diff mbox series

[net-next,04/10] net/mlx5e: Prepare IPsec packet reformat code for tunnel mode

Message ID 2f80bcfa0f7afdfa65848de9ddcba2c4c09cfe32.1681106636.git.leonro@nvidia.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series Support tunnel mode in mlx5 IPsec packet offload | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next, async
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 18 this patch: 18
netdev/cc_maintainers warning 2 maintainers not CCed: linux-rdma@vger.kernel.org borisp@nvidia.com
netdev/build_clang success Errors and warnings before: 18 this patch: 18
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 18 this patch: 18
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 113 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Leon Romanovsky April 10, 2023, 6:19 a.m. UTC 
From: Leon Romanovsky <leonro@nvidia.com>

Refactor setup_pkt_reformat() function to accommodate future extension
to support tunnel mode.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 .../mellanox/mlx5/core/en_accel/ipsec.c       |  1 +
 .../mellanox/mlx5/core/en_accel/ipsec.h       |  2 +-
 .../mellanox/mlx5/core/en_accel/ipsec_fs.c    | 78 ++++++++++++++-----
 3 files changed, 60 insertions(+), 21 deletions(-)

Comments

Simon Horman April 11, 2023, 4 p.m. UTC | #1 
On Mon, Apr 10, 2023 at 09:19:06AM +0300, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
> 
> Refactor setup_pkt_reformat() function to accommodate future extension
> to support tunnel mode.
> 
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>

...

> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> index 060be020ca64..980583fb1e52 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> @@ -836,40 +836,78 @@ static int setup_modify_header(struct mlx5_core_dev *mdev, u32 val, u8 dir,
>  	return 0;
>  }
>  
> +static int
> +setup_pkt_transport_reformat(struct mlx5_accel_esp_xfrm_attrs *attrs,
> +			     struct mlx5_pkt_reformat_params *reformat_params)
> +{
> +	u8 *reformatbf;
> +	__be32 spi;
> +
> +	switch (attrs->dir) {
> +	case XFRM_DEV_OFFLOAD_IN:
> +		reformat_params->type = MLX5_REFORMAT_TYPE_DEL_ESP_TRANSPORT;
> +		break;
> +	case XFRM_DEV_OFFLOAD_OUT:
> +		if (attrs->family == AF_INET)
> +			reformat_params->type =
> +				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4;
> +		else
> +			reformat_params->type =
> +				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;

Maybe this is nicer? Maybe not.

		reformat_params->type = attrs->family == AF_INET ?
			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4 :
			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;

> +
> +		reformatbf = kzalloc(16, GFP_KERNEL);

I know you are just moving code around.
But 16 is doing a lot of work in this function.
Could it be a #define ?

> +		if (!reformatbf)
> +			return -ENOMEM;
> +
> +		/* convert to network format */
> +		spi = htonl(attrs->spi);
> +		memcpy(reformatbf, &spi, 4);

This seems to be a lot of work to copy a word.
But anyway, maybe:

		memcpy(reformatbf, &spi, sizeof(spi));

> +
> +		reformat_params->param_0 = attrs->authsize;
> +		reformat_params->size = 16;
> +		reformat_params->data = reformatbf;
> +		break;
> +	default:
> +		return -EINVAL;
> +	}
> +
> +	return 0;
> +}
> +

...
Leon Romanovsky April 11, 2023, 4:37 p.m. UTC | #2 
On Tue, Apr 11, 2023 at 06:00:00PM +0200, Simon Horman wrote:
> On Mon, Apr 10, 2023 at 09:19:06AM +0300, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@nvidia.com>
> > 
> > Refactor setup_pkt_reformat() function to accommodate future extension
> > to support tunnel mode.
> > 
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> 
> ...
> 
> > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > index 060be020ca64..980583fb1e52 100644
> > --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > @@ -836,40 +836,78 @@ static int setup_modify_header(struct mlx5_core_dev *mdev, u32 val, u8 dir,
> >  	return 0;
> >  }
> >  
> > +static int
> > +setup_pkt_transport_reformat(struct mlx5_accel_esp_xfrm_attrs *attrs,
> > +			     struct mlx5_pkt_reformat_params *reformat_params)
> > +{
> > +	u8 *reformatbf;
> > +	__be32 spi;
> > +
> > +	switch (attrs->dir) {
> > +	case XFRM_DEV_OFFLOAD_IN:
> > +		reformat_params->type = MLX5_REFORMAT_TYPE_DEL_ESP_TRANSPORT;
> > +		break;
> > +	case XFRM_DEV_OFFLOAD_OUT:
> > +		if (attrs->family == AF_INET)
> > +			reformat_params->type =
> > +				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4;
> > +		else
> > +			reformat_params->type =
> > +				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;
> 
> Maybe this is nicer? Maybe not.
> 
> 		reformat_params->type = attrs->family == AF_INET ?

I didn't like it because of the line above, IMHO it is too long and has
too many indirection.

