mirror of
https://github.com/torvalds/linux.git
synced 2024-11-30 16:11:38 +00:00
net/mlx5e: Support MACsec offload extended packet number (EPN)
MACsec EPN splits the packet number (PN) into two 32-bits fields, epn_lsb (32 least significant bits (LSBs) of PN) and epn_msb (32 most significant bits (MSBs) of PN). Epn_msb bits are managed by SW and for that HW is required to send an object change event of type EPN event notifying the SW to update the epn_msb in addition, once epn_msb is updated SW update HW with the new epn_msb value for HW to perform replay protection. To prevent HW from stopping while handling the event, SW manages another bit for HW called epn_overlap, HW uses the latter to get an indication regarding how to read the epn_msb value correctly while still receiving packets. Add epn event handling that updates the epn_overlap and epn_msb for every 2^31 packets according to the following logic: if epn_lsb crosses 2^31 (half sequence number wraparound) upon HW relevant event, SW updates the esn_overlap value to OLD (value = 1). When the epn_lsb crosses 2^32 (full sequence number wraparound) upon HW relevant event, SW updates the esn_overlap to NEW (value = 0) and increment the esn_msb. When using MACsec EPN a salt and short secure channel id (ssci) needs to be provided by the user, when offloading EPN need to pass this salt and ssci to the HW to be used in the initial vector (IV) calculations. Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Emeel Hakim <ehakim@nvidia.com> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com> Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
parent
3fd3fb6b6b
commit
4411a6c0ab
@ -11,6 +11,50 @@
|
||||
#include "en_accel/macsec.h"
|
||||
#include "en_accel/macsec_fs.h"
|
||||
|
||||
#define MLX5_MACSEC_EPN_SCOPE_MID 0x80000000L
|
||||
#define MLX5E_MACSEC_ASO_CTX_SZ MLX5_ST_SZ_BYTES(macsec_aso)
|
||||
|
||||
enum mlx5_macsec_aso_event_arm {
|
||||
MLX5E_ASO_EPN_ARM = BIT(0),
|
||||
};
|
||||
|
||||
enum {
|
||||
MLX5_MACSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET,
|
||||
};
|
||||
|
||||
struct mlx5e_macsec_handle {
|
||||
struct mlx5e_macsec *macsec;
|
||||
u32 obj_id;
|
||||
u8 idx;
|
||||
};
|
||||
|
||||
enum {
|
||||
MLX5_MACSEC_EPN,
|
||||
};
|
||||
|
||||
struct mlx5e_macsec_aso_out {
|
||||
u8 event_arm;
|
||||
u32 mode_param;
|
||||
};
|
||||
|
||||
struct mlx5e_macsec_aso_in {
|
||||
u8 mode;
|
||||
u32 obj_id;
|
||||
};
|
||||
|
||||
struct mlx5e_macsec_epn_state {
|
||||
u32 epn_msb;
|
||||
u8 epn_enabled;
|
||||
u8 overlap;
|
||||
};
|
||||
|
||||
struct mlx5e_macsec_async_work {
|
||||
struct mlx5e_macsec *macsec;
|
||||
struct mlx5_core_dev *mdev;
|
||||
struct work_struct work;
|
||||
u32 obj_id;
|
||||
};
|
||||
|
||||
struct mlx5e_macsec_sa {
|
||||
bool active;
|
||||
u8 assoc_num;
|
||||
@ -18,11 +62,13 @@ struct mlx5e_macsec_sa {
|
||||
u32 enc_key_id;
|
||||
u32 next_pn;
|
||||
sci_t sci;
|
||||
salt_t salt;
|
||||
|
||||
struct rhash_head hash;
|
||||
u32 fs_id;
|
||||
union mlx5e_macsec_rule *macsec_rule;
|
||||
struct rcu_head rcu_head;
|
||||
struct mlx5e_macsec_epn_state epn_state;
|
||||
};
|
||||
|
||||
struct mlx5e_macsec_rx_sc;
|
||||
@ -93,6 +139,9 @@ struct mlx5e_macsec {
|
||||
|
||||
/* ASO */
|
||||
struct mlx5e_macsec_aso aso;
|
||||
|
||||
struct notifier_block nb;
|
||||
struct workqueue_struct *wq;
|
||||
};
|
||||
|
