From nobody Thu Feb 13 10:33:16 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yts311XDCz5nJ9R; Thu, 13 Feb 2025 10:33:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yts3106v3z3fM3; Thu, 13 Feb 2025 10:33:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739442797; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=j8+JWUWHhd+3IcZ4cMMEPu+ZVMCH5MkerQ44IcT0YS4=; b=t4xHRotYhUQjItuh4CCvEFk1V/jV4Gv+LAlheOPtumVAXPXwjDC/ziNIS4D4eDLFM5bDzZ TLtw38h76eQTzSOVtShyelze606bz8nT/MHqiwtuja6aUyHPF6Bq2kqjYx30EEPfitc93V fsArlvE83S8Vlhbrxx5XFk/0xAwhZ1QpGMCeqAoKEJ+KUX/7lvC/oseYgU9jfwoT907OSi DwTGclBXHIJBwwE52pG7BuAN8qGQVoHxGvO/SfkJhPGfVEuzjCim8E4hA/657WVqqQEQea LjOYEZE29exBlhqoiJbX9moweK5dv8om78sezdWrXspk9+dGRXu9cv8XTZRLig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739442797; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=j8+JWUWHhd+3IcZ4cMMEPu+ZVMCH5MkerQ44IcT0YS4=; b=AnIEZ2f+2XehRojSCHvVGow2eyi3+3Rg4t4GtO2R+SAFrlNJWACc78fTsdr5Z4AH+y0jRN 3eNsGUqbFXJBkjoYx/sCJgzFXB41cGEUjWZ4z6s7w8Fo52nCK6FOcgGySh0yu5eKGQPx7I gUzT5+C0GXuQvCr3cwhB3us5KWghK9TAxiIhz6IFkkQbiUGuC5CMcx4kurABGJFOHTCGIF MvyefBA/GLwRNuNOIl0iyVj7rmgupzngYK65x9JL087H90lYGMddpaVTCARxDXEyCA8ot2 4vMv/Ckhx3R9hlLgfdtYBja93S9lTcfU0IsWdlGexvJBMymzg3FGicEPOozhEA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739442797; a=rsa-sha256; cv=none; b=UpbtZeA/XIqKOmyvfvnQzlvcH48LVp7AnIN4NiiySspM0L/VfgrxiQ+7p9dNA2xt3B4wvI SPXbeSlW1Px6xJEfQjjE1Qmik2vHocIdc8QhfQ/FpdKVT2wco4FkBD39i17O/DOPiDGdXE UMkTrcOs3Ts19pOP9tSjVBO5Pv8+VrCq2skJ9YyCP27uPy+WbWTL/ISsQDjHFSwQw0WqWj 3320XgK+3EzcAQoZoNxGH49E60Rg5TIeM3coLpHYdcXZV2L7DWWwuk0WMDskVBZfnWZ4Zl UJtcaOKr/c4tTcNlpJ7x4uIKrxqfrnCcj5OJR9p3l9FbuJA0tY79GrogVmilhw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yts306rSPzhDr; Thu, 13 Feb 2025 10:33:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51DAXGWG048762; Thu, 13 Feb 2025 10:33:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51DAXGb7048759; Thu, 13 Feb 2025 10:33:16 GMT (envelope-from git) Date: Thu, 13 Feb 2025 10:33:16 GMT Message-Id: <202502131033.51DAXGb7048759@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 1fbce7deef51 - main - mlx5 ipsec: return EOPNOTSUPP for unsupported SAs instead of EINVAL List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1fbce7deef51bb7641335f13ddf2543e56f0dafd Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=1fbce7deef51bb7641335f13ddf2543e56f0dafd commit 1fbce7deef51bb7641335f13ddf2543e56f0dafd Author: Konstantin Belousov AuthorDate: 2025-02-09 00:11:21 +0000 Commit: Konstantin Belousov CommitDate: 2025-02-13 10:32:32 +0000 mlx5 ipsec: return EOPNOTSUPP for unsupported SAs instead of EINVAL The ipsec offload infra requires the EOPNOTSUPP error from driver to understand that the SA is valid but offload cannot be performed. Sponsored by: NVidia networking --- sys/dev/mlx5/mlx5_accel/mlx5_ipsec.