| // SPDX-License-Identifier: GPL-2.0-only |
| /* Copyright (C) 2020 Chelsio Communications. All rights reserved. */ |
| |
| #ifdef CONFIG_CHELSIO_TLS_DEVICE |
| #include <linux/highmem.h> |
| #include "chcr_ktls.h" |
| #include "clip_tbl.h" |
| |
| static int chcr_init_tcb_fields(struct chcr_ktls_info *tx_info); |
| /* |
| * chcr_ktls_save_keys: calculate and save crypto keys. |
| * @tx_info - driver specific tls info. |
| * @crypto_info - tls crypto information. |
| * @direction - TX/RX direction. |
| * return - SUCCESS/FAILURE. |
| */ |
| static int chcr_ktls_save_keys(struct chcr_ktls_info *tx_info, |
| struct tls_crypto_info *crypto_info, |
| enum tls_offload_ctx_dir direction) |
| { |
| int ck_size, key_ctx_size, mac_key_size, keylen, ghash_size, ret; |
| unsigned char ghash_h[TLS_CIPHER_AES_GCM_256_TAG_SIZE]; |
| struct tls12_crypto_info_aes_gcm_128 *info_128_gcm; |
| struct ktls_key_ctx *kctx = &tx_info->key_ctx; |
| struct crypto_cipher *cipher; |
| unsigned char *key, *salt; |
| |
| switch (crypto_info->cipher_type) { |
| case TLS_CIPHER_AES_GCM_128: |
| info_128_gcm = |
| (struct tls12_crypto_info_aes_gcm_128 *)crypto_info; |
| keylen = TLS_CIPHER_AES_GCM_128_KEY_SIZE; |
| ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_128; |
| tx_info->salt_size = TLS_CIPHER_AES_GCM_128_SALT_SIZE; |
| mac_key_size = CHCR_KEYCTX_MAC_KEY_SIZE_128; |
| tx_info->iv_size = TLS_CIPHER_AES_GCM_128_IV_SIZE; |
| tx_info->iv = be64_to_cpu(*(__be64 *)info_128_gcm->iv); |
| |
| ghash_size = TLS_CIPHER_AES_GCM_128_TAG_SIZE; |
| key = info_128_gcm->key; |
| salt = info_128_gcm->salt; |
| tx_info->record_no = *(u64 *)info_128_gcm->rec_seq; |
| |
| /* The SCMD fields used when encrypting a full TLS |
| * record. Its a one time calculation till the |
| * connection exists. |
| */ |
| tx_info->scmd0_seqno_numivs = |
| SCMD_SEQ_NO_CTRL_V(CHCR_SCMD_SEQ_NO_CTRL_64BIT) | |
| SCMD_CIPH_AUTH_SEQ_CTRL_F | |
| SCMD_PROTO_VERSION_V(CHCR_SCMD_PROTO_VERSION_TLS) | |
| SCMD_CIPH_MODE_V(CHCR_SCMD_CIPHER_MODE_AES_GCM) | |
| SCMD_AUTH_MODE_V(CHCR_SCMD_AUTH_MODE_GHASH) | |
| SCMD_IV_SIZE_V(TLS_CIPHER_AES_GCM_128_IV_SIZE >> 1) | |
| SCMD_NUM_IVS_V(1); |
| |
| /* keys will be sent inline. */ |
| tx_info->scmd0_ivgen_hdrlen = SCMD_KEY_CTX_INLINE_F; |
| |
| /* The SCMD fields used when encrypting a partial TLS |
| * record (no trailer and possibly a truncated payload). |
| */ |
| tx_info->scmd0_short_seqno_numivs = |
| SCMD_CIPH_AUTH_SEQ_CTRL_F | |
| SCMD_PROTO_VERSION_V(CHCR_SCMD_PROTO_VERSION_GENERIC) | |
| SCMD_CIPH_MODE_V(CHCR_SCMD_CIPHER_MODE_AES_CTR) | |
| SCMD_IV_SIZE_V(AES_BLOCK_LEN >> 1); |
| |
| tx_info->scmd0_short_ivgen_hdrlen = |
| tx_info->scmd0_ivgen_hdrlen | SCMD_AADIVDROP_F; |
| |
| break; |
| |
| default: |
| pr_err("GCM: cipher type 0x%x not supported\n", |
| crypto_info->cipher_type); |
| ret = -EINVAL; |
| goto out; |
| } |
| |
| key_ctx_size = CHCR_KTLS_KEY_CTX_LEN + |
| roundup(keylen, 16) + ghash_size; |
| /* Calculate the H = CIPH(K, 0 repeated 16 times). |
| * It will go in key context |
| */ |
| cipher = crypto_alloc_cipher("aes", 0, 0); |
| if (IS_ERR(cipher)) { |
| ret = -ENOMEM; |
| goto out; |
| } |
| |
| ret = crypto_cipher_setkey(cipher, key, keylen); |
| if (ret) |
| goto out1; |
| |
| memset(ghash_h, 0, ghash_size); |
| crypto_cipher_encrypt_one(cipher, ghash_h, ghash_h); |
| |
| /* fill the Key context */ |
| if (direction == TLS_OFFLOAD_CTX_DIR_TX) { |
| kctx->ctx_hdr = FILL_KEY_CTX_HDR(ck_size, |
| mac_key_size, |
| key_ctx_size >> 4); |
| } else { |
| ret = -EINVAL; |
| goto out1; |
| } |
| |
| memcpy(kctx->salt, salt, tx_info->salt_size); |
| memcpy(kctx->key, key, keylen); |
| memcpy(kctx->key + keylen, ghash_h, ghash_size); |
| tx_info->key_ctx_len = key_ctx_size; |
| |
| out1: |
| crypto_free_cipher(cipher); |
| out: |
| return ret; |
| } |
| |
| static int chcr_ktls_update_connection_state(struct chcr_ktls_info *tx_info, |
| int new_state) |
| { |
| /* This function can be called from both rx (interrupt context) and tx |
| * queue contexts. |
| */ |
| spin_lock_bh(&tx_info->lock); |
| switch (tx_info->connection_state) { |
| case KTLS_CONN_CLOSED: |
| tx_info->connection_state = new_state; |
| break; |
| |
| case KTLS_CONN_ACT_OPEN_REQ: |
| /* only go forward if state is greater than current state. */ |
| if (new_state <= tx_info->connection_state) |
| break; |
| /* update to the next state and also initialize TCB */ |
| tx_info->connection_state = new_state; |
| fallthrough; |
| case KTLS_CONN_ACT_OPEN_RPL: |
| /* if we are stuck in this state, means tcb init might not |
| * received by HW, try sending it again. |
| */ |
| if (!chcr_init_tcb_fields(tx_info)) |
| tx_info->connection_state = KTLS_CONN_SET_TCB_REQ; |
| break; |
| |
| case KTLS_CONN_SET_TCB_REQ: |
| /* only go forward if state is greater than current state. */ |
| if (new_state <= tx_info->connection_state) |
| break; |
| /* update to the next state and check if l2t_state is valid */ |
| tx_info->connection_state = new_state; |
| fallthrough; |
| case KTLS_CONN_SET_TCB_RPL: |
| /* Check if l2t state is valid, then move to ready state. */ |
| if (cxgb4_check_l2t_valid(tx_info->l2te)) { |
| tx_info->connection_state = KTLS_CONN_TX_READY; |
| atomic64_inc(&tx_info->adap->chcr_stats.ktls_tx_ctx); |
| } |
| break; |
| |
| case KTLS_CONN_TX_READY: |
| /* nothing to be done here */ |
| break; |
| |
| default: |
| pr_err("unknown KTLS connection state\n"); |
| break; |
| } |
| spin_unlock_bh(&tx_info->lock); |
| |
| return tx_info->connection_state; |
| } |
| /* |
| * chcr_ktls_act_open_req: creates TCB entry for ipv4 connection. |
| * @sk - tcp socket. |
| * @tx_info - driver specific tls info. |
| * @atid - connection active tid. |
| * return - send success/failure. |
| */ |
| static int chcr_ktls_act_open_req(struct sock *sk, |
| struct chcr_ktls_info *tx_info, |
| int atid) |
| { |
| struct inet_sock *inet = inet_sk(sk); |
| struct cpl_t6_act_open_req *cpl6; |
| struct cpl_act_open_req *cpl; |
| struct sk_buff *skb; |
| unsigned int len; |
| int qid_atid; |
| u64 options; |
| |
| len = sizeof(*cpl6); |
| skb = alloc_skb(len, GFP_KERNEL); |
| if (unlikely(!skb)) |
| return -ENOMEM; |
| /* mark it a control pkt */ |
| set_wr_txq(skb, CPL_PRIORITY_CONTROL, tx_info->port_id); |
| |
| cpl6 = __skb_put_zero(skb, len); |
| cpl = (struct cpl_act_open_req *)cpl6; |
| INIT_TP_WR(cpl6, 0); |
| qid_atid = TID_QID_V(tx_info->rx_qid) | |
| TID_TID_V(atid); |
| OPCODE_TID(cpl) = htonl(MK_OPCODE_TID(CPL_ACT_OPEN_REQ, qid_atid)); |
| cpl->local_port = inet->inet_sport; |
| cpl->peer_port = inet->inet_dport; |
| cpl->local_ip = inet->inet_rcv_saddr; |
| cpl->peer_ip = inet->inet_daddr; |
| |
| /* fill first 64 bit option field. */ |
| options = TCAM_BYPASS_F | ULP_MODE_V(ULP_MODE_NONE) | NON_OFFLOAD_F | |
| SMAC_SEL_V(tx_info->smt_idx) | TX_CHAN_V(tx_info->tx_chan); |
| cpl->opt0 = cpu_to_be64(options); |
| |
| /* next 64 bit option field. */ |
| options = |
| TX_QUEUE_V(tx_info->adap->params.tp.tx_modq[tx_info->tx_chan]); |
| cpl->opt2 = htonl(options); |
| |
| return cxgb4_l2t_send(tx_info->netdev, skb, tx_info->l2te); |
| } |
| |
| #if IS_ENABLED(CONFIG_IPV6) |
| /* |
| * chcr_ktls_act_open_req6: creates TCB entry for ipv6 connection. |
| * @sk - tcp socket. |
| * @tx_info - driver specific tls info. |
| * @atid - connection active tid. |
| * return - send success/failure. |
| */ |
| static int chcr_ktls_act_open_req6(struct sock *sk, |
| struct chcr_ktls_info *tx_info, |
| int atid) |
| { |
| struct inet_sock *inet = inet_sk(sk); |
| struct cpl_t6_act_open_req6 *cpl6; |
| struct cpl_act_open_req6 *cpl; |
| struct sk_buff *skb; |
| unsigned int len; |
| int qid_atid; |
| u64 options; |
| |
| len = sizeof(*cpl6); |
| skb = alloc_skb(len, GFP_KERNEL); |
