git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Emeel Hakim <ehakim@nvidia.com>
	Mon, 13 Mar 2023 15:03:03 +0000 (17:03 +0200)
committer	Sasha Levin <sashal@kernel.org>
	Fri, 15 Mar 2024 14:48:15 +0000 (10:48 -0400)
commit	b526c3177531d87dbcf256c23b8cfc5b833cec08
tree	e6035a0de0128b722d9b7a8c5be3dbe1af7b66a6	tree
parent	6d6bb522d74b3e02d7f05ab42c3d18380b7b3408	commit \| diff

net/mlx5e: Fix MACsec state loss upon state update in offload path

[ Upstream commit a71f2147b64941efee156bfda54fd6461d0f95df ]

The packet number attribute of the SA is incremented by the device rather
than the software stack when enabling hardware offload. Because the packet
number attribute is managed by the hardware, the software has no insight
into the value of the packet number attribute actually written by the
device.

Previously when MACsec offload was enabled, the hardware object for
handling the offload was destroyed when the SA was disabled. Re-enabling
the SA would lead to a new hardware object being instantiated. This new
hardware object would not have any recollection of the correct packet
number for the SA. Instead, destroy the flow steering rule when
deactivating the SA and recreate it upon reactivation, preserving the
original hardware object.

Fixes: 8ff0ac5be144 ("net/mlx5: Add MACsec offload Tx command support")
Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>
Reviewed-by: Gal Pressman <gal@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>