History log of /freebsd/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c (Results 1 – 25 of 39)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 67f93079 25-Nov-2024 Gleb Smirnoff <glebius@FreeBSD.org>

mlx5e tls: use non-sleeping malloc flag is it was intended

Reviewed by: gallatin
Fixes: 81b38bce07940b7a4001dfeb8cd63774229ca950


# 0d38b0bc 20-Nov-2024 Konstantin Belousov <kib@FreeBSD.org>

mlx5en: fix the sign of mlx5e_tls_st_init() error, convert from Linux to BSD

Sponsored by: NVidia networking
MFC after: 1 week


# 64bf5a43 23-Nov-2024 Konstantin Belousov <kib@FreeBSD.org>

mlx5_en: style function prototype

Sponsored by: NVidia networking
MFC after: 2 weeks


# 81b38bce 23-Nov-2024 Andrew Gallatin <gallatin@FreeBSD.org>

mlx5e tls: Ensure all allocated tags have a hw context associated

Ensure all allocated tags have a hardware context associated.
The hardware context allocation is moved into the zone import
routine,

mlx5e tls: Ensure all allocated tags have a hw context associated

Ensure all allocated tags have a hardware context associated.
The hardware context allocation is moved into the zone import
routine, as suggested by kib. This is safe because these zone
allocations are always done in a sleepable context.

I have removed the now pointless num_resources tracking,
and added sysctls / tunables to control UMA zone limits
for these tls tags, as well as a tunable to let the
driver pre-allocate tags at boot.

MFC after: 2 weeks

show more ...


# 49597c3e 23-Oct-2024 Andrew Gallatin <gallatin@FreeBSD.org>

mlx5e: Use M_WAITOK when allocating TLS tags

Now that it is clear we're in a sleepable context, use
M_WAITOK when allocating TLS tags.

Suggested by: kib
Sponsored by: Netflix


# 81dbc22c 23-Oct-2024 Andrew Gallatin <gallatin@FreeBSD.org>

mlx5e: Immediately initialize TLS send tags

Under massive connection thrashing (web server restarting), we see
long periods where the web server blocks when enabling ktls offload
when NIC ktls offlo

mlx5e: Immediately initialize TLS send tags

Under massive connection thrashing (web server restarting), we see
long periods where the web server blocks when enabling ktls offload
when NIC ktls offload is enabled.

It turns out the driver uses a single-threaded linux work queue to
serialize the commands that must be sent to the nic to allocate and
free tls resources. When freeing sessions, this work is handled
asynchronously. However, when allocating sessions, the work is handled
synchronously and the driver waits for the work to complete before
returning. When under massive connection thrashing, the work queue is
first filled by TLS sessions closing. Then when new sessions arrive,
the web server enables kTLS and blocks while the tens or hundreds of
thousands of sessions closes queued up are processed by the NIC.

Rather than using the work queue to open a TLS session on the NIC,
switch to doing the open directly. This allows use to cut in front of
all those sessions that are waiting to close, and minimize the amount
of time the web server blocks. The risk is that the NIC may be out of
resources because it has not processed all of those session frees. So
if we fail to open a session directly, we fall back to using the work
queue.

Differential Revision: https://reviews.freebsd.org/D47260
Sponsored by: Netflix
Reviewed by: kib

show more ...


Revision tags: release/13.4.0
# e23731db 22-Jul-2024 Konstantin Belousov <kib@FreeBSD.org>

mlx5en: add IPSEC_OFFLOAD support

Right now, only IPv4 transport mode, with aes-gcm ESP, is supported.
Driver also cooperates with NAT-T, and obeys socket policies, which
makes IKEd like StrongSwan

mlx5en: add IPSEC_OFFLOAD support

Right now, only IPv4 transport mode, with aes-gcm ESP, is supported.
Driver also cooperates with NAT-T, and obeys socket policies, which
makes IKEd like StrongSwan working.

Sponsored by: NVIDIA networking

show more ...


Revision tags: release/14.1.0, release/13.3.0, release/14.0.0
# 95ee2897 16-Aug-2023 Warner Losh <imp@FreeBSD.org>

sys: Remove $FreeBSD$: two-line .h pattern

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/


Revision tags: release/13.2.0, release/12.4.0
# 5dc00f00 19-Sep-2022 Justin Hibbits <jhibbits@FreeBSD.org>

Mechanically convert mlx5en(4) to IfAPI

Reviewed by: zlei
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D38595


Revision tags: release/13.1.0
# 015f22f5 17-Feb-2022 Hans Petter Selasky <hselasky@FreeBSD.org>

mlx5en: Fix TLS worker thread race.

Create a dedicated free state, in case the taskqueue worker is still pending,
to avoid re-activation of a freed send tag.

