~hc/RK356X_SDK_RELEASE.git

..	..	@@ -57,7 +57,7 @@
57	57	struct completion complete;
58	58	struct mlx5_fpga_device *dev;
59	59	struct list_head list; /* Item in pending_cmds */
60		- u8 command[0];
	60	+ u8 command[];
61	61	};
62	62
63	63	struct mlx5_fpga_esp_xfrm;
..	..	@@ -65,6 +65,7 @@
65	65	struct mlx5_fpga_ipsec_sa_ctx {
66	66	struct rhash_head hash;
67	67	struct mlx5_ifc_fpga_ipsec_sa hw_sa;
	68	+ u32 sa_handle;
68	69	struct mlx5_core_dev *dev;
69	70	struct mlx5_fpga_esp_xfrm *fpga_xfrm;
70	71	};
..	..	@@ -87,10 +88,10 @@
87	88	* value is not constant during the lifetime
88	89	* of the key object.
89	90	*/
90		- .key_len = FIELD_SIZEOF(struct mlx5_fpga_ipsec_sa_ctx, hw_sa) -
91		- FIELD_SIZEOF(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
	91	+ .key_len = sizeof_field(struct mlx5_fpga_ipsec_sa_ctx, hw_sa) -
	92	+ sizeof_field(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
92	93	.key_offset = offsetof(struct mlx5_fpga_ipsec_sa_ctx, hw_sa) +
93		- FIELD_SIZEOF(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
	94	+ sizeof_field(struct mlx5_ifc_fpga_ipsec_sa_v1, cmd),
94	95	.head_offset = offsetof(struct mlx5_fpga_ipsec_sa_ctx, hash),
95	96	.automatic_shrinking = true,
96	97	.min_size = 1,
..	..	@@ -119,6 +120,8 @@
119	120	*/
120	121	struct rb_root rules_rb;
121	122	struct mutex rules_rb_lock; /* rules lock */
	123	+
	124	+ struct ida halloc;
122	125	};
123	126
124	127	static bool mlx5_fpga_is_ipsec_device(struct mlx5_core_dev *mdev)
..	..	@@ -356,7 +359,7 @@
356	359	return ret;
357	360	}
358	361
359		-unsigned int mlx5_fpga_ipsec_counters_count(struct mlx5_core_dev *mdev)
	362	+static unsigned int mlx5_fpga_ipsec_counters_count(struct mlx5_core_dev *mdev)
360	363	{
361	364	struct mlx5_fpga_device *fdev = mdev->fpga;
362	365
..	..	@@ -367,8 +370,8 @@
367	370	number_of_ipsec_counters);
368	371	}
369	372
370		-int mlx5_fpga_ipsec_counters_read(struct mlx5_core_dev mdev, u64 counters,
371		- unsigned int counters_count)
	373	+static int mlx5_fpga_ipsec_counters_read(struct mlx5_core_dev mdev, u64 counters,
	374	+ unsigned int counters_count)
372	375	{
373	376	struct mlx5_fpga_device *fdev = mdev->fpga;
374	377	unsigned int i;
..	..	@@ -602,7 +605,7 @@
602	605	const u32 *match_c,
603	606	const u32 *match_v)
604	607	{
605		- u32 ipsec_dev_caps = mlx5_accel_ipsec_device_caps(dev);
	608	+ u32 ipsec_dev_caps = mlx5_fpga_ipsec_device_caps(dev);
606	609	bool ipv6_flow;
607	610
608	611	ipv6_flow = mlx5_fs_is_outer_ipv6_flow(dev, match_c, match_v);
..	..	@@ -636,7 +639,8 @@
636	639	u8 match_criteria_enable,
637	640	const u32 *match_c,
638	641	const u32 *match_v,
639		- struct mlx5_flow_act *flow_act)
	642	+ struct mlx5_flow_act *flow_act,
	643	+ struct mlx5_flow_context *flow_context)
