xref: /freebsd/sys/dev/mlx5/mlx5_fpga/mlx5fpga_ipsec.c (revision 257e70f1d5ee61037c8c59b116538d3b6b1427a2)
1 /*-
2  * Copyright (c) 2017 Mellanox Technologies. All rights reserved.
3  *
4  * This software is available to you under a choice of one of two
5  * licenses.  You may choose to be licensed under the terms of the GNU
6  * General Public License (GPL) Version 2, available from the file
7  * COPYING in the main directory of this source tree, or the
8  * OpenIB.org BSD license below:
9  *
10  *     Redistribution and use in source and binary forms, with or
11  *     without modification, are permitted provided that the following
12  *     conditions are met:
13  *
14  *      - Redistributions of source code must retain the above
15  *        copyright notice, this list of conditions and the following
16  *        disclaimer.
17  *
18  *      - Redistributions in binary form must reproduce the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer in the documentation and/or other materials
21  *        provided with the distribution.
22  *
23  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30  * SOFTWARE.
31  */
32 
33 #include <dev/mlx5/driver.h>
34 
35 #include <dev/mlx5/mlx5_core/mlx5_core.h>
36 #include <dev/mlx5/mlx5_fpga/ipsec.h>
37 #include <dev/mlx5/mlx5_fpga/sdk.h>
38 #include <dev/mlx5/mlx5_fpga/core.h>
39 
40 #define SBU_QP_QUEUE_SIZE 8
41 
42 enum mlx5_ipsec_response_syndrome {
43 	MLX5_IPSEC_RESPONSE_SUCCESS = 0,
44 	MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST = 1,
45 	MLX5_IPSEC_RESPONSE_SADB_ISSUE = 2,
46 	MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE = 3,
47 };
48 
49 enum mlx5_fpga_ipsec_sacmd_status {
50 	MLX5_FPGA_IPSEC_SACMD_PENDING,
51 	MLX5_FPGA_IPSEC_SACMD_SEND_FAIL,
52 	MLX5_FPGA_IPSEC_SACMD_COMPLETE,
53 };
54 
55 struct mlx5_ipsec_command_context {
56 	struct mlx5_fpga_dma_buf buf;
57 	struct mlx5_accel_ipsec_sa sa;
58 	enum mlx5_fpga_ipsec_sacmd_status status;
59 	int status_code;
60 	struct completion complete;
61 	struct mlx5_fpga_device *dev;
62 	struct list_head list; /* Item in pending_cmds */
63 };
64 
65 struct mlx5_ipsec_sadb_resp {
66 	__be32 syndrome;
67 	__be32 sw_sa_handle;
68 	u8 reserved[24];
69 } __packed;
70 
71 struct mlx5_fpga_ipsec {
72 	struct list_head pending_cmds;
73 	spinlock_t pending_cmds_lock; /* Protects pending_cmds */
74 	u32 caps[MLX5_ST_SZ_DW(ipsec_extended_cap)];
75 	struct mlx5_fpga_conn *conn;
76 };
77 
78 static bool mlx5_fpga_is_ipsec_device(struct mlx5_core_dev *mdev)
79 {
80 	if (!mdev->fpga || !MLX5_CAP_GEN(mdev, fpga))
81 		return false;
82 
83 	if (MLX5_CAP_FPGA(mdev, ieee_vendor_id) !=
84 	    MLX5_FPGA_CAP_SANDBOX_VENDOR_ID_MLNX)
85 		return false;
86 
87 	if (MLX5_CAP_FPGA(mdev, sandbox_product_id) !=
88 	    MLX5_FPGA_CAP_SANDBOX_PRODUCT_ID_IPSEC)
89 		return false;
90 
91 	return true;
92 }
93 
94 static void mlx5_fpga_ipsec_send_complete(struct mlx5_fpga_conn *conn,
95 					  struct mlx5_fpga_device *fdev,
96 					  struct mlx5_fpga_dma_buf *buf,
97 					  u8 status)
98 {
99 	struct mlx5_ipsec_command_context *context;
100 
101 	if (status) {
102 		context = container_of(buf, struct mlx5_ipsec_command_context,
103 				       buf);
104 		mlx5_fpga_warn(fdev, "IPSec command send failed with status %u\n",
105 			       status);
106 		context->status = MLX5_FPGA_IPSEC_SACMD_SEND_FAIL;
107 		complete(&context->complete);
108 	}
109 }
110 
111 static inline int syndrome_to_errno(enum mlx5_ipsec_response_syndrome syndrome)
112 {
113 	switch (syndrome) {
114 	case MLX5_IPSEC_RESPONSE_SUCCESS:
115 		return 0;
116 	case MLX5_IPSEC_RESPONSE_SADB_ISSUE:
117 		return -EEXIST;
118 	case MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST:
119 		return -EINVAL;
120 	case MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE:
121 		return -EIO;
122 	}
