1 /*- 2 * Copyright (c) 2021-2022 NVIDIA corporation & affiliates. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND 14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 * 25 * $FreeBSD$ 26 */ 27 28 #ifndef _MLX5_TLS_RX_H_ 29 #define _MLX5_TLS_RX_H_ 30 31 #include <linux/completion.h> 32 33 #define MLX5E_TLS_RX_PROGRESS_BUFFER_SIZE 128 34 35 #define MLX5E_TLS_RX_RESYNC_MAX 32 /* units */ 36 #define MLX5E_TLS_RX_NUM_MAX (1U << 11) /* packets */ 37 38 #define MLX5E_TLS_RX_TAG_LOCK(tag) mtx_lock(&(tag)->mtx) 39 #define MLX5E_TLS_RX_TAG_UNLOCK(tag) mtx_unlock(&(tag)->mtx) 40 41 #define MLX5E_TLS_RX_STAT_INC(tag, field, num) \ 42 counter_u64_add((tag)->tls_rx->stats.field, num) 43 44 #if ((MLX5E_TLS_RX_RESYNC_MAX * MLX5E_TLS_RX_NUM_MAX) << 14) > (1U << 30) 45 #error "Please lower the limits of the TLS record length database." 46 #endif 47 48 enum { 49 MLX5E_TLS_RX_PROGRESS_PARAMS_AUTH_STATE_NO_OFFLOAD = 0, 50 MLX5E_TLS_RX_PROGRESS_PARAMS_AUTH_STATE_OFFLOAD = 1, 51 MLX5E_TLS_RX_PROGRESS_PARAMS_AUTH_STATE_AUTHENTICATION = 2, 52 }; 53 54 enum { 55 MLX5E_TLS_RX_PROGRESS_PARAMS_RECORD_TRACKER_STATE_START = 0, 56 MLX5E_TLS_RX_PROGRESS_PARAMS_RECORD_TRACKER_STATE_TRACKING = 1, 57 MLX5E_TLS_RX_PROGRESS_PARAMS_RECORD_TRACKER_STATE_SEARCHING = 2, 58 }; 59 60 struct mlx5e_tls_rx; 61 struct mlx5e_tls_rx_tag { 62 struct m_snd_tag tag; 63 uint32_t tirn; /* HW TIR context number */ 64 uint32_t dek_index; /* HW TLS context number */ 65 struct mlx5e_tls_rx *tls_rx; /* parent pointer */ 66 struct mlx5_flow_rule *flow_rule; 67 struct mtx mtx; 68 struct completion progress_complete; 69 uint32_t state; /* see MLX5E_TLS_RX_ST_XXX */ 70 #define MLX5E_TLS_RX_ST_INIT 0 71 #define MLX5E_TLS_RX_ST_SETUP 1 72 #define MLX5E_TLS_RX_ST_READY 2 73 #define MLX5E_TLS_RX_ST_RELEASE 3 74 #define MLX5E_TLS_RX_ST_FREED 4 75 76 /* 77 * The following fields are used to store the TCP starting 78 * point of TLS records in the past. When TLS records of same 79 * length are back to back the tcp_resync_num[] is incremented 80 * instead of creating new entries. This way up to 81 * "MLX5E_TLS_RX_RESYNC_MAX" * "MLX5E_TLS_RX_NUM_MAX" * 16 82 * KBytes, around 1GByte worth of TCP data, may be remembered 83 * in the good case. The amount of history should not exceed 84 * 2GBytes of TCP data, because then the TCP sequence numbers 85 * may wrap around. 86 * 87 * This information is used to tell if a given TCP sequence 88 * number is a valid TLS record or not. 89 */ 90 uint64_t rcd_resync_start; /* starting TLS record number */ 91 uint32_t tcp_resync_start; /* starting TCP sequence number */ 92 uint32_t tcp_resync_next; /* next expected TCP sequence number */ 93 uint32_t tcp_resync_len[MLX5E_TLS_RX_RESYNC_MAX]; 94 uint32_t tcp_resync_num[MLX5E_TLS_RX_RESYNC_MAX]; 95 uint16_t tcp_resync_pc; /* producer counter for arrays above */ 96 uint16_t tcp_resync_cc; /* consumer counter for arrays above */ 97 98 struct work_struct work; 99 100 uint32_t flowid; 101 uint32_t flowtype; 102 uint32_t dek_index_ok:1; 103 uint32_t tcp_resync_active:1; 104 uint32_t tcp_resync_pending:1; 105 106 /* parameters needed */ 107 uint8_t crypto_params[128] __aligned(4); 108 uint8_t rx_progress[MLX5E_TLS_RX_PROGRESS_BUFFER_SIZE * 2]; 109 } __aligned(MLX5E_CACHELINE_SIZE); 110 111 static inline void * 112 mlx5e_tls_rx_get_progress_buffer(struct mlx5e_tls_rx_tag *ptag) 113 { 114 /* return properly aligned RX buffer */ 115 return (ptag->rx_progress + 116 ((-(uintptr_t)ptag->rx_progress) & 117 (MLX5E_TLS_RX_PROGRESS_BUFFER_SIZE - 1))); 118 } 119 120 #define MLX5E_TLS_RX_STATS(m) \ 121 m(+1, u64, rx_resync_ok, "rx_resync_ok", "Successful resync requests")\ 122 m(+1, u64, rx_resync_err, "rx_resync_err", "Failed resync requests")\ 123 m(+1, u64, rx_error, "rx_error", "Other errors") 124 125 #define MLX5E_TLS_RX_STATS_NUM (0 MLX5E_TLS_RX_STATS(MLX5E_STATS_COUNT)) 126 127 struct mlx5e_tls_rx_stats { 128 struct sysctl_ctx_list ctx; 129 counter_u64_t arg[0]; 130 MLX5E_TLS_RX_STATS(MLX5E_STATS_COUNTER) 131 }; 132 133 struct mlx5e_tls_rx { 134 struct sysctl_ctx_list ctx; 135 struct mlx5e_tls_rx_stats stats; 136 struct workqueue_struct *wq; 137 uma_zone_t zone; 138 uint32_t max_resources; /* max number of resources */ 139 volatile uint32_t num_resources; /* current number of resources */ 140 int init; /* set when ready */ 141 char zname[32]; 142 }; 143 144 int mlx5e_tls_rx_init(struct mlx5e_priv *); 145 void mlx5e_tls_rx_cleanup(struct mlx5e_priv *); 146 147 if_snd_tag_alloc_t mlx5e_tls_rx_snd_tag_alloc; 148 149 #endif /* _MLX5_TLS_RX_H_ */ 150