xfrm: extend add policy callback to set failure reason

Almost all validation logic is in the drivers, but they are
missing reliable way to convey failure reason to userspace
applications.

Let's use extack to return this information to users.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/Documentation/networking/xfrm_device.rst b/Documentation/networking/xfrm_device.rst
index c43ace7..b9c53e6 100644 (file)
--- a/Documentation/networking/xfrm_device.rst
+++ b/Documentation/networking/xfrm_device.rst
@@ -73,7 +73,7 @@ Callbacks to implement
 
         /* Solely packet offload callbacks */
        void    (*xdo_dev_state_update_curlft) (struct xfrm_state *x);
-       int     (*xdo_dev_policy_add) (struct xfrm_policy *x);
+       int     (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack);
        void    (*xdo_dev_policy_delete) (struct xfrm_policy *x);
        void    (*xdo_dev_policy_free) (struct xfrm_policy *x);
   };

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index bb90239..83e0f87 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -550,7 +550,8 @@ mlx5e_ipsec_build_accel_pol_attrs(struct mlx5e_ipsec_pol_entry *pol_entry,
        attrs->reqid = x->xfrm_vec[0].reqid;
 }
 
-static int mlx5e_xfrm_add_policy(struct xfrm_policy *x)
+static int mlx5e_xfrm_add_policy(struct xfrm_policy *x,
+                                struct netlink_ext_ack *extack)
 {
        struct net_device *netdev = x->xdo.real_dev;
        struct mlx5e_ipsec_pol_entry *pol_entry;

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index aad12a1..7c43b9f 100644 (file)
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1042,7 +1042,7 @@ struct xfrmdev_ops {
                                       struct xfrm_state *x);
        void    (*xdo_dev_state_advance_esn) (struct xfrm_state *x);
        void    (*xdo_dev_state_update_curlft) (struct xfrm_state *x);
-       int     (*xdo_dev_policy_add) (struct xfrm_policy *x);
+       int     (*xdo_dev_policy_add) (struct xfrm_policy *x, struct netlink_ext_ack *extack);
        void    (*xdo_dev_policy_delete) (struct xfrm_policy *x);
        void    (*xdo_dev_policy_free) (struct xfrm_policy *x);
 };

diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 4aff76c..2cec637 100644 (file)
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -383,14 +383,13 @@ int xfrm_dev_policy_add(struct net *net, struct xfrm_policy *xp,
                return -EINVAL;
        }
 
-       err = dev->xfrmdev_ops->xdo_dev_policy_add(xp);
+       err = dev->xfrmdev_ops->xdo_dev_policy_add(xp, extack);
        if (err) {
                xdo->dev = NULL;
                xdo->real_dev = NULL;
                xdo->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
                xdo->dir = 0;
                netdev_put(dev, &xdo->dev_tracker);
-               NL_SET_ERR_MSG(extack, "Device failed to offload this policy");
                return err;
        }