].xfrmdev_ops->xdo_dev_state_free(dev, x);
6538
6536
6539
6537
out_unlock:
6540
6538
mutex_unlock(&uld_mutex);
+12
-6
drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
+12
-6
drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
···
75
75
static int ch_ipsec_xmit(struct sk_buff *skb, struct net_device *dev);
76
76
static void *ch_ipsec_uld_add(const struct cxgb4_lld_info *infop);
77
77
static void ch_ipsec_advance_esn_state(struct xfrm_state *x);
78
-
static void ch_ipsec_xfrm_free_state(struct xfrm_state *x);
79
-
static void ch_ipsec_xfrm_del_state(struct xfrm_state *x);
80
-
static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
78
+
static void ch_ipsec_xfrm_free_state(struct net_device *dev,
79
+
struct xfrm_state *x);
80
+
static void ch_ipsec_xfrm_del_state(struct net_device *dev,
81
+
struct xfrm_state *x);
82
+
static int ch_ipsec_xfrm_add_state(struct net_device *dev,
83
+
struct xfrm_state *x,
81
84
struct netlink_ext_ack *extack);
82
85
83
86
static const struct xfrmdev_ops ch_ipsec_xfrmdev_ops = {
···
226
223
* returns 0 on success, negative error if failed to send message to FPGA
227
224
* positive error if FPGA returned a bad response
228
225
*/
229
-
static int ch_ipsec_xfrm_add_state(struct xfrm_state *x,
226
+
static int ch_ipsec_xfrm_add_state(struct net_device *dev,
227
+
struct xfrm_state *x,
230
228
struct netlink_ext_ack *extack)
231
229
{
232
230
struct ipsec_sa_entry *sa_entry;
···
306
302
return res;
307
303
}
308
304
309
-
static void ch_ipsec_xfrm_del_state(struct xfrm_state *x)
305
+
static void ch_ipsec_xfrm_del_state(struct net_device *dev,
306
+
struct xfrm_state *x)
310
307
{
311
308
/* do nothing */
312
309
if (!x->xso.offload_handle)
313
310
return;
314
311
}
315
312
316
-
static void ch_ipsec_xfrm_free_state(struct xfrm_state *x)
313
+
static void ch_ipsec_xfrm_free_state(struct net_device *dev,
314
+
struct xfrm_state *x)
317
315
{
318
316
struct ipsec_sa_entry *sa_entry;
319
317
+23
-18
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+23
-18
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
···
9
9
#define IXGBE_IPSEC_KEY_BITS 160
10
10
static const char aes_gcm_name[] = "rfc4106(gcm(aes))";
11
11
12
-
static void ixgbe_ipsec_del_sa(struct xfrm_state *xs);
12
+
static void ixgbe_ipsec_del_sa(struct net_device *dev, struct xfrm_state *xs);
13
13
14
14
/**
15
15
* ixgbe_ipsec_set_tx_sa - set the Tx SA registers
···
321
321
322
322
if (r->used) {
323
323
if (r->mode & IXGBE_RXTXMOD_VF)
324
-
ixgbe_ipsec_del_sa(r->xs);
324
+
ixgbe_ipsec_del_sa(adapter->netdev, r->xs);
325
325
else
326
326
ixgbe_ipsec_set_rx_sa(hw, i, r->xs->id.spi,
327
327
r->key, r->salt,
···
330
330
331
331
if (t->used) {
332
332
if (t->mode & IXGBE_RXTXMOD_VF)
333
-
ixgbe_ipsec_del_sa(t->xs);
333
+
ixgbe_ipsec_del_sa(adapter->netdev, t->xs);
334
334
else
335
335
ixgbe_ipsec_set_tx_sa(hw, i, t->key, t->salt);
336
336
}
···
417
417
418
418
/**
419
419
* ixgbe_ipsec_parse_proto_keys - find the key and salt based on the protocol
420
+
* @dev: pointer to net device
420
421
* @xs: pointer to xfrm_state struct
421
422
* @mykey: pointer to key array to populate
422
423
* @mysalt: pointer to salt value to populate
···
425
424
* This copies the protocol keys and salt to our own data tables. The
426
425
* 82599 family only supports the one algorithm.
