net/mlx5e: Handle ESN update events

author Leon Romanovsky <leonro@nvidia.com>

Fri, 2 Dec 2022 20:14:56 +0000 (22:14 +0200)

committer Steffen Klassert <steffen.klassert@secunet.com>

Thu, 8 Dec 2022 09:36:09 +0000 (10:36 +0100)
author Leon Romanovsky <leonro@nvidia.com>
Fri, 2 Dec 2022 20:14:56 +0000 (22:14 +0200)
committer Steffen Klassert <steffen.klassert@secunet.com>
Thu, 8 Dec 2022 09:36:09 +0000 (10:36 +0100)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

index 4f176bd8395a76b47896221205f629cc923f097b..f5f930ea3f0f53108d97e5b77a35deb18418777d 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -108,9 +108,8 @@ static void mlx5e_ipsec_init_limits(struct mlx5e_ipsec_sa_entry *sa_entry,
                 x->lft.hard_packet_limit - x->lft.soft_packet_limit;
  }
  
-static void
-mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
-                                  struct mlx5_accel_esp_xfrm_attrs *attrs)
+void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
+                                       struct mlx5_accel_esp_xfrm_attrs *attrs)
  {
         struct xfrm_state *x = sa_entry->x;
         struct aes_gcm_keymat *aes_gcm = &attrs->aes_gcm;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h

index e7f21e449268e60282a3a4a94e0e5fe258d4e9e2..a92e19c4c499d405aee95ad39d4853aa374b83bd 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
@@ -230,6 +230,8 @@ void mlx5e_ipsec_aso_update_curlft(struct mlx5e_ipsec_sa_entry *sa_entry,
  void mlx5e_accel_ipsec_fs_read_stats(struct mlx5e_priv *priv,
                                      void *ipsec_stats);
  
+void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
+                                       struct mlx5_accel_esp_xfrm_attrs *attrs);
  static inline struct mlx5_core_dev *
  mlx5e_ipsec_sa2dev(struct mlx5e_ipsec_sa_entry *sa_entry)
  {
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c

index 1b5014ffa2574e20f569fca073a65b070cd51e45..8e3614218fc4fabc7bac9c60a0874c4234f12581 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
@@ -6,6 +6,10 @@
  #include "ipsec.h"
  #include "lib/mlx5.h"
  
+enum {
+       MLX5_IPSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET,
+};
+
  u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev)
  {
         u32 caps = 0;
@@ -260,6 +264,39 @@ void mlx5_accel_esp_modify_xfrm(struct mlx5e_ipsec_sa_entry *sa_entry,
         memcpy(&sa_entry->attrs, attrs, sizeof(sa_entry->attrs));
  }
  
+static void
+mlx5e_ipsec_aso_update_esn(struct mlx5e_ipsec_sa_entry *sa_entry,
+                          const struct mlx5_accel_esp_xfrm_attrs *attrs)
+{
+       struct mlx5_wqe_aso_ctrl_seg data = {};
+
+       data.data_mask_mode = MLX5_ASO_DATA_MASK_MODE_BITWISE_64BIT << 6;
+       data.condition_1_0_operand = MLX5_ASO_ALWAYS_TRUE | MLX5_ASO_ALWAYS_TRUE
+                                                                   << 4;
+       data.data_offset_condition_operand = MLX5_IPSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET;
+       data.bitwise_data = cpu_to_be64(BIT_ULL(54));
+       data.data_mask = data.bitwise_data;
+
+       mlx5e_ipsec_aso_query(sa_entry, &data);
+}
+
+static void mlx5e_ipsec_update_esn_state(struct mlx5e_ipsec_sa_entry *sa_entry,
+                                        u32 mode_param)
+{
+       struct mlx5_accel_esp_xfrm_attrs attrs = {};
+
+       if (mode_param < MLX5E_IPSEC_ESN_SCOPE_MID) {
+               sa_entry->esn_state.esn++;
+               sa_entry->esn_state.overlap = 0;
+       } else {
+               sa_entry->esn_state.overlap = 1;
+       }
+
+       mlx5e_ipsec_build_accel_xfrm_attrs(sa_entry, &attrs);
+       mlx5_accel_esp_modify_xfrm(sa_entry, &attrs);
+       mlx5e_ipsec_aso_update_esn(sa_entry, &attrs);
+}
+
  static void mlx5e_ipsec_handle_event(struct work_struct *_work)
  {
         struct mlx5e_ipsec_work *work =
@@ -284,6 +321,13 @@ static void mlx5e_ipsec_handle_event(struct work_struct *_work)
                 goto unlock;
  
         aso->use_cache = true;
+       if (attrs->esn_trigger &&
+           !MLX5_GET(ipsec_aso, aso->ctx, esn_event_arm)) {
+               u32 mode_param = MLX5_GET(ipsec_aso, aso->ctx, mode_parameter);
+
+               mlx5e_ipsec_update_esn_state(sa_entry, mode_param);
+       }
+
         if (attrs->soft_packet_limit != XFRM_INF)
                 if (!MLX5_GET(ipsec_aso, aso->ctx, soft_lft_arm) ||
                     !MLX5_GET(ipsec_aso, aso->ctx, hard_lft_arm) ||
author	Leon Romanovsky <leonro@nvidia.com>
	Fri, 2 Dec 2022 20:14:56 +0000 (22:14 +0200)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Thu, 8 Dec 2022 09:36:09 +0000 (10:36 +0100)
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c		patch \| blob \| history
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h		patch \| blob \| history
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c		patch \| blob \| history