xref: /freebsd/sys/dev/cxgbe/tom/t4_tls.c (revision 6966ac055c3b7a39266fb982493330df7a097997)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2017-2018 Chelsio Communications, Inc.
5  * All rights reserved.
6  * Written by: John Baldwin <jhb@FreeBSD.org>
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #include "opt_inet.h"
31 #include "opt_kern_tls.h"
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #include <sys/param.h>
37 #include <sys/ktr.h>
38 #ifdef KERN_TLS
39 #include <sys/ktls.h>
40 #endif
41 #include <sys/sglist.h>
42 #include <sys/socket.h>
43 #include <sys/socketvar.h>
44 #include <sys/systm.h>
45 #include <netinet/in.h>
46 #include <netinet/in_pcb.h>
47 #include <netinet/tcp_var.h>
48 #include <netinet/toecore.h>
49 #ifdef KERN_TLS
50 #include <opencrypto/cryptodev.h>
51 #include <opencrypto/xform.h>
52 #endif
53 
54 #ifdef TCP_OFFLOAD
55 #include "common/common.h"
56 #include "common/t4_tcb.h"
57 #include "crypto/t4_crypto.h"
58 #include "tom/t4_tom_l2t.h"
59 #include "tom/t4_tom.h"
60 
61 /*
62  * The TCP sequence number of a CPL_TLS_DATA mbuf is saved here while
63  * the mbuf is in the ulp_pdu_reclaimq.
64  */
65 #define	tls_tcp_seq	PH_loc.thirtytwo[0]
66 
67 /*
68  * Handshake lock used for the handshake timer.  Having a global lock
69  * is perhaps not ideal, but it avoids having to use callout_drain()
70  * in tls_uninit_toep() which can't block.  Also, the timer shouldn't
71  * actually fire for most connections.
72  */
73 static struct mtx tls_handshake_lock;
74 
75 static void
76 t4_set_tls_tcb_field(struct toepcb *toep, uint16_t word, uint64_t mask,
77     uint64_t val)
78 {
79 	struct adapter *sc = td_adapter(toep->td);
80 
81 	t4_set_tcb_field(sc, toep->ofld_txq, toep, word, mask, val, 0, 0);
82 }
83 
84 /* TLS and DTLS common routines */
85 bool
86 can_tls_offload(struct adapter *sc)
87 {
88 
89 	return (sc->tt.tls && sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS);
90 }
91 
92 int
93 tls_tx_key(struct toepcb *toep)
94 {
95 	struct tls_ofld_info *tls_ofld = &toep->tls;
96 
97 	return (tls_ofld->tx_key_addr >= 0);
98 }
99 
100 int
101 tls_rx_key(struct toepcb *toep)
102 {
103 	struct tls_ofld_info *tls_ofld = &toep->tls;
104 
105 	return (tls_ofld->rx_key_addr >= 0);
106 }
107 
108 static int
109 key_size(struct toepcb *toep)
110 {
111 	struct tls_ofld_info *tls_ofld = &toep->tls;
112 
113 	return ((tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) ?
114 		tls_ofld->k_ctx.tx_key_info_size : KEY_IN_DDR_SIZE);
115 }
116 
117 /* Set TLS Key-Id in TCB */
118 static void
119 t4_set_tls_keyid(struct toepcb *toep, unsigned int key_id)
120 {
121 
122 	t4_set_tls_tcb_field(toep, W_TCB_RX_TLS_KEY_TAG,
123 			 V_TCB_RX_TLS_KEY_TAG(M_TCB_RX_TLS_BUF_TAG),
124 			 V_TCB_RX_TLS_KEY_TAG(key_id));
125 }
126 
127 /* Clear TF_RX_QUIESCE to re-enable receive. */
128 static void
129 t4_clear_rx_quiesce(struct toepcb *toep)
130 {
131 
132 	t4_set_tls_tcb_field(toep, W_TCB_T_FLAGS, V_TF_RX_QUIESCE(1), 0);
133 }
134 
135 static void
136 tls_clr_ofld_mode(struct toepcb *toep)
137 {
138 
139 	tls_stop_handshake_timer(toep);
140 
141 	/* Operate in PDU extraction mode only. */
142 	t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW,
143 	    V_TCB_ULP_RAW(M_TCB_ULP_RAW),
144 	    V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1)));
145 	t4_clear_rx_quiesce(toep);
146 }
147 
148 static void
149 tls_clr_quiesce(struct toepcb *toep)
150 {
151 
152 	tls_stop_handshake_timer(toep);
153 	t4_clear_rx_quiesce(toep);
154 }
155 
156 /*
157  * Calculate the TLS data expansion size
158  */
159 static int
160 tls_expansion_size(struct toepcb *toep, int data_len, int full_pdus_only,
161     unsigned short *pdus_per_ulp)
162 {
163 	struct tls_ofld_info *tls_ofld = &toep->tls;
164 	struct tls_scmd *scmd = &tls_ofld->scmd0;
165 	int expn_size = 0, frag_count = 0, pad_per_pdu = 0,
166 	    pad_last_pdu = 0, last_frag_size = 0, max_frag_size = 0;
167 	int exp_per_pdu = 0;
168 	int hdr_len = TLS_HEADER_LENGTH;
169 
170 	do {
171 		max_frag_size = tls_ofld->k_ctx.frag_size;
172 		if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) ==
173 		   SCMD_CIPH_MODE_AES_GCM) {
174 			frag_count = (data_len / max_frag_size);
175 			exp_per_pdu = GCM_TAG_SIZE + AEAD_EXPLICIT_DATA_SIZE +
176 				hdr_len;
177 			expn_size =  frag_count * exp_per_pdu;
178 			if (full_pdus_only) {
179 				*pdus_per_ulp = data_len / (exp_per_pdu +
180 					max_frag_size);
181 				if (*pdus_per_ulp > 32)
182 					*pdus_per_ulp = 32;
183 				else if(!*pdus_per_ulp)
184 					*pdus_per_ulp = 1;
185 				expn_size = (*pdus_per_ulp) * exp_per_pdu;
186 				break;
187 			}
188 			if ((last_frag_size = data_len % max_frag_size) > 0) {
189 				frag_count += 1;
190 				expn_size += exp_per_pdu;
191 			}
192 			break;
193 		} else if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) !=
194 			   SCMD_CIPH_MODE_NOP) {
195 			/* Calculate the number of fragments we can make */
196 			frag_count  = (data_len / max_frag_size);
197 			if (frag_count > 0) {
198 				pad_per_pdu = (((howmany((max_frag_size +
199 						       tls_ofld->mac_length),
200 						      CIPHER_BLOCK_SIZE)) *
201 						CIPHER_BLOCK_SIZE) -
202 					       (max_frag_size +
203 						tls_ofld->mac_length));
204 				if (!pad_per_pdu)
205 					pad_per_pdu = CIPHER_BLOCK_SIZE;
206 				exp_per_pdu = pad_per_pdu +
207 				       	tls_ofld->mac_length +
208 					hdr_len + CIPHER_BLOCK_SIZE;
209 				expn_size = frag_count * exp_per_pdu;
210 			}
211 			if (full_pdus_only) {
212 				*pdus_per_ulp = data_len / (exp_per_pdu +
213 					max_frag_size);
214 				if (*pdus_per_ulp > 32)
215 					*pdus_per_ulp = 32;
216 				else if (!*pdus_per_ulp)
217 					*pdus_per_ulp = 1;
218 				expn_size = (*pdus_per_ulp) * exp_per_pdu;
219 				break;
220 			}
221 			/* Consider the last fragment */
222 			if ((last_frag_size = data_len % max_frag_size) > 0) {
223 				pad_last_pdu = (((howmany((last_frag_size +
224 							tls_ofld->mac_length),
225 						       CIPHER_BLOCK_SIZE)) *
226 						 CIPHER_BLOCK_SIZE) -
227 						(last_frag_size +
228 						 tls_ofld->mac_length));
229 				if (!pad_last_pdu)
230 					pad_last_pdu = CIPHER_BLOCK_SIZE;
231 				expn_size += (pad_last_pdu +
232 					      tls_ofld->mac_length + hdr_len +
233 					      CIPHER_BLOCK_SIZE);
234 			}
235 		}
236 	} while (0);
237 
238 	return (expn_size);
239 }
240 
241 /* Copy Key to WR */
242 static void
243 tls_copy_tx_key(struct toepcb *toep, void *dst)
244 {
245 	struct tls_ofld_info *tls_ofld = &toep->tls;
246 	struct ulptx_sc_memrd *sc_memrd;
247 	struct ulptx_idata *sc;
248 
249 	if (tls_ofld->k_ctx.tx_key_info_size <= 0)
250 		return;
251 
252 	if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR) {
253 		sc = dst;
254 		sc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_NOOP));
255 		sc->len = htobe32(0);
256 		sc_memrd = (struct ulptx_sc_memrd *)(sc + 1);
257 		sc_memrd->cmd_to_len = htobe32(V_ULPTX_CMD(ULP_TX_SC_MEMRD) |
258 		    V_ULP_TX_SC_MORE(1) |
259 		    V_ULPTX_LEN16(tls_ofld->k_ctx.tx_key_info_size >> 4));
260 		sc_memrd->addr = htobe32(tls_ofld->tx_key_addr >> 5);
261 	} else if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) {
262 		memcpy(dst, &tls_ofld->k_ctx.tx,
263 		    tls_ofld->k_ctx.tx_key_info_size);
264 	}
265 }
266 
267 /* TLS/DTLS content type  for CPL SFO */
268 static inline unsigned char
269 tls_content_type(unsigned char content_type)
270 {
271 	/*
272 	 * XXX: Shouldn't this map CONTENT_TYPE_APP_DATA to DATA and
273 	 * default to "CUSTOM" for all other types including
274 	 * heartbeat?
