From patchwork Wed Aug 22 21:38:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shannon Nelson X-Patchwork-Id: 961077 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=oracle.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="19+bNX7O"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41wgrz0ZWMz9s0n for ; Thu, 23 Aug 2018 07:38:26 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727643AbeHWBE7 (ORCPT ); Wed, 22 Aug 2018 21:04:59 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:53618 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727007AbeHWBE7 (ORCPT ); Wed, 22 Aug 2018 21:04:59 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w7MLSYjD106657; Wed, 22 Aug 2018 21:38:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id; s=corp-2018-07-02; bh=K+vyysPkIRntFuOUzrKC8rss+UmQyiWOzvt65qx4GSs=; b=19+bNX7OQKCM1MXrlB23s/RUn2v2nYSUlXsF03Q15SAefPj1RwbvE9DDx9xaaNcQJBd4 cRknm91i5wfX5TkV+iATHtDKSkMmWX8LANgO52EXh+gf/YOvMPbGWUxMn9MnPS/eQCMe Fk6S3jIH4/thRSZiAjLrMjfrNqjIVHtqasTpznrd+LakUTG+O0usjtsO3R2qYmJu1xcX Q27hg5FKtMFc0vyamIHIaFR+uW7LTtnct2FwmAwTlQihn5+y2qjZExBhMxoxM1vxTY2V 72OKfTNOzt5ock5YOmb6iAPs3YcNlnhPV9qUYvxo95tDVLuKjqkGpGfs4pBKpi8EMVNZ MQ== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp2120.oracle.com with ESMTP id 2kxbdq4py5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Aug 2018 21:38:19 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w7MLcI7r032485 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Aug 2018 21:38:18 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w7MLcHn4026165; Wed, 22 Aug 2018 21:38:18 GMT Received: from slnelson-mint18.us.oracle.com (/10.159.153.199) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 22 Aug 2018 14:38:17 -0700 From: Shannon Nelson To: steffen.klassert@secunet.com Cc: netdev@vger.kernel.org Subject: [PATCH ipsec-next] xfrm: allow driver to quietly refuse offload Date: Wed, 22 Aug 2018 14:38:10 -0700 Message-Id: <1534973890-23111-1-git-send-email-shannon.nelson@oracle.com> X-Mailer: git-send-email 2.7.4 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8993 signatures=668707 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=658 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808220213 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org If the "offload" attribute is used to create an IPsec SA and the .xdo_dev_state_add() fails, the SA creation fails. However, if the "offload" attribute is used on a device that doesn't offer it, the attribute is quietly ignored and the SA is created without an offload. Along the same line of that second case, it would be good to have a way for the device to refuse to offload an SA without failing the whole SA creation. This patch adds that feature by allowing the driver to return -EOPNOTSUPP as a signal that the SA may be fine, it just can't be offloaded. This allows the user a little more flexibility in requesting offloads and not needing to know every detail at all times about each specific NIC when trying to create SAs. Signed-off-by: Shannon Nelson --- More specifically, this will help one user experience issue with the coming ixgbevf IPsec offload. Documentation/networking/xfrm_device.txt | 4 ++++ net/xfrm/xfrm_device.c | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Documentation/networking/xfrm_device.txt b/Documentation/networking/xfrm_device.txt index 50c34ca..267f55b 100644 --- a/Documentation/networking/xfrm_device.txt +++ b/Documentation/networking/xfrm_device.txt @@ -68,6 +68,10 @@ and an indication of whether it is for Rx or Tx. The driver should - verify the algorithm is supported for offloads - store the SA information (key, salt, target-ip, protocol, etc) - enable the HW offload of the SA + - return status value: + 0 success + -EOPNETSUPP offload not supported, try SW IPsec + other fail the request The driver can also set an offload_handle in the SA, an opaque void pointer that can be used to convey context into the fast-path offload requests. diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 5611b75..3a1d9d6 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -192,9 +192,13 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, err = dev->xfrmdev_ops->xdo_dev_state_add(x); if (err) { + xso->num_exthdrs = 0; + xso->flags = 0; xso->dev = NULL; dev_put(dev); - return err; + + if (err != -EOPNOTSUPP) + return err; } return 0;