From nobody Tue Apr  7 04:20:00 2026
Received: from SN4PR0501CU005.outbound.protection.outlook.com
 (mail-southcentralusazon11011071.outbound.protection.outlook.com
 [40.93.194.71])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2AAC133ADA2;
	Mon, 16 Mar 2026 09:46:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=fail smtp.client-ip=40.93.194.71
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1773654417; cv=fail;
 b=k3GiNzFXSu1IkL6wZwyiQFAhT5ZQsSgwL2uiD76NtUht8cxLgHWmPsdGq+/tM/3c+32TBJ8WcihqwnB3pZ0orTR099C6eco6z38rZywYiKwNyJZM6WCLDgwu5Li0ZkTtORErpSQ9FSY6qDfW8lIUBtnLnzgtV2ETk6w9FglVey4=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1773654417; c=relaxed/simple;
	bh=OsGlWM+KTdCOlkPZeXuUTymjBJd9IZ3xTdWJUxkaSEQ=;
	h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=hIjQzvdtuDLu7ZH/SPtLL7fNLvF0sxfWyEe3E8w7A9CHoE5z7qY8T8nA+/Cp1bVWsMMemHyFEMfJ6WEkRTa/f2OwQuDqdPkVtVKLCsMnOc6MmwRUFT7Oo1SX34vQXpAH1OadhZ77Djupu1migNzU6x0szo62HZnsCgb5kYvGQ28=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com;
 spf=fail smtp.mailfrom=nvidia.com;
 dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b=GKbcmwCd; arc=fail smtp.client-ip=40.93.194.71
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=fail smtp.mailfrom=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b="GKbcmwCd"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=n6tuUjAKpxJxt7Tg8oAMdNEeBuLa005K2MXL3k2r4CeQT+N79UkG0f6QvMyNdItpPSvEdB6rRssWR4I9IGCCevcTruPg+2oggOIwDmhHErzId44ewaK7lbcxwj26fTQ3M0dnaMoB1HfH94T9PGrJNwR1l6jMSKSP0LNVei+yN7HOzsHjuSXWHQzxkZmrXETY5b8qetK0yOnz2sc1lN+EYT1oyheRzb1shzGtPKcgbSM7e8MUIy/I8OtMTBfisrUvH0AHIPWtCcrV/NGXJyS3hyCHSJYAuhxKikc5NZYLJY6AbGAVJJBzvybWqZK5tyLiYQXa5hRHBvEaztV464ijyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=lszy+c6X0vSPb7QJ6T6eYV9DU4o0qYO1OGkxobr9Qt0=;
 b=KQDo9DXTuJB5niSo++H1q5yRqlVhuxXAa16E9YN1VzAz+o6gKYBjhuPTus1cEtjkhtimGWcmPaPb27c3VLJ33j3YJ+gMyvP5zsqtj5UA3l16VpuTpsyHaSvdMxIlHMT7gRDhOq4ECxyiVN/w7ZczKj3xIun/clsPM6SHeEh95haavWFFK+mo3hMyxCgTTB/UZx5KQ1LvuidTFfweCpKInqembZupMGEPUzOQUNPyJVtKv2cYpTq71JlhWVbkzhj5RW0OHdR12AzTfc+h1UgRVGOl0Wx5fPRCX7IiY6/TA3TBqOSdX0YWQWXYXE+fhN+FZQyqI8ACPSz4MtgkX2LD9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.118.232) smtp.rcpttodomain=google.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=lszy+c6X0vSPb7QJ6T6eYV9DU4o0qYO1OGkxobr9Qt0=;
 b=GKbcmwCd9weXNSRpJ/oITA4Q2BWQ6EYUyOOBLFE1pNjqTC7Vctz1V1XzZYtTp/KfhqzN41SaxFdfOihCg6xYnCFGyNHKaGiORdNM+jiI6JKmZN74Oppvck+zRjLasysNxAGe5KXQbM0K+BsBNgpmuCtkCAG65M+qtizjhvRaqNX6RT/kKNQv/trAL3++GgFesqG2xbmMnzeMOSEAAAog4PpjXc90BCttn4NDGV1bLFX/gVTfJHiUaGcykstsdVok0z5TpI/PYUmuYLcIzrnyQIpOqS0rrKCTvZopPo+5c9QhuImGyH9evNjY5X40qI4j3L2xqsZBfocafOnmOYAB7g==
Received: from BN9PR03CA0730.namprd03.prod.outlook.com (2603:10b6:408:110::15)
 by CH3PR12MB8659.namprd12.prod.outlook.com (2603:10b6:610:17c::13) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9723.13; Mon, 16 Mar
 2026 09:46:51 +0000
Received: from BN3PEPF0000B06A.namprd21.prod.outlook.com
 (2603:10b6:408:110:cafe::e1) by BN9PR03CA0730.outlook.office365.com
 (2603:10b6:408:110::15) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.20.9700.24 via Frontend Transport; Mon,
 16 Mar 2026 09:46:41 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232)
 smtp.mailfrom=nvidia.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.118.232 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.118.232) by
 BN3PEPF0000B06A.mail.protection.outlook.com (10.167.243.69) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.9745.0 via Frontend Transport; Mon, 16 Mar 2026 09:46:50 +0000
Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com
