git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Jacob Keller <jacob.e.keller@intel.com>
	Fri, 1 Nov 2024 23:05:42 +0000 (16:05 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 14 Dec 2024 19:03:06 +0000 (20:03 +0100)
commit	bf4c4782e532dc4aa9363ab6c846ce40fdc3742f
tree	02e33f0f3578e1b0faa1ad3d84fbaa7e9994ece2	tree
parent	befb42b7ce5567a84afc5b4f8ba3df45ccf2c21f	commit \| diff

ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5

[ Upstream commit d0725312adf5a803de8f621bd1b12ba7a6464a29 ]

Commit 339f28964147 ("ixgbevf: Add support for new mailbox communication
between PF and VF") added support for v1.5 of the PF to VF mailbox
communication API. This commit mistakenly enabled IPSEC offload for API
v1.5.

No implementation of the v1.5 API has support for IPSEC offload. This
offload is only supported by the Linux PF as mailbox API v1.4. In fact, the
v1.5 API is not implemented in any Linux PF.

Attempting to enable IPSEC offload on a PF which supports v1.5 API will not
work. Only the Linux upstream ixgbe and ixgbevf support IPSEC offload, and
only as part of the v1.4 API.

Fix the ixgbevf Linux driver to stop attempting IPSEC offload when
the mailbox API does not support it.

The existing API design choice makes it difficult to support future API
versions, as other non-Linux hosts do not implement IPSEC offload. If we
add support for v1.5 to the Linux PF, then we lose support for IPSEC
offload.

A full solution likely requires a new mailbox API with a proper negotiation
to check that IPSEC is actually supported by the host.

Fixes: 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF")
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>