[net-next,09/10] net/mlx5e: Generalize IPsec work structs

Message ID	285a1550242363de181bab3a07a69296f66ad9a8.1680162300.git.leonro@nvidia.com (mailing list archive)
State	Awaiting Upstream
Delegated to:	Netdev Maintainers
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Leon Romanovsky <leon@kernel.org> To: Paolo Abeni <pabeni@redhat.com>, Jakub Kicinski <kuba@kernel.org>, "David S . Miller" <davem@davemloft.net> Cc: Leon Romanovsky <leonro@nvidia.com>, Saeed Mahameed <saeedm@nvidia.com>, linux-netdev <netdev@vger.kernel.org>, Raed Salem <raeds@nvidia.com>, Eric Dumazet <edumazet@google.com>, Herbert Xu <herbert@gondor.apana.org.au>, Steffen Klassert <steffen.klassert@secunet.com> Subject: [PATCH net-next 09/10] net/mlx5e: Generalize IPsec work structs Date: Thu, 30 Mar 2023 11:02:30 +0300 Message-Id: <285a1550242363de181bab3a07a69296f66ad9a8.1680162300.git.leonro@nvidia.com> In-Reply-To: <cover.1680162300.git.leonro@nvidia.com> References: <cover.1680162300.git.leonro@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Improve IPsec limits, ESN and replay window in mlx5 \| expand [net-next,00/10] Improve IPsec limits, ESN and replay window in mlx5 [net-next,01/10] net/mlx5e: Factor out IPsec ASO update function [net-next,02/10] net/mlx5e: Prevent zero IPsec soft/hard limits [net-next,03/10] net/mlx5e: Add SW implementation to support IPsec 64 bit soft and hard limits [net-next,04/10] net/mlx5e: Overcome slow response for first IPsec ASO WQE [net-next,05/10] xfrm: don't require advance ESN callback for packet offload [net-next,06/10] net/mlx5e: Remove ESN callbacks if it is not supported [net-next,07/10] net/mlx5e: Set IPsec replay sequence numbers [net-next,08/10] net/mlx5e: Reduce contention in IPsec workqueue [net-next,09/10] net/mlx5e: Generalize IPsec work structs [net-next,10/10] net/mlx5e: Simulate missing IPsec TX limits hardware functionality

