lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  7 Mar 2018 17:26:03 -0800
From:   Saeed Mahameed <saeedm@...lanox.com>
To:     "David S. Miller" <davem@...emloft.net>,
        Doug Ledford <dledford@...hat.com>
Cc:     netdev@...r.kernel.org, linux-rdma@...r.kernel.org,
        Leon Romanovsky <leonro@...lanox.com>,
        Jason Gunthorpe <jgg@...lanox.com>,
        Aviad Yehezkel <aviadye@...lanox.com>,
        Matan Barak <matanb@...lanox.com>,
        Boris Pismenny <borisp@...lanox.com>,
        Saeed Mahameed <saeedm@...lanox.com>
Subject: [pull request][for-next 00/11] Mellanox, mlx5 IPSec updates 2018-02-28-2 (Part 2)

Hi Dave and Doug,

This series includes shared code updates (IPSec part2) for mlx5 core 
driver for both netdev and rdma subsystems.  This series should be pulled
to both trees so we can continue netdev and rdma specific submissions
separately.

Mainly it includes two fixes for previous pull requests:
1. net/mlx5: Use MLX5_IPSEC_DEV macro for ipsec caps
 - Fixes Build issue when MLX5_ACCEL is not selected
2. net/mlx5: Fix wrongly assigned CQ reference counter
- Fixes a call trace warning when CONFIG_REFCOUNT_FULL is selected
 
And IPsec ESN netdev and user-space foundation and support,
For more information please see tag log below.

The series doesn't cause any conflict with the latest mlx5 rc fixes.

Thanks,
Saeed.

---

The following changes since commit e810bf5e96e327500cc6334f9d56c8047aaabcff:

  net/mlx5: Flow steering cmd interface should get the fte when deleting (2018-03-06 22:20:15 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git tags/mlx5-updates-2018-02-28-2

for you to fetch changes up to 31135eb3887daf2ed3e88fbefc36243357a9008f:

  net/mlx5: Fix wrongly assigned CQ reference counter (2018-03-07 15:54:36 -0800)

----------------------------------------------------------------
mlx5-updates-2018-02-28-2 (IPSec-2)

This series follows our previous one to lay out the foundations for IPSec
in user-space and extend current kernel netdev IPSec support. As noted in
our previous pull request cover letter "mlx5-updates-2018-02-28-1 (IPSec-1)",
the IPSec mechanism will be supported through our flow steering mechanism.
Therefore, we need to change the initialization order. Furthermore, IPsec
is also supported in both egress and ingress. Since our current flow
steering is egress only, we add an empty (only implemented through FPGA
steering ops) egress namespace to handle that case. We also implement
the required flow steering callbacks and logic in our FPGA driver.

We extend the FPGA support for ESN and modifying a xfrm too. Therefore, we
add support for some new FPGA command interface that supports them. The
other required bits are added too. The new features and requirements are
advertised via cap bits.

Last but not least, we revise our driver's accel_esp API. This API will be
shared between our netdev and IB driver, so we need to have all the required
functionality from both worlds.

Regards,
Aviad and Matan

----------------------------------------------------------------
Aviad Yehezkel (7):
      net/mlx5: IPSec, Add command V2 support
      net/mlx5: Export ipsec capabilities
      net/mlx5: Added required metadata capability for ipsec
      net/mlx5: Refactor accel IPSec code
      net/mlx5: Add flow-steering commands for FPGA IPSec implementation
      net/mlx5e: Added common function for to_ipsec_sa_entry
      net/mlx5: IPSec, Add support for ESN

Leon Romanovsky (1):
      net/mlx5: Fix wrongly assigned CQ reference counter

Saeed Mahameed (1):
      net/mlx5: Use MLX5_IPSEC_DEV macro for ipsec caps

Yossi Kuperman (2):
      net/mlx5: IPSec, Generalize sandbox QP commands
      net/mlx5e: IPSec, Add support for ESP trailer removal by hardware

 .../net/ethernet/mellanox/mlx5/core/accel/ipsec.c  |   59 +-
 .../net/ethernet/mellanox/mlx5/core/accel/ipsec.h  |   96 +-
 drivers/net/ethernet/mellanox/mlx5/core/cq.c       |    3 +-
 .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c   |  306 +++--
 .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h   |   24 +
 .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c       |   39 +-
 .../mellanox/mlx5/core/en_accel/ipsec_rxtx.h       |    5 +
 .../net/ethernet/mellanox/mlx5/core/fpga/ipsec.c   | 1280 +++++++++++++++++++-
 .../net/ethernet/mellanox/mlx5/core/fpga/ipsec.h   |   76 +-
 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c  |    8 +-
 drivers/net/ethernet/mellanox/mlx5/core/main.c     |    2 +
 include/linux/mlx5/accel.h                         |  144 +++
 include/linux/mlx5/fs.h                            |    3 +
 include/linux/mlx5/mlx5_ifc_fpga.h                 |   92 +-
 14 files changed, 1858 insertions(+), 279 deletions(-)
 create mode 100644 include/linux/mlx5/accel.h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