| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250502132005.611698-1-tanmay@marvell.com>
Date: Fri, 2 May 2025 18:49:41 +0530
From: Tanmay Jagdale <tanmay@...vell.com>
To: <bbrezillon@...nel.org>, <arno@...isbad.org>, <schalla@...vell.com>,
<herbert@...dor.apana.org.au>, <davem@...emloft.net>,
<sgoutham@...vell.com>, <lcherian@...vell.com>, <gakula@...vell.com>,
<jerinj@...vell.com>, <hkelam@...vell.com>, <sbhatta@...vell.com>,
<andrew+netdev@...n.ch>, <edumazet@...gle.com>, <kuba@...nel.org>,
<pabeni@...hat.com>, <bbhushan2@...vell.com>, <bhelgaas@...gle.com>,
<pstanner@...hat.com>, <gregkh@...uxfoundation.org>,
<peterz@...radead.org>, <linux@...blig.org>,
<krzysztof.kozlowski@...aro.org>, <giovanni.cabiddu@...el.com>
CC: <linux-crypto@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<netdev@...r.kernel.org>, <rkannoth@...vell.com>, <sumang@...vell.com>,
<gcherian@...vell.com>, Tanmay Jagdale <tanmay@...vell.com>
Subject: [net-next PATCH v1 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC
This patch series adds support for inbound inline IPsec flows for the
Marvell CN10K SoC.
The packet flow
---------------
An encrypted IPSec packet goes through two passes in the RVU hardware
before reaching the CPU.
First Pass:
The first pass involves identifying the packet as IPSec, assigning an RQ,
allocating a buffer from the Aura pool and then send it to CPT for decryption.
Second Pass:
After CPT decrypts the packet, it sends a metapacket to NIXRX via the X2P
bus. The metapacket contains CPT_PARSE_HDR_S structure and some initial
bytes of the decrypted packet which would help NIXRX in classification.
CPT also sets BIT(11) of channel number to further help in identifcation.
NIXRX allocates a new buffer for this packet and submits it to the CPU.
Once the decrypted metapacket packet is delivered to the CPU, get the WQE
pointer from CPT_PARSE_HDR_S in the packet buffer. This WQE points to the
complete decrypted packet. We create an skb using this, set the relevant
XFRM packet mode flags to indicate successful decryption, and submit it
to the network stack.
Patches are grouped as follows:
-------------------------------
1) CPT LF movement from crypto driver to RVU AF
0001-crypto-octeontx2-Share-engine-group-info-with-AF-dri.patch
0002-octeontx2-af-Configure-crypto-hardware-for-inline-ip.patch
0003-octeontx2-af-Setup-Large-Memory-Transaction-for-cryp.patch
0004-octeontx2-af-Handle-inbound-inline-ipsec-config-in-A.patch
0005-crypto-octeontx2-Remove-inbound-inline-ipsec-config.patch
2) RVU AF Mailbox changes for CPT 2nd pass RQ mask, SPI-to-SA table,
NIX-CPT BPID configuration
0006-octeontx2-af-Add-support-for-CPT-second-pass.patch
0007-octeontx2-af-Add-support-for-SPI-to-SA-index-transla.patch
0008-octeontx2-af-Add-mbox-to-alloc-free-BPIDs.patch
3) Inbound Inline IPsec support patches
0009-octeontx2-pf-ipsec-Allocate-Ingress-SA-table.patch
0010-octeontx2-pf-ipsec-Setup-NIX-HW-resources-for-inboun.patch
0011-octeontx2-pf-ipsec-Handle-NPA-threshhold-interrupt.patch
0012-octeontx2-pf-ipsec-Initialize-ingress-IPsec.patch
0013-octeontx2-pf-ipsec-Manage-NPC-rules-and-SPI-to-SA-ta.patch
0014-octeontx2-pf-ipsec-Process-CPT-metapackets.patch
0015-octeontx2-pf-ipsec-Add-XFRM-state-and-policy-hooks-f.patch
Bharat Bhushan (5):
crypto: octeontx2: Share engine group info with AF driver
octeontx2-af: Configure crypto hardware for inline ipsec
octeontx2-af: Setup Large Memory Transaction for crypto
octeontx2-af: Handle inbound inline ipsec config in AF
crypto: octeontx2: Remove inbound inline ipsec config
Geetha sowjanya (1):
octeontx2-af: Add mbox to alloc/free BPIDs
Kiran Kumar K (1):
octeontx2-af: Add support for SPI to SA index translation
Rakesh Kudurumalla (1):
octeontx2-af: Add support for CPT second pass
Tanmay Jagdale (7):
octeontx2-pf: ipsec: Allocate Ingress SA table
octeontx2-pf: ipsec: Setup NIX HW resources for inbound flows
octeontx2-pf: ipsec: Handle NPA threshold interrupt
octeontx2-pf: ipsec: Initialize ingress IPsec
octeontx2-pf: ipsec: Manage NPC rules and SPI-to-SA table entries
octeontx2-pf: ipsec: Process CPT metapackets
octeontx2-pf: ipsec: Add XFRM state and policy hooks for inbound flows
.../marvell/octeontx2/otx2_cpt_common.h | 8 -
drivers/crypto/marvell/octeontx2/otx2_cptpf.h | 10 -
.../marvell/octeontx2/otx2_cptpf_main.c | 50 +-
.../marvell/octeontx2/otx2_cptpf_mbox.c | 286 +---
.../marvell/octeontx2/otx2_cptpf_ucode.c | 116 +-
.../marvell/octeontx2/otx2_cptpf_ucode.h | 3 +-
.../ethernet/marvell/octeontx2/af/Makefile | 2 +-
.../ethernet/marvell/octeontx2/af/common.h | 1 +
.../net/ethernet/marvell/octeontx2/af/mbox.h | 119 +-
.../net/ethernet/marvell/octeontx2/af/rvu.c | 9 +-
.../net/ethernet/marvell/octeontx2/af/rvu.h | 71 +
.../ethernet/marvell/octeontx2/af/rvu_cn10k.c | 11 +
.../ethernet/marvell/octeontx2/af/rvu_cpt.c | 706 +++++++++-
.../ethernet/marvell/octeontx2/af/rvu_cpt.h | 71 +
.../ethernet/marvell/octeontx2/af/rvu_nix.c | 230 +++-
.../marvell/octeontx2/af/rvu_nix_spi.c | 220 +++
.../ethernet/marvell/octeontx2/af/rvu_reg.h | 16 +
.../marvell/octeontx2/af/rvu_struct.h | 4 +-
.../marvell/octeontx2/nic/cn10k_ipsec.c | 1191 ++++++++++++++++-
.../marvell/octeontx2/nic/cn10k_ipsec.h | 152 +++
.../marvell/octeontx2/nic/otx2_common.c | 23 +-
.../marvell/octeontx2/nic/otx2_common.h | 16 +
.../ethernet/marvell/octeontx2/nic/otx2_pf.c | 17 +
.../marvell/octeontx2/nic/otx2_struct.h | 16 +
.../marvell/octeontx2/nic/otx2_txrx.c | 25 +-
.../ethernet/marvell/octeontx2/nic/otx2_vf.c | 4 +
26 files changed, 2915 insertions(+), 462 deletions(-)
create mode 100644 drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.h
create mode 100644 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix_spi.c
--
2.43.0
Powered by blists - more mailing lists