 (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 16 Mar
 2026 02:46:36 -0700
Received: from drhqmail203.nvidia.com (10.126.190.182) by
 drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.2562.20; Mon, 16 Mar 2026 02:46:36 -0700
Received: from vdi.nvidia.com (10.127.8.10) by mail.nvidia.com
 (10.126.190.182) with Microsoft SMTP Server id 15.2.2562.20 via Frontend
 Transport; Mon, 16 Mar 2026 02:46:32 -0700
From: Tariq Toukan <tariqt@nvidia.com>
To: Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>, Andrew Lunn <andrew+netdev@lunn.ch>, "David
 S. Miller" <davem@davemloft.net>
CC: Saeed Mahameed <saeedm@nvidia.com>, Leon Romanovsky <leon@kernel.org>,
	Tariq Toukan <tariqt@nvidia.com>, Mark Bloch <mbloch@nvidia.com>,
	<netdev@vger.kernel.org>, <linux-rdma@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, Gal Pressman <gal@nvidia.com>, Moshe Shemesh
	<moshe@nvidia.com>, Dragos Tatulea <dtatulea@nvidia.com>, Cosmin Ratiu
	<cratiu@nvidia.com>
Subject: [PATCH net 1/3] net/mlx5: qos: Restrict RTNL area to avoid a lock
 cycle
Date: Mon, 16 Mar 2026 11:46:01 +0200
Message-ID: <20260316094603.6999-2-tariqt@nvidia.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20260316094603.6999-1-tariqt@nvidia.com>
References: <20260316094603.6999-1-tariqt@nvidia.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-NV-OnPremToCloud: ExternallySecured
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN3PEPF0000B06A:EE_|CH3PR12MB8659:EE_
X-MS-Office365-Filtering-Correlation-Id: 6fe7e4a6-f6cb-4520-dde9-08de8340f2d0
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|82310400026|36860700016|1800799024|376014|22082099003|56012099003|18002099003;
X-Microsoft-Antispam-Message-Info: 
	rBmGG7rQBMqj+fk3kgK6EWbI5fE+L9L0EOk1q5N+P8a5ozqzJsKobV1V29Z9vuR1ZUAoDOlWwIrFIke+GpxuzLUxbvP5ggtbLs0zu40w9oa0qRVfAUiXaH+jhjSQanD5rE6ltsrwcn8iicsQud6HhioBIrIPLY2YEsJ8krOqhkeeVH/Yt0BDyTV8OBYdLPTsgDAR1XuINGR/7X9lTK7LtUDy+FSWJvxdNzvUfEc7XE4elmtX9T3ZIsjYC/QSKkRvkfWnAuAg6w9sHnT9PJDX6JGVmnXPhUFbUJKV+uqrdi2Eyd1u4NLtk0UyARFJqXuPYgyi9XnTOrDb/RXczXD8SVl/1y/yo4tG/ugcWnVJlcL870jqgxdMB+XZ0ejJ03U2gfPhyaNcAtwhSJyxGAanlqKrGRFt6o9t8mnkKmHVqveKyewAzfh+vXhBgwDwoXInaH9PSF/zq9UwWUrVyQp+WRyCKDIJuIrAkEYOe25HfGdM1M0rGzDmlnUAf4ag4H5oYI2HhKNaH/n4higDPvafzd8n5/l7182+3/rpVz1t5WOrjCXOQZ9Amgrsa5D70BWMAb0C7Y7Ju90DoQb6Zzfm+f4aqYa3BhJP+a6rgFBROkQuR5mJpR1s82FVUMDe0Lm5TZgTePOBSCp/C8+hfpLD1QnqmqinZMSu3GG7/mSSdOsx1x+vP1sicNnyosfDj4v4i5s0o6Niut6dwbbAOMTLrio6A7McNHC7hfTtMp+kBlyWcotlasJqcFHpqDecuTg5LMmu38GNAkz0ouXTdt7dWw==
X-Forefront-Antispam-Report: 
	CIP:216.228.118.232;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc7edge1.nvidia.com;CAT:NONE;SFS:(13230040)(82310400026)(36860700016)(1800799024)(376014)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	Rka54KdIG7Ws0zZGWs+uGHvNhsI6+d5HyfKAVY4FCN72y83u2ahp21h3IiM4MzqgDGV/psxbd1wk2Ku4p1snkMd6GW1u+M26sC351uomc6OCS72uEv/24WpOOQCP9+SzNUe5OmERNIT2NpLjsEIjjhaKm0f0kKNkR/nbXrvNguEGISEw5FQ2CcfvL3ELViIM4k9YU5OkRAE6DfBdQbia/wIUDoJBCu3Nlo23naMfVJZ6rFPtnLKISKe35d1WvmGtApDw5eMs8m1bU1SpEmEgE373e7qFGsTQSuZq0/0TtoBt2sj3m+W5WVBD1jnBT1HW4VauhQ0JTrXZlxKA0hhZKFsfaDl65MEUNvQmkexSX1dWd7uY2MSMJAbtxoSOH78IB9FZerj9QoeILOmbqY2uTXF+7N2jTdRDFMZmGh3bmY8kXiJFe6eubqnOmaV48wyz
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2026 09:46:50.6085
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6fe7e4a6-f6cb-4520-dde9-08de8340f2d0
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.118.232];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN3PEPF0000B06A.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8659
Content-Type: text/plain; charset="utf-8"

