Commit f4e405f5 authored by David S. Miller's avatar David S. Miller

Merge branch 'macsec-offload-fixes'

Sabrina Dubroca says:

====================
macsec: offload-related fixes

I'm working on a dummy offload for macsec on netdevsim. It just has a
small SecY and RXSC table so I can trigger failures easily on the
ndo_* side. It has exposed a couple of issues.

The first patch is a revert of commit c850240b ("net: macsec:
report real_dev features when HW offloading is enabled"). That commit
tried to improve the performance of macsec offload by taking advantage
of some of the NIC's features, but in doing so, broke macsec offload
when the lower device supports both macsec and ipsec offload, as the
ipsec offload feature flags were copied from the real device. Since
the macsec device doesn't provide xdo_* ops, the XFRM core rejects the
registration of the new macsec device in xfrm_api_check.

I'm working on re-adding those feature flags when offload is
available, but I haven't fully solved that yet. I think it would be
safer to do that second part in net-next considering how complex
feature interactions tend to be.

v2:
 - better describe the issue introduced by commit c850240b (Leon
   Romanovsky)
 - patch #3: drop unnecessary !! (Leon Romanovsky)

v3:
 - patch #3: drop extra newline (Jakub Kicinski)
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents cdb525ca aaab73f8
...@@ -1413,7 +1413,8 @@ static struct macsec_rx_sc *del_rx_sc(struct macsec_secy *secy, sci_t sci) ...@@ -1413,7 +1413,8 @@ static struct macsec_rx_sc *del_rx_sc(struct macsec_secy *secy, sci_t sci)
return NULL; return NULL;
} }
static struct macsec_rx_sc *create_rx_sc(struct net_device *dev, sci_t sci) static struct macsec_rx_sc *create_rx_sc(struct net_device *dev, sci_t sci,
bool active)
{ {
struct macsec_rx_sc *rx_sc; struct macsec_rx_sc *rx_sc;
struct macsec_dev *macsec; struct macsec_dev *macsec;
...@@ -1437,7 +1438,7 @@ static struct macsec_rx_sc *create_rx_sc(struct net_device *dev, sci_t sci) ...@@ -1437,7 +1438,7 @@ static struct macsec_rx_sc *create_rx_sc(struct net_device *dev, sci_t sci)
} }
rx_sc->sci = sci; rx_sc->sci = sci;
rx_sc->active = true; rx_sc->active = active;
refcount_set(&rx_sc->refcnt, 1); refcount_set(&rx_sc->refcnt, 1);
secy = &macsec_priv(dev)->secy; secy = &macsec_priv(dev)->secy;
...@@ -1838,6 +1839,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info) ...@@ -1838,6 +1839,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
secy->key_len); secy->key_len);
err = macsec_offload(ops->mdo_add_rxsa, &ctx); err = macsec_offload(ops->mdo_add_rxsa, &ctx);
memzero_explicit(ctx.sa.key, secy->key_len);
if (err) if (err)
goto cleanup; goto cleanup;
} }
...@@ -1876,7 +1878,7 @@ static int macsec_add_rxsc(struct sk_buff *skb, struct genl_info *info) ...@@ -1876,7 +1878,7 @@ static int macsec_add_rxsc(struct sk_buff *skb, struct genl_info *info)
struct macsec_rx_sc *rx_sc; struct macsec_rx_sc *rx_sc;
struct nlattr *tb_rxsc[MACSEC_RXSC_ATTR_MAX + 1]; struct nlattr *tb_rxsc[MACSEC_RXSC_ATTR_MAX + 1];
struct macsec_secy *secy; struct macsec_secy *secy;
bool was_active; bool active = true;
int ret; int ret;
if (!attrs[MACSEC_ATTR_IFINDEX]) if (!attrs[MACSEC_ATTR_IFINDEX])
...@@ -1898,16 +1900,15 @@ static int macsec_add_rxsc(struct sk_buff *skb, struct genl_info *info) ...@@ -1898,16 +1900,15 @@ static int macsec_add_rxsc(struct sk_buff *skb, struct genl_info *info)
secy = &macsec_priv(dev)->secy; secy = &macsec_priv(dev)->secy;
sci = nla_get_sci(tb_rxsc[MACSEC_RXSC_ATTR_SCI]); sci = nla_get_sci(tb_rxsc[MACSEC_RXSC_ATTR_SCI]);
rx_sc = create_rx_sc(dev, sci); if (tb_rxsc[MACSEC_RXSC_ATTR_ACTIVE])
active = nla_get_u8(tb_rxsc[MACSEC_RXSC_ATTR_ACTIVE]);
rx_sc = create_rx_sc(dev, sci, active);
if (IS_ERR(rx_sc)) { if (IS_ERR(rx_sc)) {
rtnl_unlock(); rtnl_unlock();
return PTR_ERR(rx_sc); return PTR_ERR(rx_sc);
} }
was_active = rx_sc->active;
if (tb_rxsc[MACSEC_RXSC_ATTR_ACTIVE])
rx_sc->active = !!nla_get_u8(tb_rxsc[MACSEC_RXSC_ATTR_ACTIVE]);