275 	 */
276 	switch (content_type) {
277 	case CONTENT_TYPE_CCS:
278 		return CPL_TX_TLS_SFO_TYPE_CCS;
279 	case CONTENT_TYPE_ALERT:
280 		return CPL_TX_TLS_SFO_TYPE_ALERT;
281 	case CONTENT_TYPE_HANDSHAKE:
282 		return CPL_TX_TLS_SFO_TYPE_HANDSHAKE;
283 	case CONTENT_TYPE_HEARTBEAT:
284 		return CPL_TX_TLS_SFO_TYPE_HEARTBEAT;
285 	}
286 	return CPL_TX_TLS_SFO_TYPE_DATA;
287 }
288 
289 static unsigned char
290 get_cipher_key_size(unsigned int ck_size)
291 {
292 	switch (ck_size) {
293 	case AES_NOP: /* NOP */
294 		return 15;
295 	case AES_128: /* AES128 */
296 		return CH_CK_SIZE_128;
297 	case AES_192: /* AES192 */
298 		return CH_CK_SIZE_192;
299 	case AES_256: /* AES256 */
300 		return CH_CK_SIZE_256;
301 	default:
302 		return CH_CK_SIZE_256;
303 	}
304 }
305 
306 static unsigned char
307 get_mac_key_size(unsigned int mk_size)
308 {
309 	switch (mk_size) {
310 	case SHA_NOP: /* NOP */
311 		return CH_MK_SIZE_128;
312 	case SHA_GHASH: /* GHASH */
313 	case SHA_512: /* SHA512 */
314 		return CH_MK_SIZE_512;
315 	case SHA_224: /* SHA2-224 */
316 		return CH_MK_SIZE_192;
317 	case SHA_256: /* SHA2-256*/
318 		return CH_MK_SIZE_256;
319 	case SHA_384: /* SHA384 */
320 		return CH_MK_SIZE_512;
321 	case SHA1: /* SHA1 */
322 	default:
323 		return CH_MK_SIZE_160;
324 	}
325 }
326 
327 static unsigned int
328 get_proto_ver(int proto_ver)
329 {
330 	switch (proto_ver) {
331 	case TLS1_2_VERSION:
332 		return TLS_1_2_VERSION;
333 	case TLS1_1_VERSION:
334 		return TLS_1_1_VERSION;
335 	case DTLS1_2_VERSION:
336 		return DTLS_1_2_VERSION;
337 	default:
338 		return TLS_VERSION_MAX;
339 	}
340 }
341 
342 static void
343 tls_rxkey_flit1(struct tls_keyctx *kwr, struct tls_key_context *kctx)
344 {
345 
346 	if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) {
347 		kwr->u.rxhdr.ivinsert_to_authinsrt =
348 		    htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) |
349 			V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) |
350 			V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) |
351 			V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(14ULL) |
352 			V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(16ULL) |
353 			V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(14ULL) |
354 			V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) |
355 			V_TLS_KEYCTX_TX_WR_AUTHINSRT(16ULL));
356 		kwr->u.rxhdr.ivpresent_to_rxmk_size &=
357 			~(V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1));
358 		kwr->u.rxhdr.authmode_to_rxvalid &=
359 			~(V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1));
360 	} else {
361 		kwr->u.rxhdr.ivinsert_to_authinsrt =
362 		    htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) |
363 			V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) |
364 			V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) |
365 			V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(22ULL) |
366 			V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(0ULL) |
367 			V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(22ULL) |
368 			V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) |
369 			V_TLS_KEYCTX_TX_WR_AUTHINSRT(0ULL));
370 	}
371 }
372 
373 /* Rx key */
374 static void
375 prepare_rxkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx)
376 {
377 	unsigned int ck_size = kctx->cipher_secret_size;
378 	unsigned int mk_size = kctx->mac_secret_size;
379 	int proto_ver = kctx->proto_ver;
380 
381 	kwr->u.rxhdr.flitcnt_hmacctrl =
382 		((kctx->tx_key_info_size >> 4) << 3) | kctx->hmac_ctrl;
383 
384 	kwr->u.rxhdr.protover_ciphmode =
385 		V_TLS_KEYCTX_TX_WR_PROTOVER(get_proto_ver(proto_ver)) |
386 		V_TLS_KEYCTX_TX_WR_CIPHMODE(kctx->state.enc_mode);
387 
388 	kwr->u.rxhdr.authmode_to_rxvalid =
389 		V_TLS_KEYCTX_TX_WR_AUTHMODE(kctx->state.auth_mode) |
390 		V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1) |
391 		V_TLS_KEYCTX_TX_WR_SEQNUMCTRL(3) |
392 		V_TLS_KEYCTX_TX_WR_RXVALID(1);
393 
394 	kwr->u.rxhdr.ivpresent_to_rxmk_size =
395 		V_TLS_KEYCTX_TX_WR_IVPRESENT(0) |
396 		V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1) |
397 		V_TLS_KEYCTX_TX_WR_RXCK_SIZE(get_cipher_key_size(ck_size)) |
398 		V_TLS_KEYCTX_TX_WR_RXMK_SIZE(get_mac_key_size(mk_size));
399 
400 	tls_rxkey_flit1(kwr, kctx);
401 
402 	/* No key reversal for GCM */
403 	if (kctx->state.enc_mode != CH_EVP_CIPH_GCM_MODE) {
404 		t4_aes_getdeckey(kwr->keys.edkey, kctx->rx.key,
405 				 (kctx->cipher_secret_size << 3));
406 		memcpy(kwr->keys.edkey + kctx->cipher_secret_size,
407 		       kctx->rx.key + kctx->cipher_secret_size,
408 		       (IPAD_SIZE + OPAD_SIZE));
409 	} else {
410 		memcpy(kwr->keys.edkey, kctx->rx.key,
411 		       (kctx->tx_key_info_size - SALT_SIZE));
412 		memcpy(kwr->u.rxhdr.rxsalt, kctx->rx.salt, SALT_SIZE);
413 	}
414 }
415 
416 /* Tx key */
417 static void
418 prepare_txkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx)
419 {
420 	unsigned int ck_size = kctx->cipher_secret_size;
421 	unsigned int mk_size = kctx->mac_secret_size;
422 
423 	kwr->u.txhdr.ctxlen =
424 		(kctx->tx_key_info_size >> 4);
425 	kwr->u.txhdr.dualck_to_txvalid =
426 		V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1) |
427 		V_TLS_KEYCTX_TX_WR_SALT_PRESENT(1) |
428 		V_TLS_KEYCTX_TX_WR_TXCK_SIZE(get_cipher_key_size(ck_size)) |
429 		V_TLS_KEYCTX_TX_WR_TXMK_SIZE(get_mac_key_size(mk_size)) |
430 		V_TLS_KEYCTX_TX_WR_TXVALID(1);
431 
432 	memcpy(kwr->keys.edkey, kctx->tx.key, HDR_KCTX_SIZE);
433 	if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) {
434 		memcpy(kwr->u.txhdr.txsalt, kctx->tx.salt, SALT_SIZE);
435 		kwr->u.txhdr.dualck_to_txvalid &=
436 			~(V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1));
437 	}
438 	kwr->u.txhdr.dualck_to_txvalid = htons(kwr->u.txhdr.dualck_to_txvalid);
439 }
440 
441 /* TLS Key memory management */
442 static int
443 get_new_keyid(struct toepcb *toep)
444 {
445 	struct adapter *sc = td_adapter(toep->td);
446 	vmem_addr_t addr;
447 
448 	if (vmem_alloc(sc->key_map, TLS_KEY_CONTEXT_SZ, M_NOWAIT | M_FIRSTFIT,
449 	    &addr) != 0)
450 		return (-1);
451 
452 	return (addr);
453 }
454 
455 static void
456 free_keyid(struct toepcb *toep, int keyid)
457 {
458 	struct adapter *sc = td_adapter(toep->td);
459 
460 	vmem_free(sc->key_map, keyid, TLS_KEY_CONTEXT_SZ);
461 }
462 
463 static void
464 clear_tls_keyid(struct toepcb *toep)
465 {
466 	struct tls_ofld_info *tls_ofld = &toep->tls;
467 
468 	if (tls_ofld->rx_key_addr >= 0) {
469 		free_keyid(toep, tls_ofld->rx_key_addr);
470 		tls_ofld->rx_key_addr = -1;
471 	}
472 	if (tls_ofld->tx_key_addr >= 0) {
473 		free_keyid(toep, tls_ofld->tx_key_addr);
474 		tls_ofld->tx_key_addr = -1;
475 	}
476 }
477 
478 static int
479 get_keyid(struct tls_ofld_info *tls_ofld, unsigned int ops)
480 {
481 	return (ops & KEY_WRITE_RX ? tls_ofld->rx_key_addr :
482 		((ops & KEY_WRITE_TX) ? tls_ofld->tx_key_addr : -1));
483 }
484 
485 static int
486 get_tp_plen_max(struct tls_ofld_info *tls_ofld)
487 {
488 	int plen = ((min(3*4096, TP_TX_PG_SZ))/1448) * 1448;
489 
490 	return (tls_ofld->k_ctx.frag_size <= 8192 ? plen : FC_TP_PLEN_MAX);
491 }
492 
493 /* Send request to get the key-id */
494 static int
495 tls_program_key_id(struct toepcb *toep, struct tls_key_context *k_ctx)
496 {
497 	struct tls_ofld_info *tls_ofld = &toep->tls;
498 	struct adapter *sc = td_adapter(toep->td);
499 	struct ofld_tx_sdesc *txsd;
500 	int kwrlen, kctxlen, keyid, len;
501 	struct wrqe *wr;
502 	struct tls_key_req *kwr;
503 	struct tls_keyctx *kctx;
504 
505 	kwrlen = sizeof(*kwr);
506 	kctxlen = roundup2(sizeof(*kctx), 32);
507 	len = roundup2(kwrlen + kctxlen, 16);
508 
509 	if (toep->txsd_avail == 0)
510 		return (EAGAIN);
511 
512 	/* Dont initialize key for re-neg */
513 	if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) {
514 		if ((keyid = get_new_keyid(toep)) < 0) {
515 			return (ENOSPC);
516 		}
517 	} else {
518 		keyid = get_keyid(tls_ofld, k_ctx->l_p_key);
519 	}
520 
521 	wr = alloc_wrqe(len, toep->ofld_txq);
522 	if (wr == NULL) {
523 		free_keyid(toep, keyid);
524 		return (ENOMEM);
525 	}
526 	kwr = wrtod(wr);
527 	memset(kwr, 0, kwrlen);
528 
529 	kwr->wr_hi = htobe32(V_FW_WR_OP(FW_ULPTX_WR) | F_FW_WR_COMPL |
530 	    F_FW_WR_ATOMIC);
531 	kwr->wr_mid = htobe32(V_FW_WR_LEN16(DIV_ROUND_UP(len, 16)) |
532 	    V_FW_WR_FLOWID(toep->tid));
533 	kwr->protocol = get_proto_ver(k_ctx->proto_ver);
534 	kwr->mfs = htons(k_ctx->frag_size);
535 	kwr->reneg_to_write_rx = k_ctx->l_p_key;
536 
537 	/* master command */
538 	kwr->cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE) |
539 	    V_T5_ULP_MEMIO_ORDER(1) | V_T5_ULP_MEMIO_IMM(1));
540 	kwr->dlen = htobe32(V_ULP_MEMIO_DATA_LEN(kctxlen >> 5));
541 	kwr->len16 = htobe32((toep->tid << 8) |
542 	    DIV_ROUND_UP(len - sizeof(struct work_request_hdr), 16));
543 	kwr->kaddr = htobe32(V_ULP_MEMIO_ADDR(keyid >> 5));
544 
545 	/* sub command */
546 	kwr->sc_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_IMM));
547 	kwr->sc_len = htobe32(kctxlen);
548 
549 	kctx = (struct tls_keyctx *)(kwr + 1);
550 	memset(kctx, 0, kctxlen);
551 
552 	if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) {
553 		tls_ofld->tx_key_addr = keyid;
554 		prepare_txkey_wr(kctx, k_ctx);
555 	} else if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) {
556 		tls_ofld->rx_key_addr = keyid;
557 		prepare_rxkey_wr(kctx, k_ctx);
558 	}
559 
560 	txsd = &toep->txsd[toep->txsd_pidx];
561 	txsd->tx_credits = DIV_ROUND_UP(len, 16);
562 	txsd->plen = 0;
563 	toep->tx_credits -= txsd->tx_credits;
564 	if (__predict_false(++toep->txsd_pidx == toep->txsd_total))
565 		toep->txsd_pidx = 0;
566 	toep->txsd_avail--;
567 
568 	t4_wrq_tx(sc, wr);
569 
570 	return (0);
571 }
572 
573 /* Store a key received from SSL in DDR. */
574 static int
575 program_key_context(struct tcpcb *tp, struct toepcb *toep,
576     struct tls_key_context *uk_ctx)
577 {
578 	struct adapter *sc = td_adapter(toep->td);
579 	struct tls_ofld_info *tls_ofld = &toep->tls;
580 	struct tls_key_context *k_ctx;
581 	int error, key_offset;
582 
583 	if (tp->t_state != TCPS_ESTABLISHED) {
584 		/*
585 		 * XXX: Matches Linux driver, but not sure this is a
586 		 * very appropriate error.