||||
struct mlx5_macsec_obj_attrs {
|
||||
@ -101,6 +150,25 @@ struct mlx5_macsec_obj_attrs {
|
||||
__be64 sci;
|
||||
u32 enc_key_id;
|
||||
bool encrypt;
|
||||
struct mlx5e_macsec_epn_state epn_state;
|
||||
salt_t salt;
|
||||
__be32 ssci;
|
||||
};
|
||||
|
||||
struct mlx5_aso_ctrl_param {
|
||||
u8 data_mask_mode;
|
||||
u8 condition_0_operand;
|
||||
u8 condition_1_operand;
|
||||
u8 condition_0_offset;
|
||||
u8 condition_1_offset;
|
||||
u8 data_offset;
|
||||
u8 condition_operand;
|
||||
u32 condition_0_data;
|
||||
u32 condition_0_mask;
|
||||
u32 condition_1_data;
|
||||
u32 condition_1_mask;
|
||||
u64 bitwise_data;
|
||||
u64 data_mask;
|
||||
};
|
||||
|
||||
static int mlx5e_macsec_aso_reg_mr(struct mlx5_core_dev *mdev, struct mlx5e_macsec_aso *aso)
|
||||
@ -168,11 +236,29 @@ static int mlx5e_macsec_create_object(struct mlx5_core_dev *mdev,
|
||||
|
||||
MLX5_SET(macsec_offload_obj, obj, confidentiality_en, attrs->encrypt);
|
||||
MLX5_SET(macsec_offload_obj, obj, dekn, attrs->enc_key_id);
|
||||
MLX5_SET64(macsec_offload_obj, obj, sci, (__force u64)(attrs->sci));
|
||||
MLX5_SET(macsec_offload_obj, obj, aso_return_reg, MLX5_MACSEC_ASO_REG_C_4_5);
|
||||
MLX5_SET(macsec_offload_obj, obj, macsec_aso_access_pd, attrs->aso_pdn);
|
||||
MLX5_SET(macsec_aso, aso_ctx, mode_parameter, attrs->next_pn);
|
||||
|
||||
/* Epn */
|
||||
if (attrs->epn_state.epn_enabled) {
|
||||
void *salt_p;
|
||||
int i;
|
||||
|
||||
MLX5_SET(macsec_aso, aso_ctx, epn_event_arm, 1);
|
||||
MLX5_SET(macsec_offload_obj, obj, epn_en, 1);
|
||||
MLX5_SET(macsec_offload_obj, obj, epn_msb, attrs->epn_state.epn_msb);
|
||||
MLX5_SET(macsec_offload_obj, obj, epn_overlap, attrs->epn_state.overlap);
|
||||
MLX5_SET64(macsec_offload_obj, obj, sci, (__force u64)attrs->ssci);
|
||||
salt_p = MLX5_ADDR_OF(macsec_offload_obj, obj, salt);
|
||||
for (i = 0; i < 3 ; i++)
|
||||
memcpy((u32 *)salt_p + i, &attrs->salt.bytes[4 * (2 - i)], 4);
|
||||
if (!is_tx)
|
||||
MLX5_SET(macsec_aso, aso_ctx, mode, MLX5_MACSEC_ASO_REPLAY_PROTECTION);
|
||||
} else {
|
||||
MLX5_SET64(macsec_offload_obj, obj, sci, (__force u64)(attrs->sci));
|
||||
}
|
||||
|
||||
MLX5_SET(macsec_aso, aso_ctx, valid, 0x1);
|
||||
if (is_tx)
|
||||
MLX5_SET(macsec_aso, aso_ctx, mode, MLX5_MACSEC_ASO_INC_SN);
|
||||
@ -238,6 +324,7 @@ static int mlx5e_macsec_init_sa(struct macsec_context *ctx,
|
||||
struct mlx5_core_dev *mdev = priv->mdev;
|
||||
struct mlx5_macsec_obj_attrs obj_attrs;
|
||||
union mlx5e_macsec_rule *macsec_rule;
|
||||
struct macsec_key *key;
|
||||
int err;
|
||||
|
||||
obj_attrs.next_pn = sa->next_pn;
|
||||
@ -245,6 +332,17 @@ static int mlx5e_macsec_init_sa(struct macsec_context *ctx,
|
||||
obj_attrs.enc_key_id = sa->enc_key_id;
|
||||
obj_attrs.encrypt = encrypt;
|
||||
obj_attrs.aso_pdn = macsec->aso.pdn;
|
||||
obj_attrs.epn_state = sa->epn_state;
|
||||
|
||||
if (is_tx) {
|
||||
obj_attrs.ssci = cpu_to_be32((__force u32)ctx->sa.tx_sa->ssci);
|
||||
key = &ctx->sa.tx_sa->key;
|
||||
} else {
|
||||
obj_attrs.ssci = cpu_to_be32((__force u32)ctx->sa.rx_sa->ssci);
|
||||
key = &ctx->sa.rx_sa->key;
|
||||
}
|
||||
|
||||
memcpy(&obj_attrs.salt, &key->salt, sizeof(key->salt));
|
||||
|
||||
err = mlx5e_macsec_create_object(mdev, &obj_attrs, is_tx, &sa->macsec_obj_id);
|
||||
if (err)
|
||||
@ -342,11 +440,6 @@ static bool mlx5e_macsec_secy_features_validate(struct macsec_context *ctx)
