Revision tags: v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14, v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5, v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1, v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50, v6.5, v6.1.49, v6.1.48, v6.1.46, v6.1.45, v6.1.44, v6.1.43, v6.1.42, v6.1.41, v6.1.40, v6.1.39, v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35, v6.1.34, v6.1.33, v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28, v6.1.27, v6.1.26, v6.3 |
|
#
63cfd210 |
| 20-Apr-2023 |
Huanhuan Wang <huanhuan.wang@corigine.com> |
nfp: fix incorrect pointer deference when offloading IPsec with bonding
There are two pointers in struct xfrm_dev_offload, *dev, *real_dev. The *dev points whether bonding interface or real interfac
nfp: fix incorrect pointer deference when offloading IPsec with bonding
There are two pointers in struct xfrm_dev_offload, *dev, *real_dev. The *dev points whether bonding interface or real interface, if bonding IPsec offload is used, it points bonding interface; if not, it points real interface. And *real_dev always points real interface. So nfp should always use real_dev instead of dev.
Prior to this change the system becomes unresponsive when offloading IPsec for a device which is a lower device to a bonding device.
Fixes: 859a497fe80c ("nfp: implement xfrm callbacks and expose ipsec offload feature to upper layer") CC: stable@vger.kernel.org Signed-off-by: Huanhuan Wang <huanhuan.wang@corigine.com> Acked-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Link: https://lore.kernel.org/r/20230420140125.38521-1-louis.peens@corigine.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
Revision tags: v6.1.25, v6.1.24, v6.1.23, v6.1.22, v6.1.21, v6.1.20, v6.1.19, v6.1.18, v6.1.17, v6.1.16, v6.1.15, v6.1.14, v6.1.13, v6.2, v6.1.12, v6.1.11 |
|
#
71f814cd |
| 08-Feb-2023 |
Yinjun Zhang <yinjun.zhang@corigine.com> |
nfp: fix schedule in atomic context when offloading sa
IPsec offloading callbacks may be called in atomic context, sleep is not allowed in the implementation. Now use workqueue mechanism to avoid th
nfp: fix schedule in atomic context when offloading sa
IPsec offloading callbacks may be called in atomic context, sleep is not allowed in the implementation. Now use workqueue mechanism to avoid this issue.
Extend existing workqueue mechanism for multicast configuration only to universal use, so that all configuring through mailbox asynchronously can utilize it.
Fixes: 859a497fe80c ("nfp: implement xfrm callbacks and expose ipsec offload feature to upper layer") Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
7a13a2ee |
| 08-Feb-2023 |
Yinjun Zhang <yinjun.zhang@corigine.com> |
nfp: fix incorrect use of mbox in IPsec code
The mailbox configuration mechanism requires writing several registers, which shouldn't be interrupted, so need lock to avoid race condition.
The base o
nfp: fix incorrect use of mbox in IPsec code
The mailbox configuration mechanism requires writing several registers, which shouldn't be interrupted, so need lock to avoid race condition.
The base offset of mailbox configuration registers is not fixed, it depends on TLV caps read from application firmware.
Fixes: 859a497fe80c ("nfp: implement xfrm callbacks and expose ipsec offload feature to upper layer") Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
436396f2 |
| 08-Feb-2023 |
Huanhuan Wang <huanhuan.wang@corigine.com> |
nfp: support IPsec offloading for NFP3800
Add IPsec offloading support for NFP3800. Include data plane and control plane.
Data plane: add IPsec packet process flow in NFP3800 datapath (NFDk).
Cont
nfp: support IPsec offloading for NFP3800
Add IPsec offloading support for NFP3800. Include data plane and control plane.
Data plane: add IPsec packet process flow in NFP3800 datapath (NFDk).
Control plane: add an algorithm support distinction flow in xfrm hook function xdo_dev_state_add(), as NFP3800 has a different set of IPsec algorithm support.
This matches existing support for the NFP6000/NFP4000 and their NFD3 datapath.
In addition, fixup the md_bytes calculation for NFD3 datapath to make sure the two datapahts are keept in sync.
Signed-off-by: Huanhuan Wang <huanhuan.wang@corigine.com> Reviewed-by: Niklas Söderlund <niklas.soderlund@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Link: https://lore.kernel.org/r/20230208091000.4139974-1-simon.horman@corigine.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
Revision tags: v6.1.10, v6.1.9 |
|
#
05ddf5f8 |
| 24-Jan-2023 |
Leon Romanovsky <leonro@nvidia.com> |
nfp: fill IPsec state validation failure reason
Rely on extack to return failure reason.
Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Sig
nfp: fill IPsec state validation failure reason
Rely on extack to return failure reason.
Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
7681a4f5 |
| 24-Jan-2023 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: extend add state callback to set failure reason
Almost all validation logic is in the drivers, but they are missing reliable way to convey failure reason to userspace applications.
Let's use
xfrm: extend add state callback to set failure reason
Almost all validation logic is in the drivers, but they are missing reliable way to convey failure reason to userspace applications.
Let's use extack to return this information to users.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
Revision tags: v6.1.8, v6.1.7, v6.1.6, v6.1.5, v6.0.19, v6.0.18, v6.1.4, v6.1.3, v6.0.17, v6.1.2, v6.0.16, v6.1.1, v6.0.15, v6.0.14, v6.0.13, v6.1, v6.0.12 |
|
#
62f6eca5 |
| 02-Dec-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: allow state packet offload mode
Allow users to configure xfrm states with packet offload mode. The packet mode must be requested both for policy and state, and such requires us to do not imple
xfrm: allow state packet offload mode
Allow users to configure xfrm states with packet offload mode. The packet mode must be requested both for policy and state, and such requires us to do not implement fallback.
We explicitly return an error if requested packet mode can't be configured.
Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
Revision tags: v6.0.11, v6.0.10, v5.15.80 |
|
#
859a497f |
| 17-Nov-2022 |
Huanhuan Wang <huanhuan.wang@corigine.com> |
nfp: implement xfrm callbacks and expose ipsec offload feature to upper layer
Xfrm callbacks are implemented to offload SA info into firmware by mailbox. It supports 16K SA info in total.
Expose ip
nfp: implement xfrm callbacks and expose ipsec offload feature to upper layer
Xfrm callbacks are implemented to offload SA info into firmware by mailbox. It supports 16K SA info in total.
Expose ipsec offload feature to upper layer, this feature will signal the availability of the offload.
Based on initial work of Norm Bagley <norman.bagley@netronome.com>.
Signed-off-by: Huanhuan Wang <huanhuan.wang@corigine.com> Reviewed-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
57f273ad |
| 17-Nov-2022 |
Huanhuan Wang <huanhuan.wang@corigine.com> |
nfp: add framework to support ipsec offloading
A new metadata type and config structure are introduced to interact with firmware to support ipsec offloading. This feature relies on specific firmware
nfp: add framework to support ipsec offloading
A new metadata type and config structure are introduced to interact with firmware to support ipsec offloading. This feature relies on specific firmware that supports ipsec encrypt/decrypt by advertising related capability bit.
The xfrm callbacks which interact with upper layer are implemented in the following patch.
Based on initial work of Norm Bagley <norman.bagley@netronome.com>.
Signed-off-by: Huanhuan Wang <huanhuan.wang@corigine.com> Reviewed-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|