xref: /freebsd/sys/dev/mlx5/mlx5_fpga/mlx5fpga_ipsec.c (revision ebacd8013fe5f7fdf9f6a5b286f6680dd2891036)
1 /*-
2  * Copyright (c) 2017 Mellanox Technologies. All rights reserved.
3  *
4  * This software is available to you under a choice of one of two
5  * licenses.  You may choose to be licensed under the terms of the GNU
6  * General Public License (GPL) Version 2, available from the file
7  * COPYING in the main directory of this source tree, or the
8  * OpenIB.org BSD license below:
9  *
10  *     Redistribution and use in source and binary forms, with or
11  *     without modification, are permitted provided that the following
12  *     conditions are met:
13  *
14  *      - Redistributions of source code must retain the above
15  *        copyright notice, this list of conditions and the following
16  *        disclaimer.
17  *
18  *      - Redistributions in binary form must reproduce the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer in the documentation and/or other materials
21  *        provided with the distribution.
22  *
23  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30  * SOFTWARE.
31  *
32  * $FreeBSD$
33  */
34 
35 #include <dev/mlx5/driver.h>
36 
37 #include <dev/mlx5/mlx5_core/mlx5_core.h>
38 #include <dev/mlx5/mlx5_fpga/ipsec.h>
39 #include <dev/mlx5/mlx5_fpga/sdk.h>
40 #include <dev/mlx5/mlx5_fpga/core.h>
41 
42 #define SBU_QP_QUEUE_SIZE 8
43 
44 enum mlx5_ipsec_response_syndrome {
45 	MLX5_IPSEC_RESPONSE_SUCCESS = 0,
46 	MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST = 1,
47 	MLX5_IPSEC_RESPONSE_SADB_ISSUE = 2,
48 	MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE = 3,
49 };
50 
51 enum mlx5_fpga_ipsec_sacmd_status {
52 	MLX5_FPGA_IPSEC_SACMD_PENDING,
53 	MLX5_FPGA_IPSEC_SACMD_SEND_FAIL,
54 	MLX5_FPGA_IPSEC_SACMD_COMPLETE,
55 };
56 
57 struct mlx5_ipsec_command_context {
58 	struct mlx5_fpga_dma_buf buf;
59 	struct mlx5_accel_ipsec_sa sa;
60 	enum mlx5_fpga_ipsec_sacmd_status status;
61 	int status_code;
62 	struct completion complete;
63 	struct mlx5_fpga_device *dev;
64 	struct list_head list; /* Item in pending_cmds */
65 };
66 
67 struct mlx5_ipsec_sadb_resp {
68 	__be32 syndrome;
69 	__be32 sw_sa_handle;
70 	u8 reserved[24];
71 } __packed;
72 
73 struct mlx5_fpga_ipsec {
74 	struct list_head pending_cmds;
75 	spinlock_t pending_cmds_lock; /* Protects pending_cmds */
76 	u32 caps[MLX5_ST_SZ_DW(ipsec_extended_cap)];
77 	struct mlx5_fpga_conn *conn;
78 };
79 
80 static bool mlx5_fpga_is_ipsec_device(struct mlx5_core_dev *mdev)
81 {
82 	if (!mdev->fpga || !MLX5_CAP_GEN(mdev, fpga))
83 		return false;
84 
85 	if (MLX5_CAP_FPGA(mdev, ieee_vendor_id) !=
86 	    MLX5_FPGA_CAP_SANDBOX_VENDOR_ID_MLNX)
87 		return false;
88 
89 	if (MLX5_CAP_FPGA(mdev, sandbox_product_id) !=
90 	    MLX5_FPGA_CAP_SANDBOX_PRODUCT_ID_IPSEC)
91 		return false;
92 
93 	return true;
94 }
95 
96 static void mlx5_fpga_ipsec_send_complete(struct mlx5_fpga_conn *conn,
97 					  struct mlx5_fpga_device *fdev,
98 					  struct mlx5_fpga_dma_buf *buf,
99 					  u8 status)
100 {
101 	struct mlx5_ipsec_command_context *context;
102 
103 	if (status) {
104 		context = container_of(buf, struct mlx5_ipsec_command_context,
105 				       buf);
106 		mlx5_fpga_warn(fdev, "IPSec command send failed with status %u\n",
107 			       status);
108 		context->status = MLX5_FPGA_IPSEC_SACMD_SEND_FAIL;
109 		complete(&context->complete);
110 	}
111 }
112 
113 static inline int syndrome_to_errno(enum mlx5_ipsec_response_syndrome syndrome)
114 {
115 	switch (syndrome) {
116 	case MLX5_IPSEC_RESPONSE_SUCCESS:
117 		return 0;
118 	case MLX5_IPSEC_RESPONSE_SADB_ISSUE:
119 		return -EEXIST;
120 	case MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST:
121 		return -EINVAL;
122 	case MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE:
123 		return -EIO;