|
||||
return false;
|
||||
}
|
||||
|
||||
if (secy->xpn) {
|
||||
netdev_err(netdev, "MACsec offload: xpn is not supported\n");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (secy->replay_protect) {
|
||||
netdev_err(netdev, "MACsec offload: replay protection is not supported\n");
|
||||
return false;
|
||||
@ -371,6 +464,17 @@ mlx5e_macsec_get_macsec_device_context(const struct mlx5e_macsec *macsec,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void update_macsec_epn(struct mlx5e_macsec_sa *sa, const struct macsec_key *key,
|
||||
const pn_t *next_pn_halves)
|
||||
{
|
||||
struct mlx5e_macsec_epn_state *epn_state = &sa->epn_state;
|
||||
|
||||
sa->salt = key->salt;
|
||||
epn_state->epn_enabled = 1;
|
||||
epn_state->epn_msb = next_pn_halves->upper;
|
||||
epn_state->overlap = next_pn_halves->lower < MLX5_MACSEC_EPN_SCOPE_MID ? 0 : 1;
|
||||
}
|
||||
|
||||
static int mlx5e_macsec_add_txsa(struct macsec_context *ctx)
|
||||
{
|
||||
const struct macsec_tx_sc *tx_sc = &ctx->secy->tx_sc;
|
||||
@ -413,6 +517,10 @@ static int mlx5e_macsec_add_txsa(struct macsec_context *ctx)
|
||||
tx_sa->next_pn = ctx_tx_sa->next_pn_halves.lower;
|
||||
tx_sa->sci = secy->sci;
|
||||
tx_sa->assoc_num = assoc_num;
|
||||
|
||||
if (secy->xpn)
|
||||
update_macsec_epn(tx_sa, &ctx_tx_sa->key, &ctx_tx_sa->next_pn_halves);
|
||||
|
||||
err = mlx5_create_encryption_key(mdev, ctx->sa.key, secy->key_len,
|
||||
MLX5_ACCEL_OBJ_MACSEC_KEY,
|
||||
&tx_sa->enc_key_id);
|
||||
@ -816,6 +924,9 @@ static int mlx5e_macsec_add_rxsa(struct macsec_context *ctx)
|
||||
rx_sa->assoc_num = assoc_num;
|
||||
rx_sa->fs_id = rx_sc->sc_xarray_element->fs_id;
|
||||
|
||||
if (ctx->secy->xpn)
|
||||
update_macsec_epn(rx_sa, &ctx_rx_sa->key, &ctx_rx_sa->next_pn_halves);
|
||||
|
||||
err = mlx5_create_encryption_key(mdev, ctx->sa.key, ctx->secy->key_len,
|
||||
MLX5_ACCEL_OBJ_MACSEC_KEY,
|
||||
&rx_sa->enc_key_id);
|
||||
@ -1186,6 +1297,307 @@ out:
|
||||
return err;
|
||||
}
|
||||
|
||||
static void macsec_build_accel_attrs(struct mlx5e_macsec_sa *sa,
|
||||
struct mlx5_macsec_obj_attrs *attrs)
|
||||
{
|
||||
attrs->epn_state.epn_msb = sa->epn_state.epn_msb;
|
||||
attrs->epn_state.overlap = sa->epn_state.overlap;
|
||||
}
|
||||
|
||||
static void macsec_aso_build_wqe_ctrl_seg(struct mlx5e_macsec_aso *macsec_aso,
|
||||
struct mlx5_wqe_aso_ctrl_seg *aso_ctrl,
|
||||
struct mlx5_aso_ctrl_param *param)
|
||||
{
|
||||
memset(aso_ctrl, 0, sizeof(*aso_ctrl));
|
||||
if (macsec_aso->umr->dma_addr) {
|
||||
aso_ctrl->va_l = cpu_to_be32(macsec_aso->umr->dma_addr | ASO_CTRL_READ_EN);
|
||||
aso_ctrl->va_h = cpu_to_be32((u64)macsec_aso->umr->dma_addr >> 32);
|
||||
aso_ctrl->l_key = cpu_to_be32(macsec_aso->umr->mkey);
|
||||
}
|
||||
|
||||
if (!param)
|
||||
return;
|
||||
|
||||
aso_ctrl->data_mask_mode = param->data_mask_mode << 6;
|
||||
aso_ctrl->condition_1_0_operand = param->condition_1_operand |
|
||||
param->condition_0_operand << 4;
|
||||
aso_ctrl->condition_1_0_offset = param->condition_1_offset |
|
||||
param->condition_0_offset << 4;
|
||||
aso_ctrl->data_offset_condition_operand = param->data_offset |
|
||||
param->condition_operand << 6;
|
||||
aso_ctrl->condition_0_data = cpu_to_be32(param->condition_0_data);
|
||||
aso_ctrl->condition_0_mask = cpu_to_be32(param->condition_0_mask);
|
||||
