1 /*-
2 * Copyright (c) 2019-2021, Mellanox Technologies, Ltd. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23 * SUCH DAMAGE.
24 */
25
26 #include "opt_rss.h"
27 #include "opt_ratelimit.h"
28
29 #include <linux/kernel.h>
30 #include <linux/module.h>
31 #include <dev/mlx5/driver.h>
32 #include <dev/mlx5/tls.h>
33 #include <dev/mlx5/mlx5_core/mlx5_core.h>
34 #include <dev/mlx5/mlx5_core/transobj.h>
35
mlx5_encryption_key_create(struct mlx5_core_dev * mdev,u32 pdn,const void * p_key,u32 key_len,u32 * p_obj_id)36 int mlx5_encryption_key_create(struct mlx5_core_dev *mdev, u32 pdn,
37 const void *p_key, u32 key_len, u32 *p_obj_id)
38 {
39 u32 in[MLX5_ST_SZ_DW(create_encryption_key_in)] = {};
40 u32 out[MLX5_ST_SZ_DW(create_encryption_key_out)] = {};
41 u64 general_obj_types;
42 int err;
43
44 general_obj_types = MLX5_CAP_GEN_64(mdev, general_obj_types);
45 if (!(general_obj_types & MLX5_HCA_CAP_GENERAL_OBJ_TYPES_ENCRYPTION_KEY))
46 return -EINVAL;
47
48 switch (key_len) {
49 case 128 / 8:
50 memcpy(MLX5_ADDR_OF(create_encryption_key_in, in,
51 encryption_key_object.key[4]), p_key, 128 / 8);
52 MLX5_SET(create_encryption_key_in, in, encryption_key_object.pd, pdn);
53 MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_size,
54 MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_128);
55 MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_type,
56 MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_DEK);
57 break;
58 case 256 / 8:
59 memcpy(MLX5_ADDR_OF(create_encryption_key_in, in,
60 encryption_key_object.key[0]), p_key, 256 / 8);
61 MLX5_SET(create_encryption_key_in, in, encryption_key_object.pd, pdn);
62 MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_size,
63 MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_256);
64 MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_type,
65 MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_DEK);
66 break;
67 default:
68 return -EINVAL;
69 }
70
71 MLX5_SET(create_encryption_key_in, in, opcode, MLX5_CMD_OP_CREATE_GENERAL_OBJ);
72 MLX5_SET(create_encryption_key_in, in, obj_type, MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY);
73
74 err = mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
75 if (err == 0)
76 *p_obj_id = MLX5_GET(create_encryption_key_out, out, obj_id);
77
78 /* avoid leaking key on the stack */
79 memset(in, 0, sizeof(in));
80
81 return err;
82 }
83
mlx5_encryption_key_destroy(struct mlx5_core_dev * mdev,u32 oid)84 int mlx5_encryption_key_destroy(struct mlx5_core_dev *mdev, u32 oid)
85 {
86 u32 in[MLX5_ST_SZ_DW(destroy_encryption_key_in)] = {};
87 u32 out[MLX5_ST_SZ_DW(destroy_encryption_key_out)] = {};
88
89 MLX5_SET(destroy_encryption_key_in, in, opcode, MLX5_CMD_OP_DESTROY_GENERAL_OBJ);
90 MLX5_SET(destroy_encryption_key_in, in, obj_type, MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY);
91 MLX5_SET(destroy_encryption_key_in, in, obj_id, oid);
92
93 return mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
94 }
95
mlx5_tls_open_tis(struct mlx5_core_dev * mdev,int tc,int tdn,int pdn,u32 * p_tisn)96 int mlx5_tls_open_tis(struct mlx5_core_dev *mdev, int tc, int tdn, int pdn, u32 *p_tisn)
97 {
98 u32 in[MLX5_ST_SZ_DW(create_tis_in)] = {};
99 void *tisc = MLX5_ADDR_OF(create_tis_in, in, ctx);
100 int err;
101
102 MLX5_SET(tisc, tisc, prio, tc);
103 MLX5_SET(tisc, tisc, transport_domain, tdn);
104 MLX5_SET(tisc, tisc, tls_en, 1);
105 MLX5_SET(tisc, tisc, pd, pdn);
106
107 err = mlx5_core_create_tis(mdev, in, sizeof(in), p_tisn);
108 if (err)
109 return (err);
110 else if (*p_tisn == 0)
111 return (-EINVAL);
112 else
113 return (0); /* success */
114 }
115
mlx5_tls_close_tis(struct mlx5_core_dev * mdev,u32 tisn)116 void mlx5_tls_close_tis(struct mlx5_core_dev *mdev, u32 tisn)
117 {
118
119 mlx5_core_destroy_tis(mdev, tisn, 0);
120 }
121
mlx5_tls_open_tir(struct mlx5_core_dev * mdev,int tdn,int rqtn,u32 * p_tirn)122 int mlx5_tls_open_tir(struct mlx5_core_dev *mdev, int tdn, int rqtn, u32 *p_tirn)
123 {
124 u32 in[MLX5_ST_SZ_DW(create_tir_in)] = {};
125 void *tirc = MLX5_ADDR_OF(create_tir_in, in, tir_context);
126 int err;
127
128 MLX5_SET(tirc, tirc, transport_domain, tdn);
129 MLX5_SET(tirc, tirc, disp_type, MLX5_TIRC_DISP_TYPE_INDIRECT);
130 MLX5_SET(tirc, tirc, rx_hash_fn, MLX5_TIRC_RX_HASH_FN_HASH_INVERTED_XOR8);
131 MLX5_SET(tirc, tirc, indirect_table, rqtn);
132 MLX5_SET(tirc, tirc, tls_en, 1);
133 MLX5_SET(tirc, tirc, self_lb_en,
134 MLX5_TIRC_SELF_LB_EN_ENABLE_UNICAST |
135 MLX5_TIRC_SELF_LB_EN_ENABLE_MULTICAST);
136
137 err = mlx5_core_create_tir(mdev, in, sizeof(in), p_tirn);
138 if (err)
139 return (err);
140 else if (*p_tirn == 0)
141 return (-EINVAL);
142 else
143 return (0); /* success */
144 }
145
mlx5_tls_close_tir(struct mlx5_core_dev * mdev,u32 tirn)146 void mlx5_tls_close_tir(struct mlx5_core_dev *mdev, u32 tirn)
147 {
148 mlx5_core_destroy_tir(mdev, tirn, 0);
149 }
150