427
426
**/
428
-
static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs,
427
+
static int ixgbe_ipsec_parse_proto_keys(struct net_device *dev,
428
+
struct xfrm_state *xs,
429
429
u32 *mykey, u32 *mysalt)
430
430
{
431
-
struct net_device *dev = xs->xso.real_dev;
432
431
unsigned char *key_data;
433
432
char *alg_name = NULL;
434
433
int key_len;
···
474
473
475
474
/**
476
475
* ixgbe_ipsec_check_mgmt_ip - make sure there is no clash with mgmt IP filters
476
+
* @dev: pointer to net device
477
477
* @xs: pointer to transformer state struct
478
478
**/
479
-
static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)
479
+
static int ixgbe_ipsec_check_mgmt_ip(struct net_device *dev,
480
+
struct xfrm_state *xs)
480
481
{
481
-
struct net_device *dev = xs->xso.real_dev;
482
482
struct ixgbe_adapter *adapter = netdev_priv(dev);
483
483
struct ixgbe_hw *hw = &adapter->hw;
484
484
u32 mfval, manc, reg;
···
558
556
559
557
/**
560
558
* ixgbe_ipsec_add_sa - program device with a security association
559
+
* @dev: pointer to device to program
561
560
* @xs: pointer to transformer state struct
562
561
* @extack: extack point to fill failure reason
563
562
**/
564
-
static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
563
+
static int ixgbe_ipsec_add_sa(struct net_device *dev,
564
+
struct xfrm_state *xs,
565
565
struct netlink_ext_ack *extack)
566
566
{
567
-
struct net_device *dev = xs->xso.real_dev;
568
567
struct ixgbe_adapter *adapter = netdev_priv(dev);
569
568
struct ixgbe_ipsec *ipsec = adapter->ipsec;
570
569
struct ixgbe_hw *hw = &adapter->hw;
···
584
581
return -EINVAL;
585
582
}
586
583
587
-
if (ixgbe_ipsec_check_mgmt_ip(xs)) {
584
+
if (ixgbe_ipsec_check_mgmt_ip(dev, xs)) {
588
585
NL_SET_ERR_MSG_MOD(extack, "IPsec IP addr clash with mgmt filters");
589
586
return -EINVAL;
590
587
}
···
618
615
rsa.decrypt = xs->ealg || xs->aead;
619
616
620
617
/* get the key and salt */
621
-
ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
618
+
ret = ixgbe_ipsec_parse_proto_keys(dev, xs, rsa.key, &rsa.salt);
622
619
if (ret) {
623
620
NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Rx SA table");
624
621
return ret;
···
727
724
if (xs->id.proto & IPPROTO_ESP)
728
725
tsa.encrypt = xs->ealg || xs->aead;
729
726
730
-
ret = ixgbe_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);
727
+
ret = ixgbe_ipsec_parse_proto_keys(dev, xs, tsa.key, &tsa.salt);
731
728
if (ret) {
732
729
NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Tx SA table");
733
730
memset(&tsa, 0, sizeof(tsa));
···
755
752
756
753
/**
757
754
* ixgbe_ipsec_del_sa - clear out this specific SA
755
+
* @dev: pointer to device to program
758
756
* @xs: pointer to transformer state struct
759
757
**/
760
-
static void ixgbe_ipsec_del_sa(struct xfrm_state *xs)
758
+
static void ixgbe_ipsec_del_sa(struct net_device *dev, struct xfrm_state *xs)
761
759
{
762
-
struct net_device *dev = xs->xso.real_dev;
