Gentwo Git Trees - linux/.git/commit

author	Carolina Jubran <cjubran@nvidia.com>
	Sun, 5 Oct 2025 08:29:57 +0000 (11:29 +0300)
committer	Paolo Abeni <pabeni@redhat.com>
	Tue, 7 Oct 2025 10:59:56 +0000 (12:59 +0200)
commit	7593439c13933164f701eed9c83d89358f203469
tree	925ac63ca2865abed851d186fd8aa6f062937f1a	tree \| snapshot
parent	3d3c4cd5c62f24bb3cb4511b7a95df707635e00a	commit \| diff

net/mlx5: Prevent tunnel mode conflicts between FDB and NIC IPsec tables

When creating IPsec flow tables with tunnel mode enabled, the driver
uses mlx5_eswitch_block_encap() to prevent tunnel encapsulation
conflicts across different domains (NIC_RX/NIC_TX and FDB), since the
firmware doesn’t allow both at the same time.

Currently, the driver attempts to reserve tunnel mode unconditionally
for both NIC and FDB IPsec tables. This can lead to conflicting tunnel
mode setups, for example, if a flow table was created in the FDB
domain with tunnel offload enabled, and we later try to create another
one in the NIC, or vice versa.

To resolve this, adjust the blocking logic so that tunnel mode is only
reserved by NIC flows. This ensures that tunnel offload is exclusively
used in either the NIC or the FDB, and avoids unintended offload
conflicts.

Fixes: 1762f132d542 ("net/mlx5e: Support IPsec packet offload for RX in switchdev mode")
Fixes: c6c2bf5db4ea ("net/mlx5e: Support IPsec packet offload for TX in switchdev mode")
Signed-off-by: Carolina Jubran <cjubran@nvidia.com>
Reviewed-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://patch.msgid.link/1759652999-858513-2-git-send-email-tariqt@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c		diff \| blob \| blame \| history
drivers/net/ethernet/mellanox/mlx5/core/eswitch.h		diff \| blob \| blame \| history
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c		diff \| blob \| blame \| history