| if (unlikely(!skb)) |
| return -ENOMEM; |
| /* mark it a control pkt */ |
| set_wr_txq(skb, CPL_PRIORITY_CONTROL, tx_info->port_id); |
| |
| cpl6 = __skb_put_zero(skb, len); |
| cpl = (struct cpl_act_open_req6 *)cpl6; |
| INIT_TP_WR(cpl6, 0); |
| qid_atid = TID_QID_V(tx_info->rx_qid) | TID_TID_V(atid); |
| OPCODE_TID(cpl) = htonl(MK_OPCODE_TID(CPL_ACT_OPEN_REQ6, qid_atid)); |
| cpl->local_port = inet->inet_sport; |
| cpl->peer_port = inet->inet_dport; |
| cpl->local_ip_hi = *(__be64 *)&sk->sk_v6_rcv_saddr.in6_u.u6_addr8[0]; |
| cpl->local_ip_lo = *(__be64 *)&sk->sk_v6_rcv_saddr.in6_u.u6_addr8[8]; |
| cpl->peer_ip_hi = *(__be64 *)&sk->sk_v6_daddr.in6_u.u6_addr8[0]; |
| cpl->peer_ip_lo = *(__be64 *)&sk->sk_v6_daddr.in6_u.u6_addr8[8]; |
| |
| /* first 64 bit option field. */ |
| options = TCAM_BYPASS_F | ULP_MODE_V(ULP_MODE_NONE) | NON_OFFLOAD_F | |
| SMAC_SEL_V(tx_info->smt_idx) | TX_CHAN_V(tx_info->tx_chan); |
| cpl->opt0 = cpu_to_be64(options); |
| /* next 64 bit option field. */ |
| options = |
| TX_QUEUE_V(tx_info->adap->params.tp.tx_modq[tx_info->tx_chan]); |
| cpl->opt2 = htonl(options); |
| |
| return cxgb4_l2t_send(tx_info->netdev, skb, tx_info->l2te); |
| } |
| #endif /* #if IS_ENABLED(CONFIG_IPV6) */ |
| |
| /* |
| * chcr_setup_connection: create a TCB entry so that TP will form tcp packets. |
| * @sk - tcp socket. |
| * @tx_info - driver specific tls info. |
| * return: NET_TX_OK/NET_XMIT_DROP |
| */ |
| static int chcr_setup_connection(struct sock *sk, |
| struct chcr_ktls_info *tx_info) |
| { |
| struct tid_info *t = &tx_info->adap->tids; |
| int atid, ret = 0; |
| |
| atid = cxgb4_alloc_atid(t, tx_info); |
| if (atid == -1) |
| return -EINVAL; |
| |
| tx_info->atid = atid; |
| tx_info->ip_family = sk->sk_family; |
| |
| if (sk->sk_family == AF_INET) { |
| tx_info->ip_family = AF_INET; |
| ret = chcr_ktls_act_open_req(sk, tx_info, atid); |
| #if IS_ENABLED(CONFIG_IPV6) |
| } else { |
| if (!sk->sk_ipv6only && |
| ipv6_addr_type(&sk->sk_v6_daddr) == IPV6_ADDR_MAPPED) { |
| tx_info->ip_family = AF_INET; |
| ret = chcr_ktls_act_open_req(sk, tx_info, atid); |
| } else { |
| tx_info->ip_family = AF_INET6; |
| ret = cxgb4_clip_get(tx_info->netdev, |
| (const u32 *) |
| &sk->sk_v6_rcv_saddr.s6_addr, |
| 1); |
| if (ret) |
| goto out; |
| ret = chcr_ktls_act_open_req6(sk, tx_info, atid); |
| } |
| #endif |
| } |
| |
| /* if return type is NET_XMIT_CN, msg will be sent but delayed, mark ret |
| * success, if any other return type clear atid and return that failure. |
| */ |
| if (ret) { |
| if (ret == NET_XMIT_CN) |
| ret = 0; |
| else |
| cxgb4_free_atid(t, atid); |
| goto out; |
| } |
| |
| /* update the connection state */ |
| chcr_ktls_update_connection_state(tx_info, KTLS_CONN_ACT_OPEN_REQ); |
| out: |
| return ret; |
| } |
| |
| /* |
| * chcr_set_tcb_field: update tcb fields. |
| * @tx_info - driver specific tls info. |
| * @word - TCB word. |
| * @mask - TCB word related mask. |
| * @val - TCB word related value. |
| * @no_reply - set 1 if not looking for TP response. |
| */ |
| static int chcr_set_tcb_field(struct chcr_ktls_info *tx_info, u16 word, |
| u64 mask, u64 val, int no_reply) |
| { |
| struct cpl_set_tcb_field *req; |
| struct sk_buff *skb; |
| |
| skb = alloc_skb(sizeof(struct cpl_set_tcb_field), GFP_ATOMIC); |
| if (!skb) |
| return -ENOMEM; |
| |
| req = (struct cpl_set_tcb_field *)__skb_put_zero(skb, sizeof(*req)); |
| INIT_TP_WR_CPL(req, CPL_SET_TCB_FIELD, tx_info->tid); |
| req->reply_ctrl = htons(QUEUENO_V(tx_info->rx_qid) | |
| NO_REPLY_V(no_reply)); |
| req->word_cookie = htons(TCB_WORD_V(word)); |
| req->mask = cpu_to_be64(mask); |
| req->val = cpu_to_be64(val); |
| |
| set_wr_txq(skb, CPL_PRIORITY_CONTROL, tx_info->port_id); |
| return cxgb4_ofld_send(tx_info->netdev, skb); |
| } |
| |
| /* |
| * chcr_ktls_mark_tcb_close: mark tcb state to CLOSE |
| * @tx_info - driver specific tls info. |
| * return: NET_TX_OK/NET_XMIT_DROP. |
| */ |
| static int chcr_ktls_mark_tcb_close(struct chcr_ktls_info *tx_info) |
| { |
| return chcr_set_tcb_field(tx_info, TCB_T_STATE_W, |
| TCB_T_STATE_V(TCB_T_STATE_M), |
| CHCR_TCB_STATE_CLOSED, 1); |
| } |
| |
| /* |
| * chcr_ktls_dev_del: call back for tls_dev_del. |
| * Remove the tid and l2t entry and close the connection. |
| * it per connection basis. |
| * @netdev - net device. |
| * @tls_cts - tls context. |
| * @direction - TX/RX crypto direction |
| */ |
| void chcr_ktls_dev_del(struct net_device *netdev, |
| struct tls_context *tls_ctx, |
| enum tls_offload_ctx_dir direction) |
| { |
| struct chcr_ktls_ofld_ctx_tx *tx_ctx = |
| chcr_get_ktls_tx_context(tls_ctx); |
| struct chcr_ktls_info *tx_info = tx_ctx->chcr_info; |
| struct sock *sk; |
| |
| if (!tx_info) |
| return; |
| sk = tx_info->sk; |
| |
| spin_lock(&tx_info->lock); |
| tx_info->connection_state = KTLS_CONN_CLOSED; |
| spin_unlock(&tx_info->lock); |
| |
| /* clear l2t entry */ |
| if (tx_info->l2te) |
| cxgb4_l2t_release(tx_info->l2te); |
| |
| #if IS_ENABLED(CONFIG_IPV6) |
| /* clear clip entry */ |
| if (tx_info->ip_family == AF_INET6) |
| cxgb4_clip_release(netdev, |
| (const u32 *)&sk->sk_v6_daddr.in6_u.u6_addr8, |
| 1); |
| #endif |
| |
| /* clear tid */ |
| if (tx_info->tid != -1) { |
| /* clear tcb state and then release tid */ |
| chcr_ktls_mark_tcb_close(tx_info); |
| cxgb4_remove_tid(&tx_info->adap->tids, tx_info->tx_chan, |
| tx_info->tid, tx_info->ip_family); |
| } |
| |
| atomic64_inc(&tx_info->adap->chcr_stats.ktls_tx_connection_close); |
| kvfree(tx_info); |
| tx_ctx->chcr_info = NULL; |
| /* release module refcount */ |
| module_put(THIS_MODULE); |
| } |
| |
| /* |
| * chcr_ktls_dev_add: call back for tls_dev_add. |
| * Create a tcb entry for TP. Also add l2t entry for the connection. And |
| * generate keys & save those keys locally. |
| * @netdev - net device. |
| * @tls_cts - tls context. |
| * @direction - TX/RX crypto direction |
| * return: SUCCESS/FAILURE. |
| */ |
| int chcr_ktls_dev_add(struct net_device *netdev, struct sock *sk, |
| enum tls_offload_ctx_dir direction, |
| struct tls_crypto_info *crypto_info, |
| u32 start_offload_tcp_sn) |
| { |
| struct tls_context *tls_ctx = tls_get_ctx(sk); |
| struct chcr_ktls_ofld_ctx_tx *tx_ctx; |
| struct chcr_ktls_info *tx_info; |
| struct dst_entry *dst; |
| struct adapter *adap; |
| struct port_info *pi; |
| struct neighbour *n; |
| u8 daaddr[16]; |
| int ret = -1; |
| |
| tx_ctx = chcr_get_ktls_tx_context(tls_ctx); |
| |
| pi = netdev_priv(netdev); |
| adap = pi->adapter; |
| if (direction == TLS_OFFLOAD_CTX_DIR_RX) { |
| pr_err("not expecting for RX direction\n"); |
| ret = -EINVAL; |
| goto out; |
| } |
| if (tx_ctx->chcr_info) { |
| ret = -EINVAL; |
| goto out; |
| } |
| |
| tx_info = kvzalloc(sizeof(*tx_info), GFP_KERNEL); |
| if (!tx_info) { |
| ret = -ENOMEM; |
| goto out; |
| } |
| |
| spin_lock_init(&tx_info->lock); |
| |
| /* clear connection state */ |
| spin_lock(&tx_info->lock); |
| tx_info->connection_state = KTLS_CONN_CLOSED; |
| spin_unlock(&tx_info->lock); |
| |
| tx_info->sk = sk; |
| /* initialize tid and atid to -1, 0 is a also a valid id. */ |
| tx_info->tid = -1; |
| tx_info->atid = -1; |
| |
| tx_info->adap = adap; |
| tx_info->netdev = netdev; |
| tx_info->first_qset = pi->first_qset; |
| tx_info->tx_chan = pi->tx_chan; |
| tx_info->smt_idx = pi->smt_idx; |
| tx_info->port_id = pi->port_id; |
| |
| tx_info->rx_qid = chcr_get_first_rx_qid(adap); |
| if (unlikely(tx_info->rx_qid < 0)) |
| goto out2; |
| |
| tx_info->prev_seq = start_offload_tcp_sn; |
| tx_info->tcp_start_seq_number = start_offload_tcp_sn; |
| |
| /* save crypto keys */ |
| ret = chcr_ktls_save_keys(tx_info, crypto_info, direction); |
| if (ret < 0) |
| goto out2; |
| |
| /* get peer ip */ |
| if (sk->sk_family == AF_INET) { |