763
760
struct ixgbe_adapter *adapter = netdev_priv(dev);
764
761
struct ixgbe_ipsec *ipsec = adapter->ipsec;
765
762
struct ixgbe_hw *hw = &adapter->hw;
···
844
841
continue;
845
842
if (ipsec->rx_tbl[i].mode & IXGBE_RXTXMOD_VF &&
846
843
ipsec->rx_tbl[i].vf == vf)
847
-
ixgbe_ipsec_del_sa(ipsec->rx_tbl[i].xs);
844
+
ixgbe_ipsec_del_sa(adapter->netdev,
845
+
ipsec->rx_tbl[i].xs);
848
846
}
849
847
850
848
/* search tx sa table */
···
854
850
continue;
855
851
if (ipsec->tx_tbl[i].mode & IXGBE_RXTXMOD_VF &&
856
852
ipsec->tx_tbl[i].vf == vf)
857
-
ixgbe_ipsec_del_sa(ipsec->tx_tbl[i].xs);
853
+
ixgbe_ipsec_del_sa(adapter->netdev,
854
+
ipsec->tx_tbl[i].xs);
858
855
}
859
856
}
860
857
···
935
930
memcpy(xs->aead->alg_name, aes_gcm_name, sizeof(aes_gcm_name));
936
931
937
932
/* set up the HW offload */
938
-
err = ixgbe_ipsec_add_sa(xs, NULL);
933
+
err = ixgbe_ipsec_add_sa(adapter->netdev, xs, NULL);
939
934
if (err)
940
935
goto err_aead;
941
936
···
1039
1034
xs = ipsec->tx_tbl[sa_idx].xs;
1040
1035
}
1041
1036
1042
-
ixgbe_ipsec_del_sa(xs);
1037
+
ixgbe_ipsec_del_sa(adapter->netdev, xs);
1043
1038
1044
1039
/* remove the xs that was made-up in the add request */
1045
1040
kfree_sensitive(xs);
+13
-8
drivers/net/ethernet/intel/ixgbevf/ipsec.c
+13
-8
drivers/net/ethernet/intel/ixgbevf/ipsec.c
···
201
201
202
202
/**
203
203
* ixgbevf_ipsec_parse_proto_keys - find the key and salt based on the protocol
204
+
* @dev: pointer to net device to program
204
205
* @xs: pointer to xfrm_state struct
205
206
* @mykey: pointer to key array to populate
206
207
* @mysalt: pointer to salt value to populate
···
209
208
* This copies the protocol keys and salt to our own data tables. The
210
209
* 82599 family only supports the one algorithm.
211
210
**/
212
-
static int ixgbevf_ipsec_parse_proto_keys(struct xfrm_state *xs,
211
+
static int ixgbevf_ipsec_parse_proto_keys(struct net_device *dev,
212
+
struct xfrm_state *xs,
213
213
u32 *mykey, u32 *mysalt)
214
214
{
215
-
struct net_device *dev = xs->xso.real_dev;
216
215
unsigned char *key_data;
217
216
char *alg_name = NULL;
218
217
int key_len;
···
257
256
258
257
/**
259
258
* ixgbevf_ipsec_add_sa - program device with a security association
259
+
* @dev: pointer to net device to program
260
260
* @xs: pointer to transformer state struct
261
261
* @extack: extack point to fill failure reason
262
262
**/
263
-
static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs,
263
+
static int ixgbevf_ipsec_add_sa(struct net_device *dev,
264
+
struct xfrm_state *xs,
264
265
struct netlink_ext_ack *extack)
265
266
{
266
-
struct net_device *dev = xs->xso.real_dev;
267
267
struct ixgbevf_adapter *adapter;
268
268
struct ixgbevf_ipsec *ipsec;
269
269
u16 sa_idx;
···
312
310
rsa.decrypt = xs->ealg || xs->aead;
313
311
314
312
/* get the key and salt */
315
-
ret = ixgbevf_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
313
+