MFC after: 1 week
Sponsored by: NVIDIA

mlx5en: Fix TLS worker thread race.

Create a dedicated free state, in case the taskqueue worker is still pending,
to avoid re-activation of a freed send tag.

MFC after: 1 week
Sponsored by: NVIDIA Networking

show more ...


# ebdb7006 17-Feb-2022 Hans Petter Selasky <hselasky@FreeBSD.org>

mlx5en: Improve RX- and TX- TLS refcounting.

Use the send tag refcounting mechanism to refcount the RX- and TX- TLS
send tags. Then it is no longer needed to wait for refcounts to reach
zero when de

mlx5en: Improve RX- and TX- TLS refcounting.

Use the send tag refcounting mechanism to refcount the RX- and TX- TLS
send tags. Then it is no longer needed to wait for refcounts to reach
zero when destroying RX- and TX- TLS send tags as a result of pending
data or WQE commands.

This also ensures that when TX-TLS and rate limiting is used at the same
time, the underlying SQ is not prematurely destroyed.

MFC after: 1 week
Sponsored by: NVIDIA Networking

show more ...


# 235ed6a4 15-Feb-2022 Mark Johnston <markj@FreeBSD.org>

mlx5e: Make TLS tag zones unmanaged

These zones are cache zones used to allocate TLS offload contexts from
firmware. Releasing items from the cache is a sleepable operation due
to the need to await

mlx5e: Make TLS tag zones unmanaged

These zones are cache zones used to allocate TLS offload contexts from
firmware. Releasing items from the cache is a sleepable operation due
to the need to await a response from the firmware command freeing the
tag, so items cannot be reclaimed from the zone in non-sleepable
contexts. Since the cache size is limited by firmware limits, avoid
this by setting UMA_ZONE_UNMANAGED to avoid reclamation by uma_timeout()
and the low memory handler.

Reviewed by: hselasky, kib
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34142

show more ...


# 75767cb8 01-Feb-2022 Hans Petter Selasky <hselasky@FreeBSD.org>

mlx5en: Share DEK objects with TLS RX.

The TLS RX support also needs to be able to allocate DEK objects.
Share the available objects 1:1.

MFC after: 1 week
Sponsored by: NVIDIA Networking


Revision tags: release/12.3.0
# 0f7b6e11 15-Nov-2021 Konstantin Belousov <konstantinb@nvidia.com>

mlx5en: Use a UMA cache zone for managing TLS send tags

Instead of allocating directly from a normal zone. This way
import and release are guaranteed to process all allocated and then
deallocated it

mlx5en: Use a UMA cache zone for managing TLS send tags

Instead of allocating directly from a normal zone. This way
import and release are guaranteed to process all allocated and then
deallocated items. Also, the release occurs in a sleepable context when
caller of uma_zfree() or uma_zdestroy() can sleep itself.

MFC after: 1 week
Sponsored by: NVIDIA Networking

show more ...


# 89918a23 14-Jun-2021 Konstantin Belousov <konstantinb@nvidia.com>

mlx5en: idiomatic use of preprocessor, in particular paths

MFC after: 1 week
Sponsored by: NVIDIA Networking


# b984b956 14-Jun-2021 Konstantin Belousov <konstantinb@nvidia.com>

mlx5en: normalize use of the opt_*.h files

MFC after: 1 week
Sponsored by: NVIDIA Networking


# c782ea8b 14-Sep-2021 John Baldwin <jhb@FreeBSD.org>

Add a switch structure for send tags.

Move the type and function pointers for operations on existing send
tags (modify, query, next, free) out of 'struct ifnet' and into a new
'struct if_snd_tag_sw'

Add a switch structure for send tags.

Move the type and function pointers for operations on existing send
tags (modify, query, next, free) out of 'struct ifnet' and into a new
'struct if_snd_tag_sw'. A pointer to this structure is added to the
generic part of send tags and is initialized by m_snd_tag_init()
(which now accepts a switch structure as a new argument in place of
the type).

Previously, device driver ifnet methods switched on the type to call
type-specific functions. Now, those type-specific functions are saved
in the switch structure and invoked directly. In addition, this more
gracefully permits multiple implementations of the same tag within a
driver. In particular, NIC TLS for future Chelsio adapters will use a
different implementation than the existing NIC TLS support for T6
adapters.

Reviewed by: gallatin, hselasky, kib (older version)
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D31572

show more ...


# 3a934ba7 16-Jun-2021 Hans Petter Selasky <hselasky@FreeBSD.org>

mlx5en: Wait for all TLS connections to terminate when unloading driver.

The driver expects all TLS tags to be returned to the driver before
it can free the UMA zone where the TLS tags reside.