123 	return -EIO;
124 }
125 
126 static void mlx5_fpga_ipsec_recv(void *cb_arg, struct mlx5_fpga_dma_buf *buf)
127 {
128 	struct mlx5_ipsec_sadb_resp *resp = buf->sg[0].data;
129 	struct mlx5_ipsec_command_context *context;
130 	enum mlx5_ipsec_response_syndrome syndrome;
131 	struct mlx5_fpga_device *fdev = cb_arg;
132 	unsigned long flags;
133 
134 	if (buf->sg[0].size < sizeof(*resp)) {
135 		mlx5_fpga_warn(fdev, "Short receive from FPGA IPSec: %u < %zu bytes\n",
136 			       buf->sg[0].size, sizeof(*resp));
137 		return;
138 	}
139 
140 	mlx5_fpga_dbg(fdev, "mlx5_ipsec recv_cb syndrome %08x sa_id %x\n",
141 		      ntohl(resp->syndrome), ntohl(resp->sw_sa_handle));
142 
143 	spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
144 	context = list_first_entry_or_null(&fdev->ipsec->pending_cmds,
145 					   struct mlx5_ipsec_command_context,
146 					   list);
147 	if (context)
148 		list_del(&context->list);
149 	spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
150 
151 	if (!context) {
152 		mlx5_fpga_warn(fdev, "Received IPSec offload response without pending command request\n");
153 		return;
154 	}
155 	mlx5_fpga_dbg(fdev, "Handling response for %p\n", context);
156 
157 	if (context->sa.sw_sa_handle != resp->sw_sa_handle) {
158 		mlx5_fpga_err(fdev, "mismatch SA handle. cmd 0x%08x vs resp 0x%08x\n",
159 			      ntohl(context->sa.sw_sa_handle),
160 			      ntohl(resp->sw_sa_handle));
161 		return;
162 	}
163 
164 	syndrome = ntohl(resp->syndrome);
165 	context->status_code = syndrome_to_errno(syndrome);
166 	context->status = MLX5_FPGA_IPSEC_SACMD_COMPLETE;
167 
168 	if (context->status_code)
169 		mlx5_fpga_warn(fdev, "IPSec SADB command failed with syndrome %08x\n",
170 			       syndrome);
171 	complete(&context->complete);
172 }
173 
174 void *mlx5_fpga_ipsec_sa_cmd_exec(struct mlx5_core_dev *mdev,
175 				  struct mlx5_accel_ipsec_sa *cmd)
176 {
177 	struct mlx5_ipsec_command_context *context;
178 	struct mlx5_fpga_device *fdev = mdev->fpga;
179 	unsigned long flags;
180 	int res = 0;
181 
182 	BUILD_BUG_ON((sizeof(struct mlx5_accel_ipsec_sa) & 3) != 0);
183 	if (!fdev || !fdev->ipsec)
184 		return ERR_PTR(-EOPNOTSUPP);
185 
186 	context = kzalloc(sizeof(*context), GFP_ATOMIC);
187 	if (!context)
188 		return ERR_PTR(-ENOMEM);
189 
190 	memcpy(&context->sa, cmd, sizeof(*cmd));
191 	context->buf.complete = mlx5_fpga_ipsec_send_complete;
192 	context->buf.sg[0].size = sizeof(context->sa);
193 	context->buf.sg[0].data = &context->sa;
194 	init_completion(&context->complete);
195 	context->dev = fdev;
196 	spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
197 	list_add_tail(&context->list, &fdev->ipsec->pending_cmds);
198 	spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
199 
200 	context->status = MLX5_FPGA_IPSEC_SACMD_PENDING;
201 
202 	res = mlx5_fpga_sbu_conn_sendmsg(fdev->ipsec->conn, &context->buf);
203 	if (res) {
204 		mlx5_fpga_warn(fdev, "Failure sending IPSec command: %d\n",
205 			       res);
206 		spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
207 		list_del(&context->list);
208 		spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
209 		kfree(context);
210 		return ERR_PTR(res);
211 	}
212 	/* Context will be freed by wait func after completion */
213 	return context;
214 }
215 
216 int mlx5_fpga_ipsec_sa_cmd_wait(void *ctx)
217 {
218 	struct mlx5_ipsec_command_context *context = ctx;
219 	int res;
220 
221 	res = wait_for_completion/*_killable XXXKIB*/(&context->complete);
222 	if (res) {
223 		mlx5_fpga_warn(context->dev, "Failure waiting for IPSec command response\n");
224 		return -EINTR;
225 	}
226 
227 	if (context->status == MLX5_FPGA_IPSEC_SACMD_COMPLETE)
228 		res = context->status_code;
229 	else
230 		res = -EIO;
231 
232 	kfree(context);
233 	return res;
234 }
235 