587 		 */
588 		return (ENOENT);
589 	}
590 
591 	/* Stop timer on handshake completion */
592 	tls_stop_handshake_timer(toep);
593 
594 	toep->flags &= ~TPF_FORCE_CREDITS;
595 
596 	CTR4(KTR_CXGBE, "%s: tid %d %s proto_ver %#x", __func__, toep->tid,
597 	    G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX ? "KEY_WRITE_RX" :
598 	    "KEY_WRITE_TX", uk_ctx->proto_ver);
599 
600 	if (G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX &&
601 	    ulp_mode(toep) != ULP_MODE_TLS)
602 		return (EOPNOTSUPP);
603 
604 	/* Don't copy the 'tx' and 'rx' fields. */
605 	k_ctx = &tls_ofld->k_ctx;
606 	memcpy(&k_ctx->l_p_key, &uk_ctx->l_p_key,
607 	    sizeof(*k_ctx) - offsetof(struct tls_key_context, l_p_key));
608 
609 	/* TLS version != 1.1 and !1.2 OR DTLS != 1.2 */
610 	if (get_proto_ver(k_ctx->proto_ver) > DTLS_1_2_VERSION) {
611 		if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) {
612 			tls_ofld->rx_key_addr = -1;
613 			t4_clear_rx_quiesce(toep);
614 		} else {
615 			tls_ofld->tx_key_addr = -1;
616 		}
617 		return (0);
618 	}
619 
620 	if (k_ctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) {
621 		k_ctx->iv_size = 4;
622 		k_ctx->mac_first = 0;
623 		k_ctx->hmac_ctrl = 0;
624 	} else {
625 		k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */
626 		k_ctx->mac_first = 1;
627 	}
628 
629 	tls_ofld->scmd0.seqno_numivs =
630 		(V_SCMD_SEQ_NO_CTRL(3) |
631 		 V_SCMD_PROTO_VERSION(get_proto_ver(k_ctx->proto_ver)) |
632 		 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) |
633 		 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) |
634 		 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) |
635 		 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) |
636 		 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) |
637 		 V_SCMD_IV_SIZE(k_ctx->iv_size));
638 
639 	tls_ofld->scmd0.ivgen_hdrlen =
640 		(V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) |
641 		 V_SCMD_KEY_CTX_INLINE(0) |
642 		 V_SCMD_TLS_FRAG_ENABLE(1));
643 
644 	tls_ofld->mac_length = k_ctx->mac_secret_size;
645 
646 	if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) {
647 		k_ctx->rx = uk_ctx->rx;
648 		/* Dont initialize key for re-neg */
649 		if (!G_KEY_CLR_LOC(k_ctx->l_p_key))
650 			tls_ofld->rx_key_addr = -1;
651 	} else {
652 		k_ctx->tx = uk_ctx->tx;
653 		/* Dont initialize key for re-neg */
654 		if (!G_KEY_CLR_LOC(k_ctx->l_p_key))
655 			tls_ofld->tx_key_addr = -1;
656 	}
657 
658 	/* Flush pending data before new Tx key becomes active */
659 	if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) {
660 		struct sockbuf *sb;
661 
662 		/* XXX: This might not drain everything. */
663 		t4_push_frames(sc, toep, 0);
664 		sb = &toep->inp->inp_socket->so_snd;
665 		SOCKBUF_LOCK(sb);
666 
667 		/* XXX: This asserts that everything has been pushed. */
668 		MPASS(sb->sb_sndptr == NULL || sb->sb_sndptr->m_next == NULL);
669 		sb->sb_sndptr = NULL;
670 		tls_ofld->sb_off = sbavail(sb);
671 		SOCKBUF_UNLOCK(sb);
672 		tls_ofld->tx_seq_no = 0;
673 	}
674 
675 	if ((G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) ||
676 	    (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR)) {
677 		error = tls_program_key_id(toep, k_ctx);
678 		if (error) {
679 			/* XXX: Only clear quiesce for KEY_WRITE_RX? */
680 			t4_clear_rx_quiesce(toep);
681 			return (error);
682 		}
683 	}
684 
685 	if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) {
686 		/*
687 		 * RX key tags are an index into the key portion of MA
688 		 * memory stored as an offset from the base address in
689 		 * units of 64 bytes.
690 		 */
691 		key_offset = tls_ofld->rx_key_addr - sc->vres.key.start;
692 		t4_set_tls_keyid(toep, key_offset / 64);
693 		t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW,
694 				 V_TCB_ULP_RAW(M_TCB_ULP_RAW),
695 				 V_TCB_ULP_RAW((V_TF_TLS_KEY_SIZE(3) |
696 						V_TF_TLS_CONTROL(1) |
697 						V_TF_TLS_ACTIVE(1) |
698 						V_TF_TLS_ENABLE(1))));
699 		t4_set_tls_tcb_field(toep, W_TCB_TLS_SEQ,
700 				 V_TCB_TLS_SEQ(M_TCB_TLS_SEQ),
701 				 V_TCB_TLS_SEQ(0));
702 		t4_clear_rx_quiesce(toep);
703 	} else {
704 		unsigned short pdus_per_ulp;
705 
706 		if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE)
707 			tls_ofld->tx_key_addr = 1;
708 
709 		tls_ofld->fcplenmax = get_tp_plen_max(tls_ofld);
710 		tls_ofld->expn_per_ulp = tls_expansion_size(toep,
711 				tls_ofld->fcplenmax, 1, &pdus_per_ulp);
712 		tls_ofld->pdus_per_ulp = pdus_per_ulp;
713 		tls_ofld->adjusted_plen = tls_ofld->pdus_per_ulp *
714 			((tls_ofld->expn_per_ulp/tls_ofld->pdus_per_ulp) +
715 			 tls_ofld->k_ctx.frag_size);
716 	}
717 
718 	return (0);
719 }
720 
721 /*
722  * In some cases a client connection can hang without sending the
723  * ServerHelloDone message from the NIC to the host.  Send a dummy
724  * RX_DATA_ACK with RX_MODULATE to unstick the connection.
725  */
726 static void
727 tls_send_handshake_ack(void *arg)
728 {
729 	struct toepcb *toep = arg;
730 	struct tls_ofld_info *tls_ofld = &toep->tls;
731 	struct adapter *sc = td_adapter(toep->td);
732 
733 	/*
734 	 * XXX: Does not have the t4_get_tcb() checks to refine the
735 	 * workaround.
736 	 */
737 	callout_schedule(&tls_ofld->handshake_timer, TLS_SRV_HELLO_RD_TM * hz);
738 
739 	CTR2(KTR_CXGBE, "%s: tid %d sending RX_DATA_ACK", __func__, toep->tid);
740 	send_rx_modulate(sc, toep);
741 }
742 
743 static void
744 tls_start_handshake_timer(struct toepcb *toep)
745 {
746 	struct tls_ofld_info *tls_ofld = &toep->tls;
747 
748 	mtx_lock(&tls_handshake_lock);
749 	callout_reset(&tls_ofld->handshake_timer, TLS_SRV_HELLO_BKOFF_TM * hz,
750 	    tls_send_handshake_ack, toep);
751 	mtx_unlock(&tls_handshake_lock);
752 }
753 
754 void
755 tls_stop_handshake_timer(struct toepcb *toep)
756 {
757 	struct tls_ofld_info *tls_ofld = &toep->tls;
758 
759 	mtx_lock(&tls_handshake_lock);
760 	callout_stop(&tls_ofld->handshake_timer);
761 	mtx_unlock(&tls_handshake_lock);
762 }
763 
764 int
765 t4_ctloutput_tls(struct socket *so, struct sockopt *sopt)
766 {
767 	struct tls_key_context uk_ctx;
768 	struct inpcb *inp;
769 	struct tcpcb *tp;
770 	struct toepcb *toep;
771 	int error, optval;
772 
773 	error = 0;
774 	if (sopt->sopt_dir == SOPT_SET &&
775 	    sopt->sopt_name == TCP_TLSOM_SET_TLS_CONTEXT) {
776 		error = sooptcopyin(sopt, &uk_ctx, sizeof(uk_ctx),
777 		    sizeof(uk_ctx));
778 		if (error)
779 			return (error);
780 	}
781 
782 	inp = sotoinpcb(so);
783 	KASSERT(inp != NULL, ("tcp_ctloutput: inp == NULL"));
784 	INP_WLOCK(inp);
785 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
786 		INP_WUNLOCK(inp);
787 		return (ECONNRESET);
788 	}
789 	tp = intotcpcb(inp);
790 	toep = tp->t_toe;
791 	switch (sopt->sopt_dir) {
792 	case SOPT_SET:
793 		switch (sopt->sopt_name) {
794 		case TCP_TLSOM_SET_TLS_CONTEXT:
795 			if (toep->tls.mode == TLS_MODE_KTLS)
796 				error = EINVAL;
797 			else {
798 				error = program_key_context(tp, toep, &uk_ctx);
799 				if (error == 0)
800 					toep->tls.mode = TLS_MODE_TLSOM;
801 			}
802 			INP_WUNLOCK(inp);
803 			break;
804 		case TCP_TLSOM_CLR_TLS_TOM:
805 			if (toep->tls.mode == TLS_MODE_KTLS)
806 				error = EINVAL;
807 			else if (ulp_mode(toep) == ULP_MODE_TLS) {
808 				CTR2(KTR_CXGBE, "%s: tid %d CLR_TLS_TOM",
809 				    __func__, toep->tid);
810 				tls_clr_ofld_mode(toep);
811 			} else
812 				error = EOPNOTSUPP;
813 			INP_WUNLOCK(inp);
814 			break;
815 		case TCP_TLSOM_CLR_QUIES:
816 			if (toep->tls.mode == TLS_MODE_KTLS)
817 				error = EINVAL;
818 			else if (ulp_mode(toep) == ULP_MODE_TLS) {
819 				CTR2(KTR_CXGBE, "%s: tid %d CLR_QUIES",
820 				    __func__, toep->tid);
821 				tls_clr_quiesce(toep);
822 			} else
823 				error = EOPNOTSUPP;
824 			INP_WUNLOCK(inp);
825 			break;
826 		default:
827 			INP_WUNLOCK(inp);
828 			error = EOPNOTSUPP;
829 			break;
830 		}
831 		break;
832 	case SOPT_GET:
833 		switch (sopt->sopt_name) {
834 		case TCP_TLSOM_GET_TLS_TOM:
835 			/*
836 			 * TLS TX is permitted on any TOE socket, but
837 			 * TLS RX requires a TLS ULP mode.
838 			 */
839 			optval = TLS_TOM_NONE;
840 			if (can_tls_offload(td_adapter(toep->td)) &&
841 			    toep->tls.mode != TLS_MODE_KTLS) {
842 				switch (ulp_mode(toep)) {
843 				case ULP_MODE_NONE:
844 				case ULP_MODE_TCPDDP:
845 					optval = TLS_TOM_TXONLY;
846 					break;
847 				case ULP_MODE_TLS:
848 					optval = TLS_TOM_BOTH;
849 					break;
850 				}
851 			}
852 			CTR3(KTR_CXGBE, "%s: tid %d GET_TLS_TOM = %d",
853 			    __func__, toep->tid, optval);
854 			INP_WUNLOCK(inp);
855 			error = sooptcopyout(sopt, &optval, sizeof(optval));
856 			break;
857 		default:
858 			INP_WUNLOCK(inp);
859 			error = EOPNOTSUPP;
860 			break;
861 		}
862 		break;
863 	}
864 	return (error);
865 }
866 
867 #ifdef KERN_TLS
868 static void
869 init_ktls_key_context(struct ktls_session *tls, struct tls_key_context *k_ctx)
870 {
871 	struct auth_hash *axf;
872 	u_int mac_key_size;
873 	char *hash;
874 
875 	k_ctx->l_p_key = V_KEY_GET_LOC(KEY_WRITE_TX);
876 	if (tls->params.tls_vminor == TLS_MINOR_VER_ONE)
877 		k_ctx->proto_ver = SCMD_PROTO_VERSION_TLS_1_1;
878 	else
879 		k_ctx->proto_ver = SCMD_PROTO_VERSION_TLS_1_2;
880 	k_ctx->cipher_secret_size = tls->params.cipher_key_len;
881 	k_ctx->tx_key_info_size = sizeof(struct tx_keyctx_hdr) +
882 	    k_ctx->cipher_secret_size;
883 	memcpy(k_ctx->tx.key, tls->params.cipher_key,
884 	    tls->params.cipher_key_len);
885 	hash = k_ctx->tx.key + tls->params.cipher_key_len;
886 	if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) {
887 		k_ctx->state.auth_mode = SCMD_AUTH_MODE_GHASH;
888 		k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_GCM;
889 		k_ctx->iv_size = 4;
890 		k_ctx->mac_first = 0;
891 		k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NOP;
892 		k_ctx->tx_key_info_size += GMAC_BLOCK_LEN;
893 		memcpy(k_ctx->tx.salt, tls->params.iv, SALT_SIZE);
894 		t4_init_gmac_hash(tls->params.cipher_key,
895 		    tls->params.cipher_key_len * 8, hash);
896 	} else {
897 		switch (tls->params.auth_algorithm) {
898 		case CRYPTO_SHA1_HMAC:
899 			axf = &auth_hash_hmac_sha1;
900 			mac_key_size = SHA1_HASH_LEN;
901 			k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA1;
902 			break;
903 		case CRYPTO_SHA2_256_HMAC:
904 			axf = &auth_hash_hmac_sha2_256;
905 			mac_key_size = SHA2_256_HASH_LEN;
906 			k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA256;
907 			break;
908 		case CRYPTO_SHA2_384_HMAC:
909 			axf = &auth_hash_hmac_sha2_384;
910 			mac_key_size = SHA2_512_HASH_LEN;
911 			k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA512_384;
912 			break;
913 		default:
914 			panic("bad auth mode");
915 		}
916 		k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_CBC;
917 		k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */
918 		k_ctx->mac_first = 1;
919 		k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NO_TRUNC;
920 		k_ctx->tx_key_info_size += roundup2(mac_key_size, 16) * 2;
921 		k_ctx->mac_secret_size = mac_key_size;
922 		t4_init_hmac_digest(axf, mac_key_size, tls->params.auth_key,
923 		    tls->params.auth_key_len * 8, hash);
924 	}
925 
926 	k_ctx->frag_size = tls->params.max_frame_len;
927 	k_ctx->iv_ctrl = 1;
928 }
929 
930 int
931 tls_alloc_ktls(struct toepcb *toep, struct ktls_session *tls)
932 {
933 	struct tls_key_context *k_ctx;
934 	int error;
935 
936 	if (toep->tls.mode == TLS_MODE_TLSOM)
937 		return (EINVAL);
938 	if (!can_tls_offload(td_adapter(toep->td)))
939 		return (EINVAL);
940 	switch (ulp_mode(toep)) {
941 	case ULP_MODE_NONE:
942 	case ULP_MODE_TCPDDP:
943 		break;
944 	default:
945 		return (EINVAL);
946 	}
947 
948 	switch (tls->params.cipher_algorithm) {
949 	case CRYPTO_AES_CBC:
950 		/* XXX: Explicitly ignore any provided IV. */
951 		switch (tls->params.cipher_key_len) {
952 		case 128 / 8:
953 		case 192 / 8:
954 		case 256 / 8:
955 			break;
956 		default:
957 			return (EINVAL);
958 		}
959 		switch (tls->params.auth_algorithm) {
960 		case CRYPTO_SHA1_HMAC:
961 		case CRYPTO_SHA2_256_HMAC:
962 		case CRYPTO_SHA2_384_HMAC:
963 			break;
964 		default:
965 			return (EPROTONOSUPPORT);
966 		}
967 		break;
968 	case CRYPTO_AES_NIST_GCM_16:
969 		if (tls->params.iv_len != SALT_SIZE)
970 			return (EINVAL);
971 		switch (tls->params.cipher_key_len) {
972 		case 128 / 8:
973 		case 192 / 8:
974 		case 256 / 8:
975 			break;
976 		default:
977 			return (EINVAL);
978 		}
979 		break;
980 	default:
981 		return (EPROTONOSUPPORT);
982 	}
983 
984 	/* Only TLS 1.1 and TLS 1.2 are currently supported. */
985 	if (tls->params.tls_vmajor != TLS_MAJOR_VER_ONE ||
986 	    tls->params.tls_vminor < TLS_MINOR_VER_ONE ||
987 	    tls->params.tls_vminor > TLS_MINOR_VER_TWO)
988 		return (EPROTONOSUPPORT);
989 
990 	/*
991 	 * XXX: This assumes no key renegotation.  If KTLS ever supports
992 	 * that we will want to allocate TLS sessions dynamically rather
993 	 * than as a static member of toep.
994 	 */
995 	k_ctx = &toep->tls.k_ctx;
996 	init_ktls_key_context(tls, k_ctx);
997 
998 	toep->tls.scmd0.seqno_numivs =
999 		(V_SCMD_SEQ_NO_CTRL(3) |
1000 		 V_SCMD_PROTO_VERSION(k_ctx->proto_ver) |
1001 		 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) |
1002 		 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) |
1003 		 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) |
1004 		 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) |
1005 		 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) |
1006 		 V_SCMD_IV_SIZE(k_ctx->iv_size));
1007 
1008 	toep->tls.scmd0.ivgen_hdrlen =
1009 		(V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) |
1010 		 V_SCMD_KEY_CTX_INLINE(0) |
1011 		 V_SCMD_TLS_FRAG_ENABLE(1));
1012 
1013 	if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
1014 		toep->tls.iv_len = 8;
1015 	else
1016 		toep->tls.iv_len = AES_BLOCK_LEN;
1017 
1018 	toep->tls.mac_length = k_ctx->mac_secret_size;
1019 
1020 	toep->tls.tx_key_addr = -1;
1021 
1022 	error = tls_program_key_id(toep, k_ctx);
1023 	if (error)
1024 		return (error);
1025 
1026 	toep->tls.fcplenmax = get_tp_plen_max(&toep->tls);
1027 	toep->tls.expn_per_ulp = tls->params.tls_hlen + tls->params.tls_tlen;
1028 	toep->tls.pdus_per_ulp = 1;
1029 	toep->tls.adjusted_plen = toep->tls.expn_per_ulp +
1030 	    toep->tls.k_ctx.frag_size;
1031 
1032 	toep->tls.mode = TLS_MODE_KTLS;
1033 
1034 	return (0);
1035 }
1036 #endif
1037 
1038 void
1039 tls_init_toep(struct toepcb *toep)
1040 {
1041 	struct tls_ofld_info *tls_ofld = &toep->tls;
1042 
1043 	tls_ofld->mode = TLS_MODE_OFF;
1044 	tls_ofld->key_location = TLS_SFO_WR_CONTEXTLOC_DDR;
1045 	tls_ofld->rx_key_addr = -1;
1046 	tls_ofld->tx_key_addr = -1;
1047 	if (ulp_mode(toep) == ULP_MODE_TLS)
1048 		callout_init_mtx(&tls_ofld->handshake_timer,
1049 		    &tls_handshake_lock, 0);
1050 }
1051 
1052 void
1053 tls_establish(struct toepcb *toep)
1054 {
1055 
1056 	/*
1057 	 * Enable PDU extraction.
1058 	 *
1059 	 * XXX: Supposedly this should be done by the firmware when
1060 	 * the ULP_MODE FLOWC parameter is set in send_flowc_wr(), but
1061 	 * in practice this seems to be required.
1062 	 */
1063 	CTR2(KTR_CXGBE, "%s: tid %d setting TLS_ENABLE", __func__, toep->tid);
1064 	t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, V_TCB_ULP_RAW(M_TCB_ULP_RAW),
1065 	    V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1)));
1066 
1067 	toep->flags |= TPF_FORCE_CREDITS;
1068 
1069 	tls_start_handshake_timer(toep);
1070 }
1071 
1072 void
1073 tls_uninit_toep(struct toepcb *toep)
1074 {
1075 
1076 	if (ulp_mode(toep) == ULP_MODE_TLS)
1077 		tls_stop_handshake_timer(toep);
1078 	clear_tls_keyid(toep);
1079 }
1080 
1081 #define MAX_OFLD_TX_CREDITS (SGE_MAX_WR_LEN / 16)
1082 #define	MIN_OFLD_TLSTX_CREDITS(toep)					\
1083 	(howmany(sizeof(struct fw_tlstx_data_wr) +			\
1084 	    sizeof(struct cpl_tx_tls_sfo) + key_size((toep)) +		\
1085 	    CIPHER_BLOCK_SIZE + 1, 16))
1086 
1087 static inline u_int
1088 max_imm_tls_space(int tx_credits)
1089 {
1090 	const int n = 2;	/* Use only up to 2 desc for imm. data WR */
1091 	int space;
1092 
1093 	KASSERT(tx_credits >= 0 &&
1094 		tx_credits <= MAX_OFLD_TX_CREDITS,
1095 		("%s: %d credits", __func__, tx_credits));
1096 
1097 	if (tx_credits >= (n * EQ_ESIZE) / 16)
1098 		space = (n * EQ_ESIZE);
1099 	else
1100 		space = tx_credits * 16;
1101 	return (space);
1102 }
1103 
1104 static int
1105 count_mbuf_segs(struct mbuf *m, int skip, int len, int *max_nsegs_1mbufp)
1106 {
1107 	int max_nsegs_1mbuf, n, nsegs;
1108 
1109 	while (skip >= m->m_len) {
1110 		skip -= m->m_len;
1111 		m = m->m_next;
1112 	}
1113 
1114 	nsegs = 0;
1115 	max_nsegs_1mbuf = 0;
1116 	while (len > 0) {
1117 		n = sglist_count(mtod(m, char *) + skip, m->m_len - skip);
1118 		if (n > max_nsegs_1mbuf)
1119 			max_nsegs_1mbuf = n;
1120 		nsegs += n;
1121 		len -= m->m_len - skip;
1122 		skip = 0;
1123 		m = m->m_next;
1124 	}
1125 	*max_nsegs_1mbufp = max_nsegs_1mbuf;
1126 	return (nsegs);
1127 }
1128 
1129 static void
1130 write_tlstx_wr(struct fw_tlstx_data_wr *txwr, struct toepcb *toep,
1131     unsigned int immdlen, unsigned int plen, unsigned int expn,
1132     unsigned int pdus, uint8_t credits, int shove, int imm_ivs)
1133 {
1134 	struct tls_ofld_info *tls_ofld = &toep->tls;
1135 	unsigned int len = plen + expn;
1136 
1137 	txwr->op_to_immdlen = htobe32(V_WR_OP(FW_TLSTX_DATA_WR) |
1138 	    V_FW_TLSTX_DATA_WR_COMPL(1) |
1139 	    V_FW_TLSTX_DATA_WR_IMMDLEN(immdlen));
1140 	txwr->flowid_len16 = htobe32(V_FW_TLSTX_DATA_WR_FLOWID(toep->tid) |
1141 	    V_FW_TLSTX_DATA_WR_LEN16(credits));
1142 	txwr->plen = htobe32(len);
1143 	txwr->lsodisable_to_flags = htobe32(V_TX_ULP_MODE(ULP_MODE_TLS) |
1144 	    V_TX_URG(0) | /* F_T6_TX_FORCE | */ V_TX_SHOVE(shove));
1145 	txwr->ctxloc_to_exp = htobe32(V_FW_TLSTX_DATA_WR_NUMIVS(pdus) |
1146 	    V_FW_TLSTX_DATA_WR_EXP(expn) |
1147 	    V_FW_TLSTX_DATA_WR_CTXLOC(tls_ofld->key_location) |
1148 	    V_FW_TLSTX_DATA_WR_IVDSGL(!imm_ivs) |
1149 	    V_FW_TLSTX_DATA_WR_KEYSIZE(tls_ofld->k_ctx.tx_key_info_size >> 4));
1150 	txwr->mfs = htobe16(tls_ofld->k_ctx.frag_size);
1151 	txwr->adjustedplen_pkd = htobe16(
1152 	    V_FW_TLSTX_DATA_WR_ADJUSTEDPLEN(tls_ofld->adjusted_plen));
1153 	txwr->expinplenmax_pkd = htobe16(
1154 	    V_FW_TLSTX_DATA_WR_EXPINPLENMAX(tls_ofld->expn_per_ulp));
1155 	txwr->pdusinplenmax_pkd =
1156 	    V_FW_TLSTX_DATA_WR_PDUSINPLENMAX(tls_ofld->pdus_per_ulp);
1157 }
1158 
1159 static void
1160 write_tlstx_cpl(struct cpl_tx_tls_sfo *cpl, struct toepcb *toep,
1161     struct tls_hdr *tls_hdr, unsigned int plen, unsigned int pdus)
1162 {
1163 	struct tls_ofld_info *tls_ofld = &toep->tls;
1164 	int data_type, seglen;
1165 
1166 	if (plen < tls_ofld->k_ctx.frag_size)
1167 		seglen = plen;
1168 	else
1169 		seglen = tls_ofld->k_ctx.frag_size;
1170 	data_type = tls_content_type(tls_hdr->type);
1171 	cpl->op_to_seg_len = htobe32(V_CPL_TX_TLS_SFO_OPCODE(CPL_TX_TLS_SFO) |
1172 	    V_CPL_TX_TLS_SFO_DATA_TYPE(data_type) |
1173 	    V_CPL_TX_TLS_SFO_CPL_LEN(2) | V_CPL_TX_TLS_SFO_SEG_LEN(seglen));
1174 	cpl->pld_len = htobe32(plen);
1175 	if (data_type == CPL_TX_TLS_SFO_TYPE_HEARTBEAT)
1176 		cpl->type_protover = htobe32(
1177 		    V_CPL_TX_TLS_SFO_TYPE(tls_hdr->type));
1178 	cpl->seqno_numivs = htobe32(tls_ofld->scmd0.seqno_numivs |
1179 	    V_SCMD_NUM_IVS(pdus));
1180 	cpl->ivgen_hdrlen = htobe32(tls_ofld->scmd0.ivgen_hdrlen);
1181 	cpl->scmd1 = htobe64(tls_ofld->tx_seq_no);
1182 	tls_ofld->tx_seq_no += pdus;
1183 }
1184 
1185 /*
1186  * Similar to write_tx_sgl() except that it accepts an optional
1187  * trailer buffer for IVs.
1188  */
1189 static void
1190 write_tlstx_sgl(void *dst, struct mbuf *start, int skip, int plen,
1191     void *iv_buffer, int iv_len, int nsegs, int n)
1192 {
1193 	struct mbuf *m;
1194 	struct ulptx_sgl *usgl = dst;
1195 	int i, j, rc;
1196 	struct sglist sg;
1197 	struct sglist_seg segs[n];
1198 
1199 	KASSERT(nsegs > 0, ("%s: nsegs 0", __func__));
1200 
1201 	sglist_init(&sg, n, segs);
1202 	usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) |
1203 	    V_ULPTX_NSGE(nsegs));
1204 
1205 	for (m = start; skip >= m->m_len; m = m->m_next)
1206 		skip -= m->m_len;
1207 
1208 	i = -1;
1209 	for (m = start; plen > 0; m = m->m_next) {
1210 		rc = sglist_append(&sg, mtod(m, char *) + skip,
1211 		    m->m_len - skip);
1212 		if (__predict_false(rc != 0))
1213 			panic("%s: sglist_append %d", __func__, rc);
1214 		plen -= m->m_len - skip;
1215 		skip = 0;
1216 
1217 		for (j = 0; j < sg.sg_nseg; i++, j++) {
1218 			if (i < 0) {
1219 				usgl->len0 = htobe32(segs[j].ss_len);
1220 				usgl->addr0 = htobe64(segs[j].ss_paddr);
1221 			} else {
1222 				usgl->sge[i / 2].len[i & 1] =
1223 				    htobe32(segs[j].ss_len);
1224 				usgl->sge[i / 2].addr[i & 1] =
1225 				    htobe64(segs[j].ss_paddr);
1226 			}
1227 #ifdef INVARIANTS
1228 			nsegs--;
1229 #endif
1230 		}
1231 		sglist_reset(&sg);
1232 	}
1233 	if (iv_buffer != NULL) {
1234 		rc = sglist_append(&sg, iv_buffer, iv_len);
1235 		if (__predict_false(rc != 0))
1236 			panic("%s: sglist_append %d", __func__, rc);
1237 
1238 		for (j = 0; j < sg.sg_nseg; i++, j++) {
1239 			if (i < 0) {
1240 				usgl->len0 = htobe32(segs[j].ss_len);
1241 				usgl->addr0 = htobe64(segs[j].ss_paddr);
1242 			} else {
1243 				usgl->sge[i / 2].len[i & 1] =
1244 				    htobe32(segs[j].ss_len);
1245 				usgl->sge[i / 2].addr[i & 1] =
1246 				    htobe64(segs[j].ss_paddr);
1247 			}
1248 #ifdef INVARIANTS
1249 			nsegs--;
1250 #endif
1251 		}
1252 	}
1253 	if (i & 1)
1254 		usgl->sge[i / 2].len[1] = htobe32(0);
1255 	KASSERT(nsegs == 0, ("%s: nsegs %d, start %p, iv_buffer %p",
1256 	    __func__, nsegs, start, iv_buffer));
1257 }
1258 
1259 /*
1260  * Similar to t4_push_frames() but handles TLS sockets when TLS offload
1261  * is enabled.  Rather than transmitting bulk data, the socket buffer
1262  * contains TLS records.  The work request requires a full TLS record,
1263  * so batch mbufs up until a full TLS record is seen.  This requires
1264  * reading the TLS header out of the start of each record to determine
1265  * its length.
1266  */
1267 void
1268 t4_push_tls_records(struct adapter *sc, struct toepcb *toep, int drop)
1269 {
1270 	struct tls_hdr thdr;
1271 	struct mbuf *sndptr;
1272 	struct fw_tlstx_data_wr *txwr;
1273 	struct cpl_tx_tls_sfo *cpl;
1274 	struct wrqe *wr;
1275 	u_int plen, nsegs, credits, space, max_nsegs_1mbuf, wr_len;
1276 	u_int expn_size, iv_len, pdus, sndptroff;
1277 	struct tls_ofld_info *tls_ofld = &toep->tls;
1278 	struct inpcb *inp = toep->inp;
1279 	struct tcpcb *tp = intotcpcb(inp);
1280 	struct socket *so = inp->inp_socket;
1281 	struct sockbuf *sb = &so->so_snd;
1282 	int tls_size, tx_credits, shove, /* compl,*/ sowwakeup;
1283 	struct ofld_tx_sdesc *txsd;
1284 	bool imm_ivs, imm_payload;
1285 	void *iv_buffer, *iv_dst, *buf;
1286 
1287 	INP_WLOCK_ASSERT(inp);
1288 	KASSERT(toep->flags & TPF_FLOWC_WR_SENT,
1289 	    ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid));
1290 
1291 	KASSERT(ulp_mode(toep) == ULP_MODE_NONE ||
1292 	    ulp_mode(toep) == ULP_MODE_TCPDDP || ulp_mode(toep) == ULP_MODE_TLS,
1293 	    ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep));
1294 	KASSERT(tls_tx_key(toep),
1295 	    ("%s: TX key not set for toep %p", __func__, toep));
1296 
1297 #ifdef VERBOSE_TRACES
1298 	CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d",
1299 	    __func__, toep->tid, toep->flags, tp->t_flags);
1300 #endif
1301 	if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN))
1302 		return;
1303 
1304 #ifdef RATELIMIT
1305 	if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) &&
1306 	    (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) {
1307 		inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED;
1308 	}
1309 #endif
1310 
1311 	/*
1312 	 * This function doesn't resume by itself.  Someone else must clear the
1313 	 * flag and call this function.
1314 	 */
1315 	if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) {
1316 		KASSERT(drop == 0,
1317 		    ("%s: drop (%d) != 0 but tx is suspended", __func__, drop));
1318 		return;
1319 	}
1320 
1321 	txsd = &toep->txsd[toep->txsd_pidx];
1322 	for (;;) {
1323 		tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS);
1324 		space = max_imm_tls_space(tx_credits);
1325 		wr_len = sizeof(struct fw_tlstx_data_wr) +
1326 		    sizeof(struct cpl_tx_tls_sfo) + key_size(toep);
1327 		if (wr_len + CIPHER_BLOCK_SIZE + 1 > space) {
1328 #ifdef VERBOSE_TRACES
1329 			CTR5(KTR_CXGBE,
1330 			    "%s: tid %d tx_credits %d min_wr %d space %d",
1331 			    __func__, toep->tid, tx_credits, wr_len +
1332 			    CIPHER_BLOCK_SIZE + 1, space);
1333 #endif
1334 			return;
1335 		}
1336 
1337 		SOCKBUF_LOCK(sb);
1338 		sowwakeup = drop;
1339 		if (drop) {
1340 			sbdrop_locked(sb, drop);
1341 			MPASS(tls_ofld->sb_off >= drop);
1342 			tls_ofld->sb_off -= drop;
1343 			drop = 0;
1344 		}
1345 
1346 		/*
1347 		 * Send a FIN if requested, but only if there's no
1348 		 * more data to send.
1349 		 */
1350 		if (sbavail(sb) == tls_ofld->sb_off &&
1351 		    toep->flags & TPF_SEND_FIN) {
1352 			if (sowwakeup)
1353 				sowwakeup_locked(so);
1354 			else
1355 				SOCKBUF_UNLOCK(sb);
1356 			SOCKBUF_UNLOCK_ASSERT(sb);
1357 			t4_close_conn(sc, toep);
1358 			return;
1359 		}
1360 
1361 		if (sbavail(sb) < tls_ofld->sb_off + TLS_HEADER_LENGTH) {
1362 			/*
1363 			 * A full TLS header is not yet queued, stop
1364 			 * for now until more data is added to the
1365 			 * socket buffer.  However, if the connection
1366 			 * has been closed, we will never get the rest
1367 			 * of the header so just discard the partial
1368 			 * header and close the connection.
1369 			 */
1370 #ifdef VERBOSE_TRACES
1371 			CTR5(KTR_CXGBE, "%s: tid %d sbavail %d sb_off %d%s",
1372 			    __func__, toep->tid, sbavail(sb), tls_ofld->sb_off,
1373 			    toep->flags & TPF_SEND_FIN ? "" : " SEND_FIN");
1374 #endif
1375 			if (sowwakeup)
1376 				sowwakeup_locked(so);
1377 			else
1378 				SOCKBUF_UNLOCK(sb);
1379 			SOCKBUF_UNLOCK_ASSERT(sb);
1380 			if (toep->flags & TPF_SEND_FIN)
1381 				t4_close_conn(sc, toep);
1382 			return;
1383 		}
1384 
1385 		/* Read the header of the next TLS record. */
1386 		sndptr = sbsndmbuf(sb, tls_ofld->sb_off, &sndptroff);
1387 		m_copydata(sndptr, sndptroff, sizeof(thdr), (caddr_t)&thdr);
1388 		tls_size = htons(thdr.length);
1389 		plen = TLS_HEADER_LENGTH + tls_size;
1390 		pdus = howmany(tls_size, tls_ofld->k_ctx.frag_size);
1391 		iv_len = pdus * CIPHER_BLOCK_SIZE;
1392 
1393 		if (sbavail(sb) < tls_ofld->sb_off + plen) {
1394 			/*
1395 			 * The full TLS record is not yet queued, stop
1396 			 * for now until more data is added to the
1397 			 * socket buffer.  However, if the connection
1398 			 * has been closed, we will never get the rest
1399 			 * of the record so just discard the partial
1400 			 * record and close the connection.
1401 			 */
1402 #ifdef VERBOSE_TRACES
1403 			CTR6(KTR_CXGBE,
1404 			    "%s: tid %d sbavail %d sb_off %d plen %d%s",
1405 			    __func__, toep->tid, sbavail(sb), tls_ofld->sb_off,
1406 			    plen, toep->flags & TPF_SEND_FIN ? "" :
1407 			    " SEND_FIN");
1408 #endif
1409 			if (sowwakeup)
1410 				sowwakeup_locked(so);
1411 			else
1412 				SOCKBUF_UNLOCK(sb);
1413 			SOCKBUF_UNLOCK_ASSERT(sb);
1414 			if (toep->flags & TPF_SEND_FIN)
1415 				t4_close_conn(sc, toep);
1416 			return;
1417 		}
1418 
1419 		/* Shove if there is no additional data pending. */
1420 		shove = (sbavail(sb) == tls_ofld->sb_off + plen) &&
1421 		    !(tp->t_flags & TF_MORETOCOME);
1422 
1423 		if (sb->sb_flags & SB_AUTOSIZE &&
1424 		    V_tcp_do_autosndbuf &&
1425 		    sb->sb_hiwat < V_tcp_autosndbuf_max &&
1426 		    sbused(sb) >= sb->sb_hiwat * 7 / 8) {
1427 			int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc,
1428 			    V_tcp_autosndbuf_max);
1429 
1430 			if (!sbreserve_locked(sb, newsize, so, NULL))
1431 				sb->sb_flags &= ~SB_AUTOSIZE;
1432 			else
1433 				sowwakeup = 1;	/* room available */
1434 		}
1435 		if (sowwakeup)
1436 			sowwakeup_locked(so);
1437 		else
1438 			SOCKBUF_UNLOCK(sb);
1439 		SOCKBUF_UNLOCK_ASSERT(sb);
1440 
1441 		if (__predict_false(toep->flags & TPF_FIN_SENT))
1442 			panic("%s: excess tx.", __func__);
1443 
1444 		/* Determine whether to use immediate vs SGL. */
1445 		imm_payload = false;
1446 		imm_ivs = false;
1447 		if (wr_len + iv_len <= space) {
1448 			imm_ivs = true;
1449 			wr_len += iv_len;
1450 			if (wr_len + tls_size <= space) {
1451 				wr_len += tls_size;
1452 				imm_payload = true;
1453 			}
1454 		}
1455 
1456 		/* Allocate space for IVs if needed. */
1457 		if (!imm_ivs) {
1458 			iv_buffer = malloc(iv_len, M_CXGBE, M_NOWAIT);
1459 			if (iv_buffer == NULL) {
1460 				/*
1461 				 * XXX: How to restart this?
1462 				 */
1463 				if (sowwakeup)
1464 					sowwakeup_locked(so);
1465 				else
1466 					SOCKBUF_UNLOCK(sb);
1467 				SOCKBUF_UNLOCK_ASSERT(sb);
1468 				CTR3(KTR_CXGBE,
1469 			    "%s: tid %d failed to alloc IV space len %d",
1470 				    __func__, toep->tid, iv_len);
1471 				return;
1472 			}
1473 		} else
1474 			iv_buffer = NULL;
1475 
1476 		/* Determine size of SGL. */
1477 		nsegs = 0;
1478 		max_nsegs_1mbuf = 0; /* max # of SGL segments in any one mbuf */
1479 		if (!imm_payload) {
1480 			nsegs = count_mbuf_segs(sndptr, sndptroff +
1481 			    TLS_HEADER_LENGTH, tls_size, &max_nsegs_1mbuf);
1482 			if (!imm_ivs) {
1483 				int n = sglist_count(iv_buffer, iv_len);
1484 				nsegs += n;
1485 				if (n > max_nsegs_1mbuf)
1486 					max_nsegs_1mbuf = n;
1487 			}
1488 
1489 			/* Account for SGL in work request length. */
1490 			wr_len += sizeof(struct ulptx_sgl) +
1491 			    ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8;
1492 		}
1493 
1494 		wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq);
1495 		if (wr == NULL) {
1496 			/* XXX: how will we recover from this? */
1497 			toep->flags |= TPF_TX_SUSPENDED;
1498 			return;
1499 		}
1500 
1501 #ifdef VERBOSE_TRACES
1502 		CTR5(KTR_CXGBE, "%s: tid %d TLS record %d len %#x pdus %d",
1503 		    __func__, toep->tid, thdr.type, tls_size, pdus);
1504 #endif
1505 		txwr = wrtod(wr);
1506 		cpl = (struct cpl_tx_tls_sfo *)(txwr + 1);
1507 		memset(txwr, 0, roundup2(wr_len, 16));
1508 		credits = howmany(wr_len, 16);
1509 		expn_size = tls_expansion_size(toep, tls_size, 0, NULL);
1510 		write_tlstx_wr(txwr, toep, imm_payload ? tls_size : 0,
1511 		    tls_size, expn_size, pdus, credits, shove, imm_ivs ? 1 : 0);
1512 		write_tlstx_cpl(cpl, toep, &thdr, tls_size, pdus);
1513 		tls_copy_tx_key(toep, cpl + 1);
1514 
1515 		/* Generate random IVs */
1516 		buf = (char *)(cpl + 1) + key_size(toep);
1517 		if (imm_ivs) {
1518 			MPASS(iv_buffer == NULL);
1519 			iv_dst = buf;
1520 			buf = (char *)iv_dst + iv_len;
1521 		} else
1522 			iv_dst = iv_buffer;
1523 		arc4rand(iv_dst, iv_len, 0);
1524 
1525 		if (imm_payload) {
1526 			m_copydata(sndptr, sndptroff + TLS_HEADER_LENGTH,
1527 			    tls_size, buf);
1528 		} else {
1529 			write_tlstx_sgl(buf, sndptr,
1530 			    sndptroff + TLS_HEADER_LENGTH, tls_size, iv_buffer,
1531 			    iv_len, nsegs, max_nsegs_1mbuf);
1532 		}
1533 
1534 		KASSERT(toep->tx_credits >= credits,
1535 			("%s: not enough credits", __func__));
1536 
1537 		toep->tx_credits -= credits;
1538 
1539 		tp->snd_nxt += plen;
1540 		tp->snd_max += plen;
1541 
1542 		SOCKBUF_LOCK(sb);
1543 		sbsndptr_adv(sb, sb->sb_sndptr, plen);
1544 		tls_ofld->sb_off += plen;
1545 		SOCKBUF_UNLOCK(sb);
1546 
1547 		toep->flags |= TPF_TX_DATA_SENT;
1548 		if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep))
1549 			toep->flags |= TPF_TX_SUSPENDED;
1550 
1551 		KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__));
1552 		txsd->plen = plen;
1553 		txsd->tx_credits = credits;
1554 		txsd->iv_buffer = iv_buffer;
1555 		txsd++;
1556 		if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) {
1557 			toep->txsd_pidx = 0;
1558 			txsd = &toep->txsd[0];
1559 		}
1560 		toep->txsd_avail--;
1561 
1562 		atomic_add_long(&toep->vi->pi->tx_tls_records, 1);
1563 		atomic_add_long(&toep->vi->pi->tx_tls_octets, plen);
1564 
1565 		t4_l2t_send(sc, wr, toep->l2te);
1566 	}
1567 }
1568 
1569 #ifdef KERN_TLS
1570 static int
1571 count_ext_pgs_segs(struct mbuf_ext_pgs *ext_pgs)
1572 {
1573 	vm_paddr_t nextpa;
1574 	u_int i, nsegs;
1575 
1576 	MPASS(ext_pgs->npgs > 0);
1577 	nsegs = 1;
1578 	nextpa = ext_pgs->pa[0] + PAGE_SIZE;
1579 	for (i = 1; i < ext_pgs->npgs; i++) {
1580 		if (nextpa != ext_pgs->pa[i])
1581 			nsegs++;
1582 		nextpa = ext_pgs->pa[i] + PAGE_SIZE;
1583 	}
1584 	return (nsegs);
1585 }
1586 
1587 static void
1588 write_ktlstx_sgl(void *dst, struct mbuf_ext_pgs *ext_pgs, int nsegs)
1589 {
1590 	struct ulptx_sgl *usgl = dst;
1591 	vm_paddr_t pa;
1592 	uint32_t len;
1593 	int i, j;
1594 
1595 	KASSERT(nsegs > 0, ("%s: nsegs 0", __func__));
1596 
1597 	usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) |
1598 	    V_ULPTX_NSGE(nsegs));
1599 
1600 	/* Figure out the first S/G length. */
1601 	pa = ext_pgs->pa[0] + ext_pgs->first_pg_off;
1602 	usgl->addr0 = htobe64(pa);
1603 	len = mbuf_ext_pg_len(ext_pgs, 0, ext_pgs->first_pg_off);
1604 	pa += len;
1605 	for (i = 1; i < ext_pgs->npgs; i++) {
1606 		if (ext_pgs->pa[i] != pa)
1607 			break;
1608 		len += mbuf_ext_pg_len(ext_pgs, i, 0);
1609 		pa += mbuf_ext_pg_len(ext_pgs, i, 0);
1610 	}
1611 	usgl->len0 = htobe32(len);
1612 #ifdef INVARIANTS
1613 	nsegs--;
1614 #endif
1615 
1616 	j = -1;
1617 	for (; i < ext_pgs->npgs; i++) {
1618 		if (j == -1 || ext_pgs->pa[i] != pa) {
1619 			if (j >= 0)
1620 				usgl->sge[j / 2].len[j & 1] = htobe32(len);
1621 			j++;
1622 #ifdef INVARIANTS
1623 			nsegs--;
1624 #endif
1625 			pa = ext_pgs->pa[i];
1626 			usgl->sge[j / 2].addr[j & 1] = htobe64(pa);
1627 			len = mbuf_ext_pg_len(ext_pgs, i, 0);
1628 			pa += len;
1629 		} else {
1630 			len += mbuf_ext_pg_len(ext_pgs, i, 0);
1631 			pa += mbuf_ext_pg_len(ext_pgs, i, 0);
1632 		}
1633 	}
1634 	if (j >= 0) {
1635 		usgl->sge[j / 2].len[j & 1] = htobe32(len);
1636 
1637 		if ((j & 1) == 0)
1638 			usgl->sge[j / 2].len[1] = htobe32(0);
1639 	}
1640 	KASSERT(nsegs == 0, ("%s: nsegs %d, ext_pgs %p", __func__, nsegs,
1641 	    ext_pgs));
1642 }
1643 
1644 /*
1645  * Similar to t4_push_frames() but handles sockets that contain TLS
1646  * record mbufs.  Unlike TLSOM, each mbuf is a complete TLS record and
1647  * corresponds to a single work request.
