lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: 
 <SN7PR18MB5314D17F56C125A6AB36AD88E3FF2@SN7PR18MB5314.namprd18.prod.outlook.com>
Date: Mon, 3 Jun 2024 09:18:33 +0000
From: Bharat Bhushan <bbhushan2@...vell.com>
To: Sunil Kovvuri Goutham <sgoutham@...vell.com>,
        Leon Romanovsky
	<leon@...nel.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Geethasowjanya
 Akula <gakula@...vell.com>,
        Subbaraya Sundeep Bhatta <sbhatta@...vell.com>,
        Hariprasad Kelam <hkelam@...vell.com>,
        "davem@...emloft.net"
	<davem@...emloft.net>,
        "edumazet@...gle.com" <edumazet@...gle.com>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "pabeni@...hat.com" <pabeni@...hat.com>,
        Jerin Jacob <jerinj@...vell.com>, Linu Cherian <lcherian@...vell.com>,
        "richardcochran@...il.com" <richardcochran@...il.com>
Subject: RE: [EXTERNAL] Re: [net-next,v3 6/8] cn10k-ipsec: Process inline
 ipsec transmit offload



> -----Original Message-----
> From: Sunil Kovvuri Goutham <sgoutham@...vell.com>
> Sent: Monday, June 3, 2024 10:04 AM
> To: Leon Romanovsky <leon@...nel.org>; Bharat Bhushan
> <bbhushan2@...vell.com>
> Cc: netdev@...r.kernel.org; linux-kernel@...r.kernel.org; Geethasowjanya
> Akula <gakula@...vell.com>; Subbaraya Sundeep Bhatta
> <sbhatta@...vell.com>; Hariprasad Kelam <hkelam@...vell.com>;
> davem@...emloft.net; edumazet@...gle.com; kuba@...nel.org;
> pabeni@...hat.com; Jerin Jacob <jerinj@...vell.com>; Linu Cherian
> <lcherian@...vell.com>; richardcochran@...il.com
> Subject: RE: [EXTERNAL] Re: [net-next,v3 6/8] cn10k-ipsec: Process inline
> ipsec transmit offload
> 
> 
> 
> >-----Original Message-----
> >From: Leon Romanovsky <leon@...nel.org>
> >Sent: Sunday, June 2, 2024 12:21 PM
> >To: Bharat Bhushan <bbhushan2@...vell.com>
> >Cc: netdev@...r.kernel.org; linux-kernel@...r.kernel.org; Sunil Kovvuri
> >Goutham <sgoutham@...vell.com>; Geethasowjanya Akula
> ><gakula@...vell.com>; Subbaraya Sundeep Bhatta <sbhatta@...vell.com>;
> >Hariprasad Kelam <hkelam@...vell.com>; davem@...emloft.net;
> >edumazet@...gle.com; kuba@...nel.org; pabeni@...hat.com; Jerin Jacob
> ><jerinj@...vell.com>; Linu Cherian <lcherian@...vell.com>;
> >richardcochran@...il.com
> >Subject: [EXTERNAL] Re: [net-next,v3 6/8] cn10k-ipsec: Process inline
> >ipsec transmit offload
> >
> >
> >----------------------------------------------------------------------
> >On Tue, May 28, 2024 at 07:23:47PM +0530, Bharat Bhushan wrote:
> >> Prepare and submit crypto hardware (CPT) instruction for outbound
> >> inline ipsec crypto mode offload. The CPT instruction have
> >> authentication offset, IV offset and encapsulation offset in input
> >> packet. Also provide SA context pointer which have details about
> >> algo, keys, salt etc. Crypto hardware encrypt, authenticate and
> >> provide the ESP packet to networking hardware.
> >>
> >> Signed-off-by: Bharat Bhushan <bbhushan2@...vell.com>
> >> ---
> >>  .../marvell/octeontx2/nic/cn10k_ipsec.c       | 224 ++++++++++++++++++
> >>  .../marvell/octeontx2/nic/cn10k_ipsec.h       |  40 ++++
> >>  .../marvell/octeontx2/nic/otx2_common.c       |  23 ++
> >>  .../marvell/octeontx2/nic/otx2_common.h       |   3 +
> >>  .../ethernet/marvell/octeontx2/nic/otx2_pf.c  |   2 +
> >>  .../marvell/octeontx2/nic/otx2_txrx.c         |  33 ++-
> >>  .../marvell/octeontx2/nic/otx2_txrx.h         |   3 +
> >>  7 files changed, 325 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> >> b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> >> index 136aebe2a007..1974fda2e0d3 100644
> >> --- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> >> +++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> >> @@ -7,8 +7,11 @@
> >>  #include <net/xfrm.h>
> >>  #include <linux/netdevice.h>
> >>  #include <linux/bitfield.h>
> >> +#include <crypto/aead.h>
> >> +#include <crypto/gcm.h>
> >>
> >>  #include "otx2_common.h"
> >> +#include "otx2_struct.h"
> >>  #include "cn10k_ipsec.h"
> >>
> >>  static bool is_dev_support_inline_ipsec(struct pci_dev *pdev) @@
> >> -843,3 +846,224 @@ void cn10k_ipsec_clean(struct otx2_nic *pf)
> >>  	cn10k_outb_cpt_clean(pf);
> >>  }
> >>  EXPORT_SYMBOL(cn10k_ipsec_clean);
> >
> ><...>
> >
> >> +bool cn10k_ipsec_transmit(struct otx2_nic *pf, struct netdev_queue *txq,
> >> +			  struct otx2_snd_queue *sq, struct sk_buff *skb,
> >> +			  int num_segs, int size)
> >> +{
> >> +	struct cpt_ctx_info_s *sa_info;
> >> +	struct cpt_inst_s inst;
> >> +	struct cpt_res_s *res;
> >> +	struct xfrm_state *x;
> >> +	dma_addr_t dptr_iova;
> >> +	struct sec_path *sp;
> >> +	u8 encap_offset;
> >> +	u8 auth_offset;
> >> +	u8 gthr_size;
> >> +	u8 iv_offset;
> >> +	u16 dlen;
> >> +
> >> +	/* Check for Inline IPSEC enabled */
> >> +	if (!(pf->flags & OTX2_FLAG_INLINE_IPSEC_ENABLED)) {
> >> +		netdev_err(pf->netdev, "Ipsec not enabled, drop packet\n");
> >
> ><...>
> >
> >> +		netdev_err(pf->netdev, "%s: no xfrm state len = %d\n",
> >> +			   __func__, sp->len);
> >
> ><...>
> >
> >> +		netdev_err(pf->netdev, "no xfrm_input_state()\n");
> >
> ><...>
> >
> >> +		netdev_err(pf->netdev, "un supported offload mode %d\n",
> >> +			   x->props.mode);
> >
> ><...>
> >
> >> +		netdev_err(pf->netdev, "Invalid IP header, ip-length zero\n");
> >
> ><...>
> >
> >> +		netdev_err(pf->netdev, "Invalid SA conext\n");
> >
> >All these prints are in datapath and can be triggered by network
> >packets. These and RX prints need to be deleted.
> >
> 
> Yes, all these error messages in datapath should be under netif_msg_tx_err().

Will delete a few of these prints and rest will be moved under netif_msg_tx_err().

Thanks
-Bharat

> 
> Thanks,
> Sunil.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