ret = ixgbevf_ipsec_parse_proto_keys(dev, xs, rsa.key,
314
+
&rsa.salt);
316
315
if (ret) {
317
316
NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Rx SA table");
318
317
return ret;
···
366
363
if (xs->id.proto & IPPROTO_ESP)
367
364
tsa.encrypt = xs->ealg || xs->aead;
368
365
369
-
ret = ixgbevf_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);
366
+
ret = ixgbevf_ipsec_parse_proto_keys(dev, xs, tsa.key,
367
+
&tsa.salt);
370
368
if (ret) {
371
369
NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Tx SA table");
372
370
memset(&tsa, 0, sizeof(tsa));
···
392
388
393
389
/**
394
390
* ixgbevf_ipsec_del_sa - clear out this specific SA
391
+
* @dev: pointer to net device to program
395
392
* @xs: pointer to transformer state struct
396
393
**/
397
-
static void ixgbevf_ipsec_del_sa(struct xfrm_state *xs)
394
+
static void ixgbevf_ipsec_del_sa(struct net_device *dev,
395
+
struct xfrm_state *xs)
398
396
{
399
-
struct net_device *dev = xs->xso.real_dev;
400
397
struct ixgbevf_adapter *adapter;
401
398
struct ixgbevf_ipsec *ipsec;
402
399
u16 sa_idx;
+9
-9
drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
+9
-9
drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
···
663
663
return -EOPNOTSUPP;
664
664
}
665
665
666
-
static int cn10k_ipsec_outb_add_state(struct xfrm_state *x,
666
+
static int cn10k_ipsec_outb_add_state(struct net_device *dev,
667
+
struct xfrm_state *x,
667
668
struct netlink_ext_ack *extack)
668
669
{
669
-
struct net_device *netdev = x->xso.dev;
670
670
struct cn10k_tx_sa_s *sa_entry;
671
671
struct qmem *sa_info;
672
672
struct otx2_nic *pf;
···
676
676
if (err)
677
677
return err;
678
678
679
-
pf = netdev_priv(netdev);
679
+
pf = netdev_priv(dev);
680
680
681
681
err = qmem_alloc(pf->dev, &sa_info, pf->ipsec.sa_size, OTX2_ALIGN);
682
682
if (err)
···
700
700
return 0;
701
701
}
702
702
703
-
static int cn10k_ipsec_add_state(struct xfrm_state *x,
703
+
static int cn10k_ipsec_add_state(struct net_device *dev,
704
+
struct xfrm_state *x,
704
705
struct netlink_ext_ack *extack)
705
706
{
706
707
if (x->xso.dir == XFRM_DEV_OFFLOAD_IN)
707
708
return cn10k_ipsec_inb_add_state(x, extack);
708
709
else
709
-
return cn10k_ipsec_outb_add_state(x, extack);
710
+
return cn10k_ipsec_outb_add_state(dev, x, extack);
710
711
}
711
712
712
-
static void cn10k_ipsec_del_state(struct xfrm_state *x)
713
+
static void cn10k_ipsec_del_state(struct net_device *dev, struct xfrm_state *x)
713
714
{
714
-
struct net_device *netdev = x->xso.dev;
715
715
struct cn10k_tx_sa_s *sa_entry;
716
716
struct qmem *sa_info;
717
717
struct otx2_nic *pf;
···
720
720
if (x->xso.dir == XFRM_DEV_OFFLOAD_IN)
721
721
return;
722
722
723
-
pf = netdev_priv(netdev);
723
+
pf = netdev_priv(dev);
724
724
725
725
sa_info = (struct qmem *)x->xso.offload_handle;
726
726
sa_entry = (struct cn10k_tx_sa_s *)sa_info->base;
···
732
732
733
733
err = cn10k_outb_write_sa(pf, sa_info);
734
734
if (err)
735
