1 /*-
2 * Copyright (c) 2021-2022 NVIDIA corporation & affiliates.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23 * SUCH DAMAGE.
24 */
25
26 #ifndef _MLX5_TLS_RX_H_
27 #define _MLX5_TLS_RX_H_
28
29 #include <linux/completion.h>
30
31 #define MLX5E_TLS_RX_PROGRESS_BUFFER_SIZE 128
32
33 #define MLX5E_TLS_RX_RESYNC_MAX 32 /* units */
34 #define MLX5E_TLS_RX_NUM_MAX (1U << 11) /* packets */
35
36 #define MLX5E_TLS_RX_TAG_LOCK(tag) mtx_lock(&(tag)->mtx)
37 #define MLX5E_TLS_RX_TAG_UNLOCK(tag) mtx_unlock(&(tag)->mtx)
38
39 #define MLX5E_TLS_RX_STAT_INC(tag, field, num) \
40 counter_u64_add((tag)->tls_rx->stats.field, num)
41
42 #if ((MLX5E_TLS_RX_RESYNC_MAX * MLX5E_TLS_RX_NUM_MAX) << 14) > (1U << 30)
43 #error "Please lower the limits of the TLS record length database."
44 #endif
45
46 enum {
47 MLX5E_TLS_RX_PROGRESS_PARAMS_AUTH_STATE_NO_OFFLOAD = 0,
48 MLX5E_TLS_RX_PROGRESS_PARAMS_AUTH_STATE_OFFLOAD = 1,
49 MLX5E_TLS_RX_PROGRESS_PARAMS_AUTH_STATE_AUTHENTICATION = 2,
50 };
51
52 enum {
53 MLX5E_TLS_RX_PROGRESS_PARAMS_RECORD_TRACKER_STATE_START = 0,
54 MLX5E_TLS_RX_PROGRESS_PARAMS_RECORD_TRACKER_STATE_TRACKING = 1,
55 MLX5E_TLS_RX_PROGRESS_PARAMS_RECORD_TRACKER_STATE_SEARCHING = 2,
56 };
57
58 struct mlx5e_tls_rx;
59 struct mlx5e_tls_rx_tag {
60 struct m_snd_tag tag;
61 uint32_t tirn; /* HW TIR context number */
62 uint32_t dek_index; /* HW TLS context number */
63 struct mlx5e_tls_rx *tls_rx; /* parent pointer */
64 struct mlx5_flow_rule *flow_rule;
65 struct mtx mtx;
66 struct completion progress_complete;
67 uint32_t state; /* see MLX5E_TLS_RX_ST_XXX */
68 #define MLX5E_TLS_RX_ST_INIT 0
69 #define MLX5E_TLS_RX_ST_SETUP 1
70 #define MLX5E_TLS_RX_ST_READY 2
71 #define MLX5E_TLS_RX_ST_RELEASE 3
72 #define MLX5E_TLS_RX_ST_FREED 4
73
74 /*
75 * The following fields are used to store the TCP starting
76 * point of TLS records in the past. When TLS records of same
77 * length are back to back the tcp_resync_num[] is incremented
78 * instead of creating new entries. This way up to
79 * "MLX5E_TLS_RX_RESYNC_MAX" * "MLX5E_TLS_RX_NUM_MAX" * 16
80 * KBytes, around 1GByte worth of TCP data, may be remembered
81 * in the good case. The amount of history should not exceed
82 * 2GBytes of TCP data, because then the TCP sequence numbers
83 * may wrap around.
84 *
85 * This information is used to tell if a given TCP sequence
86 * number is a valid TLS record or not.
87 */
88 uint64_t rcd_resync_start; /* starting TLS record number */
89 uint32_t tcp_resync_start; /* starting TCP sequence number */
90 uint32_t tcp_resync_next; /* next expected TCP sequence number */
91 uint32_t tcp_resync_len[MLX5E_TLS_RX_RESYNC_MAX];
92 uint32_t tcp_resync_num[MLX5E_TLS_RX_RESYNC_MAX];
93 uint16_t tcp_resync_pc; /* producer counter for arrays above */
94 uint16_t tcp_resync_cc; /* consumer counter for arrays above */
95
96 struct work_struct work;
97
98 uint32_t flowid;
99 uint32_t flowtype;
100 uint32_t dek_index_ok:1;
101 uint32_t tcp_resync_active:1;
102 uint32_t tcp_resync_pending:1;
103
104 /* parameters needed */
105 uint8_t crypto_params[128] __aligned(4);
106 uint8_t rx_progress[MLX5E_TLS_RX_PROGRESS_BUFFER_SIZE * 2];
107 } __aligned(MLX5E_CACHELINE_SIZE);
108
109 static inline void *
mlx5e_tls_rx_get_progress_buffer(struct mlx5e_tls_rx_tag * ptag)110 mlx5e_tls_rx_get_progress_buffer(struct mlx5e_tls_rx_tag *ptag)
111 {
112 /* return properly aligned RX buffer */
113 return (ptag->rx_progress +
114 ((-(uintptr_t)ptag->rx_progress) &
115 (MLX5E_TLS_RX_PROGRESS_BUFFER_SIZE - 1)));
116 }
117
118 #define MLX5E_TLS_RX_STATS(m) \
119 m(+1, u64, rx_resync_ok, "rx_resync_ok", "Successful resync requests")\
120 m(+1, u64, rx_resync_err, "rx_resync_err", "Failed resync requests")\
121 m(+1, u64, rx_error, "rx_error", "Other errors")
122
123 #define MLX5E_TLS_RX_STATS_NUM (0 MLX5E_TLS_RX_STATS(MLX5E_STATS_COUNT))
124
125 struct mlx5e_tls_rx_stats {
126 struct sysctl_ctx_list ctx;
127 counter_u64_t arg[0];
128 MLX5E_TLS_RX_STATS(MLX5E_STATS_COUNTER)
129 };
130
131 struct mlx5e_tls_rx {
132 struct sysctl_ctx_list ctx;
133 struct mlx5e_tls_rx_stats stats;
134 struct workqueue_struct *wq;
135 uma_zone_t zone;
136 uint32_t max_resources; /* max number of resources */
137 volatile uint32_t num_resources; /* current number of resources */
138 int init; /* set when ready */
139 char zname[32];
140 };
141
142 int mlx5e_tls_rx_init(struct mlx5e_priv *);
143 void mlx5e_tls_rx_cleanup(struct mlx5e_priv *);
144
145 if_snd_tag_alloc_t mlx5e_tls_rx_snd_tag_alloc;
146
147 #endif /* _MLX5_TLS_RX_H_ */
148