| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aG99fdMVhJUNhxtZ@optiplex>
Date: Thu, 10 Jul 2025 14:14:45 +0530
From: Tanmay Jagdale <tanmay@...vell.com>
To: Simon Horman <horms@...nel.org>
CC: <davem@...emloft.net>, <leon@...nel.org>, <sgoutham@...vell.com>,
<bbhushan2@...vell.com>, <herbert@...dor.apana.org.au>,
<linux-crypto@...r.kernel.org>, <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next v2 12/14] octeontx2-pf: ipsec: Process CPT
metapackets
On 2025-06-20 at 16:36:57, Simon Horman (horms@...nel.org) wrote:
> On Wed, Jun 18, 2025 at 05:00:06PM +0530, Tanmay Jagdale wrote:
> > CPT hardware forwards decrypted IPsec packets to NIX via the X2P bus
> > as metapackets which are of 256 bytes in length. Each metapacket
> > contains CPT_PARSE_HDR_S and initial bytes of the decrypted packet
> > that helps NIX RX in classifying and submitting to CPU. Additionally,
> > CPT also sets BIT(11) of the channel number to indicate that it's a
> > 2nd pass packet from CPT.
> >
> > Since the metapackets are not complete packets, they don't have to go
> > through L3/L4 layer length and checksum verification so these are
> > disabled via the NIX_LF_INLINE_RQ_CFG mailbox during IPsec initialization.
> >
> > The CPT_PARSE_HDR_S contains a WQE pointer to the complete decrypted
> > packet. Add code in the rx NAPI handler to parse the header and extract
> > WQE pointer. Later, use this WQE pointer to construct the skb, set the
> > XFRM packet mode flags to indicate successful decryption before submitting
> > it to the network stack.
> >
> > Signed-off-by: Tanmay Jagdale <tanmay@...vell.com>
> > ---
> > Changes in V2:
> > - Removed unnecessary casts
> > - Don't convert complete cpt_parse_hdr from BE to LE and just
> > convert required fields
> > - Fixed logic to avoid repeated calculation for start and end in sg
> >
> > V1 Link: https://lore.kernel.org/netdev/20250502132005.611698-15-tanmay@marvell.com/
> >
> > .../marvell/octeontx2/nic/cn10k_ipsec.c | 52 +++++++++++++++++++
> > .../marvell/octeontx2/nic/cn10k_ipsec.h | 48 +++++++++++++++++
> > .../marvell/octeontx2/nic/otx2_common.h | 2 +
> > .../marvell/octeontx2/nic/otx2_struct.h | 16 ++++++
> > .../marvell/octeontx2/nic/otx2_txrx.c | 29 +++++++++--
> > 5 files changed, 144 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> > index 5cb6bc835e56..a95878378334 100644
> > --- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> > +++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> > @@ -346,6 +346,58 @@ static int cn10k_outb_cpt_init(struct net_device *netdev)
> > return ret;
> > }
> >
> > +struct nix_wqe_rx_s *cn10k_ipsec_process_cpt_metapkt(struct otx2_nic *pfvf,
> > + struct nix_cqe_rx_s *cqe,
> > + struct sk_buff *skb,
> > + int qidx)
> > +{
> > + struct nix_rx_sg_s *sg = &cqe->sg;
> > + struct nix_wqe_rx_s *wqe = NULL;
> > + u64 *seg_addr = &sg->seg_addr;
> > + struct cpt_parse_hdr_s *cptp;
> > + struct xfrm_offload *xo;
> > + struct xfrm_state *xs;
> > + struct sec_path *sp;
> > + void *va;
> > +
> > + /* CPT_PARSE_HDR_S is present in the beginning of the buffer */
> > + va = phys_to_virt(otx2_iova_to_phys(pfvf->iommu_domain, *seg_addr));
> > +
> > + cptp = (struct cpt_parse_hdr_s *)va;
> > +
> > + /* Convert the wqe_ptr from CPT_PARSE_HDR_S to a CPU usable pointer */
> > + wqe = phys_to_virt(otx2_iova_to_phys(pfvf->iommu_domain,
> > + be64_to_cpu(cptp->wqe_ptr)));
>
> Hi Tanmay,
Hi Simon,
>
> be64_to_cpu expects a __be64 argument, but the type of cptp->wqe_ptr is u64.
> Or, IOW, be64_to_cpu expects to be based a big endian value but
> the type of it's argument is host byte order.
Okay. I will fix the structure definition to use __be types.
>
> > +
> > + /* Get the XFRM state pointer stored in SA context */
> > + xs = pfvf->ipsec.inb_sa->base +
> > + (be32_to_cpu(cptp->cookie) * pfvf->ipsec.sa_tbl_entry_sz) + 1024;
>
> Likewise with cookie here.
ACK.
>
> :Flagged by Sparse.
>
> ...
>
With Regards,
Tanmay
Powered by blists - more mailing lists