124 	}
125 	return -EIO;
126 }
127 
128 static void mlx5_fpga_ipsec_recv(void *cb_arg, struct mlx5_fpga_dma_buf *buf)
129 {
130 	struct mlx5_ipsec_sadb_resp *resp = buf->sg[0].data;
131 	struct mlx5_ipsec_command_context *context;
132 	enum mlx5_ipsec_response_syndrome syndrome;
133 	struct mlx5_fpga_device *fdev = cb_arg;
134 	unsigned long flags;
135 
136 	if (buf->sg[0].size < sizeof(*resp)) {
137 		mlx5_fpga_warn(fdev, "Short receive from FPGA IPSec: %u < %zu bytes\n",
138 			       buf->sg[0].size, sizeof(*resp));
139 		return;
140 	}
141 
142 	mlx5_fpga_dbg(fdev, "mlx5_ipsec recv_cb syndrome %08x sa_id %x\n",
143 		      ntohl(resp->syndrome), ntohl(resp->sw_sa_handle));
144 
145 	spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
146 	context = list_first_entry_or_null(&fdev->ipsec->pending_cmds,
147 					   struct mlx5_ipsec_command_context,
148 					   list);
149 	if (context)
150 		list_del(&context->list);
151 	spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
152 
153 	if (!context) {
154 		mlx5_fpga_warn(fdev, "Received IPSec offload response without pending command request\n");
155 		return;
156 	}
157 	mlx5_fpga_dbg(fdev, "Handling response for %p\n", context);
158 
159 	if (context->sa.sw_sa_handle != resp->sw_sa_handle) {
160 		mlx5_fpga_err(fdev, "mismatch SA handle. cmd 0x%08x vs resp 0x%08x\n",
161 			      ntohl(context->sa.sw_sa_handle),
162 			      ntohl(resp->sw_sa_handle));
163 		return;
164 	}
165 
166 	syndrome = ntohl(resp->syndrome);
167 	context->status_code = syndrome_to_errno(syndrome);
168 	context->status = MLX5_FPGA_IPSEC_SACMD_COMPLETE;
169 
170 	if (context->status_code)
171 		mlx5_fpga_warn(fdev, "IPSec SADB command failed with syndrome %08x\n",
172 			       syndrome);
173 	complete(&context->complete);
174 }
175 
176 void *mlx5_fpga_ipsec_sa_cmd_exec(struct mlx5_core_dev *mdev,
177 				  struct mlx5_accel_ipsec_sa *cmd)
178 {
179 	struct mlx5_ipsec_command_context *context;
180 	struct mlx5_fpga_device *fdev = mdev->fpga;
181 	unsigned long flags;
182 	int res = 0;
183 
184 	BUILD_BUG_ON((sizeof(struct mlx5_accel_ipsec_sa) & 3) != 0);
185 	if (!fdev || !fdev->ipsec)
186 		return ERR_PTR(-EOPNOTSUPP);
187 
188 	context = kzalloc(sizeof(*context), GFP_ATOMIC);
189 	if (!context)
190 		return ERR_PTR(-ENOMEM);
191 
192 	memcpy(&context->sa, cmd, sizeof(*cmd));
193 	context->buf.complete = mlx5_fpga_ipsec_send_complete;
194 	context->buf.sg[0].size = sizeof(context->sa);
195 	context->buf.sg[0].data = &context->sa;
196 	init_completion(&context->complete);
197 	context->dev = fdev;
198 	spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
199 	list_add_tail(&context->list, &fdev->ipsec->pending_cmds);
200 	spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
201 
202 	context->status = MLX5_FPGA_IPSEC_SACMD_PENDING;
203 
204 	res = mlx5_fpga_sbu_conn_sendmsg(fdev->ipsec->conn, &context->buf);
205 	if (res) {
206 		mlx5_fpga_warn(fdev, "Failure sending IPSec command: %d\n",
207 			       res);
208 		spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
209 		list_del(&context->list);
210 		spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
211 		kfree(context);
212 		return ERR_PTR(res);
213 	}
214 	/* Context will be freed by wait func after completion */
215 	return context;
216 }
217 
218 int mlx5_fpga_ipsec_sa_cmd_wait(void *ctx)
219 {
220 	struct mlx5_ipsec_command_context *context = ctx;
221 	int res;
222 
223 	res = wait_for_completion/*_killable XXXKIB*/(&context->complete);
224 	if (res) {
225 		mlx5_fpga_warn(context->dev, "Failure waiting for IPSec command response\n");
226 		return -EINTR;
227 	}
228 
229 	if (context->status == MLX5_FPGA_IPSEC_SACMD_COMPLETE)
230 		res = context->status_code;
231 	else
232 		res = -EIO;
233 
234 	kfree(context);
235 	return res;
236 }
237 