| memcpy(daaddr, &sk->sk_daddr, 4); |
| #if IS_ENABLED(CONFIG_IPV6) |
| } else { |
| if (!sk->sk_ipv6only && |
| ipv6_addr_type(&sk->sk_v6_daddr) == IPV6_ADDR_MAPPED) |
| memcpy(daaddr, &sk->sk_daddr, 4); |
| else |
| memcpy(daaddr, sk->sk_v6_daddr.in6_u.u6_addr8, 16); |
| #endif |
| } |
| |
| /* get the l2t index */ |
| dst = sk_dst_get(sk); |
| if (!dst) { |
| pr_err("DST entry not found\n"); |
| goto out2; |
| } |
| n = dst_neigh_lookup(dst, daaddr); |
| if (!n || !n->dev) { |
| pr_err("neighbour not found\n"); |
| dst_release(dst); |
| goto out2; |
| } |
| tx_info->l2te = cxgb4_l2t_get(adap->l2t, n, n->dev, 0); |
| |
| neigh_release(n); |
| dst_release(dst); |
| |
| if (!tx_info->l2te) { |
| pr_err("l2t entry not found\n"); |
| goto out2; |
| } |
| |
| tx_ctx->chcr_info = tx_info; |
| |
| /* create a filter and call cxgb4_l2t_send to send the packet out, which |
| * will take care of updating l2t entry in hw if not already done. |
| */ |
| ret = chcr_setup_connection(sk, tx_info); |
| if (ret) |
| goto out2; |
| |
| /* Driver shouldn't be removed until any single connection exists */ |
| if (!try_module_get(THIS_MODULE)) { |
| ret = -EINVAL; |
| goto out2; |
| } |
| |
| atomic64_inc(&adap->chcr_stats.ktls_tx_connection_open); |
| return 0; |
| out2: |
| kvfree(tx_info); |
| out: |
| atomic64_inc(&adap->chcr_stats.ktls_tx_connection_fail); |
| return ret; |
| } |
| |
| /* |
| * chcr_init_tcb_fields: Initialize tcb fields to handle TCP seq number |
| * handling. |
| * @tx_info - driver specific tls info. |
| * return: NET_TX_OK/NET_XMIT_DROP |
| */ |
| static int chcr_init_tcb_fields(struct chcr_ktls_info *tx_info) |
| { |
| int ret = 0; |
| |
| /* set tcb in offload and bypass */ |
| ret = |
| chcr_set_tcb_field(tx_info, TCB_T_FLAGS_W, |
| TCB_T_FLAGS_V(TF_CORE_BYPASS_F | TF_NON_OFFLOAD_F), |
| TCB_T_FLAGS_V(TF_CORE_BYPASS_F), 1); |
| if (ret) |
| return ret; |
| /* reset snd_una and snd_next fields in tcb */ |
| ret = chcr_set_tcb_field(tx_info, TCB_SND_UNA_RAW_W, |
| TCB_SND_NXT_RAW_V(TCB_SND_NXT_RAW_M) | |
| TCB_SND_UNA_RAW_V(TCB_SND_UNA_RAW_M), |
| 0, 1); |
| if (ret) |
| return ret; |
| |
| /* reset send max */ |
| ret = chcr_set_tcb_field(tx_info, TCB_SND_MAX_RAW_W, |
| TCB_SND_MAX_RAW_V(TCB_SND_MAX_RAW_M), |
| 0, 1); |
| if (ret) |
| return ret; |
| |
| /* update l2t index and request for tp reply to confirm tcb is |
| * initialised to handle tx traffic. |
| */ |
| ret = chcr_set_tcb_field(tx_info, TCB_L2T_IX_W, |
| TCB_L2T_IX_V(TCB_L2T_IX_M), |
| TCB_L2T_IX_V(tx_info->l2te->idx), 0); |
| return ret; |
| } |
| |
| /* |
| * chcr_ktls_cpl_act_open_rpl: connection reply received from TP. |
| */ |
| int chcr_ktls_cpl_act_open_rpl(struct adapter *adap, unsigned char *input) |
| { |
| const struct cpl_act_open_rpl *p = (void *)input; |
| struct chcr_ktls_info *tx_info = NULL; |
| unsigned int atid, tid, status; |
| struct tid_info *t; |
| |
| tid = GET_TID(p); |
| status = AOPEN_STATUS_G(ntohl(p->atid_status)); |
| atid = TID_TID_G(AOPEN_ATID_G(ntohl(p->atid_status))); |
| |
| t = &adap->tids; |
| tx_info = lookup_atid(t, atid); |
| |
| if (!tx_info || tx_info->atid != atid) { |
| pr_err("tx_info or atid is not correct\n"); |
| return -1; |
| } |
| |
| if (!status) { |
| tx_info->tid = tid; |
| cxgb4_insert_tid(t, tx_info, tx_info->tid, tx_info->ip_family); |
| |
| cxgb4_free_atid(t, atid); |
| tx_info->atid = -1; |
| /* update the connection state */ |
| chcr_ktls_update_connection_state(tx_info, |
| KTLS_CONN_ACT_OPEN_RPL); |
| } |
| return 0; |
| } |
| |
| /* |
| * chcr_ktls_cpl_set_tcb_rpl: TCB reply received from TP. |
| */ |
| int chcr_ktls_cpl_set_tcb_rpl(struct adapter *adap, unsigned char *input) |
| { |
| const struct cpl_set_tcb_rpl *p = (void *)input; |
| struct chcr_ktls_info *tx_info = NULL; |
| struct tid_info *t; |
| u32 tid; |
| |
| tid = GET_TID(p); |
| |
| t = &adap->tids; |
| tx_info = lookup_tid(t, tid); |
| if (!tx_info || tx_info->tid != tid) { |
| pr_err("tx_info or atid is not correct\n"); |
| return -1; |
| } |
| /* update the connection state */ |
| chcr_ktls_update_connection_state(tx_info, KTLS_CONN_SET_TCB_RPL); |
| return 0; |
| } |
| |
| static void *__chcr_write_cpl_set_tcb_ulp(struct chcr_ktls_info *tx_info, |
| u32 tid, void *pos, u16 word, u64 mask, |
| u64 val, u32 reply) |
| { |
| struct cpl_set_tcb_field_core *cpl; |
| struct ulptx_idata *idata; |
| struct ulp_txpkt *txpkt; |
| |
| /* ULP_TXPKT */ |
| txpkt = pos; |
| txpkt->cmd_dest = htonl(ULPTX_CMD_V(ULP_TX_PKT) | ULP_TXPKT_DEST_V(0)); |
| txpkt->len = htonl(DIV_ROUND_UP(CHCR_SET_TCB_FIELD_LEN, 16)); |
| |
| /* ULPTX_IDATA sub-command */ |
| idata = (struct ulptx_idata *)(txpkt + 1); |
| idata->cmd_more = htonl(ULPTX_CMD_V(ULP_TX_SC_IMM)); |
| idata->len = htonl(sizeof(*cpl)); |
| pos = idata + 1; |
| |
| cpl = pos; |
| /* CPL_SET_TCB_FIELD */ |
| OPCODE_TID(cpl) = htonl(MK_OPCODE_TID(CPL_SET_TCB_FIELD, tid)); |
| cpl->reply_ctrl = htons(QUEUENO_V(tx_info->rx_qid) | |
| NO_REPLY_V(!reply)); |
| cpl->word_cookie = htons(TCB_WORD_V(word)); |
| cpl->mask = cpu_to_be64(mask); |
| cpl->val = cpu_to_be64(val); |
| |
| /* ULPTX_NOOP */ |
| idata = (struct ulptx_idata *)(cpl + 1); |
| idata->cmd_more = htonl(ULPTX_CMD_V(ULP_TX_SC_NOOP)); |
| idata->len = htonl(0); |
| pos = idata + 1; |
| |
| return pos; |
| } |
| |
| |
| /* |
| * chcr_write_cpl_set_tcb_ulp: update tcb values. |
| * TCB is responsible to create tcp headers, so all the related values |
| * should be correctly updated. |
| * @tx_info - driver specific tls info. |
| * @q - tx queue on which packet is going out. |
| * @tid - TCB identifier. |
| * @pos - current index where should we start writing. |
| * @word - TCB word. |
| * @mask - TCB word related mask. |
| * @val - TCB word related value. |
| * @reply - set 1 if looking for TP response. |
| * return - next position to write. |
| */ |
| static void *chcr_write_cpl_set_tcb_ulp(struct chcr_ktls_info *tx_info, |
| struct sge_eth_txq *q, u32 tid, |
| void *pos, u16 word, u64 mask, |
| u64 val, u32 reply) |
| { |
| int left = (void *)q->q.stat - pos; |
| |
| if (unlikely(left < CHCR_SET_TCB_FIELD_LEN)) { |
| if (!left) { |
| pos = q->q.desc; |
| } else { |
| u8 buf[48] = {0}; |
| |
| __chcr_write_cpl_set_tcb_ulp(tx_info, tid, buf, word, |
| mask, val, reply); |
| |
| return chcr_copy_to_txd(buf, &q->q, pos, |
| CHCR_SET_TCB_FIELD_LEN); |
| } |
| } |
| |
| pos = __chcr_write_cpl_set_tcb_ulp(tx_info, tid, pos, word, |
| mask, val, reply); |
| |
| /* check again if we are at the end of the queue */ |
| if (left == CHCR_SET_TCB_FIELD_LEN) |
| pos = q->q.desc; |
| |
| return pos; |
| } |
| |
| /* |
| * chcr_ktls_xmit_tcb_cpls: update tcb entry so that TP will create the header |
| * with updated values like tcp seq, ack, window etc. |
| * @tx_info - driver specific tls info. |
| * @q - TX queue. |
| * @tcp_seq |
| * @tcp_ack |
| * @tcp_win |
| * return: NETDEV_TX_BUSY/NET_TX_OK. |
| */ |
| static int chcr_ktls_xmit_tcb_cpls(struct chcr_ktls_info *tx_info, |
| struct sge_eth_txq *q, u64 tcp_seq, |
| u64 tcp_ack, u64 tcp_win) |
| { |
| bool first_wr = ((tx_info->prev_ack == 0) && (tx_info->prev_win == 0)); |
| u32 len, cpl = 0, ndesc, wr_len; |
| struct fw_ulptx_wr *wr; |
| int credits; |
| void *pos; |
| |
| wr_len = sizeof(*wr); |
| /* there can be max 4 cpls, check if we have enough credits */ |
| len = wr_len + 4 * roundup(CHCR_SET_TCB_FIELD_LEN, 16); |
| ndesc = DIV_ROUND_UP(len, 64); |
| |
| credits = chcr_txq_avail(&q->q) - ndesc; |
| if (unlikely(credits < 0)) { |
| chcr_eth_txq_stop(q); |
| return NETDEV_TX_BUSY; |
| } |
| |
| pos = &q->q.desc[q->q.pidx]; |
| /* make space for WR, we'll fill it later when we know all the cpls |
| * being sent out and have complete length. |
| */ |
| wr = pos; |
| pos += wr_len; |
