Re: [PATCH net-next V2 3/8] net/mlx5: Use mlx5_eswitch_is_vf_vport() for IPsec VF checks

[Moshe Shemesh]

On 5/18/2026 10:13 AM, Tariq Toukan wrote:
> From: Moshe Shemesh <moshe@xxxxxxxxxx>
>
> IPsec eswitch offload operations and the enabled_ipsec_vf_count counter
> are intended for VF vports only. Replace the MLX5_VPORT_HOST_PF checks
> with mlx5_eswitch_is_vf_vport() to properly identify VF vports, as
> preparation for adding another type of PF vports.
>
> Signed-off-by: Moshe Shemesh <moshe@xxxxxxxxxx>
> Signed-off-by: Tariq Toukan <tariqt@xxxxxxxxxx>
> ---
>   drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec.c | 2 +-
>   drivers/net/ethernet/mellanox/mlx5/core/eswitch.c   | 4 ++--
>   2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec.c
> index 4811b60ea430..b830ccd91e62 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec.c
> @@ -209,7 +209,7 @@ static int esw_ipsec_vf_offload_set_bytype(struct mlx5_eswitch *esw, struct mlx5
>   	struct mlx5_core_dev *dev = esw->dev;
>   	int err;
>   
> -	if (vport->vport == MLX5_VPORT_HOST_PF)
> +	if (!mlx5_eswitch_is_vf_vport(esw, vport->vport))
>   		return -EOPNOTSUPP;
>   
>   	if (type == MLX5_ESW_VPORT_IPSEC_CRYPTO_OFFLOAD) {
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
> index 8b62dde7eb70..9a7de7c9a667 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
> @@ -958,7 +958,7 @@ int mlx5_esw_vport_enable(struct mlx5_eswitch *esw, struct mlx5_vport *vport,
>   	/* Sync with current vport context */
>   	vport->enabled_events = enabled_events;
>   	vport->enabled = true;
> -	if (vport->vport != MLX5_VPORT_HOST_PF &&
> +	if (mlx5_eswitch_is_vf_vport(esw, vport_num) &&
>   	    (vport->info.ipsec_crypto_enabled || vport->info.ipsec_packet_enabled))
>   		esw->enabled_ipsec_vf_count++;
>   

Sashiko.dev says:
" This isn't a regression introduced by this patch, but is it possible 
for enabled_ipsec_vf_count to leak in the error path?"

As it says, pre-existing bug, not related to this patch change.
I will have a separate patch to fix that.

> @@ -1020,7 +1020,7 @@ void mlx5_esw_vport_disable(struct mlx5_eswitch *esw, struct mlx5_vport *vport)
>   		mlx5_esw_vport_vhca_id_unmap(esw, vport);
>   	}
>   
> -	if (vport->vport != MLX5_VPORT_HOST_PF &&
> +	if (mlx5_eswitch_is_vf_vport(esw, vport_num) &&
>   	    (vport->info.ipsec_crypto_enabled || vport->info.ipsec_packet_enabled))
>   		esw->enabled_ipsec_vf_count--;
>   

Sashiko.dev says:
" This isn't a regression introduced by this patch, but does this logic
handle the case where both crypto and packet offloads are enabled on a
single VF via devlink? "
	
Same here.