| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0e7d382ad191c19aed123ff0c2bdda7bbeb5268f.camel@nvidia.com>
Date: Fri, 11 Jul 2025 12:54:21 +0000
From: Cosmin Ratiu <cratiu@...dia.com>
To: "corbet@....net" <corbet@....net>, "andrew+netdev@...n.ch"
<andrew+netdev@...n.ch>, "davem@...emloft.net" <davem@...emloft.net>,
"kuba@...nel.org" <kuba@...nel.org>, "horms@...nel.org" <horms@...nel.org>,
"daniel.zahka@...il.com" <daniel.zahka@...il.com>, "edumazet@...gle.com"
<edumazet@...gle.com>, "donald.hunter@...il.com" <donald.hunter@...il.com>,
"pabeni@...hat.com" <pabeni@...hat.com>
CC: Boris Pismenny <borisp@...dia.com>, Jianbo Liu <jianbol@...dia.com>,
"aleksander.lobakin@...el.com" <aleksander.lobakin@...el.com>,
"kuniyu@...gle.com" <kuniyu@...gle.com>, "leon@...nel.org" <leon@...nel.org>,
"toke@...hat.com" <toke@...hat.com>, Rahul Rameshbabu
<rrameshbabu@...dia.com>, "willemb@...gle.com" <willemb@...gle.com>, Raed
Salem <raeds@...dia.com>, Dragos Tatulea <dtatulea@...dia.com>,
"ncardwell@...gle.com" <ncardwell@...gle.com>, "dsahern@...nel.org"
<dsahern@...nel.org>, "sdf@...ichev.me" <sdf@...ichev.me>, Saeed Mahameed
<saeedm@...dia.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Tariq
Toukan <tariqt@...dia.com>, Patrisious Haddad <phaddad@...dia.com>,
"jacob.e.keller@...el.com" <jacob.e.keller@...el.com>
Subject: Re: [PATCH v3 11/19] net/mlx5e: Support PSP offload functionality
On Wed, 2025-07-02 at 10:13 -0700, Daniel Zahka wrote:
> From: Raed Salem <raeds@...dia.com>
>
> Add PSP offload related IFC structs, layouts, and enumerations.
> Implement
> .set_config and .rx_spi_alloc PSP device operations. Driver does not
> need
> to make use of the .set_config operation. Stub .assoc_add and
> .assoc_del
> PSP operations.
>
> Introduce the MLX5_EN_PSP configuration option for enabling PSP
> offload
> support on mlx5 devices.
>
> Signed-off-by: Raed Salem <raeds@...dia.com>
> Signed-off-by: Rahul Rameshbabu <rrameshbabu@...dia.com>
> Signed-off-by: Daniel Zahka <daniel.zahka@...il.com>
> ---
>
> Notes:
> v1:
> -
> https://lore.kernel.org/netdev/20240510030435.120935-10-kuba@kernel.org/
>
> .../net/ethernet/mellanox/mlx5/core/Kconfig | 11 ++
> .../net/ethernet/mellanox/mlx5/core/Makefile | 4 +-
> drivers/net/ethernet/mellanox/mlx5/core/en.h | 3 +
> .../ethernet/mellanox/mlx5/core/en/params.c | 4 +-
> .../mellanox/mlx5/core/en_accel/psp.c | 149
> ++++++++++++++++++
> .../mellanox/mlx5/core/en_accel/psp.h | 53 +++++++
> .../mellanox/mlx5/core/en_accel/psp_offload.c | 52 ++++++
> .../net/ethernet/mellanox/mlx5/core/en_main.c | 9 ++
> drivers/net/ethernet/mellanox/mlx5/core/fw.c | 6 +
> .../net/ethernet/mellanox/mlx5/core/main.c | 5 +
> drivers/net/ethernet/mellanox/mlx5/core/psp.c | 24 +++
> drivers/net/ethernet/mellanox/mlx5/core/psp.h | 15 ++
> include/linux/mlx5/device.h | 4 +
> include/linux/mlx5/driver.h | 2 +
> include/linux/mlx5/mlx5_ifc.h | 94 ++++++++++-
> 15 files changed, 428 insertions(+), 7 deletions(-)
> create mode 100644
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.c
> create mode 100644
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.h
> create mode 100644
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp_offload.c
> create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/psp.c
> create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/psp.h
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/Kconfig
> b/drivers/net/ethernet/mellanox/mlx5/core/Kconfig
> index 6ec7d6e0181d..79a64489da89 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/Kconfig
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/Kconfig
> @@ -208,3 +208,14 @@ config MLX5_DPLL
> help
> DPLL support in Mellanox Technologies ConnectX NICs.
