[net-next] xfrm: Indicate xfrm_state offload errors

Message ID	20170430135119.11159-1-ilant@mellanox.com
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: <ilant@mellanox.com> To: Steffen Klassert <steffen.klassert@secunet.com> CC: <netdev@vger.kernel.org>, Ilan Tayari <ilant@mellanox.com> Subject: [PATCH net-next] xfrm: Indicate xfrm_state offload errors Date: Sun, 30 Apr 2017 16:51:19 +0300 Message-ID: <20170430135119.11159-1-ilant@mellanox.com> MIME-Version: 1.0 Content-Type: text/plain SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DB5PR0501MB1941; 7:/PM5D92wmprfsWTQ7yQ38XHeUWnfzlK1cHQheBsangBbYPtGLL9B1gSCDpr9DNhCaUeT36go3XCGVqwNkWbqV1qexZHNTAUt40Wx3gjDR4LpvX3VdrGqvnF69sXsIATSTGKKSiHO3ZrJJF7V+Lc4UVfOa9rxEqa87a0KCRGoGL9TSCBzNE43R1k6gS7Pa+3FtfxqBLR/OUYrgp0wxhe7PNFhszXtN1dJShcvpkzHatubfqJwSf9JbTC9O2xrM8aH12MsGKssK544/qDO2/S3qmehku9Geb0kpQay8I2uYL3ByPOy8QND+JRYF6XnEYUbdbBoFu5IRWOeqxxWicgj/g== Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

20170430135119.11159-1-ilant@mellanox.com

State

Accepted, archived

Delegated to:

David Miller

Headers

From: <ilant@mellanox.com>
To: Steffen Klassert <steffen.klassert@secunet.com>
CC: <netdev@vger.kernel.org>, Ilan Tayari <ilant@mellanox.com>
Subject: [PATCH net-next] xfrm: Indicate xfrm_state offload errors
Date: Sun, 30 Apr 2017 16:51:19 +0300
Message-ID: <20170430135119.11159-1-ilant@mellanox.com>
MIME-Version: 1.0
Content-Type: text/plain
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2017 13:51:26.6169
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR0501MB1941
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Commit Message

Ilan Tayari April 30, 2017, 1:51 p.m. UTC

From: Ilan Tayari <ilant@mellanox.com>

Current code silently ignores driver errors when configuring
IPSec offload xfrm_state, and falls back to host-based crypto.

Fail the xfrm_state creation if the driver has an error, because
the NIC offloading was explicitly requested by the user program.

This will communicate back to the user that there was an error.

Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Ilan Tayari <ilant@mellanox.com>
---
 net/xfrm/xfrm_user.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Comments

David Miller May 1, 2017, 7 p.m. UTC | #1

From: <ilant@mellanox.com>
Date: Sun, 30 Apr 2017 16:51:19 +0300

> From: Ilan Tayari <ilant@mellanox.com>
> 
> Current code silently ignores driver errors when configuring
> IPSec offload xfrm_state, and falls back to host-based crypto.
> 
> Fail the xfrm_state creation if the driver has an error, because
> the NIC offloading was explicitly requested by the user program.
> 
> This will communicate back to the user that there was an error.
> 
> Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
> Signed-off-by: Ilan Tayari <ilant@mellanox.com>

Also applied.

Steffen, I apologize for taking these directly but I really wanted to
make sure these fixes made it into the pull request I plan to send to
Linus for the merge window soon.

Thanks.

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index ba74e5eeeeef..c4cceddac9db 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -595,9 +595,12 @@  static struct xfrm_state *xfrm_state_construct(struct net *net,
 			goto error;
 	}
 
-	if (attrs[XFRMA_OFFLOAD_DEV] &&
-	    xfrm_dev_state_add(net, x, nla_data(attrs[XFRMA_OFFLOAD_DEV])))
-		goto error;
+	if (attrs[XFRMA_OFFLOAD_DEV]) {
+		err = xfrm_dev_state_add(net, x,
+					 nla_data(attrs[XFRMA_OFFLOAD_DEV]));
+		if (err)
+			goto error;
+	}
 
 	if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn,
 					       attrs[XFRMA_REPLAY_ESN_VAL])))

[net-next] xfrm: Indicate xfrm_state offload errors

Commit Message

Comments

Patch