aso_ctrl->condition_1_data = cpu_to_be32(param->condition_1_data);
|
||||
aso_ctrl->condition_1_mask = cpu_to_be32(param->condition_1_mask);
|
||||
aso_ctrl->bitwise_data = cpu_to_be64(param->bitwise_data);
|
||||
aso_ctrl->data_mask = cpu_to_be64(param->data_mask);
|
||||
}
|
||||
|
||||
static int mlx5e_macsec_modify_obj(struct mlx5_core_dev *mdev, struct mlx5_macsec_obj_attrs *attrs,
|
||||
u32 macsec_id)
|
||||
{
|
||||
u32 in[MLX5_ST_SZ_DW(modify_macsec_obj_in)] = {};
|
||||
u32 out[MLX5_ST_SZ_DW(query_macsec_obj_out)];
|
||||
u64 modify_field_select = 0;
|
||||
void *obj;
|
||||
int err;
|
||||
|
||||
/* General object fields set */
|
||||
MLX5_SET(general_obj_in_cmd_hdr, in, opcode, MLX5_CMD_OP_QUERY_GENERAL_OBJECT);
|
||||
MLX5_SET(general_obj_in_cmd_hdr, in, obj_type, MLX5_GENERAL_OBJECT_TYPES_MACSEC);
|
||||
MLX5_SET(general_obj_in_cmd_hdr, in, obj_id, macsec_id);
|
||||
err = mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
|
||||
if (err) {
|
||||
mlx5_core_err(mdev, "Query MACsec object failed (Object id %d), err = %d\n",
|
||||
macsec_id, err);
|
||||
return err;
|
||||
}
|
||||
|
||||
obj = MLX5_ADDR_OF(query_macsec_obj_out, out, macsec_object);
|
||||
modify_field_select = MLX5_GET64(macsec_offload_obj, obj, modify_field_select);
|
||||
|
||||
/* EPN */
|
||||
if (!(modify_field_select & MLX5_MODIFY_MACSEC_BITMASK_EPN_OVERLAP) ||
|
||||
!(modify_field_select & MLX5_MODIFY_MACSEC_BITMASK_EPN_MSB)) {
|
||||
mlx5_core_dbg(mdev, "MACsec object field is not modifiable (Object id %d)\n",
|
||||
macsec_id);
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
|
||||
obj = MLX5_ADDR_OF(modify_macsec_obj_in, in, macsec_object);
|
||||
MLX5_SET64(macsec_offload_obj, obj, modify_field_select,
|
||||
MLX5_MODIFY_MACSEC_BITMASK_EPN_OVERLAP | MLX5_MODIFY_MACSEC_BITMASK_EPN_MSB);
|
||||
MLX5_SET(macsec_offload_obj, obj, epn_msb, attrs->epn_state.epn_msb);
|
||||
MLX5_SET(macsec_offload_obj, obj, epn_overlap, attrs->epn_state.overlap);
|
||||
|
||||
/* General object fields set */
|
||||
MLX5_SET(general_obj_in_cmd_hdr, in, opcode, MLX5_CMD_OP_MODIFY_GENERAL_OBJECT);
|
||||
|
||||
return mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
|
||||
}
|
||||
|
||||
static void macsec_aso_build_ctrl(struct mlx5e_macsec_aso *aso,
|
||||
struct mlx5_wqe_aso_ctrl_seg *aso_ctrl,
|
||||
struct mlx5e_macsec_aso_in *in)
|
||||
{
|
||||
struct mlx5_aso_ctrl_param param = {};
|
||||
|
||||
param.data_mask_mode = MLX5_ASO_DATA_MASK_MODE_BITWISE_64BIT;
|
||||
param.condition_0_operand = MLX5_ASO_ALWAYS_TRUE;
|
||||
param.condition_1_operand = MLX5_ASO_ALWAYS_TRUE;
|
||||
if (in->mode == MLX5_MACSEC_EPN) {
|
||||
param.data_offset = MLX5_MACSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET;
|
||||
param.bitwise_data = BIT_ULL(54);
|
||||
param.data_mask = param.bitwise_data;
|
||||
}
|
||||
macsec_aso_build_wqe_ctrl_seg(aso, aso_ctrl, ¶m);
|
||||
}
|
||||
|
||||
static int macsec_aso_set_arm_event(struct mlx5_core_dev *mdev, struct mlx5e_macsec *macsec,
|
||||
struct mlx5e_macsec_aso_in *in)
|
||||
{
|
||||
struct mlx5e_macsec_aso *aso;
|
||||
struct mlx5_aso_wqe *aso_wqe;
|
||||
struct mlx5_aso *maso;
|
||||
int err;
|
||||
|
||||
aso = &macsec->aso;
|
||||
maso = aso->maso;
|
||||
|
||||
mutex_lock(&aso->aso_lock);
|
||||
aso_wqe = mlx5_aso_get_wqe(maso);
|
||||
mlx5_aso_build_wqe(maso, MLX5_MACSEC_ASO_DS_CNT, aso_wqe, in->obj_id,
|
||||