640	644	{
641	645	const void *outer_c = MLX5_ADDR_OF(fte_match_param, match_c,
642	646	outer_headers);
..	..	@@ -655,17 +659,16 @@
655	659	(match_criteria_enable &
656	660	~(MLX5_MATCH_OUTER_HEADERS \| MLX5_MATCH_MISC_PARAMETERS)) \|\|
657	661	(flow_act->action & ~(MLX5_FLOW_CONTEXT_ACTION_ENCRYPT \| MLX5_FLOW_CONTEXT_ACTION_ALLOW)) \|\|
658		- flow_act->has_flow_tag)
	662	+ (flow_context->flags & FLOW_CONTEXT_HAS_TAG))
659	663	return false;
660	664
661	665	return true;
662	666	}
663	667
664		-void mlx5_fpga_ipsec_create_sa_ctx(struct mlx5_core_dev mdev,
665		- struct mlx5_accel_esp_xfrm *accel_xfrm,
666		- const __be32 saddr[4],
667		- const __be32 daddr[4],
668		- const __be32 spi, bool is_ipv6)
	668	+static void mlx5_fpga_ipsec_create_sa_ctx(struct mlx5_core_dev mdev,
	669	+ struct mlx5_accel_esp_xfrm *accel_xfrm,
	670	+ const __be32 saddr[4], const __be32 daddr[4],
	671	+ const __be32 spi, bool is_ipv6, u32 *sa_handle)
669	672	{
670	673	struct mlx5_fpga_ipsec_sa_ctx *sa_ctx;
671	674	struct mlx5_fpga_esp_xfrm *fpga_xfrm =
..	..	@@ -703,6 +706,17 @@
703	706	goto exists;
704	707	}
705	708
	709	+ if (accel_xfrm->attrs.action == MLX5_ACCEL_ESP_ACTION_DECRYPT) {
	710	+ err = ida_simple_get(&fipsec->halloc, 1, 0, GFP_KERNEL);
	711	+ if (err < 0) {
	712	+ context = ERR_PTR(err);
	713	+ goto exists;
	714	+ }
	715	+
	716	+ sa_ctx->sa_handle = err;
	717	+ if (sa_handle)
	718	+ *sa_handle = sa_ctx->sa_handle;
	719	+ }
706	720	/* This is unbounded fpga_xfrm, try to add to hash */
707	721	mutex_lock(&fipsec->sa_hash_lock);
708	722
..	..	@@ -743,7 +757,8 @@
743	757	rhash_sa));
744	758	unlock_hash:
745	759	mutex_unlock(&fipsec->sa_hash_lock);
746		-
	760	+ if (accel_xfrm->attrs.action == MLX5_ACCEL_ESP_ACTION_DECRYPT)
	761	+ ida_simple_remove(&fipsec->halloc, sa_ctx->sa_handle);
747	762	exists:
748	763	mutex_unlock(&fpga_xfrm->lock);
749	764	kfree(sa_ctx);
..	..	@@ -767,7 +782,8 @@
767	782	fg->mask.match_criteria_enable,
768	783	fg->mask.match_criteria,
769	784	fte->val,
770		- &fte->action))
	785	+ &fte->action,
	786	+ &fte->flow_context))
771	787	return ERR_PTR(-EINVAL);
772	788	else if (!mlx5_is_fpga_ipsec_rule(mdev,
773	789	fg->mask.match_criteria_enable,
..	..	@@ -814,7 +830,7 @@
814	830	/* create */
815	831	return mlx5_fpga_ipsec_create_sa_ctx(mdev, accel_xfrm,
816	832	saddr, daddr,
817		- spi, is_ipv6);
	833	+ spi, is_ipv6, NULL);
818	834	}
819	835
820	836	static void
..	..	@@ -834,13 +850,17 @@
834	850	return;
835	851	}
836	852
	853	+ if (sa_ctx->fpga_xfrm->accel_xfrm.attrs.action ==
	854	+ MLX5_ACCEL_ESP_ACTION_DECRYPT)
	855	+ ida_simple_remove(&fipsec->halloc, sa_ctx->sa_handle);
	856	+
837	857	mutex_lock(&fipsec->sa_hash_lock);
838	858	WARN_ON(rhashtable_remove_fast(&fipsec->sa_hash, &sa_ctx->hash,
