1 /*
2 * Copyright (c) 2017 Mellanox Technologies. All rights reserved.
3 *
4 * This software is available to you under a choice of one of two
5 * licenses. You may choose to be licensed under the terms of the GNU
6 * General Public License (GPL) Version 2, available from the file
7 * COPYING in the main directory of this source tree, or the
8 * OpenIB.org BSD license below:
9 *
10 * Redistribution and use in source and binary forms, with or
11 * without modification, are permitted provided that the following
12 * conditions are met:
13 *
14 * - Redistributions of source code must retain the above
15 * copyright notice, this list of conditions and the following
16 * disclaimer.
17 *
18 * - Redistributions in binary form must reproduce the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer in the documentation and/or other materials
21 * provided with the distribution.
22 *
23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30 * SOFTWARE.
31 *
32 */
33
34 #include <linux/mlx5/driver.h>
35
36 #include "mlx5_core.h"
37 #include "fpga/ipsec.h"
38 #include "fpga/sdk.h"
39 #include "fpga/core.h"
40
41 #define SBU_QP_QUEUE_SIZE 8
42
43 enum mlx5_ipsec_response_syndrome {
44 MLX5_IPSEC_RESPONSE_SUCCESS = 0,
45 MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST = 1,
46 MLX5_IPSEC_RESPONSE_SADB_ISSUE = 2,
47 MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE = 3,
48 };
49
50 enum mlx5_fpga_ipsec_sacmd_status {
51 MLX5_FPGA_IPSEC_SACMD_PENDING,
52 MLX5_FPGA_IPSEC_SACMD_SEND_FAIL,
53 MLX5_FPGA_IPSEC_SACMD_COMPLETE,
54 };
55
56 struct mlx5_ipsec_command_context {
57 struct mlx5_fpga_dma_buf buf;
58 struct mlx5_accel_ipsec_sa sa;
59 enum mlx5_fpga_ipsec_sacmd_status status;
60 int status_code;
61 struct completion complete;
62 struct mlx5_fpga_device *dev;
63 struct list_head list; /* Item in pending_cmds */
64 };
65
66 struct mlx5_ipsec_sadb_resp {
67 __be32 syndrome;
68 __be32 sw_sa_handle;
69 u8 reserved[24];
70 } __packed;
71
72 struct mlx5_fpga_ipsec {
73 struct list_head pending_cmds;
74 spinlock_t pending_cmds_lock; /* Protects pending_cmds */
75 u32 caps[MLX5_ST_SZ_DW(ipsec_extended_cap)];
76 struct mlx5_fpga_conn *conn;
77 };
78
mlx5_fpga_is_ipsec_device(struct mlx5_core_dev * mdev)79 static bool mlx5_fpga_is_ipsec_device(struct mlx5_core_dev *mdev)
80 {
81 if (!mdev->fpga || !MLX5_CAP_GEN(mdev, fpga))
82 return false;
83
84 if (MLX5_CAP_FPGA(mdev, ieee_vendor_id) !=
85 MLX5_FPGA_CAP_SANDBOX_VENDOR_ID_MLNX)
86 return false;
87
88 if (MLX5_CAP_FPGA(mdev, sandbox_product_id) !=
89 MLX5_FPGA_CAP_SANDBOX_PRODUCT_ID_IPSEC)
90 return false;
91
92 return true;
93 }
94
mlx5_fpga_ipsec_send_complete(struct mlx5_fpga_conn * conn,struct mlx5_fpga_device * fdev,struct mlx5_fpga_dma_buf * buf,u8 status)95 static void mlx5_fpga_ipsec_send_complete(struct mlx5_fpga_conn *conn,
96 struct mlx5_fpga_device *fdev,
97 struct mlx5_fpga_dma_buf *buf,
98 u8 status)
99 {
100 struct mlx5_ipsec_command_context *context;
101
102 if (status) {
103 context = container_of(buf, struct mlx5_ipsec_command_context,
104 buf);
105 mlx5_fpga_warn(fdev, "IPSec command send failed with status %u\n",
106 status);
107 context->status = MLX5_FPGA_IPSEC_SACMD_SEND_FAIL;
108 complete(&context->complete);
109 }
110 }
111
syndrome_to_errno(enum mlx5_ipsec_response_syndrome syndrome)112 static inline int syndrome_to_errno(enum mlx5_ipsec_response_syndrome syndrome)
113 {
114 switch (syndrome) {
115 case MLX5_IPSEC_RESPONSE_SUCCESS:
116 return 0;
117 case MLX5_IPSEC_RESPONSE_SADB_ISSUE:
118 return -EEXIST;
119 case MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST:
120 return -EINVAL;
121 case MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE:
122 return -EIO;
123 }
124 return -EIO;
125 }
126
mlx5_fpga_ipsec_recv(void * cb_arg,struct mlx5_fpga_dma_buf * buf)127 static void mlx5_fpga_ipsec_recv(void *cb_arg, struct mlx5_fpga_dma_buf *buf)