MLX5_ACCESS_ASO_OPC_MOD_MACSEC);
|
||||
macsec_aso_build_ctrl(aso, &aso_wqe->aso_ctrl, in);
|
||||
mlx5_aso_post_wqe(maso, false, &aso_wqe->ctrl);
|
||||
err = mlx5_aso_poll_cq(maso, false, 10);
|
||||
mutex_unlock(&aso->aso_lock);
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
static int macsec_aso_query(struct mlx5_core_dev *mdev, struct mlx5e_macsec *macsec,
|
||||
struct mlx5e_macsec_aso_in *in, struct mlx5e_macsec_aso_out *out)
|
||||
{
|
||||
struct mlx5e_macsec_aso *aso;
|
||||
struct mlx5_aso_wqe *aso_wqe;
|
||||
struct mlx5_aso *maso;
|
||||
int err;
|
||||
|
||||
aso = &macsec->aso;
|
||||
maso = aso->maso;
|
||||
|
||||
mutex_lock(&aso->aso_lock);
|
||||
|
||||
aso_wqe = mlx5_aso_get_wqe(maso);
|
||||
mlx5_aso_build_wqe(maso, MLX5_MACSEC_ASO_DS_CNT, aso_wqe, in->obj_id,
|
||||
MLX5_ACCESS_ASO_OPC_MOD_MACSEC);
|
||||
macsec_aso_build_wqe_ctrl_seg(aso, &aso_wqe->aso_ctrl, NULL);
|
||||
|
||||
mlx5_aso_post_wqe(maso, false, &aso_wqe->ctrl);
|
||||
err = mlx5_aso_poll_cq(maso, false, 10);
|
||||
if (err)
|
||||
goto err_out;
|
||||
|
||||
if (MLX5_GET(macsec_aso, aso->umr->ctx, epn_event_arm))
|
||||
out->event_arm |= MLX5E_ASO_EPN_ARM;
|
||||
|
||||
out->mode_param = MLX5_GET(macsec_aso, aso->umr->ctx, mode_parameter);
|
||||
|
||||
err_out:
|
||||
mutex_unlock(&aso->aso_lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
static struct mlx5e_macsec_sa *get_macsec_tx_sa_from_obj_id(const struct mlx5e_macsec *macsec,
|
||||
const u32 obj_id)
|
||||
{
|
||||
const struct list_head *device_list;
|
||||
struct mlx5e_macsec_sa *macsec_sa;
|
||||
struct mlx5e_macsec_device *iter;
|
||||
int i;
|
||||
|
||||
device_list = &macsec->macsec_device_list_head;
|
||||
|
||||
list_for_each_entry(iter, device_list, macsec_device_list_element) {
|
||||
for (i = 0; i < MACSEC_NUM_AN; ++i) {
|
||||
macsec_sa = iter->tx_sa[i];
|
||||
if (!macsec_sa || !macsec_sa->active)
|
||||
continue;
|
||||
if (macsec_sa->macsec_obj_id == obj_id)
|
||||
return macsec_sa;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static struct mlx5e_macsec_sa *get_macsec_rx_sa_from_obj_id(const struct mlx5e_macsec *macsec,
|
||||
const u32 obj_id)
|
||||
{
|
||||
const struct list_head *device_list, *sc_list;
|
||||
struct mlx5e_macsec_rx_sc *mlx5e_rx_sc;
|
||||
struct mlx5e_macsec_sa *macsec_sa;
|
||||
struct mlx5e_macsec_device *iter;
|
||||
int i;
|
||||
|
||||
device_list = &macsec->macsec_device_list_head;
|
||||
|
||||
list_for_each_entry(iter, device_list, macsec_device_list_element) {
|
||||
sc_list = &iter->macsec_rx_sc_list_head;
|
||||
list_for_each_entry(mlx5e_rx_sc, sc_list, rx_sc_list_element) {
|
||||
for (i = 0; i < MACSEC_NUM_AN; ++i) {
|
||||
macsec_sa = mlx5e_rx_sc->rx_sa[i];
|
||||
if (!macsec_sa || !macsec_sa->active)
|
||||
continue;
|
||||
if (macsec_sa->macsec_obj_id == obj_id)
|
||||
return macsec_sa;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void macsec_epn_update(struct mlx5e_macsec *macsec, struct mlx5_core_dev *mdev,
|
||||
struct mlx5e_macsec_sa *sa, u32 obj_id, u32 mode_param)
|
||||
{
|
||||
struct mlx5_macsec_obj_attrs attrs = {};
|
||||
struct mlx5e_macsec_aso_in in = {};
|
||||
|
||||
/* When the bottom of the replay protection window (mode_param) crosses 2^31 (half sequence
|
||||
* number wraparound) hence mode_param > MLX5_MACSEC_EPN_SCOPE_MID the SW should update the
|
||||
* esn_overlap to OLD (1).