>
> +config MLX5_EN_PSP
> + bool "Mellanox Technologies support for PSP cryptography-
> offload acceleration"
> + depends on INET_PSP
> + depends on MLX5_CORE_EN
> + default y
> + help
> + mlx5 device offload support for Google PSP Security
> Protocol offload.
> + Adds support for PSP encryption offload and for SPI and
> key generation
> + interfaces to PSP Stack which supports PSP crypto offload.
> +
> + If unsure, say Y.
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/Makefile
> b/drivers/net/ethernet/mellanox/mlx5/core/Makefile
> index d292e6a9e22c..e27de74ef028 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/Makefile
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/Makefile
> @@ -17,7 +17,7 @@ mlx5_core-y := main.o cmd.o debugfs.o fw.o
> eq.o uar.o pagealloc.o \
> fs_counters.o fs_ft_pool.o rl.o lag/debugfs.o
> lag/lag.o dev.o events.o wq.o lib/gid.o \
> lib/devcom.o lib/pci_vsc.o lib/dm.o lib/fs_ttc.o
> diag/fs_tracepoint.o \
> diag/fw_tracer.o diag/crdump.o devlink.o
> diag/rsc_dump.o diag/reporter_vnic.o \
> - fw_reset.o qos.o lib/tout.o lib/aso.o wc.o fs_pool.o
> + fw_reset.o qos.o lib/tout.o lib/aso.o wc.o fs_pool.o
> psp.o
Turns out, psp.c/psp.h and struct mlx5_psp aren't needed at all.
Please remove them, to avoid maintaining unnecessary boilerplate.
Here's a fixup patch which does this:
From ca3310c747dca55f7a139828e71457ac27b77889 Mon Sep 17 00:00:00 2001
From: Cosmin Ratiu <cratiu@...dia.com>
Date: Fri, 11 Jul 2025 15:35:15 +0300
Subject: [PATCH 1/3] net/mlx5: fixup for unneded struct mlx5_psp
Signed-off-by: Cosmin Ratiu <cratiu@...dia.com>
Change-Id: I8fcef314c53db25c0f3a73ff2daecf34d4d28fce
---
.../net/ethernet/mellanox/mlx5/core/Makefile | 2 +-
.../net/ethernet/mellanox/mlx5/core/main.c | 4 ----
drivers/net/ethernet/mellanox/mlx5/core/psp.c | 24 -------------------
drivers/net/ethernet/mellanox/mlx5/core/psp.h | 15 ------------
include/linux/mlx5/driver.h | 2 --
5 files changed, 1 insertion(+), 46 deletions(-)
delete mode 100644 drivers/net/ethernet/mellanox/mlx5/core/psp.c
delete mode 100644 drivers/net/ethernet/mellanox/mlx5/core/psp.h
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/Makefile
b/drivers/net/ethernet/mellanox/mlx5/core/Makefile
index 3761f5c104d3..ab35efdb7052 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/Makefile
+++ b/drivers/net/ethernet/mellanox/mlx5/core/Makefile
@@ -17,7 +17,7 @@ mlx5_core-y := main.o cmd.o debugfs.o fw.o
eq.o uar.o pagealloc.o \
fs_counters.o fs_ft_pool.o rl.o lag/debugfs.o
lag/lag.o dev.o events.o wq.o lib/gid.o \
lib/devcom.o lib/pci_vsc.o lib/dm.o lib/fs_ttc.o
diag/fs_tracepoint.o \
diag/fw_tracer.o diag/crdump.o devlink.o
diag/rsc_dump.o diag/reporter_vnic.o \
- fw_reset.o qos.o lib/tout.o lib/aso.o wc.o fs_pool.o
psp.o
+ fw_reset.o qos.o lib/tout.o lib/aso.o wc.o fs_pool.o
#
# Netdev basic
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c
b/drivers/net/ethernet/mellanox/mlx5/core/main.c
index 1890e4b09ffe..dc37b410799f 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
@@ -74,7 +74,6 @@
#include "mlx5_irq.h"
#include "hwmon.h"
#include "lag/lag.h"
-#include "psp.h"
MODULE_AUTHOR("Eli Cohen <eli@...lanox.com>");
MODULE_DESCRIPTION("Mellanox 5th generation network adapters (ConnectX
series) core driver");
@@ -1047,7 +1046,6 @@ static int mlx5_init_once(struct mlx5_core_dev
*dev)
dev->vxlan = mlx5_vxlan_create(dev);
dev->geneve = mlx5_geneve_create(dev);
- dev->psp = mlx5_psp_create(dev);
err = mlx5_init_rl_table(dev);
if (err) {
@@ -1130,7 +1128,6 @@ static int mlx5_init_once(struct mlx5_core_dev
*dev)
err_rl_cleanup:
mlx5_cleanup_rl_table(dev);