From: Cosmin Ratiu <cratiu@nvidia.com>

A lock dependency cycle exists where:
1. mlx5_ib_roce_init -> mlx5_core_uplink_netdev_event_replay ->
mlx5_blocking_notifier_call_chain (takes notifier_rwsem) ->
mlx5e_mdev_notifier_event -> mlx5_netdev_notifier_register ->
register_netdevice_notifier_dev_net (takes rtnl)
=3D> notifier_rwsem -> rtnl

2. mlx5e_probe -> _mlx5e_probe ->
mlx5_core_uplink_netdev_set (takes uplink_netdev_lock) ->
mlx5_blocking_notifier_call_chain (takes notifier_rwsem)
=3D> uplink_netdev_lock -> notifier_rwsem

3: devlink_nl_rate_set_doit -> devlink_nl_rate_set ->
mlx5_esw_devlink_rate_leaf_tx_max_set -> esw_qos_devlink_rate_to_mbps ->
mlx5_esw_qos_max_link_speed_get (takes rtnl) ->
mlx5_esw_qos_lag_link_speed_get_locked ->
mlx5_uplink_netdev_get (takes uplink_netdev_lock)
=3D> rtnl -> uplink_netdev_lock
=3D> BOOM! (lock cycle)

Fix that by restricting the rtnl-protected section to just the necessary
part, the call to netdev_master_upper_dev_get and speed querying, so
that the last lock dependency is avoided and the cycle doesn't close.
This is safe because mlx5_uplink_netdev_get uses netdev_hold to keep the
uplink netdev alive while its master device is queried.