-
netdev_err(netdev, "Error (%d) deleting SA\n", err);
735
+
netdev_err(dev, "Error (%d) deleting SA\n", err);
736
736
737
737
x->xso.offload_handle = 0;
738
738
qmem_free(pf->dev, sa_info);
+6
-6
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+6
-6
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
···
689
689
return 0;
690
690
}
691
691
692
-
static int mlx5e_xfrm_add_state(struct xfrm_state *x,
692
+
static int mlx5e_xfrm_add_state(struct net_device *dev,
693
+
struct xfrm_state *x,
693
694
struct netlink_ext_ack *extack)
694
695
{
695
696
struct mlx5e_ipsec_sa_entry *sa_entry = NULL;
696
-
struct net_device *netdev = x->xso.real_dev;
697
697
struct mlx5e_ipsec *ipsec;
698
698
struct mlx5e_priv *priv;
699
699
gfp_t gfp;
700
700
int err;
701
701
702
-
priv = netdev_priv(netdev);
702
+
priv = netdev_priv(dev);
703
703
if (!priv->ipsec)
704
704
return -EOPNOTSUPP;
705
705
···
710
710
return -ENOMEM;
711
711
712
712
sa_entry->x = x;
713
-
sa_entry->dev = netdev;
713
+
sa_entry->dev = dev;
714
714
sa_entry->ipsec = ipsec;
715
715
/* Check if this SA is originated from acquire flow temporary SA */
716
716
if (x->xso.flags & XFRM_DEV_OFFLOAD_FLAG_ACQ)
···
807
807
return err;
808
808
}
809
809
810
-
static void mlx5e_xfrm_del_state(struct xfrm_state *x)
810
+
static void mlx5e_xfrm_del_state(struct net_device *dev, struct xfrm_state *x)
811
811
{
812
812
struct mlx5e_ipsec_sa_entry *sa_entry = to_ipsec_sa_entry(x);
813
813
struct mlx5e_ipsec *ipsec = sa_entry->ipsec;
···
820
820
WARN_ON(old != sa_entry);
821
821
}
822
822
823
-
static void mlx5e_xfrm_free_state(struct xfrm_state *x)
823
+
static void mlx5e_xfrm_free_state(struct net_device *dev, struct xfrm_state *x)
824
824
{
825
825
struct mlx5e_ipsec_sa_entry *sa_entry = to_ipsec_sa_entry(x);
826
826
struct mlx5e_ipsec *ipsec = sa_entry->ipsec;
+5
-6
drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
+5
-6
drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
···
266
266
}
267
267
}
268
268
269
-
static int nfp_net_xfrm_add_state(struct xfrm_state *x,
269
+
static int nfp_net_xfrm_add_state(struct net_device *dev,
270
+
struct xfrm_state *x,
270
271
struct netlink_ext_ack *extack)
271
272
{
272
-
struct net_device *netdev = x->xso.real_dev;
273
273
struct nfp_ipsec_cfg_mssg msg = {};
274
274
int i, key_len, trunc_len, err = 0;
275
275
struct nfp_ipsec_cfg_add_sa *cfg;
276
276
struct nfp_net *nn;
277
277
unsigned int saidx;
278
278
279
-
nn = netdev_priv(netdev);
279
+
nn = netdev_priv(dev);
280
280
cfg = &msg.cfg_add_sa;
281
281
282
282
/* General */
···
546
546
return 0;
547
547
}
548
548
549
-
static void nfp_net_xfrm_del_state(struct xfrm_state *x)
549
+
static void nfp_net_xfrm_del_state(struct net_device *dev, struct xfrm_state *x)
550
550
{
551
551
struct nfp_ipsec_cfg_mssg msg = {
552
552
.cmd = NFP_IPSEC_CFG_MSSG_INV_SA,
553
553
.sa_idx = x->xso.offload_handle - 1,
554
554
};
555
-
struct net_device *netdev = x->xso.real_dev;