MFC

mlx5en: Wait for all TLS connections to terminate when unloading driver.

The driver expects all TLS tags to be returned to the driver before
it can free the UMA zone where the TLS tags reside.

MFC after: 1 week
Reviewed by: kib
Sponsored by: Mellanox Technologies // NVIDIA Networking

show more ...


Revision tags: release/13.0.0
# caf43971 24-Nov-2020 Hans Petter Selasky <hselasky@FreeBSD.org>

Remove erradic assert after SVN r367149 in mlx5en(4).

The ratelimit tags may be shared, especially for unlimited TLS
traffic, and then the refcount is allowed to be greater than one
when freeing the

Remove erradic assert after SVN r367149 in mlx5en(4).

The ratelimit tags may be shared, especially for unlimited TLS
traffic, and then the refcount is allowed to be greater than one
when freeing the send tag.

MFC after: 1 week
Sponsored by: Mellanox Technologies // NVIDIA Networking

show more ...


# b7d92a66 30-Oct-2020 John Baldwin <jhb@FreeBSD.org>

Remove IF_SND_TAG_TYPE_TLS_RATE_LIMIT conditionals.

Support for TLS rate limit tags is now in the tree, so this macro is
always defined.

Reviewed by: hselasky
Sponsored by: Netflix
Differential Rev

Remove IF_SND_TAG_TYPE_TLS_RATE_LIMIT conditionals.

Support for TLS rate limit tags is now in the tree, so this macro is
always defined.

Reviewed by: hselasky
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D27020

show more ...


# 418b5444 30-Oct-2020 John Baldwin <jhb@FreeBSD.org>

Fix a couple of silly bugs in r367149.

- Assign the TLS rate limit value to the correct member of the
rl_params for the nested rate limit tag.

- Remove a dead condition.

Pointy hat to: jhb


# 36e0a362 30-Oct-2020 John Baldwin <jhb@FreeBSD.org>

Add m_snd_tag_alloc() as a wrapper around if_snd_tag_alloc().

This gives a more uniform API for send tag life cycle management.

Reviewed by: gallatin, hselasky
Sponsored by: Netflix
Differential Re

Add m_snd_tag_alloc() as a wrapper around if_snd_tag_alloc().

This gives a more uniform API for send tag life cycle management.

Reviewed by: gallatin, hselasky
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D27000

show more ...


# 638000c0 29-Oct-2020 John Baldwin <jhb@FreeBSD.org>

Use public interfaces to manage the nested rate limit send tag.

Each TLS send tag in mlx5 contains a nested rate limit send tag.
Previously, the driver was calling internal functions to manage the
n

Use public interfaces to manage the nested rate limit send tag.

Each TLS send tag in mlx5 contains a nested rate limit send tag.
Previously, the driver was calling internal functions to manage the
nested tag. Calling free methods directly instead of m_snd_tag_rele()
leaked send tag references and references on the ifp. Changes to use
the ifp methods for the nested tag for other methods are more cosmetic
but do simplify the code.

Reviewed by: gallatin, hselasky
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D26996

show more ...


Revision tags: release/12.2.0
# 56fb710f 06-Oct-2020 John Baldwin <jhb@FreeBSD.org>

Store the send tag type in the common send tag header.

Both cxgbe(4) and mlx5(4) wrapped the existing send tag header with
their own identical headers that stored the type that the
type-specific tag

Store the send tag type in the common send tag header.

Both cxgbe(4) and mlx5(4) wrapped the existing send tag header with
their own identical headers that stored the type that the
type-specific tag structures inherited from, so in practice it seems
drivers need this in the tag anyway. This permits removing these
extra header indirections (struct cxgbe_snd_tag and struct
mlx5e_snd_tag).

In addition, this permits driver-independent code to query the type of
a tag, e.g. to know what type of tag is being queried via
if_snd_query.

Reviewed by: gallatin, hselasky, np, kib
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D26689

show more ...


# 78ae1e6e 01-Sep-2020 Hans Petter Selasky <hselasky@FreeBSD.org>

Make hardware TLS send tag allocation synchronous in mlx5en(4).

Previously the send tag was setup in the background, and all packets for
the given send tag were dropped until ready. Change this to b

Make hardware TLS send tag allocation synchronous in mlx5en(4).

Previously the send tag was setup in the background, and all packets for
the given send tag were dropped until ready. Change this to be blocking
behaviour so that once the setsocketopt() for enabling TLS completes,
the socket is ready to send packets. Do this by simply flushing the
work request which does the needed firmware programming during send
tag allocation.

MFC after: 1 week
Sponsored by: Mellanox Technologies // Nvidia

show more ...


12