err_clock_cleanup:
- mlx5_psp_destroy(dev->psp);
mlx5_geneve_destroy(dev->geneve);
mlx5_vxlan_destroy(dev->vxlan);
mlx5_cleanup_clock(dev);
@@ -1166,7 +1163,6 @@ static void mlx5_cleanup_once(struct
mlx5_core_dev *dev)
mlx5_sriov_cleanup(dev);
mlx5_mpfs_cleanup(dev);
mlx5_cleanup_rl_table(dev);
- mlx5_psp_destroy(dev->psp);
mlx5_geneve_destroy(dev->geneve);
mlx5_vxlan_destroy(dev->vxlan);
mlx5_cleanup_clock(dev);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/psp.c
b/drivers/net/ethernet/mellanox/mlx5/core/psp.c
deleted file mode 100644
index 15df8bde3632..000000000000
--- a/drivers/net/ethernet/mellanox/mlx5/core/psp.c
+++ /dev/null
@@ -1,24 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
-/* Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights
reserved. */
-
-#include "psp.h"
-
-struct mlx5_psp *mlx5_psp_create(struct mlx5_core_dev *mdev)
-{
- struct mlx5_psp *psp = kzalloc(sizeof(*psp), GFP_KERNEL);
-
- if (!psp)
- return ERR_PTR(-ENOMEM);
-
- psp->mdev = mdev;
-
- return psp;
-}
-
-void mlx5_psp_destroy(struct mlx5_psp *psp)
-{
- if (IS_ERR_OR_NULL(psp))
- return;
-
- kfree(psp);
-}
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/psp.h
b/drivers/net/ethernet/mellanox/mlx5/core/psp.h
deleted file mode 100644
index 1d7927c4ea72..000000000000
--- a/drivers/net/ethernet/mellanox/mlx5/core/psp.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
-/* Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights
reserved. */
-
-#ifndef __MLX5_PSP_H__
-#define __MLX5_PSP_H__
-#include <linux/mlx5/driver.h>
-
-struct mlx5_psp {
- struct mlx5_core_dev *mdev;
-};
-
-struct mlx5_psp *mlx5_psp_create(struct mlx5_core_dev *mdev);
-void mlx5_psp_destroy(struct mlx5_psp *psp);
-
-#endif /* __MLX5_PSP_H__ */
diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h
index 671512699a92..e6ba8f4f4bd1 100644
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -491,7 +491,6 @@ struct mlx5_sf_dev_table;
struct mlx5_sf_hw_table;
struct mlx5_sf_table;
struct mlx5_crypto_dek_priv;
-struct mlx5_psp;
struct mlx5_rate_limit {
u32 rate;
@@ -787,7 +786,6 @@ struct mlx5_core_dev {
enum mlx5_wc_state wc_state;
/* sync write combining state */
struct mutex wc_state_lock;
- struct mlx5_psp *psp;
};
struct mlx5_db {
--
2.45.0
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.h
> b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.h
> new file mode 100644
> index 000000000000..9707f50029ed
> --- /dev/null
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.h
> @@ -0,0 +1,53 @@
> +/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
> +/* Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights
> reserved. */
> +
> +#ifndef __MLX5E_ACCEL_PSP_H__
> +#define __MLX5E_ACCEL_PSP_H__
> +#if IS_ENABLED(CONFIG_MLX5_EN_PSP)
> +#include <net/psp/types.h>
> +#include "en.h"
> +
> +struct mlx5e_psp {
> + struct psp_dev *psp;
> + struct psp_dev_caps caps;
> +};
> +
> +struct psp_key_spi {
> + u32 spi;
> + __be32 key[PSP_MAX_KEY / sizeof(u32)];
> + u16 keysz;
> +};
This intermediate structure doesn't help much, it's only used during
key generation and psp_key_parsed could be used directly. Here's a
fixup patch which simplifies things, and avoids boilerplate:
From 1ea9823416548f6ec673ed51ec05590fc4f910ab Mon Sep 17 00:00:00 2001
From: Cosmin Ratiu <cratiu@...dia.com>
Date: Fri, 11 Jul 2025 15:37:00 +0300
Subject: [PATCH 2/2] net/mlx5e: fixup for mlx5e_psp_generate_key_spi
- use psp_key_parsed directly
Signed-off-by: Cosmin Ratiu <cratiu@...dia.com>
Change-Id: Ie26552386fc415d23c0fbddb2408e8c7ecc05d8f
---
.../mellanox/mlx5/core/en_accel/psp.c | 12 ++------
