#
67f93079 |
| 25-Nov-2024 |
Gleb Smirnoff <glebius@FreeBSD.org> |
mlx5e tls: use non-sleeping malloc flag is it was intended
Reviewed by: gallatin Fixes: 81b38bce07940b7a4001dfeb8cd63774229ca950
|
#
0d38b0bc |
| 20-Nov-2024 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5en: fix the sign of mlx5e_tls_st_init() error, convert from Linux to BSD
Sponsored by: NVidia networking MFC after: 1 week
|
#
64bf5a43 |
| 23-Nov-2024 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5_en: style function prototype
Sponsored by: NVidia networking MFC after: 2 weeks
|
#
81b38bce |
| 23-Nov-2024 |
Andrew Gallatin <gallatin@FreeBSD.org> |
mlx5e tls: Ensure all allocated tags have a hw context associated
Ensure all allocated tags have a hardware context associated. The hardware context allocation is moved into the zone import routine,
mlx5e tls: Ensure all allocated tags have a hw context associated
Ensure all allocated tags have a hardware context associated. The hardware context allocation is moved into the zone import routine, as suggested by kib. This is safe because these zone allocations are always done in a sleepable context.
I have removed the now pointless num_resources tracking, and added sysctls / tunables to control UMA zone limits for these tls tags, as well as a tunable to let the driver pre-allocate tags at boot.
MFC after: 2 weeks
show more ...
|
#
49597c3e |
| 23-Oct-2024 |
Andrew Gallatin <gallatin@FreeBSD.org> |
mlx5e: Use M_WAITOK when allocating TLS tags
Now that it is clear we're in a sleepable context, use M_WAITOK when allocating TLS tags.
Suggested by: kib Sponsored by: Netflix
|
#
81dbc22c |
| 23-Oct-2024 |
Andrew Gallatin <gallatin@FreeBSD.org> |
mlx5e: Immediately initialize TLS send tags
Under massive connection thrashing (web server restarting), we see long periods where the web server blocks when enabling ktls offload when NIC ktls offlo
mlx5e: Immediately initialize TLS send tags
Under massive connection thrashing (web server restarting), we see long periods where the web server blocks when enabling ktls offload when NIC ktls offload is enabled.
It turns out the driver uses a single-threaded linux work queue to serialize the commands that must be sent to the nic to allocate and free tls resources. When freeing sessions, this work is handled asynchronously. However, when allocating sessions, the work is handled synchronously and the driver waits for the work to complete before returning. When under massive connection thrashing, the work queue is first filled by TLS sessions closing. Then when new sessions arrive, the web server enables kTLS and blocks while the tens or hundreds of thousands of sessions closes queued up are processed by the NIC.
Rather than using the work queue to open a TLS session on the NIC, switch to doing the open directly. This allows use to cut in front of all those sessions that are waiting to close, and minimize the amount of time the web server blocks. The risk is that the NIC may be out of resources because it has not processed all of those session frees. So if we fail to open a session directly, we fall back to using the work queue.
Differential Revision: https://reviews.freebsd.org/D47260 Sponsored by: Netflix Reviewed by: kib
show more ...
|
Revision tags: release/13.4.0 |
|
#
e23731db |
| 22-Jul-2024 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5en: add IPSEC_OFFLOAD support
Right now, only IPv4 transport mode, with aes-gcm ESP, is supported. Driver also cooperates with NAT-T, and obeys socket policies, which makes IKEd like StrongSwan
mlx5en: add IPSEC_OFFLOAD support
Right now, only IPv4 transport mode, with aes-gcm ESP, is supported. Driver also cooperates with NAT-T, and obeys socket policies, which makes IKEd like StrongSwan working.
Sponsored by: NVIDIA networking
show more ...
|
Revision tags: release/14.1.0, release/13.3.0, release/14.0.0 |
|
#
95ee2897 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: two-line .h pattern
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
Revision tags: release/13.2.0, release/12.4.0 |
|
#
5dc00f00 |
| 19-Sep-2022 |
Justin Hibbits <jhibbits@FreeBSD.org> |
Mechanically convert mlx5en(4) to IfAPI
Reviewed by: zlei Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D38595
|
Revision tags: release/13.1.0 |
|
#
015f22f5 |
| 17-Feb-2022 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
mlx5en: Fix TLS worker thread race.
Create a dedicated free state, in case the taskqueue worker is still pending, to avoid re-activation of a freed send tag.
MFC after: 1 week Sponsored by: NVIDIA
mlx5en: Fix TLS worker thread race.