| /* update tx_max if its a re-transmit or the first wr */ |
| if (first_wr || tcp_seq != tx_info->prev_seq) { |
| pos = chcr_write_cpl_set_tcb_ulp(tx_info, q, tx_info->tid, pos, |
| TCB_TX_MAX_W, |
| TCB_TX_MAX_V(TCB_TX_MAX_M), |
| TCB_TX_MAX_V(tcp_seq), 0); |
| cpl++; |
| } |
| /* reset snd una if it's a re-transmit pkt */ |
| if (tcp_seq != tx_info->prev_seq) { |
| /* reset snd_una */ |
| pos = chcr_write_cpl_set_tcb_ulp(tx_info, q, tx_info->tid, pos, |
| TCB_SND_UNA_RAW_W, |
| TCB_SND_UNA_RAW_V |
| (TCB_SND_UNA_RAW_M), |
| TCB_SND_UNA_RAW_V(0), 0); |
| atomic64_inc(&tx_info->adap->chcr_stats.ktls_tx_ooo); |
| cpl++; |
| } |
| /* update ack */ |
| if (first_wr || tx_info->prev_ack != tcp_ack) { |
| pos = chcr_write_cpl_set_tcb_ulp(tx_info, q, tx_info->tid, pos, |
| TCB_RCV_NXT_W, |
| TCB_RCV_NXT_V(TCB_RCV_NXT_M), |
| TCB_RCV_NXT_V(tcp_ack), 0); |
| tx_info->prev_ack = tcp_ack; |
| cpl++; |
| } |
| /* update receive window */ |
| if (first_wr || tx_info->prev_win != tcp_win) { |
| pos = chcr_write_cpl_set_tcb_ulp(tx_info, q, tx_info->tid, pos, |
| TCB_RCV_WND_W, |
| TCB_RCV_WND_V(TCB_RCV_WND_M), |
| TCB_RCV_WND_V(tcp_win), 0); |
| tx_info->prev_win = tcp_win; |
| cpl++; |
| } |
| |
| if (cpl) { |
| /* get the actual length */ |
| len = wr_len + cpl * roundup(CHCR_SET_TCB_FIELD_LEN, 16); |
| /* ULPTX wr */ |
| wr->op_to_compl = htonl(FW_WR_OP_V(FW_ULPTX_WR)); |
| wr->cookie = 0; |
| /* fill len in wr field */ |
| wr->flowid_len16 = htonl(FW_WR_LEN16_V(DIV_ROUND_UP(len, 16))); |
| |
| ndesc = DIV_ROUND_UP(len, 64); |
| chcr_txq_advance(&q->q, ndesc); |
| cxgb4_ring_tx_db(tx_info->adap, &q->q, ndesc); |
| } |
| return 0; |
| } |
| |
| /* |
| * chcr_ktls_skb_copy |
| * @nskb - new skb where the frags to be added. |
| * @skb - old skb from which frags will be copied. |
| */ |
| static void chcr_ktls_skb_copy(struct sk_buff *skb, struct sk_buff *nskb) |
| { |
| int i; |
| |
| for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { |
| skb_shinfo(nskb)->frags[i] = skb_shinfo(skb)->frags[i]; |
| __skb_frag_ref(&skb_shinfo(nskb)->frags[i]); |
| } |
| |
| skb_shinfo(nskb)->nr_frags = skb_shinfo(skb)->nr_frags; |
| nskb->len += skb->data_len; |
| nskb->data_len = skb->data_len; |
| nskb->truesize += skb->data_len; |
| } |
| |
| /* |
| * chcr_ktls_get_tx_flits |
| * returns number of flits to be sent out, it includes key context length, WR |
| * size and skb fragments. |
| */ |
| static unsigned int |
| chcr_ktls_get_tx_flits(const struct sk_buff *skb, unsigned int key_ctx_len) |
| { |
| return chcr_sgl_len(skb_shinfo(skb)->nr_frags) + |
| DIV_ROUND_UP(key_ctx_len + CHCR_KTLS_WR_SIZE, 8); |
| } |
| |
| /* |
| * chcr_ktls_check_tcp_options: To check if there is any TCP option availbale |
| * other than timestamp. |
| * @skb - skb contains partial record.. |
| * return: 1 / 0 |
| */ |
| static int |
| chcr_ktls_check_tcp_options(struct tcphdr *tcp) |
| { |
| int cnt, opt, optlen; |
| u_char *cp; |
| |
| cp = (u_char *)(tcp + 1); |
| cnt = (tcp->doff << 2) - sizeof(struct tcphdr); |
| for (; cnt > 0; cnt -= optlen, cp += optlen) { |
| opt = cp[0]; |
| if (opt == TCPOPT_EOL) |
| break; |
| if (opt == TCPOPT_NOP) { |
| optlen = 1; |
| } else { |
| if (cnt < 2) |
| break; |
| optlen = cp[1]; |
| if (optlen < 2 || optlen > cnt) |
| break; |
| } |
| switch (opt) { |
| case TCPOPT_NOP: |
| break; |
| default: |
| return 1; |
| } |
| } |
| return 0; |
| } |
| |
| /* |
| * chcr_ktls_write_tcp_options : TP can't send out all the options, we need to |
| * send out separately. |
| * @tx_info - driver specific tls info. |
| * @skb - skb contains partial record.. |
| * @q - TX queue. |
| * @tx_chan - channel number. |
| * return: NETDEV_TX_OK/NETDEV_TX_BUSY. |
| */ |
| static int |
| chcr_ktls_write_tcp_options(struct chcr_ktls_info *tx_info, struct sk_buff *skb, |
| struct sge_eth_txq *q, uint32_t tx_chan) |
| { |
| struct fw_eth_tx_pkt_wr *wr; |
| struct cpl_tx_pkt_core *cpl; |
| u32 ctrl, iplen, maclen; |
| #if IS_ENABLED(CONFIG_IPV6) |
| struct ipv6hdr *ip6; |
| #endif |
| unsigned int ndesc; |
| struct tcphdr *tcp; |
| int len16, pktlen; |
| struct iphdr *ip; |
| int credits; |
| u8 buf[150]; |
| void *pos; |
| |
| iplen = skb_network_header_len(skb); |
| maclen = skb_mac_header_len(skb); |
| |
| /* packet length = eth hdr len + ip hdr len + tcp hdr len |
| * (including options). |
| */ |
| pktlen = skb->len - skb->data_len; |
| |
| ctrl = sizeof(*cpl) + pktlen; |
| len16 = DIV_ROUND_UP(sizeof(*wr) + ctrl, 16); |
| /* check how many descriptors needed */ |
| ndesc = DIV_ROUND_UP(len16, 4); |
| |
| credits = chcr_txq_avail(&q->q) - ndesc; |
| if (unlikely(credits < 0)) { |
| chcr_eth_txq_stop(q); |
| return NETDEV_TX_BUSY; |
| } |
| |
| pos = &q->q.desc[q->q.pidx]; |
| wr = pos; |
| |
| /* Firmware work request header */ |
| wr->op_immdlen = htonl(FW_WR_OP_V(FW_ETH_TX_PKT_WR) | |
| FW_WR_IMMDLEN_V(ctrl)); |
| |
| wr->equiq_to_len16 = htonl(FW_WR_LEN16_V(len16)); |
| wr->r3 = 0; |
| |
| cpl = (void *)(wr + 1); |
| |
| /* CPL header */ |
| cpl->ctrl0 = htonl(TXPKT_OPCODE_V(CPL_TX_PKT) | TXPKT_INTF_V(tx_chan) | |
| TXPKT_PF_V(tx_info->adap->pf)); |
| cpl->pack = 0; |
| cpl->len = htons(pktlen); |
| /* checksum offload */ |
| cpl->ctrl1 = 0; |
| |
| pos = cpl + 1; |
| |
| memcpy(buf, skb->data, pktlen); |
| if (tx_info->ip_family == AF_INET) { |
| /* we need to correct ip header len */ |
| ip = (struct iphdr *)(buf + maclen); |
| ip->tot_len = htons(pktlen - maclen); |
| #if IS_ENABLED(CONFIG_IPV6) |
| } else { |
| ip6 = (struct ipv6hdr *)(buf + maclen); |
| ip6->payload_len = htons(pktlen - maclen - iplen); |
| #endif |
| } |
| /* now take care of the tcp header, if fin is not set then clear push |
| * bit as well, and if fin is set, it will be sent at the last so we |
| * need to update the tcp sequence number as per the last packet. |
| */ |
| tcp = (struct tcphdr *)(buf + maclen + iplen); |
| |
| if (!tcp->fin) |
| tcp->psh = 0; |
| else |
| tcp->seq = htonl(tx_info->prev_seq); |
| |
| chcr_copy_to_txd(buf, &q->q, pos, pktlen); |
| |
| chcr_txq_advance(&q->q, ndesc); |
| cxgb4_ring_tx_db(tx_info->adap, &q->q, ndesc); |
| return 0; |
| } |
| |
| /* chcr_ktls_skb_shift - Shifts request length paged data from skb to another. |
| * @tgt- buffer into which tail data gets added |
| * @skb- buffer from which the paged data comes from |
| * @shiftlen- shift up to this many bytes |
| */ |
| static int chcr_ktls_skb_shift(struct sk_buff *tgt, struct sk_buff *skb, |
| int shiftlen) |
| { |
| skb_frag_t *fragfrom, *fragto; |
| int from, to, todo; |
| |
| WARN_ON(shiftlen > skb->data_len); |
| |
| todo = shiftlen; |
| from = 0; |
| to = 0; |
| fragfrom = &skb_shinfo(skb)->frags[from]; |
| |
| while ((todo > 0) && (from < skb_shinfo(skb)->nr_frags)) { |
| fragfrom = &skb_shinfo(skb)->frags[from]; |
| fragto = &skb_shinfo(tgt)->frags[to]; |
| |
| if (todo >= skb_frag_size(fragfrom)) { |
| *fragto = *fragfrom; |
| todo -= skb_frag_size(fragfrom); |
| from++; |
| to++; |
| |
| } else { |
| __skb_frag_ref(fragfrom); |
| skb_frag_page_copy(fragto, fragfrom); |
| skb_frag_off_copy(fragto, fragfrom); |
| skb_frag_size_set(fragto, todo); |
| |
| skb_frag_off_add(fragfrom, todo); |
| skb_frag_size_sub(fragfrom, todo); |
| todo = 0; |
| |
| to++; |
| break; |
| } |
| } |
| |
| /* Ready to "commit" this state change to tgt */ |
| skb_shinfo(tgt)->nr_frags = to; |
| |
| /* Reposition in the original skb */ |
| to = 0; |
| while (from < skb_shinfo(skb)->nr_frags) |
| skb_shinfo(skb)->frags[to++] = skb_shinfo(skb)->frags[from++]; |
| |
| skb_shinfo(skb)->nr_frags = to; |
| |
| WARN_ON(todo > 0 && !skb_shinfo(skb)->nr_frags); |
| |
| skb->len -= shiftlen; |
| skb->data_len -= shiftlen; |
| skb->truesize -= shiftlen; |
| tgt->len += shiftlen; |