if (macsec_is_offloaded(netdev_priv(dev))) { if (macsec_is_offloaded(netdev_priv(dev))) {
const struct macsec_ops *ops; const struct macsec_ops *ops;
struct macsec_context ctx; struct macsec_context ctx;
...@@ -1931,7 +1932,8 @@ static int macsec_add_rxsc(struct sk_buff *skb, struct genl_info *info) ...@@ -1931,7 +1932,8 @@ static int macsec_add_rxsc(struct sk_buff *skb, struct genl_info *info)
return 0; return 0;
cleanup: cleanup:
rx_sc->active = was_active; del_rx_sc(secy, sci);
free_rx_sc(rx_sc);
rtnl_unlock(); rtnl_unlock();
return ret; return ret;
} }
...@@ -2080,6 +2082,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info) ...@@ -2080,6 +2082,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
secy->key_len); secy->key_len);
err = macsec_offload(ops->mdo_add_txsa, &ctx); err = macsec_offload(ops->mdo_add_txsa, &ctx);
memzero_explicit(ctx.sa.key, secy->key_len);
if (err) if (err)
goto cleanup; goto cleanup;
} }
...@@ -2570,7 +2573,7 @@ static bool macsec_is_configured(struct macsec_dev *macsec) ...@@ -2570,7 +2573,7 @@ static bool macsec_is_configured(struct macsec_dev *macsec)
struct macsec_tx_sc *tx_sc = &secy->tx_sc; struct macsec_tx_sc *tx_sc = &secy->tx_sc;
int i; int i;
if (secy->n_rx_sc > 0) if (secy->rx_sc)
return true; return true;
for (i = 0; i < MACSEC_NUM_AN; i++) for (i = 0; i < MACSEC_NUM_AN; i++)
...@@ -2654,11 +2657,6 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info) ...@@ -2654,11 +2657,6 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
if (ret) if (ret)
goto rollback; goto rollback;
/* Force features update, since they are different for SW MACSec and
* HW offloading cases.
*/
netdev_update_features(dev);
rtnl_unlock(); rtnl_unlock();
return 0; return 0;
...@@ -3432,16 +3430,9 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb, ...@@ -3432,16 +3430,9 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
return ret; return ret;
} }
#define SW_MACSEC_FEATURES \ #define MACSEC_FEATURES \
(NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST) (NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST)
/* If h/w offloading is enabled, use real device features save for
* VLAN_FEATURES - they require additional ops
* HW_MACSEC - no reason to report it
*/
#define REAL_DEV_FEATURES(dev) \
((dev)->features & ~(NETIF_F_VLAN_FEATURES | NETIF_F_HW_MACSEC))
static int macsec_dev_init(struct net_device *dev) static int macsec_dev_init(struct net_device *dev)
{ {
struct macsec_dev *macsec = macsec_priv(dev); struct macsec_dev *macsec = macsec_priv(dev);
...@@ -3458,12 +3449,8 @@ static int macsec_dev_init(struct net_device *dev) ...@@ -3458,12 +3449,8 @@ static int macsec_dev_init(struct net_device *dev)
return err; return err;
} }
if (macsec_is_offloaded(macsec)) { dev->features = real_dev->features & MACSEC_FEATURES;
dev->features = REAL_DEV_FEATURES(real_dev);
} else {
dev->features = real_dev->features & SW_MACSEC_FEATURES;
dev->features |= NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE; dev->features |= NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE;
}
dev->needed_headroom = real_dev->needed_headroom + dev->needed_headroom = real_dev->needed_headroom +
MACSEC_NEEDED_HEADROOM; MACSEC_NEEDED_HEADROOM;
...@@ -3495,10 +3482,7 @@ static netdev_features_t macsec_fix_features(struct net_device *dev, ...@@ -3495,10 +3482,7 @@ static netdev_features_t macsec_fix_features(struct net_device *dev,
struct macsec_dev *macsec = macsec_priv(dev); struct macsec_dev *macsec = macsec_priv(dev);
struct net_device *real_dev = macsec->real_dev; struct net_device *real_dev = macsec->real_dev;
if (macsec_is_offloaded(macsec)) features &= (real_dev->features & MACSEC_FEATURES) |
return REAL_DEV_FEATURES(real_dev);
features &= (real_dev->features & SW_MACSEC_FEATURES) |
NETIF_F_GSO_SOFTWARE | NETIF_F_SOFT_FEATURES; NETIF_F_GSO_SOFTWARE | NETIF_F_SOFT_FEATURES;
features |= NETIF_F_LLTX; features |= NETIF_F_LLTX;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment