lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri,  5 Jul 2019 18:30:10 +0300
From:   Tariq Toukan <tariqt@...lanox.com>
To:     "David S. Miller" <davem@...emloft.net>
Cc:     netdev@...r.kernel.org, Eran Ben Elisha <eranbe@...lanox.com>,
        Saeed Mahameed <saeedm@...lanox.com>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        moshe@...lanox.com, Tariq Toukan <tariqt@...lanox.com>
Subject: [PATCH net-next 00/12] mlx5 TLS TX HW offload support

Hi Dave,

This series from Eran and me, adds TLS TX HW offload support to
the mlx5 driver.

This offloads the kTLS encryption process from kernel to the 
Mellanox NIC, saving CPU cycles and improving utilization.

Upon a new TLS connection request, driver is responsible to create
a dedicated HW context and configure it according to the crypto info,
so HW can do the encryption itself.

When the HW context gets out-of-sync (i.e. due to packets retransmission),
driver is responsible for the re-sync process.
This is done by posting special resync descriptors to the HW.

Feature is supported on Mellanox Connect-X 6DX, and newer.
Series was tested on SimX simulator.

Series generated against net-next commit [1], with Saeed's request pulled [2]:

[1] c4cde5804d51 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
[2] git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux.git tags/mlx5-updates-2019-07-04-v2

Changes from last pull request:
Fixed comments from Jakub:
Patch 4:
- Replace zero  memset with a call to memzero_explicit().
Patch 11:
- Fix stats counters names.
- Drop TLS SKB with non-matching netdev.

Regards,
Tariq

Eran Ben Elisha (1):
  net/mlx5e: Tx, Don't implicitly assume SKB-less wqe has one WQEBB

Tariq Toukan (11):
  net/mlx5: Accel, Expose accel wrapper for IPsec FPGA function
  net/mlx5: Kconfig, Better organize compilation flags
  net/mlx5: Add crypto library to support create/destroy encryption key
  net/mlx5: Accel, Add core TLS support for the Connect-X family
  net/mlx5e: Move helper functions to a new txrx datapath header
  net/mlx5e: Tx, Enforce L4 inline copy when needed
  net/mlx5e: Tx, Make SQ WQE fetch function type generic
  net/mlx5e: Tx, Unconstify SQ stop room
  net/mlx5e: Re-work TIS creation functions
  net/mlx5e: Introduce a fenced NOP WQE posting function
  net/mlx5e: Add kTLS TX HW offload support

 drivers/net/ethernet/mellanox/mlx5/core/Kconfig    |  52 ++-
 drivers/net/ethernet/mellanox/mlx5/core/Makefile   |  10 +-
 .../net/ethernet/mellanox/mlx5/core/accel/ipsec.c  |   9 +
 .../net/ethernet/mellanox/mlx5/core/accel/ipsec.h  |   7 +-
 .../net/ethernet/mellanox/mlx5/core/accel/tls.c    |  45 +-
 .../net/ethernet/mellanox/mlx5/core/accel/tls.h    |  51 ++-
 drivers/net/ethernet/mellanox/mlx5/core/en.h       | 114 +----
 drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h  | 208 ++++++++++
 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.h   |   1 +
 .../mellanox/mlx5/core/en_accel/en_accel.h         |   1 +
 .../mellanox/mlx5/core/en_accel/ipsec_rxtx.h       |   1 +
 .../ethernet/mellanox/mlx5/core/en_accel/ktls.c    |  93 +++++
 .../ethernet/mellanox/mlx5/core/en_accel/ktls.h    |  97 +++++
 .../ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 459 +++++++++++++++++++++
 .../net/ethernet/mellanox/mlx5/core/en_accel/tls.c |   5 +
 .../net/ethernet/mellanox/mlx5/core/en_accel/tls.h |  11 +-
 .../mellanox/mlx5/core/en_accel/tls_rxtx.c         |   7 +-
 .../mellanox/mlx5/core/en_accel/tls_rxtx.h         |   1 +
 drivers/net/ethernet/mellanox/mlx5/core/en_main.c  |  27 +-
 drivers/net/ethernet/mellanox/mlx5/core/en_stats.c |  28 +-
 drivers/net/ethernet/mellanox/mlx5/core/en_stats.h |  14 +
 drivers/net/ethernet/mellanox/mlx5/core/en_tx.c    |  98 ++---
 .../net/ethernet/mellanox/mlx5/core/fpga/ipsec.h   |  75 ----
 drivers/net/ethernet/mellanox/mlx5/core/fw.c       |   6 +
 .../net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c  |  14 +-
 .../net/ethernet/mellanox/mlx5/core/ipoib/ipoib.h  |   2 +
 .../ethernet/mellanox/mlx5/core/ipoib/ipoib_vlan.c |   2 +-
 .../net/ethernet/mellanox/mlx5/core/lib/crypto.c   |  72 ++++
 drivers/net/ethernet/mellanox/mlx5/core/lib/mlx5.h |   5 +
 drivers/net/ethernet/mellanox/mlx5/core/main.c     |   2 +-
 include/linux/mlx5/accel.h                         |   2 +-
 31 files changed, 1232 insertions(+), 287 deletions(-)
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls.c
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls.h
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/lib/crypto.c

-- 
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