Context	Check	Description
netdev/series_format	success	Posting correctly formatted
netdev/tree_selection	success	Clearly marked for net-next
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 18 this patch: 18
netdev/cc_maintainers	warning	2 maintainers not CCed: linux-rdma@vger.kernel.org borisp@nvidia.com
netdev/build_clang	success	Errors and warnings before: 18 this patch: 18
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/deprecated_api	success	None detected
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 18 this patch: 18
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 221 lines checked
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c index fa66f4f3cba7..89d5802888a9 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c @@ -406,14 +406,16 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev, return 0; } -static void _update_xfrm_state(struct work_struct *work) +static void mlx5e_ipsec_modify_state(struct work_struct *_work) { - struct mlx5e_ipsec_modify_state_work *modify_work = - container_of(work, struct mlx5e_ipsec_modify_state_work, work); - struct mlx5e_ipsec_sa_entry *sa_entry = container_of( - modify_work, struct mlx5e_ipsec_sa_entry, modify_work); + struct mlx5e_ipsec_work *work = + container_of(_work, struct mlx5e_ipsec_work, work); + struct mlx5e_ipsec_sa_entry *sa_entry = work->sa_entry; + struct mlx5_accel_esp_xfrm_attrs *attrs; - mlx5_accel_esp_modify_xfrm(sa_entry, &modify_work->attrs); + attrs = &((struct mlx5e_ipsec_sa_entry *)work->data)->attrs; + + mlx5_accel_esp_modify_xfrm(sa_entry, attrs); } static void mlx5e_ipsec_set_esn_ops(struct mlx5e_ipsec_sa_entry *sa_entry) @@ -432,6 +434,36 @@ static void mlx5e_ipsec_set_esn_ops(struct mlx5e_ipsec_sa_entry *sa_entry) sa_entry->set_iv_op = mlx5e_ipsec_set_iv; } +static int mlx5_ipsec_create_work(struct mlx5e_ipsec_sa_entry *sa_entry) +{ + struct xfrm_state *x = sa_entry->x; + struct mlx5e_ipsec_work *work; + + switch (x->xso.type) { + case XFRM_DEV_OFFLOAD_CRYPTO: + if (!(x->props.flags & XFRM_STATE_ESN)) + return 0; + break; + default: + return 0; + } + + work = kzalloc(sizeof(*work), GFP_KERNEL); + if (!work) + return -ENOMEM; + + work->data = kzalloc(sizeof(*sa_entry), GFP_KERNEL); + if (!work->data) { + kfree(work); + return -ENOMEM; + } + + INIT_WORK(&work->work, mlx5e_ipsec_modify_state); + work->sa_entry = sa_entry; + sa_entry->work = work; + return 0; +} + static int mlx5e_xfrm_add_state(struct xfrm_state *x, struct netlink_ext_ack *extack) { @@ -467,10 +499,15 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x, mlx5e_ipsec_update_esn_state(sa_entry); mlx5e_ipsec_build_accel_xfrm_attrs(sa_entry, &sa_entry->attrs); + + err = mlx5_ipsec_create_work(sa_entry); + if (err) + goto err_xfrm; + /* create hw context */ err = mlx5_ipsec_create_sa_ctx(sa_entry); if (err) - goto err_xfrm; + goto release_work; err = mlx5e_accel_ipsec_fs_add_rule(sa_entry); if (err) @@ -486,16 +523,6 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x, goto err_add_rule; mlx5e_ipsec_set_esn_ops(sa_entry); - - switch (x->xso.type) { - case XFRM_DEV_OFFLOAD_CRYPTO: - if (x->props.flags & XFRM_STATE_ESN) - INIT_WORK(&sa_entry->modify_work.work, - _update_xfrm_state); - break; - default: - break; - } out: x->xso.offload_handle = (unsigned long)sa_entry; return 0; @@ -504,6 +531,8 @@ static int mlx5e_xfrm_add_state(struct xfrm_state *x, mlx5e_accel_ipsec_fs_del_rule(sa_entry); err_hw_ctx: mlx5_ipsec_free_sa_ctx(sa_entry); +release_work: + kfree(sa_entry->work); err_xfrm: kfree(sa_entry); NL_SET_ERR_MSG_MOD(extack, "Device failed to offload this policy"); @@ -530,17 +559,12 @@ static void mlx5e_xfrm_free_state(struct xfrm_state *x) if (x->xso.flags & XFRM_DEV_OFFLOAD_FLAG_ACQ) goto sa_entry_free; - switch (x->xso.type) { - case XFRM_DEV_OFFLOAD_CRYPTO: - if (x->props.flags & XFRM_STATE_ESN) - cancel_work_sync(&sa_entry->modify_work.work); - break; - default: - break; - } + if (sa_entry->work) + cancel_work_sync(&sa_entry->work->work); mlx5e_accel_ipsec_fs_del_rule(sa_entry); mlx5_ipsec_free_sa_ctx(sa_entry); + kfree(sa_entry->work); sa_entry_free: kfree(sa_entry); } @@ -626,16 +650,18 @@ static bool mlx5e_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *x) static void mlx5e_xfrm_advance_esn_state(struct xfrm_state *x) { struct mlx5e_ipsec_sa_entry *sa_entry = to_ipsec_sa_entry(x); - struct mlx5e_ipsec_modify_state_work *modify_work = - &sa_entry->modify_work; + struct mlx5e_ipsec_work *work = sa_entry->work; + struct mlx5e_ipsec_sa_entry *sa_entry_shadow; bool need_update; need_update = mlx5e_ipsec_update_esn_state(sa_entry); if (!need_update) return; - mlx5e_ipsec_build_accel_xfrm_attrs(sa_entry, &modify_work->attrs); - queue_work(sa_entry->ipsec->wq, &modify_work->work); + sa_entry_shadow = work->data; + memset(sa_entry_shadow, 0x00, sizeof(*sa_entry_shadow)); + mlx5e_ipsec_build_accel_xfrm_attrs(sa_entry, &sa_entry_shadow->attrs); + queue_work(sa_entry->ipsec->wq, &work->work); } static void mlx5e_xfrm_update_curlft(struct xfrm_state *x) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h index 8d5ce65def9f..ab48fb9b4698 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h @@ -136,8 +136,8 @@ struct mlx5e_ipsec_tx; struct mlx5e_ipsec_work { struct work_struct work; - struct mlx5e_ipsec *ipsec; - u32 id; + struct mlx5e_ipsec_sa_entry *sa_entry; + void *data; }; struct mlx5e_ipsec_aso { @@ -176,11 +176,6 @@ struct mlx5e_ipsec_rule { struct mlx5_fc *fc; }; -struct mlx5e_ipsec_modify_state_work { - struct work_struct work; - struct mlx5_accel_esp_xfrm_attrs attrs; -}; - struct mlx5e_ipsec_limits { u64 round; u8 soft_limit_hit : 1; @@ -197,7 +192,7 @@ struct mlx5e_ipsec_sa_entry { u32 ipsec_obj_id; u32 enc_key_id; struct mlx5e_ipsec_rule ipsec_rule; - struct mlx5e_ipsec_modify_state_work modify_work; + struct mlx5e_ipsec_work *work; struct mlx5e_ipsec_limits limits; }; diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c index c974c6153d89..5fddb86bb35e 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c @@ -417,18 +417,12 @@ static void mlx5e_ipsec_handle_event(struct work_struct *_work) { struct mlx5e_ipsec_work *work = container_of(_work, struct mlx5e_ipsec_work, work); + struct mlx5e_ipsec_sa_entry *sa_entry = work->data; struct mlx5_accel_esp_xfrm_attrs *attrs; - struct mlx5e_ipsec_sa_entry *sa_entry; struct mlx5e_ipsec_aso *aso; - struct mlx5e_ipsec *ipsec; int ret; - sa_entry = xa_load(&work->ipsec->sadb, work->id); - if (!sa_entry) - goto out; - - ipsec = sa_entry->ipsec; - aso = ipsec->aso; + aso = sa_entry->ipsec->aso; attrs = &sa_entry->attrs; spin_lock(&sa_entry->x->lock); @@ -448,7 +442,6 @@ static void mlx5e_ipsec_handle_event(struct work_struct *_work) unlock: spin_unlock(&sa_entry->x->lock); -out: kfree(work); } @@ -456,6 +449,7 @@ static int mlx5e_ipsec_event(struct notifier_block *nb, unsigned long event, void *data) { struct mlx5e_ipsec *ipsec = container_of(nb, struct mlx5e_ipsec, nb); + struct mlx5e_ipsec_sa_entry *sa_entry; struct mlx5_eqe_obj_change *object; struct mlx5e_ipsec_work *work; struct mlx5_eqe *eqe = data; @@ -470,13 +464,16 @@ static int mlx5e_ipsec_event(struct notifier_block *nb, unsigned long event, if (type != MLX5_GENERAL_OBJECT_TYPES_IPSEC) return NOTIFY_DONE; + sa_entry = xa_load(&ipsec->sadb, be32_to_cpu(object->obj_id)); + if (!sa_entry) + return NOTIFY_DONE; + work = kmalloc(sizeof(*work), GFP_ATOMIC); if (!work) return NOTIFY_DONE; INIT_WORK(&work->work, mlx5e_ipsec_handle_event); - work->ipsec = ipsec; - work->id = be32_to_cpu(object->obj_id); + work->data = sa_entry; queue_work(ipsec->wq, &work->work); return NOTIFY_OK;

[net-next,09/10] net/mlx5e: Generalize IPsec work structs

Checks

Commit Message

Patch