238 u32 mlx5_fpga_ipsec_device_caps(struct mlx5_core_dev *mdev)
239 {
240 	struct mlx5_fpga_device *fdev = mdev->fpga;
241 	u32 ret = 0;
242 
243 	if (mlx5_fpga_is_ipsec_device(mdev))
244 		ret |= MLX5_ACCEL_IPSEC_DEVICE;
245 	else
246 		return ret;
247 
248 	if (!fdev->ipsec)
249 		return ret;
250 
251 	if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, esp))
252 		ret |= MLX5_ACCEL_IPSEC_ESP;
253 
254 	if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, ipv6))
255 		ret |= MLX5_ACCEL_IPSEC_IPV6;
256 
257 	if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, lso))
258 		ret |= MLX5_ACCEL_IPSEC_LSO;
259 
260 	return ret;
261 }
262 
263 unsigned int mlx5_fpga_ipsec_counters_count(struct mlx5_core_dev *mdev)
264 {
265 	struct mlx5_fpga_device *fdev = mdev->fpga;
266 
267 	if (!fdev || !fdev->ipsec)
268 		return 0;
269 
270 	return MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
271 			number_of_ipsec_counters);
272 }
273 
274 int mlx5_fpga_ipsec_counters_read(struct mlx5_core_dev *mdev, u64 *counters,
275 				  unsigned int counters_count)
276 {
277 	struct mlx5_fpga_device *fdev = mdev->fpga;
278 	unsigned int i;
279 	__be32 *data;
280 	u32 count;
281 	u64 addr;
282 	int ret;
283 
284 	if (!fdev || !fdev->ipsec)
285 		return 0;
286 
287 	addr = (u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
288 			     ipsec_counters_addr_low) +
289 	       ((u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
290 			     ipsec_counters_addr_high) << 32);
291 
292 	count = mlx5_fpga_ipsec_counters_count(mdev);
293 
294 	data = kzalloc(sizeof(*data) * count * 2, GFP_KERNEL);
295 	if (!data) {
296 		ret = -ENOMEM;
297 		goto out;
298 	}
299 
300 	ret = mlx5_fpga_mem_read(fdev, count * sizeof(u64), addr, data,
301 				 MLX5_FPGA_ACCESS_TYPE_DONTCARE);
302 	if (ret < 0) {
303 		mlx5_fpga_err(fdev, "Failed to read IPSec counters from HW: %d\n",
304 			      ret);
305 		goto out;
306 	}
307 	ret = 0;
308 
309 	if (count > counters_count)
310 		count = counters_count;
311 
312 	/* Each counter is low word, then high. But each word is big-endian */
313 	for (i = 0; i < count; i++)
314 		counters[i] = (u64)ntohl(data[i * 2]) |
315 			      ((u64)ntohl(data[i * 2 + 1]) << 32);
316 
317 out:
318 	kfree(data);
319 	return ret;
320 }
321 
322 int mlx5_fpga_ipsec_init(struct mlx5_core_dev *mdev)
323 {
324 	struct mlx5_fpga_conn_attr init_attr = {0};
325 	struct mlx5_fpga_device *fdev = mdev->fpga;
326 	struct mlx5_fpga_conn *conn;
327 	int err;
328 
329 	if (!mlx5_fpga_is_ipsec_device(mdev))
330 		return 0;
331 
332 	fdev->ipsec = kzalloc(sizeof(*fdev->ipsec), GFP_KERNEL);
333 	if (!fdev->ipsec)
334 		return -ENOMEM;
335 
336 	err = mlx5_fpga_get_sbu_caps(fdev, sizeof(fdev->ipsec->caps),
337 				     fdev->ipsec->caps);
338 	if (err) {
339 		mlx5_fpga_err(fdev, "Failed to retrieve IPSec extended capabilities: %d\n",
340 			      err);
341 		goto error;
342 	}
343 
344 	INIT_LIST_HEAD(&fdev->ipsec->pending_cmds);
345 	spin_lock_init(&fdev->ipsec->pending_cmds_lock);
346 
347 	init_attr.rx_size = SBU_QP_QUEUE_SIZE;
348 	init_attr.tx_size = SBU_QP_QUEUE_SIZE;
349 	init_attr.recv_cb = mlx5_fpga_ipsec_recv;
350 	init_attr.cb_arg = fdev;
351 	conn = mlx5_fpga_sbu_conn_create(fdev, &init_attr);
352 	if (IS_ERR(conn)) {
353 		err = PTR_ERR(conn);
354 		mlx5_fpga_err(fdev, "Error creating IPSec command connection %d\n",
355 			      err);
356 		goto error;
357 	}
358 	fdev->ipsec->conn = conn;
359 	return 0;
360 
361 error:
362 	kfree(fdev->ipsec);
363 	fdev->ipsec = NULL;
364 	return err;
365 }
366 
367 void mlx5_fpga_ipsec_cleanup(struct mlx5_core_dev *mdev)
368 {
369 	struct mlx5_fpga_device *fdev = mdev->fpga;
370 
371 	if (!mlx5_fpga_is_ipsec_device(mdev))
372 		return;
373 
374 	mlx5_fpga_sbu_conn_destroy(fdev->ipsec->conn);
375 	kfree(fdev->ipsec);
376 	fdev->ipsec = NULL;
377 }
378