This is a note to let you know that I've just added the patch titled xfrm: store and rely on direction to construct offload flags to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: xfrm-store-and-rely-on-direction-to-construct-offloa.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 2fc8606ea6ecd9997ccc3d43c0de145de5c0876a Author: Leon Romanovsky <leon@xxxxxxxxxx> Date: Thu May 5 13:06:41 2022 +0300 xfrm: store and rely on direction to construct offload flags [ Upstream commit 482db2f1dd211f73ad9d71e33ae15c1df6379982 ] XFRM state doesn't need anything from flags except to understand direction, so store it separately. For future patches, such change will allow us to reuse xfrm_dev_offload for policy offload too, which has three possible directions instead of two. Reviewed-by: Raed Salem <raeds@xxxxxxxxxx> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx> Signed-off-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> Stable-dep-of: 2cf567f421db ("netdevsim: copy addresses for both in and out paths") Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 987c603806aee..2c1feca282036 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -126,12 +126,18 @@ struct xfrm_state_walk { struct xfrm_address_filter *filter; }; +enum { + XFRM_DEV_OFFLOAD_IN = 1, + XFRM_DEV_OFFLOAD_OUT, +}; + struct xfrm_dev_offload { struct net_device *dev; struct net_device *real_dev; unsigned long offload_handle; unsigned int num_exthdrs; u8 flags; + u8 dir : 2; }; struct xfrm_mode { diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 61aa0fd9d2a0c..7690d23bcf8bb 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -129,7 +129,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur sp = skb_sec_path(skb); x = sp->xvec[sp->len - 1]; - if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND) + if (xo->flags & XFRM_GRO || x->xso.dir == XFRM_DEV_OFFLOAD_IN) return skb; /* This skb was already validated on the upper/virtual dev */ @@ -285,11 +285,17 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, /* Don't forward bit that is not implemented */ xso->flags = xuo->flags & ~XFRM_OFFLOAD_IPV6; + if (xuo->flags & XFRM_OFFLOAD_INBOUND) + xso->dir = XFRM_DEV_OFFLOAD_IN; + else + xso->dir = XFRM_DEV_OFFLOAD_OUT; + err = dev->xfrmdev_ops->xdo_dev_state_add(x); if (err) { xso->num_exthdrs = 0; xso->flags = 0; xso->dev = NULL; + xso->dir = 0; xso->real_dev = NULL; dev_put(dev); diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index b12a305a2d7a4..aa509857b6660 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -855,7 +855,8 @@ static int copy_user_offload(struct xfrm_dev_offload *xso, struct sk_buff *skb) xuo = nla_data(attr); memset(xuo, 0, sizeof(*xuo)); xuo->ifindex = xso->dev->ifindex; - xuo->flags = xso->flags; + if (xso->dir == XFRM_DEV_OFFLOAD_IN) + xuo->flags = XFRM_OFFLOAD_INBOUND; return 0; }