xfrm: extend add policy callback to set failure reason

Almost all validation logic is in the drivers, but they are
missing reliable way to convey failure reason to userspace
applications.

Let's use extack to return this information to users.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
index c43ace79e32075f00c288cfee56c6798db085a40..b9c53e62698258b1264eb3874e3346a586d39068 100644 (file)
--- a/Documentation/networking/xfrm_device.rst
+++ b/Documentation/networking/xfrm_device.rst
@@ -73,7 +73,7 @@ Callbacks to implement
 
         /* Solely packet offload callbacks */
        void    (*xdo_dev_state_update_curlft) (struct xfrm_state *x);
-       int     (*xdo_dev_policy_add) (struct xfrm_policy *x);
+       int     (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack);
        void    (*xdo_dev_policy_delete) (struct xfrm_policy *x);
        void    (*xdo_dev_policy_free) (struct xfrm_policy *x);
   };

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index bb9023957f74e7869b81f8ac317fade9e319e9ea..83e0f874484e958e7791bcd944926257dc7fbc6d 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -550,7 +550,8 @@ mlx5e_ipsec_build_accel_pol_attrs(struct mlx5e_ipsec_pol_entry *pol_entry,
        attrs->reqid = x->xfrm_vec[0].reqid;
 }
 
-static int mlx5e_xfrm_add_policy(struct xfrm_policy *x)
+static int mlx5e_xfrm_add_policy(struct xfrm_policy *x,
+                                struct netlink_ext_ack *extack)
 {
        struct net_device *netdev = x->xdo.real_dev;
        struct mlx5e_ipsec_pol_entry *pol_entry;

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index aad12a179e5407d5868e819ffe1be0a783c5fc56..7c43b9fb9aaefa2caf84cd4d31219ba6aad5c2a3 100644 (file)
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1042,7 +1042,7 @@ struct xfrmdev_ops {
                                       struct xfrm_state *x);
        void    (*xdo_dev_state_advance_esn) (struct xfrm_state *x);
        void    (*xdo_dev_state_update_curlft) (struct xfrm_state *x);
-       int     (*xdo_dev_policy_add) (struct xfrm_policy *x);
+       int     (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack);
        void    (*xdo_dev_policy_delete) (struct xfrm_policy *x);
        void    (*xdo_dev_policy_free) (struct xfrm_policy *x);
 };

diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 4aff76c6f12e067f641ad2c044e02a2a137effae..2cec637a4a9cd2aca04757fecc4285dafd5482b4 100644 (file)
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -383,14 +383,13 @@ int xfrm_dev_policy_add(struct net *net, struct xfrm_policy *xp,
                return -EINVAL;
        }
 
-       err = dev->xfrmdev_ops->xdo_dev_policy_add(xp);
+       err = dev->xfrmdev_ops->xdo_dev_policy_add(xp, extack);
        if (err) {
                xdo->dev = NULL;
                xdo->real_dev = NULL;
                xdo->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
                xdo->dir = 0;
                netdev_put(dev, &xdo->dev_tracker);
-               NL_SET_ERR_MSG(extack, "Device failed to offload this policy");
                return err;
        }