git: 39598c2a9f5d - main - ipsec offload: ipsec_accel_fill_xh() should indirect through fn pointer

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Thu, 17 Jul 2025 11:01:17 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=39598c2a9f5d074b1365e5ba97441fb5b4f8476b

commit 39598c2a9f5d074b1365e5ba97441fb5b4f8476b
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-07-17 10:57:35 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-07-17 10:57:35 +0000

    ipsec offload: ipsec_accel_fill_xh() should indirect through fn pointer
    
    The config with IPSEC_SUPPORT + IPSEC_OFFLOAD is the valid one.
    
    Fixes:  5be5a0bde5f990dbc680272eee74132bcde815f2
    Sponsored by:   Nvidia networking
---
 sys/netipsec/ipsec_offload.c |  8 ++++++--
 sys/netipsec/ipsec_offload.h | 16 +++++++++++++---
 sys/netipsec/key.c           |  2 ++
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c
index a2092c91c1aa..8a09d5f37b4a 100644
--- a/sys/netipsec/ipsec_offload.c
+++ b/sys/netipsec/ipsec_offload.c
@@ -160,6 +160,8 @@ static void ipsec_accel_drv_sa_lifetime_update_impl(struct secasvar *sav,
 static int ipsec_accel_drv_sa_lifetime_fetch_impl(struct secasvar *sav,
     if_t ifp, u_int drv_spi, uint64_t *octets, uint64_t *allocs);
 static void ipsec_accel_ifdetach_event(void *arg, struct ifnet *ifp);
+static bool ipsec_accel_fill_xh_impl(if_t ifp, uint32_t drv_spi,
+    struct xform_history *xh);
 
 static void
 ipsec_accel_init(void *arg)
@@ -186,6 +188,7 @@ ipsec_accel_init(void *arg)
 	    ipsec_accel_drv_sa_lifetime_update_impl;
 	ipsec_accel_drv_sa_lifetime_fetch_p =
 	    ipsec_accel_drv_sa_lifetime_fetch_impl;
+	ipsec_accel_fill_xh_p = ipsec_accel_fill_xh_impl;
 	pctrie_init(&drv_spi_pctrie);
 	ipsec_accel_ifdetach_event_tag = EVENTHANDLER_REGISTER(
 	    ifnet_departure_event, ipsec_accel_ifdetach_event, NULL,
@@ -210,6 +213,7 @@ ipsec_accel_fini(void *arg)
 	ipsec_accel_on_ifdown_p = NULL;
 	ipsec_accel_drv_sa_lifetime_update_p = NULL;
 	ipsec_accel_drv_sa_lifetime_fetch_p = NULL;
+	ipsec_accel_fill_xh_p = NULL;
 	ipsec_accel_sync_imp();
 	clean_unrhdr(drv_spi_unr);	/* avoid panic, should go later */
 	clear_unrhdr(drv_spi_unr);
@@ -1167,8 +1171,8 @@ ipsec_accel_key_setaccelif_impl(struct secasvar *sav)
 	return (m);
 }
 
-bool
-ipsec_accel_fill_xh(if_t ifp, uint32_t drv_spi, struct xform_history *xh)
+static bool
+ipsec_accel_fill_xh_impl(if_t ifp, uint32_t drv_spi, struct xform_history *xh)
 {
 	struct ifp_handle_sav *i;
 
diff --git a/sys/netipsec/ipsec_offload.h b/sys/netipsec/ipsec_offload.h
index fb8cd7438598..ae60eaa8ae78 100644
--- a/sys/netipsec/ipsec_offload.h
+++ b/sys/netipsec/ipsec_offload.h
@@ -68,6 +68,8 @@ extern void (*ipsec_accel_drv_sa_lifetime_update_p)(struct secasvar *sav,
     if_t ifp, u_int drv_spi, uint64_t octets, uint64_t allocs);
 extern int (*ipsec_accel_drv_sa_lifetime_fetch_p)(struct secasvar *sav,
     if_t ifp, u_int drv_spi, uint64_t *octets, uint64_t *allocs);
+extern bool (*ipsec_accel_fill_xh_p)(if_t ifp, uint32_t drv_spi,
+    struct xform_history *xh);
 
 #ifdef IPSEC_OFFLOAD
 /*
@@ -160,6 +162,16 @@ ipsec_accel_key_setaccelif(struct secasvar *sav)
 	return (NULL);
 }
 
+static inline bool
+ipsec_accel_fill_xh(if_t ifp, uint32_t drv_spi, struct xform_history *xh)
+{
+	bool (*p)(if_t ifp, uint32_t drv_spi, struct xform_history *xh);
+
+	p = atomic_load_ptr(&ipsec_accel_fill_xh_p);
+	if (p != NULL)
+		return (p(ifp, drv_spi, xh));
+	return (false);
+}
 
 #else
 #define	ipsec_accel_sa_newkey(a)
@@ -170,6 +182,7 @@ ipsec_accel_key_setaccelif(struct secasvar *sav)
 #define	ipsec_accel_sync()
 #define	ipsec_accel_is_accel_sav(a)
 #define	ipsec_accel_key_setaccelif(a)
+#define	ipsec_accel_fill_xh(a, b, c)	(false)
 #endif
 
 void ipsec_accel_forget_sav_impl(struct secasvar *sav);
@@ -183,8 +196,6 @@ bool ipsec_accel_output(struct ifnet *ifp, struct mbuf *m,
     int mtu, int *hwassist);
 void ipsec_accel_forget_sav(struct secasvar *sav);
 struct xform_history;
-bool ipsec_accel_fill_xh(if_t ifp, uint32_t drv_spi,
-    struct xform_history *xh);
 #else
 #define	ipsec_accel_input(a, b, c) (ENXIO)
 #define	ipsec_accel_output(a, b, c, d, e, f, g, h) ({	\
@@ -192,7 +203,6 @@ bool ipsec_accel_fill_xh(if_t ifp, uint32_t drv_spi,
 	false;						\
 })
 #define	ipsec_accel_forget_sav(a)
-#define	ipsec_accel_fill_xh(a, b, c)	(false)
 #endif
 
 struct ipsec_accel_in_tag *ipsec_accel_input_tag_lookup(const struct mbuf *);
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index ae67d83c6d13..4ba1b49c24f0 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -114,6 +114,8 @@ void (*ipsec_accel_drv_sa_lifetime_update_p)(struct secasvar *sav, if_t ifp,
     u_int drv_spi, uint64_t octets, uint64_t allocs);
 int (*ipsec_accel_drv_sa_lifetime_fetch_p)(struct secasvar *sav, if_t ifp,
     u_int drv_spi, uint64_t *octets, uint64_t *allocs);
+bool (*ipsec_accel_fill_xh_p)(if_t ifp, uint32_t drv_spi,
+    struct xform_history *xh);
 #endif
 
 #define FULLMASK	0xff