.../mellanox/mlx5/core/en_accel/psp.h | 8 +----
.../mellanox/mlx5/core/en_accel/psp_offload.c | 29 +++++++------------
3 files changed, 13 insertions(+), 36 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.c
b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.c
index 288ed296b74c..cb429abc6b4b 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.c
@@ -23,9 +23,7 @@ mlx5e_psp_rx_spi_alloc(struct psp_dev *psd, u32
version,
{
struct mlx5e_priv *priv = netdev_priv(psd->main_netdev);
enum mlx5_psp_gen_spi_in_key_size keysz;
- struct psp_key_spi key_spi = {};
u8 keysz_bytes;
- int err;
switch (version) {
case PSP_VERSION_HDR0_AES_GCM_128:
@@ -40,14 +38,8 @@ mlx5e_psp_rx_spi_alloc(struct psp_dev *psd, u32
version,
return -EINVAL;
}
- err = mlx5e_psp_generate_key_spi(priv->mdev, keysz,
keysz_bytes,
- &key_spi);
- if (err)
- return err;
-
- assoc->spi = cpu_to_be32(key_spi.spi);
- memcpy(assoc->key, key_spi.key, keysz_bytes);
- return 0;
+ return mlx5e_psp_generate_key_spi(priv->mdev, keysz,
keysz_bytes,
+ assoc);
}
struct psp_key {
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.h
b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.h
index 16e5ba591307..3f64a162f503 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.h
@@ -14,12 +14,6 @@ struct mlx5e_psp {
atomic_t tx_key_cnt;
};
-struct psp_key_spi {
- u32 spi;
- __be32 key[PSP_MAX_KEY / sizeof(u32)];
- u16 keysz;
-};
-
static inline bool mlx5_is_psp_device(struct mlx5_core_dev *mdev)
{
if (!MLX5_CAP_GEN(mdev, psp))
@@ -40,7 +34,7 @@ int mlx5e_psp_rotate_key(struct mlx5_core_dev *mdev);
int mlx5e_psp_generate_key_spi(struct mlx5_core_dev *mdev,
enum mlx5_psp_gen_spi_in_key_size
keysz,
unsigned int keysz_bytes,
- struct psp_key_spi *keys);
+ struct psp_key_parsed *key);
#else
static inline bool mlx5_is_psp_device(struct mlx5_core_dev *mdev)
{
diff --git
a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp_offload.c
b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp_offload.c
index c3c21a99a92b..a158ae407455 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp_offload.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp_offload.c
@@ -19,34 +19,25 @@ int mlx5e_psp_rotate_key(struct mlx5_core_dev
*mdev)
int mlx5e_psp_generate_key_spi(struct mlx5_core_dev *mdev,
enum mlx5_psp_gen_spi_in_key_size
keysz,
unsigned int keysz_bytes,
- struct psp_key_spi *keys)
+ struct psp_key_parsed *key)
{
+ u32 out[MLX5_ST_SZ_DW(psp_gen_spi_out) +
MLX5_ST_SZ_DW(key_spi)] = {};
u32 in[MLX5_ST_SZ_DW(psp_gen_spi_in)] = {};
- int err, outlen, i;
- void *out, *outkey;
+ void *outkey;
+ int err;
WARN_ON_ONCE(keysz_bytes > PSP_MAX_KEY);
- outlen = MLX5_ST_SZ_BYTES(psp_gen_spi_out) +
MLX5_ST_SZ_BYTES(key_spi);
- out = kzalloc(outlen, GFP_KERNEL);
- if (!out)
- return -ENOMEM;
-
MLX5_SET(psp_gen_spi_in, in, opcode, MLX5_CMD_OP_PSP_GEN_SPI);
MLX5_SET(psp_gen_spi_in, in, key_size, keysz);
MLX5_SET(psp_gen_spi_in, in, num_of_spi, 1);
- err = mlx5_cmd_exec(mdev, in, sizeof(in), out, outlen);
+ err = mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
if (err)
- goto out;
+ return err;
outkey = MLX5_ADDR_OF(psp_gen_spi_out, out, key_spi);
- keys->keysz = keysz_bytes * BITS_PER_BYTE;
- keys->spi = MLX5_GET(key_spi, outkey, spi);
- for (i = 0; i < keysz_bytes / sizeof(*keys->key); ++i)
- keys->key[i] = cpu_to_be32(MLX5_GET(key_spi,
- outkey + (32 -
keysz_bytes), key[i]));
-
-out:
- kfree(out);
- return err;
+ key->spi = cpu_to_be32(MLX5_GET(key_spi, outkey, spi));
+ memcpy(key->key, MLX5_ADDR_OF(key_spi, outkey, key),
keysz_bytes);
+
+ return 0;
}
--
2.45.0
Cosmin.
Powered by blists - more mailing lists