| tgt->data_len += shiftlen; |
| tgt->truesize += shiftlen; |
| |
| return shiftlen; |
| } |
| |
| /* |
| * chcr_ktls_xmit_wr_complete: This sends out the complete record. If an skb |
| * received has partial end part of the record, send out the complete record, so |
| * that crypto block will be able to generate TAG/HASH. |
| * @skb - segment which has complete or partial end part. |
| * @tx_info - driver specific tls info. |
| * @q - TX queue. |
| * @tcp_seq |
| * @tcp_push - tcp push bit. |
| * @mss - segment size. |
| * return: NETDEV_TX_BUSY/NET_TX_OK. |
| */ |
| static int chcr_ktls_xmit_wr_complete(struct sk_buff *skb, |
| struct chcr_ktls_info *tx_info, |
| struct sge_eth_txq *q, u32 tcp_seq, |
| bool tcp_push, u32 mss) |
| { |
| u32 len16, wr_mid = 0, flits = 0, ndesc, cipher_start; |
| struct adapter *adap = tx_info->adap; |
| int credits, left, last_desc; |
| struct tx_sw_desc *sgl_sdesc; |
| struct cpl_tx_data *tx_data; |
| struct cpl_tx_sec_pdu *cpl; |
| struct ulptx_idata *idata; |
| struct ulp_txpkt *ulptx; |
| struct fw_ulptx_wr *wr; |
| void *pos; |
| u64 *end; |
| |
| /* get the number of flits required */ |
| flits = chcr_ktls_get_tx_flits(skb, tx_info->key_ctx_len); |
| /* number of descriptors */ |
| ndesc = chcr_flits_to_desc(flits); |
| /* check if enough credits available */ |
| credits = chcr_txq_avail(&q->q) - ndesc; |
| if (unlikely(credits < 0)) { |
| chcr_eth_txq_stop(q); |
| return NETDEV_TX_BUSY; |
| } |
| |
| if (unlikely(credits < ETHTXQ_STOP_THRES)) { |
| /* Credits are below the threshold vaues, stop the queue after |
| * injecting the Work Request for this packet. |
| */ |
| chcr_eth_txq_stop(q); |
| wr_mid |= FW_WR_EQUEQ_F | FW_WR_EQUIQ_F; |
| } |
| |
| last_desc = q->q.pidx + ndesc - 1; |
| if (last_desc >= q->q.size) |
| last_desc -= q->q.size; |
| sgl_sdesc = &q->q.sdesc[last_desc]; |
| |
| if (unlikely(cxgb4_map_skb(adap->pdev_dev, skb, sgl_sdesc->addr) < 0)) { |
| memset(sgl_sdesc->addr, 0, sizeof(sgl_sdesc->addr)); |
| q->mapping_err++; |
| return NETDEV_TX_BUSY; |
| } |
| |
| pos = &q->q.desc[q->q.pidx]; |
| end = (u64 *)pos + flits; |
| /* FW_ULPTX_WR */ |
| wr = pos; |
| /* WR will need len16 */ |
| len16 = DIV_ROUND_UP(flits, 2); |
| wr->op_to_compl = htonl(FW_WR_OP_V(FW_ULPTX_WR)); |
| wr->flowid_len16 = htonl(wr_mid | FW_WR_LEN16_V(len16)); |
| wr->cookie = 0; |
| pos += sizeof(*wr); |
| /* ULP_TXPKT */ |
| ulptx = pos; |
| ulptx->cmd_dest = htonl(ULPTX_CMD_V(ULP_TX_PKT) | |
| ULP_TXPKT_CHANNELID_V(tx_info->port_id) | |
| ULP_TXPKT_FID_V(q->q.cntxt_id) | |
| ULP_TXPKT_RO_F); |
| ulptx->len = htonl(len16 - 1); |
| /* ULPTX_IDATA sub-command */ |
| idata = (struct ulptx_idata *)(ulptx + 1); |
| idata->cmd_more = htonl(ULPTX_CMD_V(ULP_TX_SC_IMM) | ULP_TX_SC_MORE_F); |
| /* idata length will include cpl_tx_sec_pdu + key context size + |
| * cpl_tx_data header. |
| */ |
| idata->len = htonl(sizeof(*cpl) + tx_info->key_ctx_len + |
| sizeof(*tx_data)); |
| /* SEC CPL */ |
| cpl = (struct cpl_tx_sec_pdu *)(idata + 1); |
| cpl->op_ivinsrtofst = |
| htonl(CPL_TX_SEC_PDU_OPCODE_V(CPL_TX_SEC_PDU) | |
| CPL_TX_SEC_PDU_CPLLEN_V(CHCR_CPL_TX_SEC_PDU_LEN_64BIT) | |
| CPL_TX_SEC_PDU_PLACEHOLDER_V(1) | |
| CPL_TX_SEC_PDU_IVINSRTOFST_V(TLS_HEADER_SIZE + 1)); |
| cpl->pldlen = htonl(skb->data_len); |
| |
| /* encryption should start after tls header size + iv size */ |
| cipher_start = TLS_HEADER_SIZE + tx_info->iv_size + 1; |
| |
| cpl->aadstart_cipherstop_hi = |
| htonl(CPL_TX_SEC_PDU_AADSTART_V(1) | |
| CPL_TX_SEC_PDU_AADSTOP_V(TLS_HEADER_SIZE) | |
| CPL_TX_SEC_PDU_CIPHERSTART_V(cipher_start)); |
| |
| /* authentication will also start after tls header + iv size */ |
| cpl->cipherstop_lo_authinsert = |
| htonl(CPL_TX_SEC_PDU_AUTHSTART_V(cipher_start) | |
| CPL_TX_SEC_PDU_AUTHSTOP_V(TLS_CIPHER_AES_GCM_128_TAG_SIZE) | |
| CPL_TX_SEC_PDU_AUTHINSERT_V(TLS_CIPHER_AES_GCM_128_TAG_SIZE)); |
| |
| /* These two flits are actually a CPL_TLS_TX_SCMD_FMT. */ |
| cpl->seqno_numivs = htonl(tx_info->scmd0_seqno_numivs); |
| cpl->ivgen_hdrlen = htonl(tx_info->scmd0_ivgen_hdrlen); |
| cpl->scmd1 = cpu_to_be64(tx_info->record_no); |
| |
| pos = cpl + 1; |
| /* check if space left to fill the keys */ |
| left = (void *)q->q.stat - pos; |
| if (!left) { |
| left = (void *)end - (void *)q->q.stat; |
| pos = q->q.desc; |
| end = pos + left; |
| } |
| |
| pos = chcr_copy_to_txd(&tx_info->key_ctx, &q->q, pos, |
| tx_info->key_ctx_len); |
| left = (void *)q->q.stat - pos; |
| |
| if (!left) { |
| left = (void *)end - (void *)q->q.stat; |
| pos = q->q.desc; |
| end = pos + left; |
| } |
| /* CPL_TX_DATA */ |
| tx_data = (void *)pos; |
| OPCODE_TID(tx_data) = htonl(MK_OPCODE_TID(CPL_TX_DATA, tx_info->tid)); |
| tx_data->len = htonl(TX_DATA_MSS_V(mss) | TX_LENGTH_V(skb->data_len)); |
| |
| tx_data->rsvd = htonl(tcp_seq); |
| |
| tx_data->flags = htonl(TX_BYPASS_F); |
| if (tcp_push) |
| tx_data->flags |= htonl(TX_PUSH_F | TX_SHOVE_F); |
| |
| /* check left again, it might go beyond queue limit */ |
| pos = tx_data + 1; |
| left = (void *)q->q.stat - pos; |
| |
| /* check the position again */ |
| if (!left) { |
| left = (void *)end - (void *)q->q.stat; |
| pos = q->q.desc; |
| end = pos + left; |
| } |
| |
| /* send the complete packet except the header */ |
| cxgb4_write_sgl(skb, &q->q, pos, end, skb->len - skb->data_len, |
| sgl_sdesc->addr); |
| sgl_sdesc->skb = skb; |
| |
| chcr_txq_advance(&q->q, ndesc); |
| cxgb4_ring_tx_db(adap, &q->q, ndesc); |
| atomic64_inc(&adap->chcr_stats.ktls_tx_send_records); |
| |
| return 0; |
| } |
| |
| /* |
| * chcr_ktls_xmit_wr_short: This is to send out partial records. If its |
| * a middle part of a record, fetch the prior data to make it 16 byte aligned |
| * and then only send it out. |
| * |
| * @skb - skb contains partial record.. |
| * @tx_info - driver specific tls info. |
| * @q - TX queue. |
| * @tcp_seq |
| * @tcp_push - tcp push bit. |
| * @mss - segment size. |
| * @tls_rec_offset - offset from start of the tls record. |
| * @perior_data - data before the current segment, required to make this record |
| * 16 byte aligned. |
| * @prior_data_len - prior_data length (less than 16) |
| * return: NETDEV_TX_BUSY/NET_TX_OK. |
| */ |
| static int chcr_ktls_xmit_wr_short(struct sk_buff *skb, |
| struct chcr_ktls_info *tx_info, |
| struct sge_eth_txq *q, |
| u32 tcp_seq, bool tcp_push, u32 mss, |
| u32 tls_rec_offset, u8 *prior_data, |
| u32 prior_data_len) |
| { |
| struct adapter *adap = tx_info->adap; |
| u32 len16, wr_mid = 0, cipher_start; |
| unsigned int flits = 0, ndesc; |
| int credits, left, last_desc; |
| struct tx_sw_desc *sgl_sdesc; |
| struct cpl_tx_data *tx_data; |
| struct cpl_tx_sec_pdu *cpl; |
| struct ulptx_idata *idata; |
| struct ulp_txpkt *ulptx; |
| struct fw_ulptx_wr *wr; |
| __be64 iv_record; |
| void *pos; |
| u64 *end; |
| |
| /* get the number of flits required, it's a partial record so 2 flits |
| * (AES_BLOCK_SIZE) will be added. |
| */ |
| flits = chcr_ktls_get_tx_flits(skb, tx_info->key_ctx_len) + 2; |
| /* get the correct 8 byte IV of this record */ |
| iv_record = cpu_to_be64(tx_info->iv + tx_info->record_no); |
| /* If it's a middle record and not 16 byte aligned to run AES CTR, need |
| * to make it 16 byte aligned. So atleadt 2 extra flits of immediate |
| * data will be added. |
| */ |
| if (prior_data_len) |
| flits += 2; |
| /* number of descriptors */ |
| ndesc = chcr_flits_to_desc(flits); |
| /* check if enough credits available */ |
| credits = chcr_txq_avail(&q->q) - ndesc; |
| if (unlikely(credits < 0)) { |
| chcr_eth_txq_stop(q); |
| return NETDEV_TX_BUSY; |
| } |
| |
| if (unlikely(credits < ETHTXQ_STOP_THRES)) { |
| chcr_eth_txq_stop(q); |
| wr_mid |= FW_WR_EQUEQ_F | FW_WR_EQUIQ_F; |
| } |
| |
| last_desc = q->q.pidx + ndesc - 1; |