839	859	rhash_sa));
840	860	mutex_unlock(&fipsec->sa_hash_lock);
841	861	}
842	862
843		-void mlx5_fpga_ipsec_delete_sa_ctx(void *context)
	863	+static void mlx5_fpga_ipsec_delete_sa_ctx(void *context)
844	864	{
845	865	struct mlx5_fpga_esp_xfrm *fpga_xfrm =
846	866	((struct mlx5_fpga_ipsec_sa_ctx *)context)->fpga_xfrm;
..	..	@@ -990,32 +1010,33 @@
990	1010	return egress ? FS_FT_NIC_TX : FS_FT_NIC_RX;
991	1011	}
992	1012
993		-static int fpga_ipsec_fs_create_flow_group(struct mlx5_core_dev *dev,
	1013	+static int fpga_ipsec_fs_create_flow_group(struct mlx5_flow_root_namespace *ns,
994	1014	struct mlx5_flow_table *ft,
995	1015	u32 *in,
996		- unsigned int *group_id,
	1016	+ struct mlx5_flow_group *fg,
997	1017	bool is_egress)
998	1018	{
999		- int (create_flow_group)(struct mlx5_core_dev dev,
	1019	+ int (create_flow_group)(struct mlx5_flow_root_namespace ns,
1000	1020	struct mlx5_flow_table ft, u32 in,
1001		- unsigned int *group_id) =
	1021	+ struct mlx5_flow_group *fg) =
1002	1022	mlx5_fs_cmd_get_default(egress_to_fs_ft(is_egress))->create_flow_group;
1003	1023	char *misc_params_c = MLX5_ADDR_OF(create_flow_group_in, in,
1004	1024	match_criteria.misc_parameters);
	1025	+ struct mlx5_core_dev *dev = ns->dev;
1005	1026	u32 saved_outer_esp_spi_mask;
1006	1027	u8 match_criteria_enable;
1007	1028	int ret;
1008	1029
1009	1030	if (MLX5_CAP_FLOWTABLE(dev,
1010	1031	flow_table_properties_nic_receive.ft_field_support.outer_esp_spi))
1011		- return create_flow_group(dev, ft, in, group_id);
	1032	+ return create_flow_group(ns, ft, in, fg);
1012	1033
1013	1034	match_criteria_enable =
1014	1035	MLX5_GET(create_flow_group_in, in, match_criteria_enable);
1015	1036	saved_outer_esp_spi_mask =
1016	1037	MLX5_GET(fte_match_set_misc, misc_params_c, outer_esp_spi);
1017	1038	if (!match_criteria_enable \|\| !saved_outer_esp_spi_mask)
1018		- return create_flow_group(dev, ft, in, group_id);
	1039	+ return create_flow_group(ns, ft, in, fg);
1019	1040
1020	1041	MLX5_SET(fte_match_set_misc, misc_params_c, outer_esp_spi, 0);
1021	1042
..	..	@@ -1024,7 +1045,7 @@
1024	1045	MLX5_SET(create_flow_group_in, in, match_criteria_enable,
1025	1046	match_criteria_enable & ~MLX5_MATCH_MISC_PARAMETERS);
1026	1047
1027		- ret = create_flow_group(dev, ft, in, group_id);
	1048	+ ret = create_flow_group(ns, ft, in, fg);
1028	1049
1029	1050	MLX5_SET(fte_match_set_misc, misc_params_c, outer_esp_spi, saved_outer_esp_spi_mask);
1030	1051	MLX5_SET(create_flow_group_in, in, match_criteria_enable, match_criteria_enable);
..	..	@@ -1032,17 +1053,18 @@
1032	1053	return ret;
1033	1054	}
1034	1055
1035		-static int fpga_ipsec_fs_create_fte(struct mlx5_core_dev *dev,
	1056	+static int fpga_ipsec_fs_create_fte(struct mlx5_flow_root_namespace *ns,
