Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'add-support-to-offload-macsec-using-netlink-update'

Emeel Hakim says:

====================
Add support to offload macsec using netlink update

This series adds support for offloading macsec as part of the netlink
update routine, command example:

$ ip link set link eth2 macsec0 type macsec offload mac

The above is done using the IFLA_MACSEC_OFFLOAD attribute hence
the second patch of dumping this attribute as part of the macsec
dump.
====================

Link: https://lore.kernel.org/r/20230111150210.8246-1-ehakim@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

+70 -57
+70 -57
drivers/net/macsec.c
··· 2583 2583 return false; 2584 2584 } 2585 2585 2586 - static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info) 2586 + static int macsec_update_offload(struct net_device *dev, enum macsec_offload offload) 2587 2587 { 2588 - struct nlattr *tb_offload[MACSEC_OFFLOAD_ATTR_MAX + 1]; 2589 - enum macsec_offload offload, prev_offload; 2590 - int (*func)(struct macsec_context *ctx); 2591 - struct nlattr **attrs = info->attrs; 2592 - struct net_device *dev; 2588 + enum macsec_offload prev_offload; 2593 2589 const struct macsec_ops *ops; 2594 2590 struct macsec_context ctx; 2595 2591 struct macsec_dev *macsec; 2592 + int ret = 0; 2593 + 2594 + macsec = macsec_priv(dev); 2595 + 2596 + /* Check if the offloading mode is supported by the underlying layers */ 2597 + if (offload != MACSEC_OFFLOAD_OFF && 2598 + !macsec_check_offload(offload, macsec)) 2599 + return -EOPNOTSUPP; 2600 + 2601 + /* Check if the net device is busy. */ 2602 + if (netif_running(dev)) 2603 + return -EBUSY; 2604 + 2605 + /* Check if the device already has rules configured: we do not support 2606 + * rules migration. 2607 + */ 2608 + if (macsec_is_configured(macsec)) 2609 + return -EBUSY; 2610 + 2611 + prev_offload = macsec->offload; 2612 + 2613 + ops = __macsec_get_ops(offload == MACSEC_OFFLOAD_OFF ? prev_offload : offload, 2614 + macsec, &ctx); 2615 + if (!ops) 2616 + return -EOPNOTSUPP; 2617 + 2618 + macsec->offload = offload; 2619 + 2620 + ctx.secy = &macsec->secy; 2621 + ret = offload == MACSEC_OFFLOAD_OFF ? macsec_offload(ops->mdo_del_secy, &ctx) 2622 + : macsec_offload(ops->mdo_add_secy, &ctx); 2623 + if (ret) 2624 + macsec->offload = prev_offload; 2625 + 2626 + return ret; 2627 + } 2628 + 2629 + static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info) 2630 + { 2631 + struct nlattr *tb_offload[MACSEC_OFFLOAD_ATTR_MAX + 1]; 2632 + struct nlattr **attrs = info->attrs; 2633 + enum macsec_offload offload; 2634 + struct macsec_dev *macsec; 2635 + struct net_device *dev; 2596 2636 int ret = 0; 2597 2637 2598 2638 if (!attrs[MACSEC_ATTR_IFINDEX]) ··· 2661 2621 } 2662 2622 2663 2623 offload = nla_get_u8(tb_offload[MACSEC_OFFLOAD_ATTR_TYPE]); 2664 - if (macsec->offload == offload) 2665 - goto out; 2666 2624 2667 - /* Check if the offloading mode is supported by the underlying layers */ 2668 - if (offload != MACSEC_OFFLOAD_OFF && 2669 - !macsec_check_offload(offload, macsec)) { 2670 - ret = -EOPNOTSUPP; 2671 - goto out; 2672 - } 2673 - 2674 - /* Check if the net device is busy. */ 2675 - if (netif_running(dev)) { 2676 - ret = -EBUSY; 2677 - goto out; 2678 - } 2679 - 2680 - prev_offload = macsec->offload; 2681 - macsec->offload = offload; 2682 - 2683 - /* Check if the device already has rules configured: we do not support 2684 - * rules migration. 