| if (last_desc >= q->q.size) |
| last_desc -= q->q.size; |
| sgl_sdesc = &q->q.sdesc[last_desc]; |
| |
| if (unlikely(cxgb4_map_skb(adap->pdev_dev, skb, sgl_sdesc->addr) < 0)) { |
| memset(sgl_sdesc->addr, 0, sizeof(sgl_sdesc->addr)); |
| q->mapping_err++; |
| return NETDEV_TX_BUSY; |
| } |
| |
| pos = &q->q.desc[q->q.pidx]; |
| end = (u64 *)pos + flits; |
| /* FW_ULPTX_WR */ |
| wr = pos; |
| /* WR will need len16 */ |
| len16 = DIV_ROUND_UP(flits, 2); |
| wr->op_to_compl = htonl(FW_WR_OP_V(FW_ULPTX_WR)); |
| wr->flowid_len16 = htonl(wr_mid | FW_WR_LEN16_V(len16)); |
| wr->cookie = 0; |
| pos += sizeof(*wr); |
| /* ULP_TXPKT */ |
| ulptx = pos; |
| ulptx->cmd_dest = htonl(ULPTX_CMD_V(ULP_TX_PKT) | |
| ULP_TXPKT_CHANNELID_V(tx_info->port_id) | |
| ULP_TXPKT_FID_V(q->q.cntxt_id) | |
| ULP_TXPKT_RO_F); |
| ulptx->len = htonl(len16 - 1); |
| /* ULPTX_IDATA sub-command */ |
| idata = (struct ulptx_idata *)(ulptx + 1); |
| idata->cmd_more = htonl(ULPTX_CMD_V(ULP_TX_SC_IMM) | ULP_TX_SC_MORE_F); |
| /* idata length will include cpl_tx_sec_pdu + key context size + |
| * cpl_tx_data header. |
| */ |
| idata->len = htonl(sizeof(*cpl) + tx_info->key_ctx_len + |
| sizeof(*tx_data) + AES_BLOCK_LEN + prior_data_len); |
| /* SEC CPL */ |
| cpl = (struct cpl_tx_sec_pdu *)(idata + 1); |
| /* cipher start will have tls header + iv size extra if its a header |
| * part of tls record. else only 16 byte IV will be added. |
| */ |
| cipher_start = |
| AES_BLOCK_LEN + 1 + |
| (!tls_rec_offset ? TLS_HEADER_SIZE + tx_info->iv_size : 0); |
| |
| cpl->op_ivinsrtofst = |
| htonl(CPL_TX_SEC_PDU_OPCODE_V(CPL_TX_SEC_PDU) | |
| CPL_TX_SEC_PDU_CPLLEN_V(CHCR_CPL_TX_SEC_PDU_LEN_64BIT) | |
| CPL_TX_SEC_PDU_IVINSRTOFST_V(1)); |
| cpl->pldlen = htonl(skb->data_len + AES_BLOCK_LEN + prior_data_len); |
| cpl->aadstart_cipherstop_hi = |
| htonl(CPL_TX_SEC_PDU_CIPHERSTART_V(cipher_start)); |
| cpl->cipherstop_lo_authinsert = 0; |
| /* These two flits are actually a CPL_TLS_TX_SCMD_FMT. */ |
| cpl->seqno_numivs = htonl(tx_info->scmd0_short_seqno_numivs); |
| cpl->ivgen_hdrlen = htonl(tx_info->scmd0_short_ivgen_hdrlen); |
| cpl->scmd1 = 0; |
| |
| pos = cpl + 1; |
| /* check if space left to fill the keys */ |
| left = (void *)q->q.stat - pos; |
| if (!left) { |
| left = (void *)end - (void *)q->q.stat; |
| pos = q->q.desc; |
| end = pos + left; |
| } |
| |
| pos = chcr_copy_to_txd(&tx_info->key_ctx, &q->q, pos, |
| tx_info->key_ctx_len); |
| left = (void *)q->q.stat - pos; |
| |
| if (!left) { |
| left = (void *)end - (void *)q->q.stat; |
| pos = q->q.desc; |
| end = pos + left; |
| } |
| /* CPL_TX_DATA */ |
| tx_data = (void *)pos; |
| OPCODE_TID(tx_data) = htonl(MK_OPCODE_TID(CPL_TX_DATA, tx_info->tid)); |
| tx_data->len = htonl(TX_DATA_MSS_V(mss) | |
| TX_LENGTH_V(skb->data_len + prior_data_len)); |
| tx_data->rsvd = htonl(tcp_seq); |
| tx_data->flags = htonl(TX_BYPASS_F); |
| if (tcp_push) |
| tx_data->flags |= htonl(TX_PUSH_F | TX_SHOVE_F); |
| |
| /* check left again, it might go beyond queue limit */ |
| pos = tx_data + 1; |
| left = (void *)q->q.stat - pos; |
| |
| /* check the position again */ |
| if (!left) { |
| left = (void *)end - (void *)q->q.stat; |
| pos = q->q.desc; |
| end = pos + left; |
| } |
| /* copy the 16 byte IV for AES-CTR, which includes 4 bytes of salt, 8 |
| * bytes of actual IV and 4 bytes of 16 byte-sequence. |
| */ |
| memcpy(pos, tx_info->key_ctx.salt, tx_info->salt_size); |
| memcpy(pos + tx_info->salt_size, &iv_record, tx_info->iv_size); |
| *(__be32 *)(pos + tx_info->salt_size + tx_info->iv_size) = |
| htonl(2 + (tls_rec_offset ? ((tls_rec_offset - |
| (TLS_HEADER_SIZE + tx_info->iv_size)) / AES_BLOCK_LEN) : 0)); |
| |
| pos += 16; |
| /* Prior_data_len will always be less than 16 bytes, fill the |
| * prio_data_len after AES_CTRL_BLOCK and clear the remaining length |
| * to 0. |
| */ |
| if (prior_data_len) |
| pos = chcr_copy_to_txd(prior_data, &q->q, pos, 16); |
| /* send the complete packet except the header */ |
| cxgb4_write_sgl(skb, &q->q, pos, end, skb->len - skb->data_len, |
| sgl_sdesc->addr); |
| sgl_sdesc->skb = skb; |
| |
| chcr_txq_advance(&q->q, ndesc); |
| cxgb4_ring_tx_db(adap, &q->q, ndesc); |
| |
| return 0; |
| } |
| |
| /* |
| * chcr_ktls_tx_plaintxt: This handler will take care of the records which has |
| * only plain text (only tls header and iv) |
| * @tx_info - driver specific tls info. |
| * @skb - skb contains partial record.. |
| * @tcp_seq |
| * @mss - segment size. |
| * @tcp_push - tcp push bit. |
| * @q - TX queue. |
| * @port_id : port number |
| * @perior_data - data before the current segment, required to make this record |
| * 16 byte aligned. |
| * @prior_data_len - prior_data length (less than 16) |
| * return: NETDEV_TX_BUSY/NET_TX_OK. |
| */ |
| static int chcr_ktls_tx_plaintxt(struct chcr_ktls_info *tx_info, |
| struct sk_buff *skb, u32 tcp_seq, u32 mss, |
| bool tcp_push, struct sge_eth_txq *q, |
| u32 port_id, u8 *prior_data, |
| u32 prior_data_len) |
| { |
| int credits, left, len16, last_desc; |
| unsigned int flits = 0, ndesc; |
| struct tx_sw_desc *sgl_sdesc; |
| struct cpl_tx_data *tx_data; |
| struct ulptx_idata *idata; |
| struct ulp_txpkt *ulptx; |
| struct fw_ulptx_wr *wr; |
| u32 wr_mid = 0; |
| void *pos; |
| u64 *end; |
| |
| flits = DIV_ROUND_UP(CHCR_PLAIN_TX_DATA_LEN, 8); |
| flits += chcr_sgl_len(skb_shinfo(skb)->nr_frags); |
| if (prior_data_len) |
| flits += 2; |
| /* WR will need len16 */ |
| len16 = DIV_ROUND_UP(flits, 2); |
| /* check how many descriptors needed */ |
| ndesc = DIV_ROUND_UP(flits, 8); |
| |
| credits = chcr_txq_avail(&q->q) - ndesc; |
| if (unlikely(credits < 0)) { |
| chcr_eth_txq_stop(q); |
| return NETDEV_TX_BUSY; |
| } |
| |
| if (unlikely(credits < ETHTXQ_STOP_THRES)) { |
| chcr_eth_txq_stop(q); |
| wr_mid |= FW_WR_EQUEQ_F | FW_WR_EQUIQ_F; |
| } |
| |
| last_desc = q->q.pidx + ndesc - 1; |
| if (last_desc >= q->q.size) |
| last_desc -= q->q.size; |
| sgl_sdesc = &q->q.sdesc[last_desc]; |
| |
| if (unlikely(cxgb4_map_skb(tx_info->adap->pdev_dev, skb, |
| sgl_sdesc->addr) < 0)) { |
| memset(sgl_sdesc->addr, 0, sizeof(sgl_sdesc->addr)); |
| q->mapping_err++; |
| return NETDEV_TX_BUSY; |
| } |
| |
| pos = &q->q.desc[q->q.pidx]; |
| end = (u64 *)pos + flits; |
| /* FW_ULPTX_WR */ |
| wr = pos; |
| wr->op_to_compl = htonl(FW_WR_OP_V(FW_ULPTX_WR)); |
| wr->flowid_len16 = htonl(wr_mid | FW_WR_LEN16_V(len16)); |
| wr->cookie = 0; |
| pos += sizeof(*wr); |
| /* ULP_TXPKT */ |
| ulptx = (struct ulp_txpkt *)(wr + 1); |
| ulptx->cmd_dest = htonl(ULPTX_CMD_V(ULP_TX_PKT) | |
| ULP_TXPKT_DATAMODIFY_V(0) | |
| ULP_TXPKT_CHANNELID_V(tx_info->port_id) | |
| ULP_TXPKT_DEST_V(0) | |
| ULP_TXPKT_FID_V(q->q.cntxt_id) | ULP_TXPKT_RO_V(1)); |
| ulptx->len = htonl(len16 - 1); |
| /* ULPTX_IDATA sub-command */ |
| idata = (struct ulptx_idata *)(ulptx + 1); |
| idata->cmd_more = htonl(ULPTX_CMD_V(ULP_TX_SC_IMM) | ULP_TX_SC_MORE_F); |
| idata->len = htonl(sizeof(*tx_data) + prior_data_len); |
| /* CPL_TX_DATA */ |
| tx_data = (struct cpl_tx_data *)(idata + 1); |
| OPCODE_TID(tx_data) = htonl(MK_OPCODE_TID(CPL_TX_DATA, tx_info->tid)); |
| tx_data->len = htonl(TX_DATA_MSS_V(mss) | |
| TX_LENGTH_V(skb->data_len + prior_data_len)); |
| /* set tcp seq number */ |
| tx_data->rsvd = htonl(tcp_seq); |
| tx_data->flags = htonl(TX_BYPASS_F); |
| if (tcp_push) |
| tx_data->flags |= htonl(TX_PUSH_F | TX_SHOVE_F); |
| |
| pos = tx_data + 1; |
| /* apart from prior_data_len, we should set remaining part of 16 bytes |
| * to be zero. |
| */ |
| if (prior_data_len) |
| pos = chcr_copy_to_txd(prior_data, &q->q, pos, 16); |
| |
| /* check left again, it might go beyond queue limit */ |
| left = (void *)q->q.stat - pos; |
| |
| /* check the position again */ |