1036	1057	struct mlx5_flow_table *ft,
1037	1058	struct mlx5_flow_group *fg,
1038	1059	struct fs_fte *fte,
1039	1060	bool is_egress)
1040	1061	{
1041		- int (create_fte)(struct mlx5_core_dev dev,
	1062	+ int (create_fte)(struct mlx5_flow_root_namespace ns,
1042	1063	struct mlx5_flow_table *ft,
1043	1064	struct mlx5_flow_group *fg,
1044	1065	struct fs_fte *fte) =
1045	1066	mlx5_fs_cmd_get_default(egress_to_fs_ft(is_egress))->create_fte;
	1067	+ struct mlx5_core_dev *dev = ns->dev;
1046	1068	struct mlx5_fpga_device *fdev = dev->fpga;
1047	1069	struct mlx5_fpga_ipsec *fipsec = fdev->ipsec;
1048	1070	struct mlx5_fpga_ipsec_rule *rule;
..	..	@@ -1054,7 +1076,7 @@
1054	1076	!(fte->action.action &
1055	1077	(MLX5_FLOW_CONTEXT_ACTION_ENCRYPT \|
1056	1078	MLX5_FLOW_CONTEXT_ACTION_DECRYPT)))
1057		- return create_fte(dev, ft, fg, fte);
	1079	+ return create_fte(ns, ft, fg, fte);
1058	1080
1059	1081	rule = kzalloc(sizeof(*rule), GFP_KERNEL);
1060	1082	if (!rule)
..	..	@@ -1071,7 +1093,7 @@
1071	1093	WARN_ON(rule_insert(fipsec, rule));
1072	1094
1073	1095	modify_spec_mailbox(dev, fte, &mbox_mod);
1074		- ret = create_fte(dev, ft, fg, fte);
	1096	+ ret = create_fte(ns, ft, fg, fte);
1075	1097	restore_spec_mailbox(fte, &mbox_mod);
1076	1098	if (ret) {
1077	1099	_rule_delete(fipsec, rule);
..	..	@@ -1082,19 +1104,20 @@
1082	1104	return ret;
1083	1105	}
1084	1106
1085		-static int fpga_ipsec_fs_update_fte(struct mlx5_core_dev *dev,
	1107	+static int fpga_ipsec_fs_update_fte(struct mlx5_flow_root_namespace *ns,
1086	1108	struct mlx5_flow_table *ft,
1087		- unsigned int group_id,
	1109	+ struct mlx5_flow_group *fg,
1088	1110	int modify_mask,
1089	1111	struct fs_fte *fte,
1090	1112	bool is_egress)
1091	1113	{
1092		- int (update_fte)(struct mlx5_core_dev dev,
	1114	+ int (update_fte)(struct mlx5_flow_root_namespace ns,
1093	1115	struct mlx5_flow_table *ft,
1094		- unsigned int group_id,
	1116	+ struct mlx5_flow_group *fg,
1095	1117	int modify_mask,
1096	1118	struct fs_fte *fte) =
1097	1119	mlx5_fs_cmd_get_default(egress_to_fs_ft(is_egress))->update_fte;
	1120	+ struct mlx5_core_dev *dev = ns->dev;
1098	1121	bool is_esp = fte->action.esp_id;
1099	1122	struct mailbox_mod mbox_mod;
1100	1123	int ret;
..	..	@@ -1103,24 +1126,25 @@
1103	1126	!(fte->action.action &
1104	1127	(MLX5_FLOW_CONTEXT_ACTION_ENCRYPT \|
1105	1128	MLX5_FLOW_CONTEXT_ACTION_DECRYPT)))
1106		- return update_fte(dev, ft, group_id, modify_mask, fte);
	1129	+ return update_fte(ns, ft, fg, modify_mask, fte);
1107	1130
1108	1131	modify_spec_mailbox(dev, fte, &mbox_mod);
1109		- ret = update_fte(dev, ft, group_id, modify_mask, fte);
	1132	+ ret = update_fte(ns, ft, fg, modify_mask, fte);
1110	1133	restore_spec_mailbox(fte, &mbox_mod);
1111	1134