Create a dedicated free state, in case the taskqueue worker is still pending, to avoid re-activation of a freed send tag.
MFC after: 1 week Sponsored by: NVIDIA Networking
show more ...
|
#
ebdb7006 |
| 17-Feb-2022 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
mlx5en: Improve RX- and TX- TLS refcounting.
Use the send tag refcounting mechanism to refcount the RX- and TX- TLS send tags. Then it is no longer needed to wait for refcounts to reach zero when de
mlx5en: Improve RX- and TX- TLS refcounting.
Use the send tag refcounting mechanism to refcount the RX- and TX- TLS send tags. Then it is no longer needed to wait for refcounts to reach zero when destroying RX- and TX- TLS send tags as a result of pending data or WQE commands.
This also ensures that when TX-TLS and rate limiting is used at the same time, the underlying SQ is not prematurely destroyed.
MFC after: 1 week Sponsored by: NVIDIA Networking
show more ...
|
#
235ed6a4 |
| 15-Feb-2022 |
Mark Johnston <markj@FreeBSD.org> |
mlx5e: Make TLS tag zones unmanaged
These zones are cache zones used to allocate TLS offload contexts from firmware. Releasing items from the cache is a sleepable operation due to the need to await
mlx5e: Make TLS tag zones unmanaged
These zones are cache zones used to allocate TLS offload contexts from firmware. Releasing items from the cache is a sleepable operation due to the need to await a response from the firmware command freeing the tag, so items cannot be reclaimed from the zone in non-sleepable contexts. Since the cache size is limited by firmware limits, avoid this by setting UMA_ZONE_UNMANAGED to avoid reclamation by uma_timeout() and the low memory handler.
Reviewed by: hselasky, kib MFC after: 3 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34142
show more ...
|
#
75767cb8 |
| 01-Feb-2022 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
mlx5en: Share DEK objects with TLS RX.
The TLS RX support also needs to be able to allocate DEK objects. Share the available objects 1:1.
MFC after: 1 week Sponsored by: NVIDIA Networking
|
Revision tags: release/12.3.0 |
|
#
0f7b6e11 |
| 15-Nov-2021 |
Konstantin Belousov <konstantinb@nvidia.com> |
mlx5en: Use a UMA cache zone for managing TLS send tags
Instead of allocating directly from a normal zone. This way import and release are guaranteed to process all allocated and then deallocated it
mlx5en: Use a UMA cache zone for managing TLS send tags
Instead of allocating directly from a normal zone. This way import and release are guaranteed to process all allocated and then deallocated items. Also, the release occurs in a sleepable context when caller of uma_zfree() or uma_zdestroy() can sleep itself.
MFC after: 1 week Sponsored by: NVIDIA Networking
show more ...
|
#
89918a23 |
| 14-Jun-2021 |
Konstantin Belousov <konstantinb@nvidia.com> |
mlx5en: idiomatic use of preprocessor, in particular paths
MFC after: 1 week Sponsored by: NVIDIA Networking
|
#
b984b956 |
| 14-Jun-2021 |
Konstantin Belousov <konstantinb@nvidia.com> |
mlx5en: normalize use of the opt_*.h files
MFC after: 1 week Sponsored by: NVIDIA Networking
|
#
c782ea8b |
| 14-Sep-2021 |
John Baldwin <jhb@FreeBSD.org> |
Add a switch structure for send tags.
Move the type and function pointers for operations on existing send tags (modify, query, next, free) out of 'struct ifnet' and into a new 'struct if_snd_tag_sw'
Add a switch structure for send tags.
Move the type and function pointers for operations on existing send tags (modify, query, next, free) out of 'struct ifnet' and into a new 'struct if_snd_tag_sw'. A pointer to this structure is added to the generic part of send tags and is initialized by m_snd_tag_init() (which now accepts a switch structure as a new argument in place of the type).
Previously, device driver ifnet methods switched on the type to call type-specific functions. Now, those type-specific functions are saved in the switch structure and invoked directly. In addition, this more gracefully permits multiple implementations of the same tag within a driver. In particular, NIC TLS for future Chelsio adapters will use a different implementation than the existing NIC TLS support for T6 adapters.
Reviewed by: gallatin, hselasky, kib (older version) Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D31572
show more ...
|
#
3a934ba7 |
| 16-Jun-2021 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
mlx5en: Wait for all TLS connections to terminate when unloading driver.
The driver expects all TLS tags to be returned to the driver before it can free the UMA zone where the TLS tags reside.