|
||||
* When the bottom of the replay protection window (mode_param) crosses 2^32 (full sequence
|
||||
* number wraparound) hence mode_param < MLX5_MACSEC_EPN_SCOPE_MID since it did a
|
||||
* wraparound, the SW should update the esn_overlap to NEW (0), and increment the esn_msb.
|
||||
*/
|
||||
|
||||
if (mode_param < MLX5_MACSEC_EPN_SCOPE_MID) {
|
||||
sa->epn_state.epn_msb++;
|
||||
sa->epn_state.overlap = 0;
|
||||
} else {
|
||||
sa->epn_state.overlap = 1;
|
||||
}
|
||||
|
||||
macsec_build_accel_attrs(sa, &attrs);
|
||||
mlx5e_macsec_modify_obj(mdev, &attrs, obj_id);
|
||||
|
||||
/* Re-set EPN arm event */
|
||||
in.obj_id = obj_id;
|
||||
in.mode = MLX5_MACSEC_EPN;
|
||||
macsec_aso_set_arm_event(mdev, macsec, &in);
|
||||
}
|
||||
|
||||
static void macsec_async_event(struct work_struct *work)
|
||||
{
|
||||
struct mlx5e_macsec_async_work *async_work;
|
||||
struct mlx5e_macsec_aso_out out = {};
|
||||
struct mlx5e_macsec_aso_in in = {};
|
||||
struct mlx5e_macsec_sa *macsec_sa;
|
||||
struct mlx5e_macsec *macsec;
|
||||
struct mlx5_core_dev *mdev;
|
||||
u32 obj_id;
|
||||
|
||||
async_work = container_of(work, struct mlx5e_macsec_async_work, work);
|
||||
macsec = async_work->macsec;
|
||||
mdev = async_work->mdev;
|
||||
obj_id = async_work->obj_id;
|
||||
macsec_sa = get_macsec_tx_sa_from_obj_id(macsec, obj_id);
|
||||
if (!macsec_sa) {
|
||||
macsec_sa = get_macsec_rx_sa_from_obj_id(macsec, obj_id);
|
||||
if (!macsec_sa) {
|
||||
mlx5_core_dbg(mdev, "MACsec SA is not found (SA object id %d)\n", obj_id);
|
||||
goto out_async_work;
|
||||
}
|
||||
}
|
||||
|
||||
/* Query MACsec ASO context */
|
||||
in.obj_id = obj_id;
|
||||
macsec_aso_query(mdev, macsec, &in, &out);
|
||||
|
||||
/* EPN case */
|
||||
if (macsec_sa->epn_state.epn_enabled && !(out.event_arm & MLX5E_ASO_EPN_ARM))
|
||||
macsec_epn_update(macsec, mdev, macsec_sa, obj_id, out.mode_param);
|
||||
|
||||
out_async_work:
|
||||
kfree(async_work);
|
||||
}
|
||||
|
||||
static int macsec_obj_change_event(struct notifier_block *nb, unsigned long event, void *data)
|
||||
{
|
||||
struct mlx5e_macsec *macsec = container_of(nb, struct mlx5e_macsec, nb);
|
||||
struct mlx5e_macsec_async_work *async_work;
|
||||
struct mlx5_eqe_obj_change *obj_change;
|
||||
struct mlx5_eqe *eqe = data;
|
||||
u16 obj_type;
|
||||
u32 obj_id;
|
||||
|
||||
if (event != MLX5_EVENT_TYPE_OBJECT_CHANGE)
|
||||
return NOTIFY_DONE;
|
||||
|
||||
obj_change = &eqe->data.obj_change;
|
||||
obj_type = be16_to_cpu(obj_change->obj_type);
|
||||
obj_id = be32_to_cpu(obj_change->obj_id);
|
||||
|
||||
if (obj_type != MLX5_GENERAL_OBJECT_TYPES_MACSEC)
|
||||
