diff mbox series

[RFC,xfrm-next,v3,7/8] xfrm: add support to HW update soft and hard limits

Message ID 4d8f2155e79af5a12f6358337bdc0f035f687769.1662295929.git.leonro@nvidia.com (mailing list archive)
State RFC
Delegated to: Netdev Maintainers
Headers show
Series Extend XFRM core to allow full offload configuration | expand

Checks

Context Check Description
netdev/tree_selection success Guessed tree name to be net-next, async
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Series has a cover letter
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 4412 this patch: 4412
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/build_clang success Errors and warnings before: 1069 this patch: 1069
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 4574 this patch: 4574
netdev/checkpatch warning CHECK: Blank lines aren't necessary before a close brace '}' WARNING: Unnecessary space before function pointer arguments
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Leon Romanovsky Sept. 4, 2022, 1:15 p.m. UTC 
From: Leon Romanovsky <leonro@nvidia.com>

Both in RX and TX, the traffic that performs IPsec full offload
transformation is accounted by HW. It is needed to properly handle
hard limits that require to drop the packet.

It means that XFRM core needs to update internal counters with the one
that accounted by the HW, so new callbacks are introduced in this patch.

In case of soft or hard limit is occurred, the driver should call to
xfrm_state_check_expire() that will perform key rekeying exactly as
done by XFRM core.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 include/linux/netdevice.h |  1 +
 include/net/xfrm.h        | 17 +++++++++++++++++
 net/xfrm/xfrm_output.c    |  1 -
 net/xfrm/xfrm_state.c     |  4 ++++
 4 files changed, 22 insertions(+), 1 deletion(-)

Comments

Steffen Klassert Sept. 25, 2022, 9:20 a.m. UTC | #1 
On Sun, Sep 04, 2022 at 04:15:41PM +0300, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
> 
> Both in RX and TX, the traffic that performs IPsec full offload
> transformation is accounted by HW. It is needed to properly handle
> hard limits that require to drop the packet.
> 
> It means that XFRM core needs to update internal counters with the one
> that accounted by the HW, so new callbacks are introduced in this patch.
> 
> In case of soft or hard limit is occurred, the driver should call to
> xfrm_state_check_expire() that will perform key rekeying exactly as
> done by XFRM core.
> 
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>

This looks good, thanks!

We need this for the other relevant counters too.
Leon Romanovsky Sept. 26, 2022, 6:07 a.m. UTC | #2 
On Sun, Sep 25, 2022 at 11:20:06AM +0200, Steffen Klassert wrote:
> On Sun, Sep 04, 2022 at 04:15:41PM +0300, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@nvidia.com>
> > 
> > Both in RX and TX, the traffic that performs IPsec full offload
> > transformation is accounted by HW. It is needed to properly handle
> > hard limits that require to drop the packet.
> > 
> > It means that XFRM core needs to update internal counters with the one
> > that accounted by the HW, so new callbacks are introduced in this patch.
> > 
> > In case of soft or hard limit is occurred, the driver should call to
> > xfrm_state_check_expire() that will perform key rekeying exactly as
> > done by XFRM core.
> > 
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> 
> This looks good, thanks!
> 
> We need this for the other relevant counters too.

It is in my backlog.

Thanks
Steffen Klassert Sept. 27, 2022, 5:49 a.m. UTC | #3 
On Mon, Sep 26, 2022 at 09:07:31AM +0300, Leon Romanovsky wrote:
> On Sun, Sep 25, 2022 at 11:20:06AM +0200, Steffen Klassert wrote:
> > On Sun, Sep 04, 2022 at 04:15:41PM +0300, Leon Romanovsky wrote:
> > > From: Leon Romanovsky <leonro@nvidia.com>
> > > 
> > > Both in RX and TX, the traffic that performs IPsec full offload
> > > transformation is accounted by HW. It is needed to properly handle
> > > hard limits that require to drop the packet.
> > > 
> > > It means that XFRM core needs to update internal counters with the one
> > > that accounted by the HW, so new callbacks are introduced in this patch.
> > > 
> > > In case of soft or hard limit is occurred, the driver should call to
> > > xfrm_state_check_expire() that will perform key rekeying exactly as
> > > done by XFRM core.
> > > 
> > > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > 
> > This looks good, thanks!
> > 
> > We need this for the other relevant counters too.
> 
> It is in my backlog.

Great, thanks!
diff mbox series

Patch

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index c1db9eaa3dca..e38154d7b4cd 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1026,6 +1026,7 @@  struct xfrmdev_ops {
 	bool	(*xdo_dev_offload_ok) (struct sk_buff *skb,
 				       struct xfrm_state *x);
 	void	(*xdo_dev_state_advance_esn) (struct xfrm_state *x);
+	void	(*xdo_dev_state_update_curlft) (struct xfrm_state *x);
 	int	(*xdo_dev_policy_add) (struct xfrm_policy *x);
 	void	(*xdo_dev_policy_delete) (struct xfrm_policy *x);
 	void	(*xdo_dev_policy_free) (struct xfrm_policy *x);
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 38fff78a1421..100ca45d8172 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1563,6 +1563,23 @@  struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, u32 if_id,
 struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
 					      unsigned short family);
 int xfrm_state_check_expire(struct xfrm_state *x);
+#ifdef CONFIG_XFRM_OFFLOAD
+static inline void xfrm_dev_state_update_curlft(struct xfrm_state *x)
+{
+	struct xfrm_dev_offload *xdo = &x->xso;
+	struct net_device *dev = xdo->dev;
+
+	if (x->xso.type != XFRM_DEV_OFFLOAD_FULL)
+		return;
+
+	if (dev && dev->xfrmdev_ops &&
+	    dev->xfrmdev_ops->xdo_dev_state_update_curlft)
+		dev->xfrmdev_ops->xdo_dev_state_update_curlft(x);
+
+}
+#else
+static inline void xfrm_dev_state_update_curlft(struct xfrm_state *x) {}
+#endif
 void xfrm_state_insert(struct xfrm_state *x);
 int xfrm_state_add(struct xfrm_state *x);
 int xfrm_state_update(struct xfrm_state *x);
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index dde009be8463..a22033350ddc 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -560,7 +560,6 @@  static int xfrm_output_one(struct sk_buff *skb, int err)
 			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEPROTOERROR);
 			goto error_nolock;
 		}
-
 		dst = skb_dst_pop(skb);
 		if (!dst) {
 			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 91c32a3b6924..83d307cb526f 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -549,6 +549,8 @@  static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me)
 	int err = 0;
 
 	spin_lock(&x->lock);
+	xfrm_dev_state_update_curlft(x);
+
 	if (x->km.state == XFRM_STATE_DEAD)
 		goto out;
 	if (x->km.state == XFRM_STATE_EXPIRED)
@@ -1786,6 +1788,8 @@  EXPORT_SYMBOL(xfrm_state_update);
 
 int xfrm_state_check_expire(struct xfrm_state *x)
 {
+	xfrm_dev_state_update_curlft(x);
+
 	if (!x->curlft.use_time)
 		x->curlft.use_time = ktime_get_real_seconds();