1648  */
1649 void
1650 t4_push_ktls(struct adapter *sc, struct toepcb *toep, int drop)
1651 {
1652 	struct tls_hdr *thdr;
1653 	struct fw_tlstx_data_wr *txwr;
1654 	struct cpl_tx_tls_sfo *cpl;
1655 	struct wrqe *wr;
1656 	struct mbuf *m;
1657 	u_int nsegs, credits, wr_len;
1658 	u_int expn_size;
1659 	struct inpcb *inp = toep->inp;
1660 	struct tcpcb *tp = intotcpcb(inp);
1661 	struct socket *so = inp->inp_socket;
1662 	struct sockbuf *sb = &so->so_snd;
1663 	int tls_size, tx_credits, shove, sowwakeup;
1664 	struct ofld_tx_sdesc *txsd;
1665 	char *buf;
1666 
1667 	INP_WLOCK_ASSERT(inp);
1668 	KASSERT(toep->flags & TPF_FLOWC_WR_SENT,
1669 	    ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid));
1670 
1671 	KASSERT(ulp_mode(toep) == ULP_MODE_NONE ||
1672 	    ulp_mode(toep) == ULP_MODE_TCPDDP,
1673 	    ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep));
1674 	KASSERT(tls_tx_key(toep),
1675 	    ("%s: TX key not set for toep %p", __func__, toep));
1676 
1677 #ifdef VERBOSE_TRACES
1678 	CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d",
1679 	    __func__, toep->tid, toep->flags, tp->t_flags);
1680 #endif
1681 	if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN))
1682 		return;
1683 
1684 #ifdef RATELIMIT
1685 	if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) &&
1686 	    (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) {
1687 		inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED;
1688 	}
1689 #endif
1690 
1691 	/*
1692 	 * This function doesn't resume by itself.  Someone else must clear the
1693 	 * flag and call this function.
1694 	 */
1695 	if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) {
1696 		KASSERT(drop == 0,
1697 		    ("%s: drop (%d) != 0 but tx is suspended", __func__, drop));
1698 		return;
1699 	}
1700 
1701 	txsd = &toep->txsd[toep->txsd_pidx];
1702 	for (;;) {
1703 		tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS);
1704 
1705 		SOCKBUF_LOCK(sb);
1706 		sowwakeup = drop;
1707 		if (drop) {
1708 			sbdrop_locked(sb, drop);
1709 			drop = 0;
1710 		}
1711 
1712 		m = sb->sb_sndptr != NULL ? sb->sb_sndptr->m_next : sb->sb_mb;
1713 
1714 		/*
1715 		 * Send a FIN if requested, but only if there's no
1716 		 * more data to send.
1717 		 */
1718 		if (m == NULL && toep->flags & TPF_SEND_FIN) {
1719 			if (sowwakeup)
1720 				sowwakeup_locked(so);
1721 			else
1722 				SOCKBUF_UNLOCK(sb);
1723 			SOCKBUF_UNLOCK_ASSERT(sb);
1724 			t4_close_conn(sc, toep);
1725 			return;
1726 		}
1727 
1728 		/*
1729 		 * If there is no ready data to send, wait until more
1730 		 * data arrives.
1731 		 */
1732 		if (m == NULL || (m->m_flags & M_NOTAVAIL) != 0) {
1733 			if (sowwakeup)
1734 				sowwakeup_locked(so);
1735 			else
1736 				SOCKBUF_UNLOCK(sb);
1737 			SOCKBUF_UNLOCK_ASSERT(sb);
1738 #ifdef VERBOSE_TRACES
1739 			CTR2(KTR_CXGBE, "%s: tid %d no ready data to send",
1740 			    __func__, toep->tid);
1741 #endif
1742 			return;
1743 		}
1744 
1745 		KASSERT(m->m_flags & M_NOMAP, ("%s: mbuf %p is not NOMAP",
1746 		    __func__, m));
1747 		KASSERT(m->m_ext.ext_pgs->tls != NULL,
1748 		    ("%s: mbuf %p doesn't have TLS session", __func__, m));
1749 
1750 		/* Calculate WR length. */
1751 		wr_len = sizeof(struct fw_tlstx_data_wr) +
1752 		    sizeof(struct cpl_tx_tls_sfo) + key_size(toep);
1753 
1754 		/* Explicit IVs for AES-CBC and AES-GCM are <= 16. */
1755 		MPASS(toep->tls.iv_len <= AES_BLOCK_LEN);
1756 		wr_len += AES_BLOCK_LEN;
1757 
1758 		/* Account for SGL in work request length. */
1759 		nsegs = count_ext_pgs_segs(m->m_ext.ext_pgs);
1760 		wr_len += sizeof(struct ulptx_sgl) +
1761 		    ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8;
1762 
1763 		/* Not enough credits for this work request. */
1764 		if (howmany(wr_len, 16) > tx_credits) {
1765 			if (sowwakeup)
1766 				sowwakeup_locked(so);
1767 			else
1768 				SOCKBUF_UNLOCK(sb);
1769 			SOCKBUF_UNLOCK_ASSERT(sb);
1770 #ifdef VERBOSE_TRACES
1771 			CTR5(KTR_CXGBE,
1772 	    "%s: tid %d mbuf %p requires %d credits, but only %d available",
1773 			    __func__, toep->tid, m, howmany(wr_len, 16),
1774 			    tx_credits);
1775 #endif
1776 			toep->flags |= TPF_TX_SUSPENDED;
1777 			return;
1778 		}
1779 
1780 		/* Shove if there is no additional data pending. */
1781 		shove = ((m->m_next == NULL ||
1782 		    (m->m_next->m_flags & M_NOTAVAIL) != 0)) &&
1783 		    (tp->t_flags & TF_MORETOCOME) == 0;
1784 
1785 		if (sb->sb_flags & SB_AUTOSIZE &&
1786 		    V_tcp_do_autosndbuf &&
1787 		    sb->sb_hiwat < V_tcp_autosndbuf_max &&
1788 		    sbused(sb) >= sb->sb_hiwat * 7 / 8) {
1789 			int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc,
1790 			    V_tcp_autosndbuf_max);
1791 
1792 			if (!sbreserve_locked(sb, newsize, so, NULL))
1793 				sb->sb_flags &= ~SB_AUTOSIZE;
1794 			else
1795 				sowwakeup = 1;	/* room available */
1796 		}
1797 		if (sowwakeup)
1798 			sowwakeup_locked(so);
1799 		else
1800 			SOCKBUF_UNLOCK(sb);
1801 		SOCKBUF_UNLOCK_ASSERT(sb);
1802 
1803 		if (__predict_false(toep->flags & TPF_FIN_SENT))
1804 			panic("%s: excess tx.", __func__);
1805 
1806 		wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq);
1807 		if (wr == NULL) {
1808 			/* XXX: how will we recover from this? */
1809 			toep->flags |= TPF_TX_SUSPENDED;
1810 			return;
1811 		}
1812 
1813 		thdr = (struct tls_hdr *)m->m_ext.ext_pgs->hdr;
1814 #ifdef VERBOSE_TRACES
1815 		CTR5(KTR_CXGBE, "%s: tid %d TLS record %ju type %d len %#x",
1816 		    __func__, toep->tid, m->m_ext.ext_pgs->seqno, thdr->type,
1817 		    m->m_len);
1818 #endif
1819 		txwr = wrtod(wr);
1820 		cpl = (struct cpl_tx_tls_sfo *)(txwr + 1);
1821 		memset(txwr, 0, roundup2(wr_len, 16));
1822 		credits = howmany(wr_len, 16);
1823 		expn_size = m->m_ext.ext_pgs->hdr_len +
1824 		    m->m_ext.ext_pgs->trail_len;
1825 		tls_size = m->m_len - expn_size;
1826 		write_tlstx_wr(txwr, toep, 0,
1827 		    tls_size, expn_size, 1, credits, shove, 1);
1828 		toep->tls.tx_seq_no = m->m_ext.ext_pgs->seqno;
1829 		write_tlstx_cpl(cpl, toep, thdr, tls_size, 1);
1830 		tls_copy_tx_key(toep, cpl + 1);
1831 
1832 		/* Copy IV. */
1833 		buf = (char *)(cpl + 1) + key_size(toep);
1834 		memcpy(buf, thdr + 1, toep->tls.iv_len);
1835 		buf += AES_BLOCK_LEN;
1836 
1837 		write_ktlstx_sgl(buf, m->m_ext.ext_pgs, nsegs);
1838 
1839 		KASSERT(toep->tx_credits >= credits,
1840 			("%s: not enough credits", __func__));
1841 
1842 		toep->tx_credits -= credits;
1843 
1844 		tp->snd_nxt += m->m_len;
1845 		tp->snd_max += m->m_len;
1846 
1847 		SOCKBUF_LOCK(sb);
1848 		sb->sb_sndptr = m;
1849 		SOCKBUF_UNLOCK(sb);
1850 
1851 		toep->flags |= TPF_TX_DATA_SENT;
1852 		if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep))
1853 			toep->flags |= TPF_TX_SUSPENDED;
1854 
1855 		KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__));
1856 		txsd->plen = m->m_len;
1857 		txsd->tx_credits = credits;
1858 		txsd++;
1859 		if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) {
1860 			toep->txsd_pidx = 0;
1861 			txsd = &toep->txsd[0];
1862 		}
1863 		toep->txsd_avail--;
1864 
1865 		atomic_add_long(&toep->vi->pi->tx_tls_records, 1);
1866 		atomic_add_long(&toep->vi->pi->tx_tls_octets, m->m_len);
1867 
1868 		t4_l2t_send(sc, wr, toep->l2te);
1869 	}
1870 }
1871 #endif
1872 
1873 /*
1874  * For TLS data we place received mbufs received via CPL_TLS_DATA into
1875  * an mbufq in the TLS offload state.  When CPL_RX_TLS_CMP is
1876  * received, the completed PDUs are placed into the socket receive
1877  * buffer.