Use this opportunity to rename the ambiguously-named "hold_rtnl_lock"
argument to "take_rtnl" and remove the "_locked" suffix from
mlx5_esw_qos_lag_link_speed_get_locked.

Fixes: 6b4be64fd9fe ("net/mlx5e: Harden uplink netdev access against device=
 unbind")
Signed-off-by: Cosmin Ratiu <cratiu@nvidia.com>
Reviewed-by: Dragos Tatulea <dtatulea@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
---
 .../net/ethernet/mellanox/mlx5/core/esw/qos.c | 23 ++++++++-----------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c b/drivers/ne=
t/ethernet/mellanox/mlx5/core/esw/qos.c
index 26178d0bac92..faccc60fc93a 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c
@@ -1489,24 +1489,24 @@ static int esw_qos_node_enable_tc_arbitration(struc=
t mlx5_esw_sched_node *node,
 	return err;
 }
=20
-static u32 mlx5_esw_qos_lag_link_speed_get_locked(struct mlx5_core_dev *md=
ev)
+static u32 mlx5_esw_qos_lag_link_speed_get(struct mlx5_core_dev *mdev,
+					   bool take_rtnl)
 {
 	struct ethtool_link_ksettings lksettings;
 	struct net_device *slave, *master;
 	u32 speed =3D SPEED_UNKNOWN;
=20
-	/* Lock ensures a stable reference to master and slave netdevice
-	 * while port speed of master is queried.
-	 */
-	ASSERT_RTNL();
-
 	slave =3D mlx5_uplink_netdev_get(mdev);
 	if (!slave)
 		goto out;
=20
+	if (take_rtnl)
+		rtnl_lock();
 	master =3D netdev_master_upper_dev_get(slave);
 	if (master && !__ethtool_get_link_ksettings(master, &lksettings))
 		speed =3D lksettings.base.speed;
+	if (take_rtnl)
+		rtnl_unlock();
=20
 out:
 	mlx5_uplink_netdev_put(mdev, slave);
@@ -1514,20 +1514,15 @@ static u32 mlx5_esw_qos_lag_link_speed_get_locked(s=
truct mlx5_core_dev *mdev)
 }
=20
 static int mlx5_esw_qos_max_link_speed_get(struct mlx5_core_dev *mdev, u32=
 *link_speed_max,
-					   bool hold_rtnl_lock, struct netlink_ext_ack *extack)
+					   bool take_rtnl,
+					   struct netlink_ext_ack *extack)
 {
 	int err;
=20
 	if (!mlx5_lag_is_active(mdev))
 		goto skip_lag;
=20
-	if (hold_rtnl_lock)
-		rtnl_lock();
-
-	*link_speed_max =3D mlx5_esw_qos_lag_link_speed_get_locked(mdev);
-
-	if (hold_rtnl_lock)
-		rtnl_unlock();
+	*link_speed_max =3D mlx5_esw_qos_lag_link_speed_get(mdev, take_rtnl);
=20
 	if (*link_speed_max !=3D (u32)SPEED_UNKNOWN)
 		return 0;
--=20
2.44.0
From nobody Tue Apr  7 04:20:00 2026
Received: from PH7PR06CU001.outbound.protection.outlook.com
 (mail-westus3azon11010054.outbound.protection.outlook.com [52.101.201.54])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D1853909B4;
	Mon, 16 Mar 2026 09:46:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=fail smtp.client-ip=52.101.201.54
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1773654418; cv=fail;
 b=sIgkjL2aCBAYMwyQyAijbAr50Fx8DBGw0KVsaPF3X5PpxlaTAi6kLeh45+cWEyINIer1RRGbzyDonEEXMcnnVVvAElo2tDMViK/r53+pIzNTLFVdcJMeukscrjrxJRYhyxsFFWf2+395IGxvs/tW/yd3vRJgUdBdqMvbofv6Md4=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1773654418; c=relaxed/simple;
	bh=1zCQgsGjhDs4YBWlRkQ91yKbVMdBs+tL7zQCl+lb+Ao=;
	h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=KiDjEHNLifSSp5W0KyY9mI4hL3/Q2Qi0/Ah8YeZ+d9JZWcCi2xvpZDyWedcSSJYfmxKwOzTbKBEPBA9aTzbIawscZnrWFEzR2aJ63dY6n8P2sEeF2hSpei7IRajyWoK5UcGKszaYlPiNo9GPP1xw90iS2Ysxvfc9hBXwa9yzJcI=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com;
 spf=fail smtp.mailfrom=nvidia.com;
 dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b=K9CfSpM9; arc=fail smtp.client-ip=52.101.201.54
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=fail smtp.mailfrom=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b="K9CfSpM9"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=X2uiAaMTaEE/31TJ17poRUTooKraFaupvr9jwo1NezVGDzCMJMEcsh28PW6jEQw6dZo+tUnqWRFnd+2LB4Zmb4NJDO6ep6Ny/FOdmKOQGIcqyi4M6ccRC2pcT7Oxu3gX1ZEDglc4jNP26WRZoq2aY+8mauKwRP9jo2mHPm1gVd+D+njhqM2X9usd3cQFeHVIOuyqiVfm+kM3z36NEa4WbskDalUNQoaN03cuUxEOfRG/XwXHfp4jGz7pC2cRvI/2fLQTm+4Se7755+Cn6UZCHWA8axAP/Ew+vcpR1LtlogWj0DMX9Pxv5V4OLtX3BoYychHDdcNreaB2lp5LrIRAnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=kuQkD70iI4O8xKaXQv67WurzAY5iruq11XeWKacL5ts=;
 b=YwXBka52rAYdnE71fZZ5ZMZw6o0XBvqKu2tq26r32eanbZafWGmDpfuEn8jDZ6kQet6Ui84NRFS5BYVsrWnulZqElgTwd+D2bfZQDO3XVJGayuOBdMaSkwsLIsPkQJQIruMZBbzrnsoogF85ACcUQY7p/7qS4bcl4x3sIg3gxeDi8t3tRXpHgjU6hNZIAKmoS/3yQq4Ls4e9mchplCa2NbKyz1fhdovMWPojrMN4mY4Tia02WtacLLCliisr1fqmMWNO3tgvYOYXx/7m/RS9tan2Uls6XqtXS2vIdO0HKgmn9ky2ZZYBAVNk0JjnTdEamzMkoMAN2n0MV1hcs0ZZuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.118.232) smtp.rcpttodomain=google.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=kuQkD70iI4O8xKaXQv67WurzAY5iruq11XeWKacL5ts=;
 b=K9CfSpM9VoJKzsih9nnUjQVoRYjUKOTwS59jtes/WyA2SXIX4uti52YXkafU3p9cJQrbv40BVcUT5rEIZz1eoLkplnemHA12jCCq+cr5VFV73COx/WFvXomgHPXh8rZNEh/w5O/Slg8IvnC8Am3iBh2U3oNM3BDbEz4vMkSZ6HuwZxkgYWhAabsgV/yuoTtryOjzLz96IK08auZ3NEjwDLygRnxgOY8ae6HkgwDvtt4DALp8dgKHMwHUxxYPYtYWa0IxIMpgY7Ln8Z2098JpDiqdXAzofAL/jHanPz5bFsceJyM3kGgXZJFWBZnD0sGPiswcduHZXwai1l0Y9La1mA==