556
555
struct nfp_net *nn;
557
556
int err;
558
557
559
-
nn = netdev_priv(netdev);
558
+
nn = netdev_priv(dev);
560
559
err = nfp_net_sched_mbox_amsg_work(nn, NFP_NET_CFG_MBOX_CMD_IPSEC, &msg,
561
560
sizeof(msg), nfp_net_ipsec_cfg);
562
561
if (err)
+7
-8
drivers/net/netdevsim/ipsec.c
+7
-8
drivers/net/netdevsim/ipsec.c
···
85
85
return -ENOSPC;
86
86
}
87
87
88
-
static int nsim_ipsec_parse_proto_keys(struct xfrm_state *xs,
88
+
static int nsim_ipsec_parse_proto_keys(struct net_device *dev,
89
+
struct xfrm_state *xs,
89
90
u32 *mykey, u32 *mysalt)
90
91
{
91
92
const char aes_gcm_name[] = "rfc4106(gcm(aes))";
92
-
struct net_device *dev = xs->xso.real_dev;
93
93
unsigned char *key_data;
94
94
char *alg_name = NULL;
95
95
int key_len;
···
129
129
return 0;
130
130
}
131
131
132
-
static int nsim_ipsec_add_sa(struct xfrm_state *xs,
132
+
static int nsim_ipsec_add_sa(struct net_device *dev,
133
+
struct xfrm_state *xs,
133
134
struct netlink_ext_ack *extack)
134
135
{
135
136
struct nsim_ipsec *ipsec;
136
-
struct net_device *dev;
137
137
struct netdevsim *ns;
138
138
struct nsim_sa sa;
139
139
u16 sa_idx;
140
140
int ret;
141
141
142
-
dev = xs->xso.real_dev;
143
142
ns = netdev_priv(dev);
144
143
ipsec = &ns->ipsec;
145
144
···
173
174
sa.crypt = xs->ealg || xs->aead;
174
175
175
176
/* get the key and salt */
176
-
ret = nsim_ipsec_parse_proto_keys(xs, sa.key, &sa.salt);
177
+
ret = nsim_ipsec_parse_proto_keys(dev, xs, sa.key, &sa.salt);
177
178
if (ret) {
178
179
NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for SA table");
179
180
return ret;
···
199
200
return 0;
200
201
}
201
202
202
-
static void nsim_ipsec_del_sa(struct xfrm_state *xs)
203
+
static void nsim_ipsec_del_sa(struct net_device *dev, struct xfrm_state *xs)
203
204
{
204
-
struct netdevsim *ns = netdev_priv(xs->xso.real_dev);
205
+
struct netdevsim *ns = netdev_priv(dev);
205
206
struct nsim_ipsec *ipsec = &ns->ipsec;
206
207
u16 sa_idx;
207
208
+7
-3
include/linux/netdevice.h
+7
-3
include/linux/netdevice.h
···
1013
1013
1014
1014
#ifdef CONFIG_XFRM_OFFLOAD
1015
1015
struct xfrmdev_ops {
1016
-
int (*xdo_dev_state_add) (struct xfrm_state *x, struct netlink_ext_ack *extack);
1017
-
void (*xdo_dev_state_delete) (struct xfrm_state *x);
1018
-
void (*xdo_dev_state_free) (struct xfrm_state *x);
1016
+
int (*xdo_dev_state_add)(struct net_device *dev,
1017
+
struct xfrm_state *x,
1018
+
struct netlink_ext_ack *extack);
1019
+
void (*xdo_dev_state_delete)(struct net_device *dev,
1020
+
struct xfrm_state *x);
1021
+
void (*xdo_dev_state_free)(struct net_device *dev,
1022
+
struct xfrm_state *x);
1019
1023
bool (*xdo_dev_offload_ok) (struct sk_buff *skb,
1020
1024
struct xfrm_state *x);
1021
1025
void (*xdo_dev_state_advance_esn) (struct xfrm_state *x);
+8
include/net/xfrm.h
+8
include/net/xfrm.h
···
147
147
};
148
148
149
149
struct xfrm_dev_offload {
150
+
/* The device for this offload.