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/sys/dev/mlx5/mlx5_accel/mlx5_ipsec.c b/sys/dev/mlx5/mlx5_accel/mlx5_ipsec.c index b7e8eb88f625..3f3c575c9dad 100644 --- a/sys/dev/mlx5/mlx5_accel/mlx5_ipsec.c +++ b/sys/dev/mlx5/mlx5_accel/mlx5_ipsec.c @@ -256,69 +256,69 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev, if (!(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_PACKET_OFFLOAD)) { mlx5_core_err(mdev, "FULL offload is not supported\n"); - return (EINVAL); + return (EOPNOTSUPP); } if (savp->state == SADB_SASTATE_DEAD) - return (EINVAL); + return (EOPNOTSUPP); if (savp->alg_enc == SADB_EALG_NONE) { mlx5_core_err(mdev, "Cannot offload authenticated xfrm states\n"); - return (EINVAL); + return (EOPNOTSUPP); } if (savp->alg_enc != SADB_X_EALG_AESGCM16) { mlx5_core_err(mdev, "Only IPSec aes-gcm-16 encryption protocol may be offloaded\n"); - return (EINVAL); + return (EOPNOTSUPP); } if (savp->tdb_compalgxform) { mlx5_core_err(mdev, "Cannot offload compressed xfrm states\n"); - return (EINVAL); + return (EOPNOTSUPP); } if (savp->alg_auth != SADB_X_AALG_AES128GMAC && savp->alg_auth != SADB_X_AALG_AES256GMAC) { mlx5_core_err(mdev, "Cannot offload xfrm states with AEAD key length other than 128/256 bits\n"); - return (EINVAL); + return (EOPNOTSUPP); } if ((saidx->dst.sa.sa_family != AF_INET && saidx->dst.sa.sa_family != AF_INET6) || (saidx->src.sa.sa_family != AF_INET && saidx->src.sa.sa_family != AF_INET6)) { mlx5_core_err(mdev, "Only IPv4/6 xfrm states may be offloaded\n"); - return (EINVAL); + return (EOPNOTSUPP); } if (saidx->proto != IPPROTO_ESP) { mlx5_core_err(mdev, "Only ESP xfrm state may be offloaded\n"); - return (EINVAL); + return (EOPNOTSUPP); } /* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */ keylen = _KEYLEN(key_encp) - SAV_ISCTRORGCM(savp) * 4 - SAV_ISCHACHA(savp) * 4; if (keylen != 128/8 && keylen != 256 / 8) { mlx5_core_err(mdev, "Cannot offload xfrm states with AEAD key length other than 128/256 bit\n"); - return (EINVAL); + return (EOPNOTSUPP); } if (saidx->mode != IPSEC_MODE_TRANSPORT) { mlx5_core_err(mdev, "Only transport xfrm states may be offloaded in full offload mode\n"); - return (EINVAL); + return (EOPNOTSUPP); } if (savp->natt) { if (!(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_ESPINUDP)) { mlx5_core_err(mdev, "Encapsulation is not supported\n"); - return (EINVAL); + return (EOPNOTSUPP); } } if (savp->replay && savp->replay->wsize != 0 && savp->replay->wsize != 4 && savp->replay->wsize != 8 && savp->replay->wsize != 16 && savp->replay->wsize != 32) { mlx5_core_err(mdev, "Unsupported replay window size %d\n", savp->replay->wsize); - return (EINVAL); + return (EOPNOTSUPP); } if ((savp->flags & SADB_X_SAFLAGS_ESN) != 0) { if ((mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_ESN) == 0) { mlx5_core_err(mdev, "ESN is not supported\n"); - return (EINVAL); + return (EOPNOTSUPP); } } else if (savp->replay != NULL && savp->replay->wsize != 0) { mlx5_core_warn(mdev, "non-ESN but replay-protect SA offload is not supported\n"); - return (EINVAL); + return (EOPNOTSUPP); } return 0; }