Received: from BN9PR03CA0733.namprd03.prod.outlook.com (2603:10b6:408:110::18)
 by BN5PR12MB9512.namprd12.prod.outlook.com (2603:10b6:408:2ab::14) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9723.16; Mon, 16 Mar
 2026 09:46:53 +0000
Received: from BN3PEPF0000B06A.namprd21.prod.outlook.com
 (2603:10b6:408:110:cafe::8) by BN9PR03CA0733.outlook.office365.com
 (2603:10b6:408:110::18) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.20.9700.24 via Frontend Transport; Mon,
 16 Mar 2026 09:46:52 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232)
 smtp.mailfrom=nvidia.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.118.232 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.118.232) by
 BN3PEPF0000B06A.mail.protection.outlook.com (10.167.243.69) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.9745.0 via Frontend Transport; Mon, 16 Mar 2026 09:46:53 +0000
Received: from drhqmail202.nvidia.com (10.126.190.181) by mail.nvidia.com
 (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 16 Mar
 2026 02:46:40 -0700
Received: from drhqmail203.nvidia.com (10.126.190.182) by
 drhqmail202.nvidia.com (10.126.190.181) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.2562.20; Mon, 16 Mar 2026 02:46:40 -0700
Received: from vdi.nvidia.com (10.127.8.10) by mail.nvidia.com
 (10.126.190.182) with Microsoft SMTP Server id 15.2.2562.20 via Frontend
 Transport; Mon, 16 Mar 2026 02:46:36 -0700
From: Tariq Toukan <tariqt@nvidia.com>
To: Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>, Andrew Lunn <andrew+netdev@lunn.ch>, "David
 S. Miller" <davem@davemloft.net>
CC: Saeed Mahameed <saeedm@nvidia.com>, Leon Romanovsky <leon@kernel.org>,
	Tariq Toukan <tariqt@nvidia.com>, Mark Bloch <mbloch@nvidia.com>,
	<netdev@vger.kernel.org>, <linux-rdma@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, Gal Pressman <gal@nvidia.com>, Moshe Shemesh
	<moshe@nvidia.com>, Dragos Tatulea <dtatulea@nvidia.com>, Jianbo Liu
	<jianbol@nvidia.com>, Leon Romanovsky <leonro@nvidia.com>
Subject: [PATCH net 2/3] net/mlx5e: Prevent concurrent access to IPSec ASO
 context
Date: Mon, 16 Mar 2026 11:46:02 +0200
Message-ID: <20260316094603.6999-3-tariqt@nvidia.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20260316094603.6999-1-tariqt@nvidia.com>
References: <20260316094603.6999-1-tariqt@nvidia.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-NV-OnPremToCloud: ExternallySecured
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN3PEPF0000B06A:EE_|BN5PR12MB9512:EE_
X-MS-Office365-Filtering-Correlation-Id: 7869108c-9001-4b80-90a1-08de8340f4af
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|376014|36860700016|82310400026|1800799024|22082099003|56012099003|18002099003;
X-Microsoft-Antispam-Message-Info: 
	awBM3ljdfegmskZWzjGV+aIUZx+GkeFnquzA3Unz21KFif2tNsHCpaclsXbCi2dEuT8BppoqIsuPgzKXfVYiDAJTPCGC1q+3u5NaTTtIMiMBUXnI1YIwsph74suJJKRPTYR+a828MnBt5pXQuvOF9a7Nk/eiFkJ5lluvtqpgIVh2MlzK7vzb/jjk6ElPz9ePMq32Gxr3VL7HvEGyjpgJas7MNvFMEPma9353wwGIg9uEvQOFIelECQJ1uW1bqFQWQKVk8fWIAR45QF3cmBJ229ICke/Lhff5mQ/9bB1yXl/W6rR8RrkidBLyMkN7Tx/lqJgh8/mL3/0GKN6xS5k/eFbr8WSbwfV4LeIt3KZEp6O5zAij+W6T1De2+q4bWbRZCOauCdeTFL+0EF1fJfBvsHJVB6f+hG6UKxEoJ+ZHBQk+Jnd8tY3BhErCItJUZoHlU70JB1ROSTsdk1ouZyvUDU42kkPq1qsVLEXyeV/Zi7QH/mpAqX0TxaJsWsJkQL2CabS48WB4JeAiX7fF51mD8CJOY6vVQrTrsmt/K9Dqt5CJGC95PSEPvEily13tY5AB5Qg/hiRD6nesqcGlRbKYyjRlXh4mL3/wWExEFNF0NdHAP8bS4bKiTq252mt8IyIv+atyL45ivFbNOLfJojKpjztFm2zfthSsuNSX/eGyYOM2Bz2zDevuFmLaCWNNRZi01OKFaGI+qcMqLv/xvveNsFOO57oTKpEw3z4tlDVUUxSGSQa8EIMWvGJw/jkECX36+77M5wDCjQsI3TRioG9WnA==
X-Forefront-Antispam-Report: 
	CIP:216.228.118.232;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc7edge1.nvidia.com;CAT:NONE;SFS:(13230040)(376014)(36860700016)(82310400026)(1800799024)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	J7xR12jxNXbjRmX4AWEg1HFyyr2ajkAncQ6EPxzTUX50g6VS05P0WRCrKBn0fCRIxMTs6dS993Ky51la4uIkIMbVx580nLgA1aH1Uq9ClKTXawiOROoaj2QXdvX+X748hhiMWEWgHVKyUpYbATIggI1+KOLe0Q7SyPJj85dE1JRZiAMu9w5kWbmwur953BRaTm6ZrkDojR3WxsdqNE+TDhJ+Gij6Q60mxP4VkUxwU+nZRUvOzWi2HEL7FDpHxFuIqdrEl5iobeZvnsV42+Yzg+Zspa2ivyvmRorf+NouBGKBqDf3kexYEyQUwG9Eb6zsmldXNMYlK/hXmA04yPjO7fhEw8n22rhum7qwFmey3JDdCOYnZMvgsGOiku08K1qYEDd0BZUYf9YjFwtco5oL0xDQ3OFEUVtmGpim+mvFh2WElpYb3DfO0DinU5xOiv7T
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2026 09:46:53.7071
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 7869108c-9001-4b80-90a1-08de8340f4af
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.118.232];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN3PEPF0000B06A.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN5PR12MB9512
Content-Type: text/plain; charset="utf-8"