return NOTIFY_DONE;
|
||||
|
||||
async_work = kzalloc(sizeof(*async_work), GFP_ATOMIC);
|
||||
if (!async_work)
|
||||
return NOTIFY_DONE;
|
||||
|
||||
async_work->macsec = macsec;
|
||||
async_work->mdev = macsec->mdev;
|
||||
async_work->obj_id = obj_id;
|
||||
|
||||
INIT_WORK(&async_work->work, macsec_async_event);
|
||||
|
||||
WARN_ON(!queue_work(macsec->wq, &async_work->work));
|
||||
|
||||
return NOTIFY_OK;
|
||||
}
|
||||
|
||||
static int mlx5e_macsec_aso_init(struct mlx5e_macsec_aso *aso, struct mlx5_core_dev *mdev)
|
||||
{
|
||||
struct mlx5_aso *maso;
|
||||
@ -1397,6 +1809,12 @@ int mlx5e_macsec_init(struct mlx5e_priv *priv)
|
||||
goto err_aso;
|
||||
}
|
||||
|
||||
macsec->wq = alloc_ordered_workqueue("mlx5e_macsec_%s", 0, priv->netdev->name);
|
||||
if (!macsec->wq) {
|
||||
err = -ENOMEM;
|
||||
goto err_wq;
|
||||
}
|
||||
|
||||
xa_init_flags(&macsec->sc_xarray, XA_FLAGS_ALLOC1);
|
||||
|
||||
priv->macsec = macsec;
|
||||
@ -1411,11 +1829,16 @@ int mlx5e_macsec_init(struct mlx5e_priv *priv)
|
||||
|
||||
macsec->macsec_fs = macsec_fs;
|
||||
|
||||
macsec->nb.notifier_call = macsec_obj_change_event;
|
||||
mlx5_notifier_register(mdev, &macsec->nb);
|
||||
|
||||
mlx5_core_dbg(mdev, "MACsec attached to netdevice\n");
|
||||
|
||||
return 0;
|
||||
|
||||
err_out:
|
||||
destroy_workqueue(macsec->wq);
|
||||
err_wq:
|
||||
mlx5e_macsec_aso_cleanup(&macsec->aso, priv->mdev);
|
||||
err_aso:
|
||||
rhashtable_destroy(&macsec->sci_hash);
|
||||
@ -1433,8 +1856,13 @@ void mlx5e_macsec_cleanup(struct mlx5e_priv *priv)
|
||||
if (!macsec)
|
||||
return;
|
||||
|
||||
mlx5_notifier_unregister(mdev, &macsec->nb);
|
||||
|
||||
mlx5e_macsec_fs_cleanup(macsec->macsec_fs);
|
||||
|
||||
/* Cleanup workqueue */
|
||||
destroy_workqueue(macsec->wq);
|
||||
|
||||
mlx5e_macsec_aso_cleanup(&macsec->aso, mdev);
|
||||
|
||||
priv->macsec = NULL;
|
||||
|
@ -66,7 +66,6 @@ static inline void mlx5e_macsec_offload_handle_rx_skb(struct net_device *netdev,
|
||||
struct mlx5_cqe64 *cqe)
|
||||
{}
|
||||
static inline bool mlx5e_is_macsec_device(const struct mlx5_core_dev *mdev) { return false; }
|
||||
|
||||
#endif /* CONFIG_MLX5_EN_MACSEC */
|
||||
|
||||
#endif /* __MLX5_ACCEL_EN_MACSEC_H__ */
|
||||
|
@ -575,6 +575,9 @@ static void gather_async_events_mask(struct mlx5_core_dev *dev, u64 mask[4])
|
||||
if (MLX5_CAP_GEN_MAX(dev, vhca_state))
|
||||
async_event_mask |= (1ull << MLX5_EVENT_TYPE_VHCA_STATE_CHANGE);
|
||||
|
||||
if (MLX5_CAP_MACSEC(dev, log_max_macsec_offload))
|
||||
async_event_mask |= (1ull << MLX5_EVENT_TYPE_OBJECT_CHANGE);
|
||||
|
||||
mask[0] = async_event_mask;
|
||||
|
||||
