ixgbe: add VF IPsec offload enable flag

Add a private flag to expressly enable support for VF IPsec offload. The VF will have to be "trusted" in order to use the hardware offload, but because of the general concerns of managing VF access, we want to be sure the user specifically is enabling the feature. This is likely a candidate for becoming a netdev feature flag. Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
author: Shannon Nelson <shannon.nelson@oracle.com> 2018-08-13 11:43:41 -0700
committer: Jeff Kirsher <jeffrey.t.kirsher@intel.com> 2018-08-28 14:33:10 -0700
commit: 9e4e30cc0c41bb5c727851c7028f840d488365ee (patch)
tree: 8cb5db87fe8f1748ab694f329e3566772cd4197e /drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
parent: eda0333ac29304c5f5cd72d963d5d1e788ce49ab (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 80108e12ab86..ecd01fade960 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -880,7 +880,8 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
 	int err;
 
 	sam = (struct sa_mbx_msg *)(&msgbuf[1]);
-	if (!adapter->vfinfo[vf].trusted) {
+	if (!adapter->vfinfo[vf].trusted ||
+	    !(adapter->flags2 & IXGBE_FLAG2_VF_IPSEC_ENABLED)) {
 		e_warn(drv, "VF %d attempted to add an IPsec SA\n", vf);
 		err = -EACCES;
 		goto err_out;
author	Shannon Nelson <shannon.nelson@oracle.com>	2018-08-13 11:43:41 -0700
committer	Jeff Kirsher <jeffrey.t.kirsher@intel.com>	2018-08-28 14:33:10 -0700
commit	9e4e30cc0c41bb5c727851c7028f840d488365ee (patch)
tree	8cb5db87fe8f1748ab694f329e3566772cd4197e /drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
parent	eda0333ac29304c5f5cd72d963d5d1e788ce49ab (diff)