From: Jianbo Liu <jianbol@nvidia.com>

The query or updating IPSec offload object is through Access ASO WQE.
The driver uses a single mlx5e_ipsec_aso struct for each PF, which
contains a shared DMA-mapped context for all ASO operations.

A race condition exists because the ASO spinlock is released before
the hardware has finished processing WQE. If a second operation is
initiated immediately after, it overwrites the shared context in the
DMA area.

When the first operation's completion is processed later, it reads
this corrupted context, leading to unexpected behavior and incorrect
results.

This commit fixes the race by introducing a private context within
each IPSec offload object. The shared ASO context is now copied to
this private context while the ASO spinlock is held. Subsequent
processing uses this saved, per-object context, ensuring its integrity
is maintained.

Fixes: 1ed78fc03307 ("net/mlx5e: Update IPsec soft and hard limits")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
---
 .../mellanox/mlx5/core/en_accel/ipsec.h         |  1 +
 .../mellanox/mlx5/core/en_accel/ipsec_offload.c | 17 ++++++++---------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h b/dri=
vers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
index f8eaaf37963b..abcbd38db9db 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
@@ -287,6 +287,7 @@ struct mlx5e_ipsec_sa_entry {
 	struct mlx5e_ipsec_dwork *dwork;
 	struct mlx5e_ipsec_limits limits;
 	u32 rx_mapped_id;
+	u8 ctx[MLX5_ST_SZ_BYTES(ipsec_aso)];
 };
=20
 struct mlx5_accel_pol_xfrm_attrs {
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload=
.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
index 33344e00719b..71222f7247f1 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
@@ -370,20 +370,18 @@ static void mlx5e_ipsec_aso_update_soft(struct mlx5e_=
ipsec_sa_entry *sa_entry,
 static void mlx5e_ipsec_handle_limits(struct mlx5e_ipsec_sa_entry *sa_entr=
y)
 {
 	struct mlx5_accel_esp_xfrm_attrs *attrs =3D &sa_entry->attrs;
-	struct mlx5e_ipsec *ipsec =3D sa_entry->ipsec;
-	struct mlx5e_ipsec_aso *aso =3D ipsec->aso;
 	bool soft_arm, hard_arm;
 	u64 hard_cnt;
=20
 	lockdep_assert_held(&sa_entry->x->lock);
=20
-	soft_arm =3D !MLX5_GET(ipsec_aso, aso->ctx, soft_lft_arm);
-	hard_arm =3D !MLX5_GET(ipsec_aso, aso->ctx, hard_lft_arm);
+	soft_arm =3D !MLX5_GET(ipsec_aso, sa_entry->ctx, soft_lft_arm);
+	hard_arm =3D !MLX5_GET(ipsec_aso, sa_entry->ctx, hard_lft_arm);
 	if (!soft_arm && !hard_arm)
 		/* It is not lifetime event */
 		return;
=20
-	hard_cnt =3D MLX5_GET(ipsec_aso, aso->ctx, remove_flow_pkt_cnt);
+	hard_cnt =3D MLX5_GET(ipsec_aso, sa_entry->ctx, remove_flow_pkt_cnt);
 	if (!hard_cnt || hard_arm) {
 		/* It is possible to see packet counter equal to zero without
 		 * hard limit event armed. Such situation can be if packet
@@ -454,10 +452,8 @@ static void mlx5e_ipsec_handle_event(struct work_struc=
t *_work)
 		container_of(_work, struct mlx5e_ipsec_work, work);
 	struct mlx5e_ipsec_sa_entry *sa_entry =3D work->data;
 	struct mlx5_accel_esp_xfrm_attrs *attrs;
-	struct mlx5e_ipsec_aso *aso;
 	int ret;
=20
-	aso =3D sa_entry->ipsec->aso;
 	attrs =3D &sa_entry->attrs;
=20
 	spin_lock_bh(&sa_entry->x->lock);
@@ -466,8 +462,9 @@ static void mlx5e_ipsec_handle_event(struct work_struct=
 *_work)
 		goto unlock;
=20
 	if (attrs->replay_esn.trigger &&
-	    !MLX5_GET(ipsec_aso, aso->ctx, esn_event_arm)) {
-		u32 mode_param =3D MLX5_GET(ipsec_aso, aso->ctx, mode_parameter);
+	    !MLX5_GET(ipsec_aso, sa_entry->ctx, esn_event_arm)) {
+		u32 mode_param =3D MLX5_GET(ipsec_aso, sa_entry->ctx,
+					  mode_parameter);
=20
 		mlx5e_ipsec_update_esn_state(sa_entry, mode_param);
 	}
@@ -629,6 +626,8 @@ int mlx5e_ipsec_aso_query(struct mlx5e_ipsec_sa_entry *=
sa_entry,
 			/* We are in atomic context */
 			udelay(10);
 	} while (ret && time_is_after_jiffies(expires));
+	if (!ret)
+		memcpy(sa_entry->ctx, aso->ctx, MLX5_ST_SZ_BYTES(ipsec_aso));
 	spin_unlock_bh(&aso->lock);
 	return ret;
 }
--=20
2.44.0
From nobody Tue Apr  7 04:20:00 2026
Received: from BYAPR05CU005.outbound.protection.outlook.com
 (mail-westusazon11010005.outbound.protection.outlook.com [52.101.85.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF5453947BE;
	Mon, 16 Mar 2026 09:46:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=fail smtp.client-ip=52.101.85.5
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1773654421; cv=fail;
 b=CEAChjdVuxr4kU9781g6J1Kg/YSAnMyUh7mfkNq4QQlQ+WvA3uimb5WFYGbdjG183l0yBCc92BiVIacN8rZBoAvTqQUlcPYxsAqSQPay2TwpmDr8feUCjkwO71LeESOl0t0bfCv3w9E3LIgKW2BK3zSKl+/J1MY8WmSx6sccb9I=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1773654421; c=relaxed/simple;
	bh=iAx1aOvkIJceTBF/WeAUm25n22QAUmp/hVOceaXrt0w=;
	h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=ZgKkHDd1oLZya2GNojmjG4GieXUlIVLG/rvrCrikae/opNenvS6XeL48VzHnKUx3Me964Buezpb3b3fC/u5zTsNfz8P92TTKR4Nw6GlmvppKif4OKu3l29ehx6eHqcVvgnMAvFVEY7+Q/hYBA7/M7J/dNICzayVQ6AfXwSN6KIo=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com;
 spf=fail smtp.mailfrom=nvidia.com;
 dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b=hwYRUb3D; arc=fail smtp.client-ip=52.101.85.5
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=fail smtp.mailfrom=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b="hwYRUb3D"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=c743Hf98VjKKSuSag2p8kzwNVK5cwW5Ez+nrXiKDKmLai/1PkVphQJFUWqAKRympx5P/dtMnI2dIjL/dzVb762hn5C3SJdRzbRtAvg48d7sVDt2ti2pVzmD5dOMhK+QYhPxDSHPez6p34hgH20lOCDRcBRPXZRQZBLk1HX7C0r5MK9IxBoLPHU1UByiSWXRTRMuHgU0/c+hTc4Hsx/i4a29BpizwWj0h/sxOm8PrhcwXsSt8ZcCKl1DWYiW4S3eZx0WU8lNLmX3E+qgSNaqqO9TLjVRNFyf5GbncTXoeSE8qlyZHsiRzYLJrGy7eJTrWd+Z/RBzVI6qPTsno44nbHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=3ibHVXtz9sS7JVE6h9XgAgLc6u/WvsDTgkSXhxeH5aY=;