if (MLX5_CAP_GEN(dev, event_cap))
|
||||
|
@ -36,6 +36,7 @@ static struct mlx5_nb events_nbs_ref[] = {
|
||||
/* Events to be forwarded (as is) to mlx5 core interfaces (mlx5e/mlx5_ib) */
|
||||
{.nb.notifier_call = forward_event, .event_type = MLX5_EVENT_TYPE_PORT_CHANGE },
|
||||
{.nb.notifier_call = forward_event, .event_type = MLX5_EVENT_TYPE_GENERAL_EVENT },
|
||||
{.nb.notifier_call = forward_event, .event_type = MLX5_EVENT_TYPE_OBJECT_CHANGE },
|
||||
/* QP/WQ resource events to forward */
|
||||
{.nb.notifier_call = forward_event, .event_type = MLX5_EVENT_TYPE_DCT_DRAINED },
|
||||
{.nb.notifier_call = forward_event, .event_type = MLX5_EVENT_TYPE_PATH_MIG },
|
||||
@ -132,6 +133,8 @@ static const char *eqe_type_str(u8 type)
|
||||
return "MLX5_EVENT_TYPE_MONITOR_COUNTER";
|
||||
case MLX5_EVENT_TYPE_DEVICE_TRACER:
|
||||
return "MLX5_EVENT_TYPE_DEVICE_TRACER";
|
||||
case MLX5_EVENT_TYPE_OBJECT_CHANGE:
|
||||
return "MLX5_EVENT_TYPE_OBJECT_CHANGE";
|
||||
default:
|
||||
return "Unrecognized event";
|
||||
}
|
||||
|
@ -11,7 +11,9 @@
|
||||
(DIV_ROUND_UP(sizeof(struct mlx5_aso_wqe), MLX5_SEND_WQE_BB))
|
||||
#define MLX5_ASO_WQEBBS_DATA \
|
||||
(DIV_ROUND_UP(sizeof(struct mlx5_aso_wqe_data), MLX5_SEND_WQE_BB))
|
||||
#define ASO_CTRL_READ_EN BIT(0)
|
||||
#define MLX5_WQE_CTRL_WQE_OPC_MOD_SHIFT 24
|
||||
#define MLX5_MACSEC_ASO_DS_CNT (DIV_ROUND_UP(sizeof(struct mlx5_aso_wqe), MLX5_SEND_WQE_DS))
|
||||
|
||||
struct mlx5_wqe_aso_ctrl_seg {
|
||||
__be32 va_h;
|
||||
@ -70,6 +72,7 @@ enum {
|
||||
|
||||
enum {
|
||||
MLX5_ACCESS_ASO_OPC_MOD_FLOW_METER = 0x2,
|
||||
MLX5_ACCESS_ASO_OPC_MOD_MACSEC = 0x5,
|
||||
};
|
||||
|
||||
struct mlx5_aso;
|
||||
|
@ -325,6 +325,7 @@ enum mlx5_event {
|
||||
MLX5_EVENT_TYPE_WQ_INVAL_REQ_ERROR = 0x10,
|
||||
MLX5_EVENT_TYPE_WQ_ACCESS_ERROR = 0x11,
|
||||
MLX5_EVENT_TYPE_SRQ_CATAS_ERROR = 0x12,
|
||||
MLX5_EVENT_TYPE_OBJECT_CHANGE = 0x27,
|
||||
|
||||
MLX5_EVENT_TYPE_INTERNAL_ERROR = 0x08,
|
||||
MLX5_EVENT_TYPE_PORT_CHANGE = 0x09,
|
||||
@ -699,6 +700,12 @@ struct mlx5_eqe_temp_warning {
|
||||
__be64 sensor_warning_lsb;
|
||||
} __packed;
|
||||
|
||||
struct mlx5_eqe_obj_change {
|
||||
u8 rsvd0[2];
|
||||
__be16 obj_type;
|
||||
__be32 obj_id;
|
||||
} __packed;
|
||||
|
||||
#define SYNC_RST_STATE_MASK 0xf
|
||||
|
||||
enum sync_rst_state_type {
|
||||
@ -737,6 +744,7 @@ union ev_data {
|
||||
struct mlx5_eqe_xrq_err xrq_err;
|
||||
struct mlx5_eqe_sync_fw_update sync_fw_update;
|
||||
struct mlx5_eqe_vhca_state vhca_state;
|
||||
struct mlx5_eqe_obj_change obj_change;
|
||||
} __packed;
|
||||
|
||||
struct mlx5_eqe {
|
||||
|
Loading…
Reference in New Issue
Block a user