> 			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4 :
> 			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;
> 
> > +
> > +		reformatbf = kzalloc(16, GFP_KERNEL);
> 
> I know you are just moving code around.
> But 16 is doing a lot of work in this function.
> Could it be a #define ?

I'll change

> 
> > +		if (!reformatbf)
> > +			return -ENOMEM;
> > +
> > +		/* convert to network format */
> > +		spi = htonl(attrs->spi);
> > +		memcpy(reformatbf, &spi, 4);
> 
> This seems to be a lot of work to copy a word.
> But anyway, maybe:
> 
> 		memcpy(reformatbf, &spi, sizeof(spi));

Will do.

> 
> > +
> > +		reformat_params->param_0 = attrs->authsize;
> > +		reformat_params->size = 16;
> > +		reformat_params->data = reformatbf;
> > +		break;
> > +	default:
> > +		return -EINVAL;
> > +	}
> > +
> > +	return 0;
> > +}
> > +
> 
> ...
Simon Horman April 11, 2023, 5:38 p.m. UTC | #3 
On Tue, Apr 11, 2023 at 07:37:29PM +0300, Leon Romanovsky wrote:
> On Tue, Apr 11, 2023 at 06:00:00PM +0200, Simon Horman wrote:
> > On Mon, Apr 10, 2023 at 09:19:06AM +0300, Leon Romanovsky wrote:
> > > From: Leon Romanovsky <leonro@nvidia.com>
> > > 
> > > Refactor setup_pkt_reformat() function to accommodate future extension
> > > to support tunnel mode.
> > > 
> > > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > 
> > ...
> > 
> > > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > > index 060be020ca64..980583fb1e52 100644
> > > --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > > +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > > @@ -836,40 +836,78 @@ static int setup_modify_header(struct mlx5_core_dev *mdev, u32 val, u8 dir,
> > >  	return 0;
> > >  }
> > >  
> > > +static int
> > > +setup_pkt_transport_reformat(struct mlx5_accel_esp_xfrm_attrs *attrs,
> > > +			     struct mlx5_pkt_reformat_params *reformat_params)
> > > +{
> > > +	u8 *reformatbf;
> > > +	__be32 spi;
> > > +
> > > +	switch (attrs->dir) {
> > > +	case XFRM_DEV_OFFLOAD_IN:
> > > +		reformat_params->type = MLX5_REFORMAT_TYPE_DEL_ESP_TRANSPORT;
> > > +		break;
> > > +	case XFRM_DEV_OFFLOAD_OUT:
> > > +		if (attrs->family == AF_INET)
> > > +			reformat_params->type =
> > > +				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4;
> > > +		else
> > > +			reformat_params->type =
> > > +				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;
> > 
> > Maybe this is nicer? Maybe not.
> > 
> > 		reformat_params->type = attrs->family == AF_INET ?
> 
> I didn't like it because of the line above, IMHO it is too long and has
> too many indirection.

Yeah, it's not ideal.

> > 			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4 :
> > 			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;

...
Leon Romanovsky April 13, 2023, 12:07 p.m. UTC | #4 
On Tue, Apr 11, 2023 at 06:00:00PM +0200, Simon Horman wrote:
> On Mon, Apr 10, 2023 at 09:19:06AM +0300, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@nvidia.com>
> > 
> > Refactor setup_pkt_reformat() function to accommodate future extension
> > to support tunnel mode.
> > 
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> 
> ...
> 
> > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > index 060be020ca64..980583fb1e52 100644
> > --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > @@ -836,40 +836,78 @@ static int setup_modify_header(struct mlx5_core_dev *mdev, u32 val, u8 dir,
> >  	return 0;
> >  }
> >  
> > +static int
> > +setup_pkt_transport_reformat(struct mlx5_accel_esp_xfrm_attrs *attrs,
> > +			     struct mlx5_pkt_reformat_params *reformat_params)
> > +{
> > +	u8 *reformatbf;
> > +	__be32 spi;
> > +
> > +	switch (attrs->dir) {
> > +	case XFRM_DEV_OFFLOAD_IN:
> > +		reformat_params->type = MLX5_REFORMAT_TYPE_DEL_ESP_TRANSPORT;
> > +		break;
> > +	case XFRM_DEV_OFFLOAD_OUT:
> > +		if (attrs->family == AF_INET)
> > +			reformat_params->type =
> > +				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4;
> > +		else
> > +			reformat_params->type =
> > +				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;
> 
> Maybe this is nicer? Maybe not.
> 
> 		reformat_params->type = attrs->family == AF_INET ?
> 			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4 :
> 			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;
> 
> > +
> > +		reformatbf = kzalloc(16, GFP_KERNEL);
> 
> I know you are just moving code around.
> But 16 is doing a lot of work in this function.
> Could it be a #define ?