 b=fr01OneumAeXENkyGiqCBrPjpe0xmP2reuamyUy60pJUboWA1jlzTUBFWtoJQhStIKVRIO0E2azZjNzphEwftyjlLYlFDmO/gyWrmaVLgURPWCtBwrw2hYRI908wG8WSre2OW07H2L7vAZdTzi6xjdncIyM6Rd+qbWyIiCN8KsetyzaWEI9itJunejgXy1KmwmTLBG0mt5ci97Ok/mxjSNQPAwXQESeDjhoMZSJFDRiLnnMUEW78TZqTp11Mj9zxYaNtxnJDihrRFlzZUSVceRQI//l41J8wxf4mAfwi/6ieY9ywLNgVZ1a9I3fAGle/5AtdmjhnNkocfTLqUDEa2Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.118.233) smtp.rcpttodomain=google.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=3ibHVXtz9sS7JVE6h9XgAgLc6u/WvsDTgkSXhxeH5aY=;
 b=hwYRUb3DHlqpY4T1v72qeYoUJH8RGppYFe/i+G4i8KfcMZWVG+yZp4cgxLVl2f75vmy0LM6jACGTxM0usDyXaIHVVR7eIZs9qcjhXR7g9tN88fPMJy2DqY6c20E4CTmf+8ZQMInicHAxG+RVETZnf4cfqY/hhot2KTkV5TzCc7kwyk9MF83sc2DU8LSWahkct+PZK7lELsuhjNZTJVYLxkOuDFFP4EIGwg++qNixqV8Qo6FEQlIDwRBHvjxvg/LkC9jMWYLmoA4jXBafRArE80uOdSZMhChAgr1kEkblrQQ0LJNam5+Ezo5CqQpA+ppPacWCuvYwpDA1/fEvd4QiWg==
Received: from CH2PR14CA0034.namprd14.prod.outlook.com (2603:10b6:610:56::14)
 by BY5PR12MB4242.namprd12.prod.outlook.com (2603:10b6:a03:203::9) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9723.16; Mon, 16 Mar
 2026 09:46:54 +0000
Received: from CH2PEPF000000A0.namprd02.prod.outlook.com
 (2603:10b6:610:56:cafe::88) by CH2PR14CA0034.outlook.office365.com
 (2603:10b6:610:56::14) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9700.24 via Frontend
 Transport; Mon, 16 Mar 2026 09:46:50 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.233)
 smtp.mailfrom=nvidia.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.118.233 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.118.233; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.118.233) by
 CH2PEPF000000A0.mail.protection.outlook.com (10.167.244.26) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.9700.17 via Frontend Transport; Mon, 16 Mar 2026 09:46:53 +0000
Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com
 (10.127.129.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 16 Mar
 2026 02:46:45 -0700
Received: from drhqmail203.nvidia.com (10.126.190.182) by
 drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.2562.20; Mon, 16 Mar 2026 02:46:44 -0700
Received: from vdi.nvidia.com (10.127.8.10) by mail.nvidia.com
 (10.126.190.182) with Microsoft SMTP Server id 15.2.2562.20 via Frontend
 Transport; Mon, 16 Mar 2026 02:46:41 -0700
From: Tariq Toukan <tariqt@nvidia.com>
To: Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>, Andrew Lunn <andrew+netdev@lunn.ch>, "David
 S. Miller" <davem@davemloft.net>
CC: Saeed Mahameed <saeedm@nvidia.com>, Leon Romanovsky <leon@kernel.org>,
	Tariq Toukan <tariqt@nvidia.com>, Mark Bloch <mbloch@nvidia.com>,
	<netdev@vger.kernel.org>, <linux-rdma@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, Gal Pressman <gal@nvidia.com>, Moshe Shemesh
	<moshe@nvidia.com>, Dragos Tatulea <dtatulea@nvidia.com>, Jianbo Liu
	<jianbol@nvidia.com>, Leon Romanovsky <leonro@nvidia.com>
Subject: [PATCH net 3/3] net/mlx5e: Fix race condition during IPSec ESN update
Date: Mon, 16 Mar 2026 11:46:03 +0200
Message-ID: <20260316094603.6999-4-tariqt@nvidia.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20260316094603.6999-1-tariqt@nvidia.com>
References: <20260316094603.6999-1-tariqt@nvidia.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-NV-OnPremToCloud: ExternallySecured
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CH2PEPF000000A0:EE_|BY5PR12MB4242:EE_
X-MS-Office365-Filtering-Correlation-Id: 0f189443-d8e6-4e4e-887f-08de8340f4bb
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|36860700016|82310400026|1800799024|376014|56012099003|18002099003|22082099003;
X-Microsoft-Antispam-Message-Info: 
	bJv+PZio7SrsXExXn7CfVLK2HFJu0dITvBStS3trMeWYGjEcddajgItGLj4sGSybV3oZziYGujEBXW6BTM3/hqDV2XsIR2lryosZCvd3081Ca8qXVEm2k6DZ5L5Eby4bc+l6IPcF31lFtPHaocmMoKKfS3NJNAv7bqA+F/4QZBOfNN8otm9mPOtuMD6iXt+PyglWys05xJuLfmJCbyNK4F+ME+wmXBhu22iL/qO1prlzA3U0/1bD13KWtILiFbiejauNa/bSD2ArLrp22XM+tsUyMQKMLwWUyhaF17wKuwYOdORlkXDsyRheKf9Iw9IExAqtwUOPT/wDopDDiDqcLzwl0piOQ/7x5R9iYTQEpeq3ITlN1CSLPvWw/vV5gZ/oEL/CMgx70Qz4q9+HFDGUeElxK9AgyZrfn2ltq/xvaKASwfNdqCP275eLaQa4ShkXnJJIvykNsEUytGZa8FXnyF895JFOHmvZrUFQdJh/0CtXhly9JFqci3RmlD9133mLYuiDRzIt4ZCtnUJCg/ozLtzNB3536dApLvTu7Ntu/cCYahYVZbcKu93GJ2UdnjReo41QRGAr8b3DQrIy9++XfS5qbfcpkkIbDUQMUxyicPw75vkj84QCOT04f2kaTq6Ec2ssTTENT2DinRF2lof5d4HYOs1L/6qstq4flB8FT87Nlzq12jFlEiwgJK4uEuR49hjV1bxj50fB+C98+uCxa5dGxBZSPeoH3ZP+GgRGElAjyOvH45j2EWwvfieOXwhVlXSC6u6NXkec31mqtlpeCQ==
X-Forefront-Antispam-Report: 
	CIP:216.228.118.233;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc7edge2.nvidia.com;CAT:NONE;SFS:(13230040)(36860700016)(82310400026)(1800799024)(376014)(56012099003)(18002099003)(22082099003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	Mgo3750cIQCNwkdahuzCIr8LEg+8VTHABB2VDfTljqkQiqxhlMOLzk0cGgTGstfrwouCk5MsW8+T/ZS915rueeaxgUK3vCi7GE+cuvrCbvlO7OkhG9PCl4qc3yAnntB0Dxv3EOk5a1cq4DnUusyU8DkKajY3ijKJL36zjQVCRnm7OzzYE/FMQJ9yXes9d1GwuR00UZg7ld+o2GWvdNPsRjuElRfZGmmE8f6qBU9DrjNdYt47cfEZQ+1tGZsxa79sAP0O9Lw06qgCe9HDOl+rFiHKoKF4KgHgamn2oahuO+DI7cSflwl2MCpMCj56pJtQlnJeoaRYv6veaDY1RLjL77LxHzyhG6+/Vb6v8JGel1EqGS7O0oF3UAs/pNHZcaoIrMeI9D06XD1BB5xAJ0dHpVNLALEcC08ENegPYZhDH5iNbtwvOcHIv7BwLWlR8ZB4
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2026 09:46:53.8825
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 0f189443-d8e6-4e4e-887f-08de8340f4bb
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.118.233];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	CH2PEPF000000A0.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4242
Content-Type: text/plain; charset="utf-8"