236 u32 mlx5_fpga_ipsec_device_caps(struct mlx5_core_dev *mdev)
237 {
238 	struct mlx5_fpga_device *fdev = mdev->fpga;
239 	u32 ret = 0;
240 
241 	if (mlx5_fpga_is_ipsec_device(mdev))
242 		ret |= MLX5_ACCEL_IPSEC_DEVICE;
243 	else
244 		return ret;
245 
246 	if (!fdev->ipsec)
247 		return ret;
248 
249 	if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, esp))
250 		ret |= MLX5_ACCEL_IPSEC_ESP;
251 
252 	if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, ipv6))
253 		ret |= MLX5_ACCEL_IPSEC_IPV6;
254 
255 	if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, lso))
256 		ret |= MLX5_ACCEL_IPSEC_LSO;
257 
258 	return ret;
259 }
260 
261 unsigned int mlx5_fpga_ipsec_counters_count(struct mlx5_core_dev *mdev)
262 {
263 	struct mlx5_fpga_device *fdev = mdev->fpga;
264 
265 	if (!fdev || !fdev->ipsec)
266 		return 0;
267 
268 	return MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
269 			number_of_ipsec_counters);
270 }
271 
272 int mlx5_fpga_ipsec_counters_read(struct mlx5_core_dev *mdev, u64 *counters,
273 				  unsigned int counters_count)
274 {
275 	struct mlx5_fpga_device *fdev = mdev->fpga;
276 	unsigned int i;
277 	__be32 *data;
278 	u32 count;
279 	u64 addr;
280 	int ret;
281 
282 	if (!fdev || !fdev->ipsec)
283 		return 0;
284 
285 	addr = (u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
286 			     ipsec_counters_addr_low) +
287 	       ((u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
288 			     ipsec_counters_addr_high) << 32);
289 
290 	count = mlx5_fpga_ipsec_counters_count(mdev);
291 
292 	data = kzalloc(sizeof(*data) * count * 2, GFP_KERNEL);
293 	if (!data) {
294 		ret = -ENOMEM;
295 		goto out;
296 	}
297 
298 	ret = mlx5_fpga_mem_read(fdev, count * sizeof(u64), addr, data,
299 				 MLX5_FPGA_ACCESS_TYPE_DONTCARE);
300 	if (ret < 0) {
301 		mlx5_fpga_err(fdev, "Failed to read IPSec counters from HW: %d\n",
302 			      ret);
303 		goto out;
304 	}
305 	ret = 0;
306 
307 	if (count > counters_count)
308 		count = counters_count;
309 
310 	/* Each counter is low word, then high. But each word is big-endian */
311 	for (i = 0; i < count; i++)
312 		counters[i] = (u64)ntohl(data[i * 2]) |
313 			      ((u64)ntohl(data[i * 2 + 1]) << 32);
314 
315 out:
316 	kfree(data);
317 	return ret;
318 }
319 
320 int mlx5_fpga_ipsec_init(struct mlx5_core_dev *mdev)
321 {
322 	struct mlx5_fpga_conn_attr init_attr = {0};
323 	struct mlx5_fpga_device *fdev = mdev->fpga;
324 	struct mlx5_fpga_conn *conn;
325 	int err;
326 
327 	if (!mlx5_fpga_is_ipsec_device(mdev))
328 		return 0;
329 
330 	fdev->ipsec = kzalloc(sizeof(*fdev->ipsec), GFP_KERNEL);
331 	if (!fdev->ipsec)
332 		return -ENOMEM;
333 
334 	err = mlx5_fpga_get_sbu_caps(fdev, sizeof(fdev->ipsec->caps),
335 				     fdev->ipsec->caps);
336 	if (err) {
337 		mlx5_fpga_err(fdev, "Failed to retrieve IPSec extended capabilities: %d\n",
338 			      err);
339 		goto error;
340 	}
341 
342 	INIT_LIST_HEAD(&fdev->ipsec->pending_cmds);
343 	spin_lock_init(&fdev->ipsec->pending_cmds_lock);
344 
345 	init_attr.rx_size = SBU_QP_QUEUE_SIZE;
346 	init_attr.tx_size = SBU_QP_QUEUE_SIZE;
347 	init_attr.recv_cb = mlx5_fpga_ipsec_recv;
348 	init_attr.cb_arg = fdev;
349 	conn = mlx5_fpga_sbu_conn_create(fdev, &init_attr);
350 	if (IS_ERR(conn)) {
351 		err = PTR_ERR(conn);
352 		mlx5_fpga_err(fdev, "Error creating IPSec command connection %d\n",
353 			      err);
354 		goto error;
355 	}
356 	fdev->ipsec->conn = conn;
357 	return 0;
358 
359 error:
360 	kfree(fdev->ipsec);
361 	fdev->ipsec = NULL;
362 	return err;
363 }
364 
365 void mlx5_fpga_ipsec_cleanup(struct mlx5_core_dev *mdev)
366 {
367 	struct mlx5_fpga_device *fdev = mdev->fpga;
368 
369 	if (!mlx5_fpga_is_ipsec_device(mdev))
370 		return;
371 
372 	mlx5_fpga_sbu_conn_destroy(fdev->ipsec->conn);
373 	kfree(fdev->ipsec);
374 	fdev->ipsec = NULL;
375 }
376