| if (!left) { |
| left = (void *)end - (void *)q->q.stat; |
| pos = q->q.desc; |
| end = pos + left; |
| } |
| /* send the complete packet including the header */ |
| cxgb4_write_sgl(skb, &q->q, pos, end, skb->len - skb->data_len, |
| sgl_sdesc->addr); |
| sgl_sdesc->skb = skb; |
| |
| chcr_txq_advance(&q->q, ndesc); |
| cxgb4_ring_tx_db(tx_info->adap, &q->q, ndesc); |
| return 0; |
| } |
| |
| /* |
| * chcr_ktls_copy_record_in_skb |
| * @nskb - new skb where the frags to be added. |
| * @record - specific record which has complete 16k record in frags. |
| */ |
| static void chcr_ktls_copy_record_in_skb(struct sk_buff *nskb, |
| struct tls_record_info *record) |
| { |
| int i = 0; |
| |
| for (i = 0; i < record->num_frags; i++) { |
| skb_shinfo(nskb)->frags[i] = record->frags[i]; |
| /* increase the frag ref count */ |
| __skb_frag_ref(&skb_shinfo(nskb)->frags[i]); |
| } |
| |
| skb_shinfo(nskb)->nr_frags = record->num_frags; |
| nskb->data_len = record->len; |
| nskb->len += record->len; |
| nskb->truesize += record->len; |
| } |
| |
| /* |
| * chcr_ktls_update_snd_una: Reset the SEND_UNA. It will be done to avoid |
| * sending the same segment again. It will discard the segment which is before |
| * the current tx max. |
| * @tx_info - driver specific tls info. |
| * @q - TX queue. |
| * return: NET_TX_OK/NET_XMIT_DROP. |
| */ |
| static int chcr_ktls_update_snd_una(struct chcr_ktls_info *tx_info, |
| struct sge_eth_txq *q) |
| { |
| struct fw_ulptx_wr *wr; |
| unsigned int ndesc; |
| int credits; |
| void *pos; |
| u32 len; |
| |
| len = sizeof(*wr) + roundup(CHCR_SET_TCB_FIELD_LEN, 16); |
| ndesc = DIV_ROUND_UP(len, 64); |
| |
| credits = chcr_txq_avail(&q->q) - ndesc; |
| if (unlikely(credits < 0)) { |
| chcr_eth_txq_stop(q); |
| return NETDEV_TX_BUSY; |
| } |
| |
| pos = &q->q.desc[q->q.pidx]; |
| |
| wr = pos; |
| /* ULPTX wr */ |
| wr->op_to_compl = htonl(FW_WR_OP_V(FW_ULPTX_WR)); |
| wr->cookie = 0; |
| /* fill len in wr field */ |
| wr->flowid_len16 = htonl(FW_WR_LEN16_V(DIV_ROUND_UP(len, 16))); |
| |
| pos += sizeof(*wr); |
| |
| pos = chcr_write_cpl_set_tcb_ulp(tx_info, q, tx_info->tid, pos, |
| TCB_SND_UNA_RAW_W, |
| TCB_SND_UNA_RAW_V(TCB_SND_UNA_RAW_M), |
| TCB_SND_UNA_RAW_V(0), 0); |
| |
| chcr_txq_advance(&q->q, ndesc); |
| cxgb4_ring_tx_db(tx_info->adap, &q->q, ndesc); |
| |
| return 0; |
| } |
| |
| /* |
| * chcr_end_part_handler: This handler will handle the record which |
| * is complete or if record's end part is received. T6 adapter has a issue that |
| * it can't send out TAG with partial record so if its an end part then we have |
| * to send TAG as well and for which we need to fetch the complete record and |
| * send it to crypto module. |
| * @tx_info - driver specific tls info. |
| * @skb - skb contains partial record. |
| * @record - complete record of 16K size. |
| * @tcp_seq |
| * @mss - segment size in which TP needs to chop a packet. |
| * @tcp_push_no_fin - tcp push if fin is not set. |
| * @q - TX queue. |
| * @tls_end_offset - offset from end of the record. |
| * @last wr : check if this is the last part of the skb going out. |
| * return: NETDEV_TX_OK/NETDEV_TX_BUSY. |
| */ |
| static int chcr_end_part_handler(struct chcr_ktls_info *tx_info, |
| struct sk_buff *skb, |
| struct tls_record_info *record, |
| u32 tcp_seq, int mss, bool tcp_push_no_fin, |
| struct sge_eth_txq *q, |
| u32 tls_end_offset, bool last_wr) |
| { |
| struct sk_buff *nskb = NULL; |
| /* check if it is a complete record */ |
| if (tls_end_offset == record->len) { |
| nskb = skb; |
| atomic64_inc(&tx_info->adap->chcr_stats.ktls_tx_complete_pkts); |
| } else { |
| dev_kfree_skb_any(skb); |
| |
| nskb = alloc_skb(0, GFP_KERNEL); |
| if (!nskb) |
| return NETDEV_TX_BUSY; |
| /* copy complete record in skb */ |
| chcr_ktls_copy_record_in_skb(nskb, record); |
| /* packet is being sent from the beginning, update the tcp_seq |
| * accordingly. |
| */ |
| tcp_seq = tls_record_start_seq(record); |
| /* reset snd una, so the middle record won't send the already |
| * sent part. |
| */ |
| if (chcr_ktls_update_snd_una(tx_info, q)) |
| goto out; |
| atomic64_inc(&tx_info->adap->chcr_stats.ktls_tx_end_pkts); |
| } |
| |
| if (chcr_ktls_xmit_wr_complete(nskb, tx_info, q, tcp_seq, |
| (last_wr && tcp_push_no_fin), |
| mss)) { |
| goto out; |
| } |
| return 0; |
| out: |
| dev_kfree_skb_any(nskb); |
| return NETDEV_TX_BUSY; |
| } |
| |
| /* |
| * chcr_short_record_handler: This handler will take care of the records which |
| * doesn't have end part (1st part or the middle part(/s) of a record). In such |
| * cases, AES CTR will be used in place of AES GCM to send out partial packet. |
| * This partial record might be the first part of the record, or the middle |
| * part. In case of middle record we should fetch the prior data to make it 16 |
| * byte aligned. If it has a partial tls header or iv then get to the start of |
| * tls header. And if it has partial TAG, then remove the complete TAG and send |
| * only the payload. |
| * There is one more possibility that it gets a partial header, send that |
| * portion as a plaintext. |
| * @tx_info - driver specific tls info. |
| * @skb - skb contains partial record.. |
| * @record - complete record of 16K size. |
| * @tcp_seq |
| * @mss - segment size in which TP needs to chop a packet. |
| * @tcp_push_no_fin - tcp push if fin is not set. |
| * @q - TX queue. |
| * @tls_end_offset - offset from end of the record. |
| * return: NETDEV_TX_OK/NETDEV_TX_BUSY. |
| */ |
| static int chcr_short_record_handler(struct chcr_ktls_info *tx_info, |
| struct sk_buff *skb, |
| struct tls_record_info *record, |
| u32 tcp_seq, int mss, bool tcp_push_no_fin, |
| struct sge_eth_txq *q, u32 tls_end_offset) |
| { |
| u32 tls_rec_offset = tcp_seq - tls_record_start_seq(record); |
| u8 prior_data[16] = {0}; |
| u32 prior_data_len = 0; |
| u32 data_len; |
| |
| /* check if the skb is ending in middle of tag/HASH, its a big |
| * trouble, send the packet before the HASH. |
| */ |
| int remaining_record = tls_end_offset - skb->data_len; |
| |
| if (remaining_record > 0 && |
| remaining_record < TLS_CIPHER_AES_GCM_128_TAG_SIZE) { |
| int trimmed_len = skb->data_len - |
| (TLS_CIPHER_AES_GCM_128_TAG_SIZE - remaining_record); |
| struct sk_buff *tmp_skb = NULL; |
| /* don't process the pkt if it is only a partial tag */ |
| if (skb->data_len < TLS_CIPHER_AES_GCM_128_TAG_SIZE) |
| goto out; |
| |
| WARN_ON(trimmed_len > skb->data_len); |
| |
| /* shift to those many bytes */ |
| tmp_skb = alloc_skb(0, GFP_KERNEL); |
| if (unlikely(!tmp_skb)) |
| goto out; |
| |
| chcr_ktls_skb_shift(tmp_skb, skb, trimmed_len); |
| /* free the last trimmed portion */ |
| dev_kfree_skb_any(skb); |
| skb = tmp_skb; |
| atomic64_inc(&tx_info->adap->chcr_stats.ktls_tx_trimmed_pkts); |
| } |
| data_len = skb->data_len; |
| /* check if the middle record's start point is 16 byte aligned. CTR |
| * needs 16 byte aligned start point to start encryption. |
| */ |
| if (tls_rec_offset) { |
| /* there is an offset from start, means its a middle record */ |
| int remaining = 0; |
| |
| if (tls_rec_offset < (TLS_HEADER_SIZE + tx_info->iv_size)) { |
| prior_data_len = tls_rec_offset; |
| tls_rec_offset = 0; |
| remaining = 0; |
| } else { |
| prior_data_len = |
| (tls_rec_offset - |
| (TLS_HEADER_SIZE + tx_info->iv_size)) |
| % AES_BLOCK_LEN; |
| remaining = tls_rec_offset - prior_data_len; |
| } |
| |
| /* if prior_data_len is not zero, means we need to fetch prior |
| * data to make this record 16 byte aligned, or we need to reach |
| * to start offset. |
| */ |
| if (prior_data_len) { |
| int i = 0; |
| u8 *data = NULL; |
| skb_frag_t *f; |
| u8 *vaddr; |
| int frag_size = 0, frag_delta = 0; |
| |
| while (remaining > 0) { |
