drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 1 + .../ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c | 10 ++++++++++ drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 + 3 files changed, 12 insertions(+)
From: Patrisious Haddad <phaddad@nvidia.com>
When creating an alias FT for MPV IPsec, if alias creation with
sw_vhca_id is supported use it instead of using the hw_vhca_id.
This in turn allows IPsec to work properly after live migration,
in case a VF was live migrated and his hw_vhca_id changed due to
migration which can happen if you migrate to a VF with a different index
than yours, IPsec would fail to start post migration, this patch
resolves the issue by using sw_vhca_id instead which doesn't change post
migration.
Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 1 +
.../ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c | 10 ++++++++++
drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 +
3 files changed, 12 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
index c89417c1a1f9..b5c8fbfb0eed 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -2306,6 +2306,7 @@ int mlx5_cmd_alias_obj_create(struct mlx5_core_dev *dev,
attr = MLX5_ADDR_OF(create_alias_obj_in, in, alias_ctx);
MLX5_SET(alias_context, attr, vhca_id_to_be_accessed, alias_attr->vhca_id);
+ MLX5_SET(alias_context, attr, vhca_id_type, alias_attr->vhca_id_type);
MLX5_SET(alias_context, attr, object_id_to_be_accessed, alias_attr->obj_id);
key = MLX5_ADDR_OF(alias_context, attr, access_key);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c
index 28cb670ba33e..9aadb20b8b8e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c
@@ -116,6 +116,16 @@ static int ipsec_fs_create_aliased_ft(struct mlx5_core_dev *ibv_owner,
memcpy(alias_attr.access_key, alias_key, ACCESS_KEY_LEN);
alias_attr.obj_id = aliased_object_id;
alias_attr.obj_type = MLX5_GENERAL_OBJECT_TYPES_FLOW_TABLE_ALIAS;
+ if (MLX5_CAP_GEN_2(ibv_owner, sw_vhca_id_valid) &&
+ MLX5_CAP_GEN(ibv_allowed, ft_alias_sw_vhca_id)) {
+ vhca_id_to_be_accessed = MLX5_CAP_GEN_2(ibv_owner, sw_vhca_id);
+ alias_attr.vhca_id_type = VHCA_ID_TYPE_SW;
+ } else {
+ vhca_id_to_be_accessed = MLX5_CAP_GEN(ibv_owner, vhca_id);
+ alias_attr.vhca_id_type = VHCA_ID_TYPE_HW;
+ if (MLX5_CAP_GEN_2(ibv_owner, sw_vhca_id_valid))
+ mlx5_core_warn(ibv_owner, "IPsec with migration isn't supported, if migration is required update FW.\n");
+ }
alias_attr.vhca_id = vhca_id_to_be_accessed;
ret = mlx5_cmd_alias_obj_create(ibv_allowed, &alias_attr, obj_id);
if (ret) {
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
index 1507e881d962..8730cabbb5a8 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
@@ -110,6 +110,7 @@ struct mlx5_cmd_allow_other_vhca_access_attr {
struct mlx5_cmd_alias_obj_create_attr {
u32 obj_id;
u16 vhca_id;
+ u8 vhca_id_type;
u16 obj_type;
u8 access_key[ACCESS_KEY_LEN];
};
base-commit: 09942ddedcb960f9e78fd817ec33f501d1040c5b
--
2.44.0On Thu, Apr 30, 2026 at 09:19:58AM +0300, Tariq Toukan wrote: > From: Patrisious Haddad <phaddad@nvidia.com> > > When creating an alias FT for MPV IPsec, if alias creation with > sw_vhca_id is supported use it instead of using the hw_vhca_id. > > This in turn allows IPsec to work properly after live migration, > in case a VF was live migrated and his hw_vhca_id changed due to > migration which can happen if you migrate to a VF with a different index > than yours, IPsec would fail to start post migration, this patch > resolves the issue by using sw_vhca_id instead which doesn't change post > migration. > > Signed-off-by: Patrisious Haddad <phaddad@nvidia.com> > Reviewed-by: Leon Romanovsky <leonro@nvidia.com> > Signed-off-by: Tariq Toukan <tariqt@nvidia.com> Reviewed-by: Simon Horman <horms@kernel.org>
© 2016 - 2026 Red Hat, Inc.