128 {
129 struct mlx5_ipsec_sadb_resp *resp = buf->sg[0].data;
130 struct mlx5_ipsec_command_context *context;
131 enum mlx5_ipsec_response_syndrome syndrome;
132 struct mlx5_fpga_device *fdev = cb_arg;
133 unsigned long flags;
134
135 if (buf->sg[0].size < sizeof(*resp)) {
136 mlx5_fpga_warn(fdev, "Short receive from FPGA IPSec: %u < %zu bytes\n",
137 buf->sg[0].size, sizeof(*resp));
138 return;
139 }
140
141 mlx5_fpga_dbg(fdev, "mlx5_ipsec recv_cb syndrome %08x sa_id %x\n",
142 ntohl(resp->syndrome), ntohl(resp->sw_sa_handle));
143
144 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
145 context = list_first_entry_or_null(&fdev->ipsec->pending_cmds,
146 struct mlx5_ipsec_command_context,
147 list);
148 if (context)
149 list_del(&context->list);
150 spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
151
152 if (!context) {
153 mlx5_fpga_warn(fdev, "Received IPSec offload response without pending command request\n");
154 return;
155 }
156 mlx5_fpga_dbg(fdev, "Handling response for %p\n", context);
157
158 if (context->sa.sw_sa_handle != resp->sw_sa_handle) {
159 mlx5_fpga_err(fdev, "mismatch SA handle. cmd 0x%08x vs resp 0x%08x\n",
160 ntohl(context->sa.sw_sa_handle),
161 ntohl(resp->sw_sa_handle));
162 return;
163 }
164
165 syndrome = ntohl(resp->syndrome);
166 context->status_code = syndrome_to_errno(syndrome);
167 context->status = MLX5_FPGA_IPSEC_SACMD_COMPLETE;
168
169 if (context->status_code)
170 mlx5_fpga_warn(fdev, "IPSec SADB command failed with syndrome %08x\n",
171 syndrome);
172 complete(&context->complete);
173 }
174
mlx5_fpga_ipsec_sa_cmd_exec(struct mlx5_core_dev * mdev,struct mlx5_accel_ipsec_sa * cmd)175 void *mlx5_fpga_ipsec_sa_cmd_exec(struct mlx5_core_dev *mdev,
176 struct mlx5_accel_ipsec_sa *cmd)
177 {
178 struct mlx5_ipsec_command_context *context;
179 struct mlx5_fpga_device *fdev = mdev->fpga;
180 unsigned long flags;
181 int res = 0;
182
183 BUILD_BUG_ON((sizeof(struct mlx5_accel_ipsec_sa) & 3) != 0);
184 if (!fdev || !fdev->ipsec)
185 return ERR_PTR(-EOPNOTSUPP);
186
187 context = kzalloc(sizeof(*context), GFP_ATOMIC);
188 if (!context)
189 return ERR_PTR(-ENOMEM);
190
191 memcpy(&context->sa, cmd, sizeof(*cmd));
192 context->buf.complete = mlx5_fpga_ipsec_send_complete;
193 context->buf.sg[0].size = sizeof(context->sa);
194 context->buf.sg[0].data = &context->sa;
195 init_completion(&context->complete);
196 context->dev = fdev;
197 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
198 list_add_tail(&context->list, &fdev->ipsec->pending_cmds);
199 spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
200
201 context->status = MLX5_FPGA_IPSEC_SACMD_PENDING;
202
203 res = mlx5_fpga_sbu_conn_sendmsg(fdev->ipsec->conn, &context->buf);
204 if (res) {
205 mlx5_fpga_warn(fdev, "Failure sending IPSec command: %d\n",
206 res);
207 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
208 list_del(&context->list);
209 spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
210 kfree(context);
211 return ERR_PTR(res);
212 }
213 /* Context will be freed by wait func after completion */
214 return context;
215 }
216
mlx5_fpga_ipsec_sa_cmd_wait(void * ctx)217 int mlx5_fpga_ipsec_sa_cmd_wait(void *ctx)
218 {
219 struct mlx5_ipsec_command_context *context = ctx;
220 int res;
221
222 res = wait_for_completion_killable(&context->complete);
223 if (res) {
224 mlx5_fpga_warn(context->dev, "Failure waiting for IPSec command response\n");
225 return -EINTR;
226 }
227
228 if (context->status == MLX5_FPGA_IPSEC_SACMD_COMPLETE)
229 res = context->status_code;
230 else
231 res = -EIO;
232
233 kfree(context);
234 return res;
235 }
236
mlx5_fpga_ipsec_device_caps(struct mlx5_core_dev * mdev)237 u32 mlx5_fpga_ipsec_device_caps(struct mlx5_core_dev *mdev)
238 {