1112	1135	return ret;
1113	1136	}
1114	1137
1115		-static int fpga_ipsec_fs_delete_fte(struct mlx5_core_dev *dev,
	1138	+static int fpga_ipsec_fs_delete_fte(struct mlx5_flow_root_namespace *ns,
1116	1139	struct mlx5_flow_table *ft,
1117	1140	struct fs_fte *fte,
1118	1141	bool is_egress)
1119	1142	{
1120		- int (delete_fte)(struct mlx5_core_dev dev,
	1143	+ int (delete_fte)(struct mlx5_flow_root_namespace ns,
1121	1144	struct mlx5_flow_table *ft,
1122	1145	struct fs_fte *fte) =
1123	1146	mlx5_fs_cmd_get_default(egress_to_fs_ft(is_egress))->delete_fte;
	1147	+ struct mlx5_core_dev *dev = ns->dev;
1124	1148	struct mlx5_fpga_device *fdev = dev->fpga;
1125	1149	struct mlx5_fpga_ipsec *fipsec = fdev->ipsec;
1126	1150	struct mlx5_fpga_ipsec_rule *rule;
..	..	@@ -1132,7 +1156,7 @@
1132	1156	!(fte->action.action &
1133	1157	(MLX5_FLOW_CONTEXT_ACTION_ENCRYPT \|
1134	1158	MLX5_FLOW_CONTEXT_ACTION_DECRYPT)))
1135		- return delete_fte(dev, ft, fte);
	1159	+ return delete_fte(ns, ft, fte);
1136	1160
1137	1161	rule = rule_search(fipsec, fte);
1138	1162	if (!rule)
..	..	@@ -1142,84 +1166,84 @@
1142	1166	rule_delete(fipsec, rule);
1143	1167
1144	1168	modify_spec_mailbox(dev, fte, &mbox_mod);
1145		- ret = delete_fte(dev, ft, fte);
	1169	+ ret = delete_fte(ns, ft, fte);
1146	1170	restore_spec_mailbox(fte, &mbox_mod);
1147	1171
1148	1172	return ret;
1149	1173	}
1150	1174
1151	1175	static int
1152		-mlx5_fpga_ipsec_fs_create_flow_group_egress(struct mlx5_core_dev *dev,
	1176	+mlx5_fpga_ipsec_fs_create_flow_group_egress(struct mlx5_flow_root_namespace *ns,
1153	1177	struct mlx5_flow_table *ft,
1154	1178	u32 *in,
1155		- unsigned int *group_id)
	1179	+ struct mlx5_flow_group *fg)
1156	1180	{
1157		- return fpga_ipsec_fs_create_flow_group(dev, ft, in, group_id, true);
	1181	+ return fpga_ipsec_fs_create_flow_group(ns, ft, in, fg, true);
1158	1182	}
1159	1183
1160	1184	static int
1161		-mlx5_fpga_ipsec_fs_create_fte_egress(struct mlx5_core_dev *dev,
	1185	+mlx5_fpga_ipsec_fs_create_fte_egress(struct mlx5_flow_root_namespace *ns,
1162	1186	struct mlx5_flow_table *ft,
1163	1187	struct mlx5_flow_group *fg,
1164	1188	struct fs_fte *fte)
1165	1189	{
1166		- return fpga_ipsec_fs_create_fte(dev, ft, fg, fte, true);
	1190	+ return fpga_ipsec_fs_create_fte(ns, ft, fg, fte, true);
1167	1191	}
1168	1192
1169	1193	static int
1170		-mlx5_fpga_ipsec_fs_update_fte_egress(struct mlx5_core_dev *dev,
	1194	+mlx5_fpga_ipsec_fs_update_fte_egress(struct mlx5_flow_root_namespace *ns,
1171	1195	struct mlx5_flow_table *ft,
1172		- unsigned int group_id,
	1196	+ struct mlx5_flow_group *fg,
1173	1197	int modify_mask,
1174	1198	struct fs_fte *fte)
1175	1199	{
1176		- return fpga_ipsec_fs_update_fte(dev, ft, group_id, modify_mask, fte,