MFC
mlx5en: Wait for all TLS connections to terminate when unloading driver.
The driver expects all TLS tags to be returned to the driver before it can free the UMA zone where the TLS tags reside.
MFC after: 1 week Reviewed by: kib Sponsored by: Mellanox Technologies // NVIDIA Networking
show more ...
|
Revision tags: release/13.0.0 |
|
#
caf43971 |
| 24-Nov-2020 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Remove erradic assert after SVN r367149 in mlx5en(4).
The ratelimit tags may be shared, especially for unlimited TLS traffic, and then the refcount is allowed to be greater than one when freeing the
Remove erradic assert after SVN r367149 in mlx5en(4).
The ratelimit tags may be shared, especially for unlimited TLS traffic, and then the refcount is allowed to be greater than one when freeing the send tag.
MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
show more ...
|
#
b7d92a66 |
| 30-Oct-2020 |
John Baldwin <jhb@FreeBSD.org> |
Remove IF_SND_TAG_TYPE_TLS_RATE_LIMIT conditionals.
Support for TLS rate limit tags is now in the tree, so this macro is always defined.
Reviewed by: hselasky Sponsored by: Netflix Differential Rev
Remove IF_SND_TAG_TYPE_TLS_RATE_LIMIT conditionals.
Support for TLS rate limit tags is now in the tree, so this macro is always defined.
Reviewed by: hselasky Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D27020
show more ...
|
#
418b5444 |
| 30-Oct-2020 |
John Baldwin <jhb@FreeBSD.org> |
Fix a couple of silly bugs in r367149.
- Assign the TLS rate limit value to the correct member of the rl_params for the nested rate limit tag.
- Remove a dead condition.
Pointy hat to: jhb
|
#
36e0a362 |
| 30-Oct-2020 |
John Baldwin <jhb@FreeBSD.org> |
Add m_snd_tag_alloc() as a wrapper around if_snd_tag_alloc().
This gives a more uniform API for send tag life cycle management.
Reviewed by: gallatin, hselasky Sponsored by: Netflix Differential Re
Add m_snd_tag_alloc() as a wrapper around if_snd_tag_alloc().
This gives a more uniform API for send tag life cycle management.
Reviewed by: gallatin, hselasky Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D27000
show more ...
|
#
638000c0 |
| 29-Oct-2020 |
John Baldwin <jhb@FreeBSD.org> |
Use public interfaces to manage the nested rate limit send tag.
Each TLS send tag in mlx5 contains a nested rate limit send tag. Previously, the driver was calling internal functions to manage the n
Use public interfaces to manage the nested rate limit send tag.
Each TLS send tag in mlx5 contains a nested rate limit send tag. Previously, the driver was calling internal functions to manage the nested tag. Calling free methods directly instead of m_snd_tag_rele() leaked send tag references and references on the ifp. Changes to use the ifp methods for the nested tag for other methods are more cosmetic but do simplify the code.
Reviewed by: gallatin, hselasky Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D26996
show more ...
|
Revision tags: release/12.2.0 |
|
#
56fb710f |
| 06-Oct-2020 |
John Baldwin <jhb@FreeBSD.org> |
Store the send tag type in the common send tag header.
Both cxgbe(4) and mlx5(4) wrapped the existing send tag header with their own identical headers that stored the type that the type-specific tag
Store the send tag type in the common send tag header.
Both cxgbe(4) and mlx5(4) wrapped the existing send tag header with their own identical headers that stored the type that the type-specific tag structures inherited from, so in practice it seems drivers need this in the tag anyway. This permits removing these extra header indirections (struct cxgbe_snd_tag and struct mlx5e_snd_tag).
In addition, this permits driver-independent code to query the type of a tag, e.g. to know what type of tag is being queried via if_snd_query.
Reviewed by: gallatin, hselasky, np, kib Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D26689
show more ...
|
#
78ae1e6e |
| 01-Sep-2020 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Make hardware TLS send tag allocation synchronous in mlx5en(4).
Previously the send tag was setup in the background, and all packets for the given send tag were dropped until ready. Change this to b
Make hardware TLS send tag allocation synchronous in mlx5en(4).
Previously the send tag was setup in the background, and all packets for the given send tag were dropped until ready. Change this to be blocking behaviour so that once the setsocketopt() for enabling TLS completes, the socket is ready to send packets. Do this by simply flushing the work request which does the needed firmware programming during send tag allocation.
MFC after: 1 week Sponsored by: Mellanox Technologies // Nvidia
show more ...
|