Done

> 
> > +		if (!reformatbf)
> > +			return -ENOMEM;
> > +
> > +		/* convert to network format */
> > +		spi = htonl(attrs->spi);
> > +		memcpy(reformatbf, &spi, 4);
> 
> This seems to be a lot of work to copy a word.
> But anyway, maybe:
> 
> 		memcpy(reformatbf, &spi, sizeof(spi));

Done

> 
> > +
> > +		reformat_params->param_0 = attrs->authsize;
> > +		reformat_params->size = 16;
> > +		reformat_params->data = reformatbf;
> > +		break;
> > +	default:
> > +		return -EINVAL;
> > +	}
> > +
> > +	return 0;
> > +}
> > +
> 
> ...
diff mbox series

Patch

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index def01bfde610..359da277c03a 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -297,6 +297,7 @@  void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
 	attrs->upspec.sport = ntohs(x->sel.sport);
 	attrs->upspec.sport_mask = ntohs(x->sel.sport_mask);
 	attrs->upspec.proto = x->sel.proto;
+	attrs->mode = x->props.mode;
 
 	mlx5e_ipsec_init_limits(sa_entry, attrs);
 }
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
index bb89e18b17b4..ae525420a492 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
@@ -77,7 +77,7 @@  struct mlx5_replay_esn {
 
 struct mlx5_accel_esp_xfrm_attrs {
 	u32   spi;
-	u32   flags;
+	u32   mode;
 	struct aes_gcm_keymat aes_gcm;
 
 	union {
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
index 060be020ca64..980583fb1e52 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
@@ -836,40 +836,78 @@  static int setup_modify_header(struct mlx5_core_dev *mdev, u32 val, u8 dir,
 	return 0;
 }
 
+static int
+setup_pkt_transport_reformat(struct mlx5_accel_esp_xfrm_attrs *attrs,
+			     struct mlx5_pkt_reformat_params *reformat_params)
+{
+	u8 *reformatbf;
+	__be32 spi;
+
+	switch (attrs->dir) {
+	case XFRM_DEV_OFFLOAD_IN:
+		reformat_params->type = MLX5_REFORMAT_TYPE_DEL_ESP_TRANSPORT;
+		break;
+	case XFRM_DEV_OFFLOAD_OUT:
+		if (attrs->family == AF_INET)
+			reformat_params->type =
+				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4;
+		else
+			reformat_params->type =
+				MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;
+
+		reformatbf = kzalloc(16, GFP_KERNEL);
+		if (!reformatbf)
+			return -ENOMEM;
+
+		/* convert to network format */
+		spi = htonl(attrs->spi);
+		memcpy(reformatbf, &spi, 4);
+
+		reformat_params->param_0 = attrs->authsize;
+		reformat_params->size = 16;
+		reformat_params->data = reformatbf;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
 static int setup_pkt_reformat(struct mlx5_core_dev *mdev,
 			      struct mlx5_accel_esp_xfrm_attrs *attrs,
 			      struct mlx5_flow_act *flow_act)
 {
-	enum mlx5_flow_namespace_type ns_type = MLX5_FLOW_NAMESPACE_EGRESS;
 	struct mlx5_pkt_reformat_params reformat_params = {};
 	struct mlx5_pkt_reformat *pkt_reformat;
-	u8 reformatbf[16] = {};
-	__be32 spi;
+	enum mlx5_flow_namespace_type ns_type;
+	int ret;
 
-	if (attrs->dir == XFRM_DEV_OFFLOAD_IN) {
-		reformat_params.type = MLX5_REFORMAT_TYPE_DEL_ESP_TRANSPORT;
+	switch (attrs->dir) {
+	case XFRM_DEV_OFFLOAD_IN:
 		ns_type = MLX5_FLOW_NAMESPACE_KERNEL;
-		goto cmd;
+		break;
+	case XFRM_DEV_OFFLOAD_OUT:
+		ns_type = MLX5_FLOW_NAMESPACE_EGRESS;
+		break;
+	default:
+		return -EINVAL;
 	}
 
-	if (attrs->family == AF_INET)
-		reformat_params.type =
-			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV4;
-	else
-		reformat_params.type =
-			MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_OVER_IPV6;
-
-	/* convert to network format */
-	spi = htonl(attrs->spi);
-	memcpy(reformatbf, &spi, 4);
+	switch (attrs->mode) {
+	case XFRM_MODE_TRANSPORT:
+		ret = setup_pkt_transport_reformat(attrs, &reformat_params);
+		break;
+	default:
+		ret = -EINVAL;
+	}
 
-	reformat_params.param_0 = attrs->authsize;
-	reformat_params.size = sizeof(reformatbf);
-	reformat_params.data = &reformatbf;
+	if (ret)
+		return ret;
 
-cmd:
 	pkt_reformat =
 		mlx5_packet_reformat_alloc(mdev, &reformat_params, ns_type);
+	kfree(reformat_params.data);
 	if (IS_ERR(pkt_reformat))
 		return PTR_ERR(pkt_reformat);