From: Jianbo Liu <jianbol@nvidia.com>

In IPSec full offload mode, the device reports an ESN (Extended
Sequence Number) wrap event to the driver. The driver validates this
event by querying the IPSec ASO and checking that the esn_event_arm
field is 0x0, which indicates an event has occurred. After handling
the event, the driver must re-arm the context by setting esn_event_arm
back to 0x1.

A race condition exists in this handling path. After validating the
event, the driver calls mlx5_accel_esp_modify_xfrm() to update the
kernel's xfrm state. This function temporarily releases and
re-acquires the xfrm state lock.

So, need to acknowledge the event first by setting esn_event_arm to
0x1. This prevents the driver from reprocessing the same ESN update if
the hardware sends events for other reason. Since the next ESN update
only occurs after nearly 2^31 packets are received, there's no risk of
missing an update, as it will happen long after this handling has
finished.

Processing the event twice causes the ESN high-order bits (esn_msb) to
be incremented incorrectly. The driver then programs the hardware with
this invalid ESN state, which leads to anti-replay failures and a
complete halt of IPSec traffic.

Fix this by re-arming the ESN event immediately after it is validated,
before calling mlx5_accel_esp_modify_xfrm(). This ensures that any
spurious, duplicate events are correctly ignored, closing the race
window.

Fixes: fef06678931f ("net/mlx5e: Fix ESN update kernel panic")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
---
 .../mlx5/core/en_accel/ipsec_offload.c        | 33 ++++++++-----------
 1 file changed, 14 insertions(+), 19 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload=
.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
index 71222f7247f1..05faad5083d9 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
@@ -310,10 +310,11 @@ static void mlx5e_ipsec_aso_update(struct mlx5e_ipsec=
_sa_entry *sa_entry,
 	mlx5e_ipsec_aso_query(sa_entry, data);
 }
=20
-static void mlx5e_ipsec_update_esn_state(struct mlx5e_ipsec_sa_entry *sa_e=
ntry,
-					 u32 mode_param)
+static void
+mlx5e_ipsec_update_esn_state(struct mlx5e_ipsec_sa_entry *sa_entry,
+			     u32 mode_param,
+			     struct mlx5_accel_esp_xfrm_attrs *attrs)
 {
-	struct mlx5_accel_esp_xfrm_attrs attrs =3D {};
 	struct mlx5_wqe_aso_ctrl_seg data =3D {};
=20
 	if (mode_param < MLX5E_IPSEC_ESN_SCOPE_MID) {
@@ -323,18 +324,7 @@ static void mlx5e_ipsec_update_esn_state(struct mlx5e_=
ipsec_sa_entry *sa_entry,
 		sa_entry->esn_state.overlap =3D 1;
 	}
=20
-	mlx5e_ipsec_build_accel_xfrm_attrs(sa_entry, &attrs);
-
-	/* It is safe to execute the modify below unlocked since the only flows
-	 * that could affect this HW object, are create, destroy and this work.
-	 *
-	 * Creation flow can't co-exist with this modify work, the destruction
-	 * flow would cancel this work, and this work is a single entity that
-	 * can't conflict with it self.
-	 */
-	spin_unlock_bh(&sa_entry->x->lock);
-	mlx5_accel_esp_modify_xfrm(sa_entry, &attrs);
-	spin_lock_bh(&sa_entry->x->lock);
+	mlx5e_ipsec_build_accel_xfrm_attrs(sa_entry, attrs);
=20
 	data.data_offset_condition_operand =3D
 		MLX5_IPSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET;
@@ -451,7 +441,9 @@ static void mlx5e_ipsec_handle_event(struct work_struct=
 *_work)
 	struct mlx5e_ipsec_work *work =3D
 		container_of(_work, struct mlx5e_ipsec_work, work);
 	struct mlx5e_ipsec_sa_entry *sa_entry =3D work->data;
+	struct mlx5_accel_esp_xfrm_attrs tmp =3D {};
 	struct mlx5_accel_esp_xfrm_attrs *attrs;
+	bool need_modify =3D false;
 	int ret;
=20
 	attrs =3D &sa_entry->attrs;
@@ -461,19 +453,22 @@ static void mlx5e_ipsec_handle_event(struct work_stru=
ct *_work)
 	if (ret)
 		goto unlock;
=20
+	if (attrs->lft.soft_packet_limit !=3D XFRM_INF)
+		mlx5e_ipsec_handle_limits(sa_entry);
+
 	if (attrs->replay_esn.trigger &&
 	    !MLX5_GET(ipsec_aso, sa_entry->ctx, esn_event_arm)) {
 		u32 mode_param =3D MLX5_GET(ipsec_aso, sa_entry->ctx,
 					  mode_parameter);
=20
-		mlx5e_ipsec_update_esn_state(sa_entry, mode_param);
+		mlx5e_ipsec_update_esn_state(sa_entry, mode_param, &tmp);
+		need_modify =3D true;
 	}
=20
-	if (attrs->lft.soft_packet_limit !=3D XFRM_INF)
-		mlx5e_ipsec_handle_limits(sa_entry);
-
 unlock:
 	spin_unlock_bh(&sa_entry->x->lock);
+	if (need_modify)
+		mlx5_accel_esp_modify_xfrm(sa_entry, &tmp);
 	kfree(work);
 }
=20
--=20
2.44.0