| frag_size = skb_frag_size(&record->frags[i]); |
| if (remaining < frag_size) |
| break; |
| |
| remaining -= frag_size; |
| i++; |
| } |
| f = &record->frags[i]; |
| vaddr = kmap_atomic(skb_frag_page(f)); |
| |
| data = vaddr + skb_frag_off(f) + remaining; |
| frag_delta = skb_frag_size(f) - remaining; |
| |
| if (frag_delta >= prior_data_len) { |
| memcpy(prior_data, data, prior_data_len); |
| kunmap_atomic(vaddr); |
| } else { |
| memcpy(prior_data, data, frag_delta); |
| kunmap_atomic(vaddr); |
| /* get the next page */ |
| f = &record->frags[i + 1]; |
| vaddr = kmap_atomic(skb_frag_page(f)); |
| data = vaddr + skb_frag_off(f); |
| memcpy(prior_data + frag_delta, |
| data, (prior_data_len - frag_delta)); |
| kunmap_atomic(vaddr); |
| } |
| /* reset tcp_seq as per the prior_data_required len */ |
| tcp_seq -= prior_data_len; |
| /* include prio_data_len for further calculation. |
| */ |
| data_len += prior_data_len; |
| } |
| /* reset snd una, so the middle record won't send the already |
| * sent part. |
| */ |
| if (chcr_ktls_update_snd_una(tx_info, q)) |
| goto out; |
| atomic64_inc(&tx_info->adap->chcr_stats.ktls_tx_middle_pkts); |
| } else { |
| /* Else means, its a partial first part of the record. Check if |
| * its only the header, don't need to send for encryption then. |
| */ |
| if (data_len <= TLS_HEADER_SIZE + tx_info->iv_size) { |
| if (chcr_ktls_tx_plaintxt(tx_info, skb, tcp_seq, mss, |
| tcp_push_no_fin, q, |
| tx_info->port_id, |
| prior_data, |
| prior_data_len)) { |
| goto out; |
| } |
| return 0; |
| } |
| atomic64_inc(&tx_info->adap->chcr_stats.ktls_tx_start_pkts); |
| } |
| |
| if (chcr_ktls_xmit_wr_short(skb, tx_info, q, tcp_seq, tcp_push_no_fin, |
| mss, tls_rec_offset, prior_data, |
| prior_data_len)) { |
| goto out; |
| } |
| |
| return 0; |
| out: |
| dev_kfree_skb_any(skb); |
| return NETDEV_TX_BUSY; |
| } |
| |
| /* nic tls TX handler */ |
| int chcr_ktls_xmit(struct sk_buff *skb, struct net_device *dev) |
| { |
| struct chcr_ktls_ofld_ctx_tx *tx_ctx; |
| struct tcphdr *th = tcp_hdr(skb); |
| int data_len, qidx, ret = 0, mss; |
| struct tls_record_info *record; |
| struct chcr_stats_debug *stats; |
| struct chcr_ktls_info *tx_info; |
| u32 tls_end_offset, tcp_seq; |
| struct tls_context *tls_ctx; |
| struct sk_buff *local_skb; |
| int new_connection_state; |
| struct sge_eth_txq *q; |
| struct adapter *adap; |
| unsigned long flags; |
| |
| tcp_seq = ntohl(th->seq); |
| |
| mss = skb_is_gso(skb) ? skb_shinfo(skb)->gso_size : skb->data_len; |
| |
| /* check if we haven't set it for ktls offload */ |
| if (!skb->sk || !tls_is_sk_tx_device_offloaded(skb->sk)) |
| goto out; |
| |
| tls_ctx = tls_get_ctx(skb->sk); |
| if (unlikely(tls_ctx->netdev != dev)) |
| goto out; |
| |
| tx_ctx = chcr_get_ktls_tx_context(tls_ctx); |
| tx_info = tx_ctx->chcr_info; |
| |
| if (unlikely(!tx_info)) |
| goto out; |
| |
| /* check the connection state, we don't need to pass new connection |
| * state, state machine will check and update the new state if it is |
| * stuck due to responses not received from HW. |
| * Start the tx handling only if state is KTLS_CONN_TX_READY. |
| */ |
| new_connection_state = chcr_ktls_update_connection_state(tx_info, 0); |
| if (new_connection_state != KTLS_CONN_TX_READY) |
| goto out; |
| |
| /* don't touch the original skb, make a new skb to extract each records |
| * and send them separately. |
| */ |
| local_skb = alloc_skb(0, GFP_KERNEL); |
| |
| if (unlikely(!local_skb)) |
| return NETDEV_TX_BUSY; |
| |
| adap = tx_info->adap; |
| stats = &adap->chcr_stats; |
| |
| qidx = skb->queue_mapping; |
| q = &adap->sge.ethtxq[qidx + tx_info->first_qset]; |
| cxgb4_reclaim_completed_tx(adap, &q->q, true); |
| /* if tcp options are set but finish is not send the options first */ |
| if (!th->fin && chcr_ktls_check_tcp_options(th)) { |
| ret = chcr_ktls_write_tcp_options(tx_info, skb, q, |
| tx_info->tx_chan); |
| if (ret) |
| return NETDEV_TX_BUSY; |
| } |
| /* update tcb */ |
| ret = chcr_ktls_xmit_tcb_cpls(tx_info, q, ntohl(th->seq), |
| ntohl(th->ack_seq), |
| ntohs(th->window)); |
| if (ret) { |
| dev_kfree_skb_any(local_skb); |
| return NETDEV_TX_BUSY; |
| } |
| |
| /* copy skb contents into local skb */ |
| chcr_ktls_skb_copy(skb, local_skb); |
| |
| /* go through the skb and send only one record at a time. */ |
| data_len = skb->data_len; |
| /* TCP segments can be in received either complete or partial. |
| * chcr_end_part_handler will handle cases if complete record or end |
| * part of the record is received. Incase of partial end part of record, |
| * we will send the complete record again. |
| */ |
| |
| do { |
| int i; |
| |
| cxgb4_reclaim_completed_tx(adap, &q->q, true); |
| /* lock taken */ |
| spin_lock_irqsave(&tx_ctx->base.lock, flags); |
| /* fetch the tls record */ |
| record = tls_get_record(&tx_ctx->base, tcp_seq, |
| &tx_info->record_no); |
| /* By the time packet reached to us, ACK is received, and record |
| * won't be found in that case, handle it gracefully. |
| */ |
| if (unlikely(!record)) { |
| spin_unlock_irqrestore(&tx_ctx->base.lock, flags); |
| atomic64_inc(&stats->ktls_tx_drop_no_sync_data); |
| goto out; |
| } |
| |
| if (unlikely(tls_record_is_start_marker(record))) { |
| spin_unlock_irqrestore(&tx_ctx->base.lock, flags); |
| atomic64_inc(&stats->ktls_tx_skip_no_sync_data); |
| goto out; |
| } |
| |
| /* increase page reference count of the record, so that there |
| * won't be any chance of page free in middle if in case stack |
| * receives ACK and try to delete the record. |
| */ |
| for (i = 0; i < record->num_frags; i++) |
| __skb_frag_ref(&record->frags[i]); |
| /* lock cleared */ |
| spin_unlock_irqrestore(&tx_ctx->base.lock, flags); |
| |
| tls_end_offset = record->end_seq - tcp_seq; |
| |
| pr_debug("seq 0x%x, end_seq 0x%x prev_seq 0x%x, datalen 0x%x\n", |
| tcp_seq, record->end_seq, tx_info->prev_seq, data_len); |
| /* if a tls record is finishing in this SKB */ |
| if (tls_end_offset <= data_len) { |
| struct sk_buff *nskb = NULL; |
| |
| if (tls_end_offset < data_len) { |
| nskb = alloc_skb(0, GFP_KERNEL); |
| if (unlikely(!nskb)) { |
| ret = -ENOMEM; |
| goto clear_ref; |
| } |
| |
| chcr_ktls_skb_shift(nskb, local_skb, |
| tls_end_offset); |
| } else { |
| /* its the only record in this skb, directly |
| * point it. |
| */ |
| nskb = local_skb; |
| } |
| ret = chcr_end_part_handler(tx_info, nskb, record, |
| tcp_seq, mss, |
| (!th->fin && th->psh), q, |
| tls_end_offset, |
| (nskb == local_skb)); |
| |
| if (ret && nskb != local_skb) |
| dev_kfree_skb_any(local_skb); |
| |
| data_len -= tls_end_offset; |
| /* tcp_seq increment is required to handle next record. |
| */ |
| tcp_seq += tls_end_offset; |
| } else { |
| ret = chcr_short_record_handler(tx_info, local_skb, |
| record, tcp_seq, mss, |
| (!th->fin && th->psh), |
| q, tls_end_offset); |
| data_len = 0; |
| } |
| clear_ref: |
| /* clear the frag ref count which increased locally before */ |
| for (i = 0; i < record->num_frags; i++) { |
| /* clear the frag ref count */ |
| __skb_frag_unref(&record->frags[i]); |
| } |
| /* if any failure, come out from the loop. */ |
| if (ret) |
| goto out; |
| /* length should never be less than 0 */ |
| WARN_ON(data_len < 0); |
| |
| } while (data_len > 0); |
| |
| tx_info->prev_seq = ntohl(th->seq) + skb->data_len; |
| |
| atomic64_inc(&stats->ktls_tx_encrypted_packets); |
| atomic64_add(skb->data_len, &stats->ktls_tx_encrypted_bytes); |
| |
| /* tcp finish is set, send a separate tcp msg including all the options |
| * as well. |
| */ |
| if (th->fin) |
| chcr_ktls_write_tcp_options(tx_info, skb, q, tx_info->tx_chan); |
| |
| out: |
| dev_kfree_skb_any(skb); |
| return NETDEV_TX_OK; |
| } |
| #endif /* CONFIG_CHELSIO_TLS_DEVICE */ |