2685 - */ 2686 - if (macsec_is_configured(macsec)) { 2687 - ret = -EBUSY; 2688 - goto rollback; 2689 - } 2690 - 2691 - ops = __macsec_get_ops(offload == MACSEC_OFFLOAD_OFF ? prev_offload : offload, 2692 - macsec, &ctx); 2693 - if (!ops) { 2694 - ret = -EOPNOTSUPP; 2695 - goto rollback; 2696 - } 2697 - 2698 - if (prev_offload == MACSEC_OFFLOAD_OFF) 2699 - func = ops->mdo_add_secy; 2700 - else 2701 - func = ops->mdo_del_secy; 2702 - 2703 - ctx.secy = &macsec->secy; 2704 - ret = macsec_offload(func, &ctx); 2705 - if (ret) 2706 - goto rollback; 2707 - 2708 - rtnl_unlock(); 2709 - return 0; 2710 - 2711 - rollback: 2712 - macsec->offload = prev_offload; 2625 + if (macsec->offload != offload) 2626 + ret = macsec_update_offload(dev, offload); 2713 2627 out: 2714 2628 rtnl_unlock(); 2715 2629 return ret; ··· 3811 3817 struct netlink_ext_ack *extack) 3812 3818 { 3813 3819 struct macsec_dev *macsec = macsec_priv(dev); 3820 + bool macsec_offload_state_change = false; 3821 + enum macsec_offload offload; 3814 3822 struct macsec_tx_sc tx_sc; 3815 3823 struct macsec_secy secy; 3816 3824 int ret; ··· 3836 3840 if (ret) 3837 3841 goto cleanup; 3838 3842 3843 + if (data[IFLA_MACSEC_OFFLOAD]) { 3844 + offload = nla_get_u8(data[IFLA_MACSEC_OFFLOAD]); 3845 + if (macsec->offload != offload) { 3846 + macsec_offload_state_change = true; 3847 + ret = macsec_update_offload(dev, offload); 3848 + if (ret) 3849 + goto cleanup; 3850 + } 3851 + } 3852 + 3839 3853 /* If h/w offloading is available, propagate to the device */ 3840 - if (macsec_is_offloaded(macsec)) { 3854 + if (!macsec_offload_state_change && macsec_is_offloaded(macsec)) { 3841 3855 const struct macsec_ops *ops; 3842 3856 struct macsec_context ctx; 3843 3857 ··· 4246 4240 nla_total_size(1) + /* IFLA_MACSEC_SCB */ 4247 4241 nla_total_size(1) + /* IFLA_MACSEC_REPLAY_PROTECT */ 4248 4242 nla_total_size(1) + /* IFLA_MACSEC_VALIDATION */ 4243 + nla_total_size(1) + /* IFLA_MACSEC_OFFLOAD */ 4249 4244 0; 4250 4245 } 4251 4246 4252 4247 static int macsec_fill_info(struct sk_buff *skb, 4253 4248 const struct net_device *dev) 4254 4249 { 4255 - struct macsec_secy *secy = &macsec_priv(dev)->secy; 4256 - struct macsec_tx_sc *tx_sc = &secy->tx_sc; 4250 + struct macsec_tx_sc *tx_sc; 4251 + struct macsec_dev *macsec; 4252 + struct macsec_secy *secy; 4257 4253 u64 csid; 4254 + 4255 + macsec = macsec_priv(dev); 4256 + secy = &macsec->secy; 4257 + tx_sc = &secy->tx_sc; 4258 4258 4259 4259 switch (secy->key_len) { 4260 4260 case MACSEC_GCM_AES_128_SAK_LEN: ··· 4286 4274 nla_put_u8(skb, IFLA_MACSEC_SCB, tx_sc->scb) || 4287 4275 nla_put_u8(skb, IFLA_MACSEC_REPLAY_PROTECT, secy->replay_protect) || 4288 4276 nla_put_u8(skb, IFLA_MACSEC_VALIDATION, secy->validate_frames) || 4277 + nla_put_u8(skb, IFLA_MACSEC_OFFLOAD, macsec->offload) || 4289 4278 0) 4290 4279 goto nla_put_failure; 4291 4280