1878  *
1879  * The TLS code reuses the ulp_pdu_reclaimq to hold the pending mbufs.
1880  */
1881 static int
1882 do_tls_data(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m)
1883 {
1884 	struct adapter *sc = iq->adapter;
1885 	const struct cpl_tls_data *cpl = mtod(m, const void *);
1886 	unsigned int tid = GET_TID(cpl);
1887 	struct toepcb *toep = lookup_tid(sc, tid);
1888 	struct inpcb *inp = toep->inp;
1889 	struct tcpcb *tp;
1890 	int len;
1891 
1892 	/* XXX: Should this match do_rx_data instead? */
1893 	KASSERT(!(toep->flags & TPF_SYNQE),
1894 	    ("%s: toep %p claims to be a synq entry", __func__, toep));
1895 
1896 	KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__));
1897 
1898 	/* strip off CPL header */
1899 	m_adj(m, sizeof(*cpl));
1900 	len = m->m_pkthdr.len;
1901 
1902 	atomic_add_long(&toep->vi->pi->rx_tls_octets, len);
1903 
1904 	KASSERT(len == G_CPL_TLS_DATA_LENGTH(be32toh(cpl->length_pkd)),
1905 	    ("%s: payload length mismatch", __func__));
1906 
1907 	INP_WLOCK(inp);
1908 	if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) {
1909 		CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x",
1910 		    __func__, tid, len, inp->inp_flags);
1911 		INP_WUNLOCK(inp);
1912 		m_freem(m);
1913 		return (0);
1914 	}
1915 
1916 	/* Save TCP sequence number. */
1917 	m->m_pkthdr.tls_tcp_seq = be32toh(cpl->seq);
1918 
1919 	if (mbufq_enqueue(&toep->ulp_pdu_reclaimq, m)) {
1920 #ifdef INVARIANTS
1921 		panic("Failed to queue TLS data packet");
1922 #else
1923 		printf("%s: Failed to queue TLS data packet\n", __func__);
1924 		INP_WUNLOCK(inp);
1925 		m_freem(m);
1926 		return (0);
1927 #endif
1928 	}
1929 
1930 	tp = intotcpcb(inp);
1931 	tp->t_rcvtime = ticks;
1932 
1933 #ifdef VERBOSE_TRACES
1934 	CTR4(KTR_CXGBE, "%s: tid %u len %d seq %u", __func__, tid, len,
1935 	    be32toh(cpl->seq));
1936 #endif
1937 
1938 	INP_WUNLOCK(inp);
1939 	return (0);
1940 }
1941 
1942 static int
1943 do_rx_tls_cmp(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m)
1944 {
1945 	struct adapter *sc = iq->adapter;
1946 	const struct cpl_rx_tls_cmp *cpl = mtod(m, const void *);
1947 	struct tlsrx_hdr_pkt *tls_hdr_pkt;
1948 	unsigned int tid = GET_TID(cpl);
1949 	struct toepcb *toep = lookup_tid(sc, tid);
1950 	struct inpcb *inp = toep->inp;
1951 	struct tcpcb *tp;
1952 	struct socket *so;
1953 	struct sockbuf *sb;
1954 	struct mbuf *tls_data;
1955 	int len, pdu_length, rx_credits;
1956 
1957 	KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__));
1958 	KASSERT(!(toep->flags & TPF_SYNQE),
1959 	    ("%s: toep %p claims to be a synq entry", __func__, toep));
1960 
1961 	/* strip off CPL header */
1962 	m_adj(m, sizeof(*cpl));
1963 	len = m->m_pkthdr.len;
1964 
1965 	atomic_add_long(&toep->vi->pi->rx_tls_records, 1);
1966 
1967 	KASSERT(len == G_CPL_RX_TLS_CMP_LENGTH(be32toh(cpl->pdulength_length)),
1968 	    ("%s: payload length mismatch", __func__));
1969 
1970 	INP_WLOCK(inp);
1971 	if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) {
1972 		CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x",
1973 		    __func__, tid, len, inp->inp_flags);
1974 		INP_WUNLOCK(inp);
1975 		m_freem(m);
1976 		return (0);
1977 	}
1978 
1979 	pdu_length = G_CPL_RX_TLS_CMP_PDULENGTH(be32toh(cpl->pdulength_length));
1980 
1981 	tp = intotcpcb(inp);
1982 
1983 #ifdef VERBOSE_TRACES
1984 	CTR6(KTR_CXGBE, "%s: tid %u PDU len %d len %d seq %u, rcv_nxt %u",
1985 	    __func__, tid, pdu_length, len, be32toh(cpl->seq), tp->rcv_nxt);
1986 #endif
1987 
1988 	tp->rcv_nxt += pdu_length;
1989 	if (tp->rcv_wnd < pdu_length) {
1990 		toep->tls.rcv_over += pdu_length - tp->rcv_wnd;
1991 		tp->rcv_wnd = 0;
1992 	} else
1993 		tp->rcv_wnd -= pdu_length;
1994 
1995 	/* XXX: Not sure what to do about urgent data. */
1996 
1997 	/*
1998 	 * The payload of this CPL is the TLS header followed by
1999 	 * additional fields.
2000 	 */
2001 	KASSERT(m->m_len >= sizeof(*tls_hdr_pkt),
2002 	    ("%s: payload too small", __func__));
2003 	tls_hdr_pkt = mtod(m, void *);
2004 
2005 	/*
2006 	 * Only the TLS header is sent to OpenSSL, so report errors by
2007 	 * altering the record type.
2008 	 */
2009 	if ((tls_hdr_pkt->res_to_mac_error & M_TLSRX_HDR_PKT_ERROR) != 0)
2010 		tls_hdr_pkt->type = CONTENT_TYPE_ERROR;
2011 
2012 	/* Trim this CPL's mbuf to only include the TLS header. */
2013 	KASSERT(m->m_len == len && m->m_next == NULL,
2014 	    ("%s: CPL spans multiple mbufs", __func__));
2015 	m->m_len = TLS_HEADER_LENGTH;
2016 	m->m_pkthdr.len = TLS_HEADER_LENGTH;
2017 
2018 	tls_data = mbufq_dequeue(&toep->ulp_pdu_reclaimq);
2019 	if (tls_data != NULL) {
2020 		KASSERT(be32toh(cpl->seq) == tls_data->m_pkthdr.tls_tcp_seq,
2021 		    ("%s: sequence mismatch", __func__));
2022 
2023 		/*
2024 		 * Update the TLS header length to be the length of
2025 		 * the payload data.
2026 		 */
2027 		tls_hdr_pkt->length = htobe16(tls_data->m_pkthdr.len);
2028 
2029 		m->m_next = tls_data;
2030 		m->m_pkthdr.len += tls_data->m_len;
2031 	}
2032 
2033 	so = inp_inpcbtosocket(inp);
2034 	sb = &so->so_rcv;
2035 	SOCKBUF_LOCK(sb);
2036 
2037 	if (__predict_false(sb->sb_state & SBS_CANTRCVMORE)) {
2038 		struct epoch_tracker et;
2039 
2040 		CTR3(KTR_CXGBE, "%s: tid %u, excess rx (%d bytes)",
2041 		    __func__, tid, pdu_length);
2042 		m_freem(m);
2043 		SOCKBUF_UNLOCK(sb);
2044 		INP_WUNLOCK(inp);
2045 
2046 		CURVNET_SET(toep->vnet);
2047 		NET_EPOCH_ENTER(et);
2048 		INP_WLOCK(inp);
2049 		tp = tcp_drop(tp, ECONNRESET);
2050 		if (tp)
2051 			INP_WUNLOCK(inp);
2052 		NET_EPOCH_EXIT(et);
2053 		CURVNET_RESTORE();
2054 
2055 		return (0);
2056 	}
2057 
2058 	/*
2059 	 * Not all of the bytes on the wire are included in the socket buffer
2060 	 * (e.g. the MAC of the TLS record).  However, those bytes are included
2061 	 * in the TCP sequence space.
2062 	 */
2063 
2064 	/* receive buffer autosize */
2065 	MPASS(toep->vnet == so->so_vnet);
2066 	CURVNET_SET(toep->vnet);
2067 	if (sb->sb_flags & SB_AUTOSIZE &&
2068 	    V_tcp_do_autorcvbuf &&
2069 	    sb->sb_hiwat < V_tcp_autorcvbuf_max &&
2070 	    m->m_pkthdr.len > (sbspace(sb) / 8 * 7)) {
2071 		unsigned int hiwat = sb->sb_hiwat;
2072 		unsigned int newsize = min(hiwat + sc->tt.autorcvbuf_inc,
2073 		    V_tcp_autorcvbuf_max);
2074 
2075 		if (!sbreserve_locked(sb, newsize, so, NULL))
2076 			sb->sb_flags &= ~SB_AUTOSIZE;
2077 	}
2078 
2079 	sbappendstream_locked(sb, m, 0);
2080 	rx_credits = sbspace(sb) > tp->rcv_wnd ? sbspace(sb) - tp->rcv_wnd : 0;
2081 #ifdef VERBOSE_TRACES
2082 	CTR4(KTR_CXGBE, "%s: tid %u rx_credits %u rcv_wnd %u",
2083 	    __func__, tid, rx_credits, tp->rcv_wnd);
2084 #endif
2085 	if (rx_credits > 0 && sbused(sb) + tp->rcv_wnd < sb->sb_lowat) {
2086 		rx_credits = send_rx_credits(sc, toep, rx_credits);
2087 		tp->rcv_wnd += rx_credits;
2088 		tp->rcv_adv += rx_credits;
2089 	}
2090 
2091 	sorwakeup_locked(so);
2092 	SOCKBUF_UNLOCK_ASSERT(sb);
2093 
2094 	INP_WUNLOCK(inp);
2095 	CURVNET_RESTORE();
2096 	return (0);
2097 }
2098 
2099 void
2100 t4_tls_mod_load(void)
2101 {
2102 
2103 	mtx_init(&tls_handshake_lock, "t4tls handshake", NULL, MTX_DEF);
2104 	t4_register_cpl_handler(CPL_TLS_DATA, do_tls_data);
2105 	t4_register_cpl_handler(CPL_RX_TLS_CMP, do_rx_tls_cmp);
2106 }
2107 
2108 void
2109 t4_tls_mod_unload(void)
2110 {
2111 
2112 	t4_register_cpl_handler(CPL_TLS_DATA, NULL);
2113 	t4_register_cpl_handler(CPL_RX_TLS_CMP, NULL);
2114 	mtx_destroy(&tls_handshake_lock);
2115 }
2116 #endif	/* TCP_OFFLOAD */
2117