1 /*- 2 * Copyright (c) 2017 Mellanox Technologies. All rights reserved. 3 * 4 * This software is available to you under a choice of one of two 5 * licenses. You may choose to be licensed under the terms of the GNU 6 * General Public License (GPL) Version 2, available from the file 7 * COPYING in the main directory of this source tree, or the 8 * OpenIB.org BSD license below: 9 * 10 * Redistribution and use in source and binary forms, with or 11 * without modification, are permitted provided that the following 12 * conditions are met: 13 * 14 * - Redistributions of source code must retain the above 15 * copyright notice, this list of conditions and the following 16 * disclaimer. 17 * 18 * - Redistributions in binary form must reproduce the above 19 * copyright notice, this list of conditions and the following 20 * disclaimer in the documentation and/or other materials 21 * provided with the distribution. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 * SOFTWARE. 31 * 32 * $FreeBSD$ 33 */ 34 35 #include <dev/mlx5/driver.h> 36 37 #include <dev/mlx5/mlx5_core/mlx5_core.h> 38 #include <dev/mlx5/mlx5_fpga/ipsec.h> 39 #include <dev/mlx5/mlx5_fpga/sdk.h> 40 #include <dev/mlx5/mlx5_fpga/core.h> 41 42 #define SBU_QP_QUEUE_SIZE 8 43 44 enum mlx5_ipsec_response_syndrome { 45 MLX5_IPSEC_RESPONSE_SUCCESS = 0, 46 MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST = 1, 47 MLX5_IPSEC_RESPONSE_SADB_ISSUE = 2, 48 MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE = 3, 49 }; 50 51 enum mlx5_fpga_ipsec_sacmd_status { 52 MLX5_FPGA_IPSEC_SACMD_PENDING, 53 MLX5_FPGA_IPSEC_SACMD_SEND_FAIL, 54 MLX5_FPGA_IPSEC_SACMD_COMPLETE, 55 }; 56 57 struct mlx5_ipsec_command_context { 58 struct mlx5_fpga_dma_buf buf; 59 struct mlx5_accel_ipsec_sa sa; 60 enum mlx5_fpga_ipsec_sacmd_status status; 61 int status_code; 62 struct completion complete; 63 struct mlx5_fpga_device *dev; 64 struct list_head list; /* Item in pending_cmds */ 65 }; 66 67 struct mlx5_ipsec_sadb_resp { 68 __be32 syndrome; 69 __be32 sw_sa_handle; 70 u8 reserved[24]; 71 } __packed; 72 73 struct mlx5_fpga_ipsec { 74 struct list_head pending_cmds; 75 spinlock_t pending_cmds_lock; /* Protects pending_cmds */ 76 u32 caps[MLX5_ST_SZ_DW(ipsec_extended_cap)]; 77 struct mlx5_fpga_conn *conn; 78 }; 79 80 static bool mlx5_fpga_is_ipsec_device(struct mlx5_core_dev *mdev) 81 { 82 if (!mdev->fpga || !MLX5_CAP_GEN(mdev, fpga)) 83 return false; 84 85 if (MLX5_CAP_FPGA(mdev, ieee_vendor_id) != 86 MLX5_FPGA_CAP_SANDBOX_VENDOR_ID_MLNX) 87 return false; 88 89 if (MLX5_CAP_FPGA(mdev, sandbox_product_id) != 90 MLX5_FPGA_CAP_SANDBOX_PRODUCT_ID_IPSEC) 91 return false; 92 93 return true; 94 } 95 96 static void mlx5_fpga_ipsec_send_complete(struct mlx5_fpga_conn *conn, 97 struct mlx5_fpga_device *fdev, 98 struct mlx5_fpga_dma_buf *buf, 99 u8 status) 100 { 101 struct mlx5_ipsec_command_context *context; 102 103 if (status) { 104 context = container_of(buf, struct mlx5_ipsec_command_context, 105 buf); 106 mlx5_fpga_warn(fdev, "IPSec command send failed with status %u\n", 107 status); 108 context->status = MLX5_FPGA_IPSEC_SACMD_SEND_FAIL; 109 complete(&context->complete); 110 } 111 } 112 113 static inline int syndrome_to_errno(enum mlx5_ipsec_response_syndrome syndrome) 114 { 115 switch (syndrome) { 116 case MLX5_IPSEC_RESPONSE_SUCCESS: 117 return 0; 118 case MLX5_IPSEC_RESPONSE_SADB_ISSUE: 119 return -EEXIST; 120 case MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST: 121 return -EINVAL; 122 case MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE: 123 return -EIO; 124 } 125 return -EIO; 126 } 127 128 static void