151
+
* Device drivers should not use this directly, as that will prevent
152
+
* them from working with bonding device. Instead, the device passed
153
+
* to the add/delete callbacks should be used.
154
+
*/
150
155
struct net_device *dev;
151
156
netdevice_tracker dev_tracker;
157
+
/* This is a private pointer used by the bonding driver.
158
+
* Device drivers should not use it.
159
+
*/
152
160
struct net_device *real_dev;
153
161
unsigned long offload_handle;
154
162
u8 dir : 2;
+1
-3
net/xfrm/xfrm_device.c
+1
-3
net/xfrm/xfrm_device.c
···
309
309
310
310
xso->dev = dev;
311
311
netdev_tracker_alloc(dev, &xso->dev_tracker, GFP_ATOMIC);
312
-
xso->real_dev = dev;
313
312
314
313
if (xuo->flags & XFRM_OFFLOAD_INBOUND)
315
314
xso->dir = XFRM_DEV_OFFLOAD_IN;
···
320
321
else
321
322
xso->type = XFRM_DEV_OFFLOAD_CRYPTO;
322
323
323
-
err = dev->xfrmdev_ops->xdo_dev_state_add(x, extack);
324
+
err = dev->xfrmdev_ops->xdo_dev_state_add(dev, x, extack);
324
325
if (err) {
325
326
xso->dev = NULL;
326
327
xso->dir = 0;
327
-
xso->real_dev = NULL;
328
328
netdev_put(dev, &xso->dev_tracker);
329
329
xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
330
330
+8
-6
net/xfrm/xfrm_state.c
+8
-6
net/xfrm/xfrm_state.c
···
767
767
struct net_device *dev = READ_ONCE(xso->dev);
768
768
769
769
if (dev) {
770
-
dev->xfrmdev_ops->xdo_dev_state_delete(x);
770
+
dev->xfrmdev_ops->xdo_dev_state_delete(dev, x);
771
771
spin_lock_bh(&xfrm_state_dev_gc_lock);
772
772
hlist_add_head(&x->dev_gclist, &xfrm_state_dev_gc_list);
773
773
spin_unlock_bh(&xfrm_state_dev_gc_lock);
···
789
789
spin_unlock_bh(&xfrm_state_dev_gc_lock);
790
790
791
791
if (dev->xfrmdev_ops->xdo_dev_state_free)
792
-
dev->xfrmdev_ops->xdo_dev_state_free(x);
792
+
dev->xfrmdev_ops->xdo_dev_state_free(dev, x);
793
793
WRITE_ONCE(xso->dev, NULL);
794
794
xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
795
795
netdev_put(dev, &xso->dev_tracker);
···
1551
1551
if (pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
1552
1552
struct xfrm_dev_offload *xdo = &pol->xdo;
1553
1553
struct xfrm_dev_offload *xso = &x->xso;
1554
+
struct net_device *dev = xdo->dev;
1554
1555
1555
1556
xso->type = XFRM_DEV_OFFLOAD_PACKET;
1556
1557
xso->dir = xdo->dir;
1557
-
xso->dev = xdo->dev;
1558
+
xso->dev = dev;
1558
1559
xso->flags = XFRM_DEV_OFFLOAD_FLAG_ACQ;
1559
-
netdev_hold(xso->dev, &xso->dev_tracker, GFP_ATOMIC);
1560
-
error = xso->dev->xfrmdev_ops->xdo_dev_state_add(x, NULL);
1560
+
netdev_hold(dev, &xso->dev_tracker, GFP_ATOMIC);
1561
+
error = dev->xfrmdev_ops->xdo_dev_state_add(dev, x,
1562
+
NULL);
1561
1563
if (error) {
1562
1564
xso->dir = 0;
1563
-
netdev_put(xso->dev, &xso->dev_tracker);
1565
+
netdev_put(dev, &xso->dev_tracker);
1564
1566
xso->dev = NULL;
1565
1567
xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
1566
1568
x->km.state = XFRM_STATE_DEAD;