239 struct mlx5_fpga_device *fdev = mdev->fpga;
240 u32 ret = 0;
241
242 if (mlx5_fpga_is_ipsec_device(mdev))
243 ret |= MLX5_ACCEL_IPSEC_DEVICE;
244 else
245 return ret;
246
247 if (!fdev->ipsec)
248 return ret;
249
250 if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, esp))
251 ret |= MLX5_ACCEL_IPSEC_ESP;
252
253 if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, ipv6))
254 ret |= MLX5_ACCEL_IPSEC_IPV6;
255
256 if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, lso))
257 ret |= MLX5_ACCEL_IPSEC_LSO;
258
259 return ret;
260 }
261
mlx5_fpga_ipsec_counters_count(struct mlx5_core_dev * mdev)262 unsigned int mlx5_fpga_ipsec_counters_count(struct mlx5_core_dev *mdev)
263 {
264 struct mlx5_fpga_device *fdev = mdev->fpga;
265
266 if (!fdev || !fdev->ipsec)
267 return 0;
268
269 return MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
270 number_of_ipsec_counters);
271 }
272
mlx5_fpga_ipsec_counters_read(struct mlx5_core_dev * mdev,u64 * counters,unsigned int counters_count)273 int mlx5_fpga_ipsec_counters_read(struct mlx5_core_dev *mdev, u64 *counters,
274 unsigned int counters_count)
275 {
276 struct mlx5_fpga_device *fdev = mdev->fpga;
277 unsigned int i;
278 __be32 *data;
279 u32 count;
280 u64 addr;
281 int ret;
282
283 if (!fdev || !fdev->ipsec)
284 return 0;
285
286 addr = (u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
287 ipsec_counters_addr_low) +
288 ((u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
289 ipsec_counters_addr_high) << 32);
290
291 count = mlx5_fpga_ipsec_counters_count(mdev);
292
293 data = kzalloc(sizeof(*data) * count * 2, GFP_KERNEL);
294 if (!data) {
295 ret = -ENOMEM;
296 goto out;
297 }
298
299 ret = mlx5_fpga_mem_read(fdev, count * sizeof(u64), addr, data,
300 MLX5_FPGA_ACCESS_TYPE_DONTCARE);
301 if (ret < 0) {
302 mlx5_fpga_err(fdev, "Failed to read IPSec counters from HW: %d\n",
303 ret);
304 goto out;
305 }
306 ret = 0;
307
308 if (count > counters_count)
309 count = counters_count;
310
311 /* Each counter is low word, then high. But each word is big-endian */
312 for (i = 0; i < count; i++)
313 counters[i] = (u64)ntohl(data[i * 2]) |
314 ((u64)ntohl(data[i * 2 + 1]) << 32);
315
316 out:
317 kfree(data);
318 return ret;
319 }
320
mlx5_fpga_ipsec_init(struct mlx5_core_dev * mdev)321 int mlx5_fpga_ipsec_init(struct mlx5_core_dev *mdev)
322 {
323 struct mlx5_fpga_conn_attr init_attr = {0};
324 struct mlx5_fpga_device *fdev = mdev->fpga;
325 struct mlx5_fpga_conn *conn;
326 int err;
327
328 if (!mlx5_fpga_is_ipsec_device(mdev))
329 return 0;
330
331 fdev->ipsec = kzalloc(sizeof(*fdev->ipsec), GFP_KERNEL);
332 if (!fdev->ipsec)
333 return -ENOMEM;
334
335 err = mlx5_fpga_get_sbu_caps(fdev, sizeof(fdev->ipsec->caps),
336 fdev->ipsec->caps);
337 if (err) {
338 mlx5_fpga_err(fdev, "Failed to retrieve IPSec extended capabilities: %d\n",
339 err);
340 goto error;
341 }
342
343 INIT_LIST_HEAD(&fdev->ipsec->pending_cmds);
344 spin_lock_init(&fdev->ipsec->pending_cmds_lock);
345
346 init_attr.rx_size = SBU_QP_QUEUE_SIZE;
347 init_attr.tx_size = SBU_QP_QUEUE_SIZE;
348 init_attr.recv_cb = mlx5_fpga_ipsec_recv;
349 init_attr.cb_arg = fdev;
350 conn = mlx5_fpga_sbu_conn_create(fdev, &init_attr);
351 if (IS_ERR(conn)) {
352 err = PTR_ERR(conn);
353 mlx5_fpga_err(fdev, "Error creating IPSec command connection %d\n",
354 err);
355 goto error;
356 }
357 fdev->ipsec->conn = conn;
358 return 0;
359
360 error:
361 kfree(fdev->ipsec);
362 fdev->ipsec = NULL;
363 return err;
364 }
365
mlx5_fpga_ipsec_cleanup(struct mlx5_core_dev * mdev)366 void mlx5_fpga_ipsec_cleanup(struct mlx5_core_dev *mdev)
367 {
368 struct mlx5_fpga_device *fdev = mdev->fpga;
369
370 if (!mlx5_fpga_is_ipsec_device(mdev))
371 return;
372
373 mlx5_fpga_sbu_conn_destroy(fdev->ipsec->conn);
374 kfree(fdev->ipsec);
375 fdev->ipsec = NULL;
376 }
377