mlx5_fpga_ipsec_recv(void *cb_arg, struct mlx5_fpga_dma_buf *buf) 129 { 130 struct mlx5_ipsec_sadb_resp *resp = buf->sg[0].data; 131 struct mlx5_ipsec_command_context *context; 132 enum mlx5_ipsec_response_syndrome syndrome; 133 struct mlx5_fpga_device *fdev = cb_arg; 134 unsigned long flags; 135 136 if (buf->sg[0].size < sizeof(*resp)) { 137 mlx5_fpga_warn(fdev, "Short receive from FPGA IPSec: %u < %zu bytes\n", 138 buf->sg[0].size, sizeof(*resp)); 139 return; 140 } 141 142 mlx5_fpga_dbg(fdev, "mlx5_ipsec recv_cb syndrome %08x sa_id %x\n", 143 ntohl(resp->syndrome), ntohl(resp->sw_sa_handle)); 144 145 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags); 146 context = list_first_entry_or_null(&fdev->ipsec->pending_cmds, 147 struct mlx5_ipsec_command_context, 148 list); 149 if (context) 150 list_del(&context->list); 151 spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags); 152 153 if (!context) { 154 mlx5_fpga_warn(fdev, "Received IPSec offload response without pending command request\n"); 155 return; 156 } 157 mlx5_fpga_dbg(fdev, "Handling response for %p\n", context); 158 159 if (context->sa.sw_sa_handle != resp->sw_sa_handle) { 160 mlx5_fpga_err(fdev, "mismatch SA handle. cmd 0x%08x vs resp 0x%08x\n", 161 ntohl(context->sa.sw_sa_handle), 162 ntohl(resp->sw_sa_handle)); 163 return; 164 } 165 166 syndrome = ntohl(resp->syndrome); 167 context->status_code = syndrome_to_errno(syndrome); 168 context->status = MLX5_FPGA_IPSEC_SACMD_COMPLETE; 169 170 if (context->status_code) 171 mlx5_fpga_warn(fdev, "IPSec SADB command failed with syndrome %08x\n", 172 syndrome); 173 complete(&context->complete); 174 } 175 176 void *mlx5_fpga_ipsec_sa_cmd_exec(struct mlx5_core_dev *mdev, 177 struct mlx5_accel_ipsec_sa *cmd) 178 { 179 struct mlx5_ipsec_command_context *context; 180 struct mlx5_fpga_device *fdev = mdev->fpga; 181 unsigned long flags; 182 int res = 0; 183 184 BUILD_BUG_ON((sizeof(struct mlx5_accel_ipsec_sa) & 3) != 0); 185 if (!fdev || !fdev->ipsec) 186 return ERR_PTR(-EOPNOTSUPP); 187 188 context = kzalloc(sizeof(*context), GFP_ATOMIC); 189 if (!context) 190 return ERR_PTR(-ENOMEM); 191 192 memcpy(&context->sa, cmd, sizeof(*cmd)); 193 context->buf.complete = mlx5_fpga_ipsec_send_complete; 194 context->buf.sg[0].size = sizeof(context->sa); 195 context->buf.sg[0].data = &context->sa; 196 init_completion(&context->complete); 197 context->dev = fdev; 198 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags); 199 list_add_tail(&context->list, &fdev->ipsec->pending_cmds); 200 spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags); 201 202 context->status = MLX5_FPGA_IPSEC_SACMD_PENDING; 203 204 res = mlx5_fpga_sbu_conn_sendmsg(fdev->ipsec->conn, &context->buf); 205 if (res) { 206 mlx5_fpga_warn(fdev, "Failure sending IPSec command: %d\n", 207 res); 208 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags); 209 list_del(&context->list); 210 spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags); 211 kfree(context); 212 return ERR_PTR(res); 213 } 214 /* Context will be freed by wait func after completion */ 215 return context; 216 } 217 218 int mlx5_fpga_ipsec_sa_cmd_wait(void *ctx) 219 { 220 struct mlx5_ipsec_command_context *context = ctx; 221 int res; 222 223 res = wait_for_completion/*_killable XXXKIB*/(&context->complete); 224 if (res) { 225 mlx5_fpga_warn(context->dev, "Failure waiting for IPSec command response\n"); 226 return -EINTR; 227 } 228 229 if (context->status == MLX5_FPGA_IPSEC_SACMD_COMPLETE) 230 res = context->status_code; 231 else 232 res = -EIO; 233 234 kfree(context); 235 return res; 236 } 237 238 u32 