	1200	+ return fpga_ipsec_fs_update_fte(ns, ft, fg, modify_mask, fte,
1177	1201	true);
1178	1202	}
1179	1203
1180	1204	static int
1181		-mlx5_fpga_ipsec_fs_delete_fte_egress(struct mlx5_core_dev *dev,
	1205	+mlx5_fpga_ipsec_fs_delete_fte_egress(struct mlx5_flow_root_namespace *ns,
1182	1206	struct mlx5_flow_table *ft,
1183	1207	struct fs_fte *fte)
1184	1208	{
1185		- return fpga_ipsec_fs_delete_fte(dev, ft, fte, true);
	1209	+ return fpga_ipsec_fs_delete_fte(ns, ft, fte, true);
1186	1210	}
1187	1211
1188	1212	static int
1189		-mlx5_fpga_ipsec_fs_create_flow_group_ingress(struct mlx5_core_dev *dev,
	1213	+mlx5_fpga_ipsec_fs_create_flow_group_ingress(struct mlx5_flow_root_namespace *ns,
1190	1214	struct mlx5_flow_table *ft,
1191	1215	u32 *in,
1192		- unsigned int *group_id)
	1216	+ struct mlx5_flow_group *fg)
1193	1217	{
1194		- return fpga_ipsec_fs_create_flow_group(dev, ft, in, group_id, false);
	1218	+ return fpga_ipsec_fs_create_flow_group(ns, ft, in, fg, false);
1195	1219	}
1196	1220
1197	1221	static int
1198		-mlx5_fpga_ipsec_fs_create_fte_ingress(struct mlx5_core_dev *dev,
	1222	+mlx5_fpga_ipsec_fs_create_fte_ingress(struct mlx5_flow_root_namespace *ns,
1199	1223	struct mlx5_flow_table *ft,
1200	1224	struct mlx5_flow_group *fg,
1201	1225	struct fs_fte *fte)
1202	1226	{
1203		- return fpga_ipsec_fs_create_fte(dev, ft, fg, fte, false);
	1227	+ return fpga_ipsec_fs_create_fte(ns, ft, fg, fte, false);
1204	1228	}
1205	1229
1206	1230	static int
1207		-mlx5_fpga_ipsec_fs_update_fte_ingress(struct mlx5_core_dev *dev,
	1231	+mlx5_fpga_ipsec_fs_update_fte_ingress(struct mlx5_flow_root_namespace *ns,
1208	1232	struct mlx5_flow_table *ft,
1209		- unsigned int group_id,
	1233	+ struct mlx5_flow_group *fg,
1210	1234	int modify_mask,
1211	1235	struct fs_fte *fte)
1212	1236	{
1213		- return fpga_ipsec_fs_update_fte(dev, ft, group_id, modify_mask, fte,
	1237	+ return fpga_ipsec_fs_update_fte(ns, ft, fg, modify_mask, fte,
1214	1238	false);
1215	1239	}
1216	1240
1217	1241	static int
1218		-mlx5_fpga_ipsec_fs_delete_fte_ingress(struct mlx5_core_dev *dev,
	1242	+mlx5_fpga_ipsec_fs_delete_fte_ingress(struct mlx5_flow_root_namespace *ns,
1219	1243	struct mlx5_flow_table *ft,
1220	1244	struct fs_fte *fte)
1221	1245	{
1222		- return fpga_ipsec_fs_delete_fte(dev, ft, fte, false);
	1246	+ return fpga_ipsec_fs_delete_fte(ns, ft, fte, false);
1223	1247	}
1224	1248
1225	1249	static struct mlx5_flow_cmds fpga_ipsec_ingress;
..	..	@@ -1238,7 +1262,7 @@
1238	1262	}
1239	1263	}
1240	1264
1241		-int mlx5_fpga_ipsec_init(struct mlx5_core_dev *mdev)
	1265	+static int mlx5_fpga_ipsec_init(struct mlx5_core_dev *mdev)
1242	1266	{
1243	1267	struct mlx5_fpga_conn_attr init_attr = {0};
1244	1268	struct mlx5_fpga_device *fdev = mdev->fpga;