mlx5_fpga_ipsec_device_caps(struct mlx5_core_dev *mdev) 239 { 240 struct mlx5_fpga_device *fdev = mdev->fpga; 241 u32 ret = 0; 242 243 if (mlx5_fpga_is_ipsec_device(mdev)) 244 ret |= MLX5_ACCEL_IPSEC_DEVICE; 245 else 246 return ret; 247 248 if (!fdev->ipsec) 249 return ret; 250 251 if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, esp)) 252 ret |= MLX5_ACCEL_IPSEC_ESP; 253 254 if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, ipv6)) 255 ret |= MLX5_ACCEL_IPSEC_IPV6; 256 257 if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, lso)) 258 ret |= MLX5_ACCEL_IPSEC_LSO; 259 260 return ret; 261 } 262 263 unsigned int mlx5_fpga_ipsec_counters_count(struct mlx5_core_dev *mdev) 264 { 265 struct mlx5_fpga_device *fdev = mdev->fpga; 266 267 if (!fdev || !fdev->ipsec) 268 return 0; 269 270 return MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, 271 number_of_ipsec_counters); 272 } 273 274 int mlx5_fpga_ipsec_counters_read(struct mlx5_core_dev *mdev, u64 *counters, 275 unsigned int counters_count) 276 { 277 struct mlx5_fpga_device *fdev = mdev->fpga; 278 unsigned int i; 279 __be32 *data; 280 u32 count; 281 u64 addr; 282 int ret; 283 284 if (!fdev || !fdev->ipsec) 285 return 0; 286 287 addr = (u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, 288 ipsec_counters_addr_low) + 289 ((u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, 290 ipsec_counters_addr_high) << 32); 291 292 count = mlx5_fpga_ipsec_counters_count(mdev); 293 294 data = kzalloc(sizeof(*data) * count * 2, GFP_KERNEL); 295 if (!data) { 296 ret = -ENOMEM; 297 goto out; 298 } 299 300 ret = mlx5_fpga_mem_read(fdev, count * sizeof(u64), addr, data, 301 MLX5_FPGA_ACCESS_TYPE_DONTCARE); 302 if (ret < 0) { 303 mlx5_fpga_err(fdev, "Failed to read IPSec counters from HW: %d\n", 304 ret); 305 goto out; 306 } 307 ret = 0; 308 309 if (count > counters_count) 310 count = counters_count; 311 312 /* Each counter is low word, then high. But each word is big-endian */ 313 for (i = 0; i < count; i++) 314 counters[i] = (u64)ntohl(data[i * 2]) | 315 ((u64)ntohl(data[i * 2 + 1]) << 32); 316 317 out: 318 kfree(data); 319 return ret; 320 } 321 322 int mlx5_fpga_ipsec_init(struct mlx5_core_dev *mdev) 323 { 324 struct mlx5_fpga_conn_attr init_attr = {0}; 325 struct mlx5_fpga_device *fdev = mdev->fpga; 326 struct mlx5_fpga_conn *conn; 327 int err; 328 329 if (!mlx5_fpga_is_ipsec_device(mdev)) 330 return 0; 331 332 fdev->ipsec = kzalloc(sizeof(*fdev->ipsec), GFP_KERNEL); 333 if (!fdev->ipsec) 334 return -ENOMEM; 335 336 err = mlx5_fpga_get_sbu_caps(fdev, sizeof(fdev->ipsec->caps), 337 fdev->ipsec->caps); 338 if (err) { 339 mlx5_fpga_err(fdev, "Failed to retrieve IPSec extended capabilities: %d\n", 340 err); 341 goto error; 342 } 343 344 INIT_LIST_HEAD(&fdev->ipsec->pending_cmds); 345 spin_lock_init(&fdev->ipsec->pending_cmds_lock); 346 347 init_attr.rx_size = SBU_QP_QUEUE_SIZE; 348 init_attr.tx_size = SBU_QP_QUEUE_SIZE; 349 init_attr.recv_cb = mlx5_fpga_ipsec_recv; 350 init_attr.cb_arg = fdev; 351 conn = mlx5_fpga_sbu_conn_create(fdev, &init_attr); 352 if (IS_ERR(conn)) { 353 err = PTR_ERR(conn); 354 mlx5_fpga_err(fdev, "Error creating IPSec command connection %d\n", 355 err); 356 goto error; 357 } 358 fdev->ipsec->conn = conn; 359 return 0; 360 361 error: 362 kfree(fdev->ipsec); 363 fdev->ipsec = NULL; 364 return err; 365 } 366 367 void mlx5_fpga_ipsec_cleanup(struct mlx5_core_dev *mdev) 368 { 369 struct mlx5_fpga_device *fdev = mdev->fpga; 370 371 if (!mlx5_fpga_is_ipsec_device(mdev)) 372 return; 373 374 mlx5_fpga_sbu_conn_destroy(fdev->ipsec->conn); 375 kfree(fdev->ipsec); 376 fdev->ipsec = NULL; 377 } 378