..	..	@@ -1293,6 +1317,8 @@
1293	1317	goto err_destroy_hash;
1294	1318	}
1295	1319
	1320	+ ida_init(&fdev->ipsec->halloc);
	1321	+
1296	1322	return 0;
1297	1323
1298	1324	err_destroy_hash:
..	..	@@ -1318,13 +1344,14 @@
1318	1344	}
1319	1345	}
1320	1346
1321		-void mlx5_fpga_ipsec_cleanup(struct mlx5_core_dev *mdev)
	1347	+static void mlx5_fpga_ipsec_cleanup(struct mlx5_core_dev *mdev)
1322	1348	{
1323	1349	struct mlx5_fpga_device *fdev = mdev->fpga;
1324	1350
1325	1351	if (!mlx5_fpga_is_ipsec_device(mdev))
1326	1352	return;
1327	1353
	1354	+ ida_destroy(&fdev->ipsec->halloc);
1328	1355	destroy_rules_rb(&fdev->ipsec->rules_rb);
1329	1356	rhashtable_destroy(&fdev->ipsec->sa_hash);
1330	1357
..	..	@@ -1422,7 +1449,7 @@
1422	1449	return 0;
1423	1450	}
1424	1451
1425		-struct mlx5_accel_esp_xfrm *
	1452	+static struct mlx5_accel_esp_xfrm *
1426	1453	mlx5_fpga_esp_create_xfrm(struct mlx5_core_dev *mdev,
1427	1454	const struct mlx5_accel_esp_xfrm_attrs *attrs,
1428	1455	u32 flags)
..	..	@@ -1450,7 +1477,7 @@
1450	1477	return &fpga_xfrm->accel_xfrm;
1451	1478	}
1452	1479
1453		-void mlx5_fpga_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm)
	1480	+static void mlx5_fpga_esp_destroy_xfrm(struct mlx5_accel_esp_xfrm *xfrm)
1454	1481	{
1455	1482	struct mlx5_fpga_esp_xfrm *fpga_xfrm =
1456	1483	container_of(xfrm, struct mlx5_fpga_esp_xfrm,
..	..	@@ -1459,8 +1486,8 @@
1459	1486	kfree(fpga_xfrm);
1460	1487	}
1461	1488
1462		-int mlx5_fpga_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
1463		- const struct mlx5_accel_esp_xfrm_attrs *attrs)
	1489	+static int mlx5_fpga_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
	1490	+ const struct mlx5_accel_esp_xfrm_attrs *attrs)
1464	1491	{
1465	1492	struct mlx5_core_dev *mdev = xfrm->mdev;
1466	1493	struct mlx5_fpga_device *fdev = mdev->fpga;
..	..	@@ -1531,3 +1558,24 @@
1531	1558	mutex_unlock(&fpga_xfrm->lock);
1532	1559	return err;
1533	1560	}
	1561	+
	1562	+static const struct mlx5_accel_ipsec_ops fpga_ipsec_ops = {
	1563	+ .device_caps = mlx5_fpga_ipsec_device_caps,
	1564	+ .counters_count = mlx5_fpga_ipsec_counters_count,
	1565	+ .counters_read = mlx5_fpga_ipsec_counters_read,
	1566	+ .create_hw_context = mlx5_fpga_ipsec_create_sa_ctx,
	1567	+ .free_hw_context = mlx5_fpga_ipsec_delete_sa_ctx,
	1568	+ .init = mlx5_fpga_ipsec_init,
	1569	+ .cleanup = mlx5_fpga_ipsec_cleanup,
	1570	+ .esp_create_xfrm = mlx5_fpga_esp_create_xfrm,
	1571	+ .esp_modify_xfrm = mlx5_fpga_esp_modify_xfrm,
	1572	+ .esp_destroy_xfrm = mlx5_fpga_esp_destroy_xfrm,
	1573	+};
	1574	+
	1575	+const struct mlx5_accel_ipsec_ops mlx5_fpga_ipsec_ops(struct mlx5_core_dev mdev)
	1576	+{
	1577	+ if (!mlx5_fpga_is_ipsec_device(mdev))
	1578	+ return NULL;
	1579	+
	1580	+ return &fpga_ipsec_ops;
	1581	+}