X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fnet%2Fcnxk%2Fcn10k_ethdev_sec.c;h=87bb691ab4aa711b06657e9ff33582a6c54b9795;hb=7df4ead35436f5e03c6e4b520993715b7cc71c0f;hp=6fbf444038b14ea426bc7c5571f54d518c605946;hpb=5ece02e736c3ead7a9b952a46a90e3ace9bd34ce;p=dpdk.git

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 6fbf444038..87bb691ab4 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -9,6 +9,7 @@
 
 #include <cn10k_ethdev.h>
 #include <cnxk_security.h>
+#include <roc_priv.h>
 
 static struct rte_cryptodev_capabilities cn10k_eth_sec_crypto_caps[] = {
 	{	/* AES GCM */
@@ -138,8 +139,22 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
 	}
 };
 
-static void
-cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
+static inline void
+cnxk_pktmbuf_free_no_cache(struct rte_mbuf *mbuf)
+{
+	struct rte_mbuf *next;
+
+	if (!mbuf)
+		return;
+	do {
+		next = mbuf->next;
+		roc_npa_aura_op_free(mbuf->pool->pool_id, 1, (rte_iova_t)mbuf);
+		mbuf = next;
+	} while (mbuf != NULL);
+}
+
+void
+cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args, uint32_t soft_exp_event)
 {
 	struct rte_eth_event_ipsec_desc desc;
 	struct cn10k_sec_sess_priv sess_priv;
@@ -148,6 +163,7 @@ cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 	struct cpt_cn10k_res_s *res;
 	struct rte_eth_dev *eth_dev;
 	struct cnxk_eth_dev *dev;
+	static uint64_t warn_cnt;
 	uint16_t dlen_adj, rlen;
 	struct rte_mbuf *mbuf;
 	uintptr_t sa_base;
@@ -161,7 +177,7 @@ cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 		/* Event from inbound inline dev due to IPSEC packet bad L4 */
 		mbuf = (struct rte_mbuf *)(gw[1] - sizeof(struct rte_mbuf));
 		plt_nix_dbg("Received mbuf %p from inline dev inbound", mbuf);
-		rte_pktmbuf_free(mbuf);
+		cnxk_pktmbuf_free_no_cache(mbuf);
 		return;
 	case RTE_EVENT_TYPE_CPU:
 		/* Check for subtype */
@@ -172,8 +188,18 @@ cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 		}
 		/* Fall through */
 	default:
-		plt_err("Unknown event gw[0] = 0x%016lx, gw[1] = 0x%016lx",
-			gw[0], gw[1]);
+		if (soft_exp_event & 0x1) {
+			sa = (struct roc_ot_ipsec_outb_sa *)args;
+			priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(sa);
+			desc.metadata = (uint64_t)priv->userdata;
+			desc.subtype = RTE_ETH_EVENT_IPSEC_SA_TIME_EXPIRY;
+			eth_dev = &rte_eth_devices[soft_exp_event >> 8];
+			rte_eth_dev_callback_process(eth_dev,
+				RTE_ETH_EVENT_IPSEC, &desc);
+		} else {
+			plt_err("Unknown event gw[0] = 0x%016lx, gw[1] = 0x%016lx",
+				gw[0], gw[1]);
+		}
 		return;
 	}
 
@@ -212,17 +238,110 @@ cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args)
 	case ROC_IE_OT_UCC_ERR_SA_OVERFLOW:
 		desc.subtype = RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW;
 		break;
+	case ROC_IE_OT_UCC_ERR_PKT_IP:
+		warn_cnt++;
+		if (warn_cnt % 10000 == 0)
+			plt_warn("Outbound error, bad ip pkt, mbuf %p,"
+				 " sa_index %u (total warnings %" PRIu64 ")",
+				 mbuf, sess_priv.sa_idx, warn_cnt);
+		desc.subtype = RTE_ETH_EVENT_IPSEC_UNKNOWN;
+		break;
 	default:
-		plt_warn("Outbound error, mbuf %p, sa_index %u, "
-			 "compcode %x uc %x", mbuf, sess_priv.sa_idx,
-			 res->compcode, res->uc_compcode);
+		warn_cnt++;
+		if (warn_cnt % 10000 == 0)
+			plt_warn("Outbound error, mbuf %p, sa_index %u,"
+				 " compcode %x uc %x,"
+				 " (total warnings %" PRIu64 ")",
+				 mbuf, sess_priv.sa_idx, res->compcode,
+				 res->uc_compcode, warn_cnt);
 		desc.subtype = RTE_ETH_EVENT_IPSEC_UNKNOWN;
 		break;
 	}
 
 	desc.metadata = (uint64_t)priv->userdata;
 	rte_eth_dev_callback_process(eth_dev, RTE_ETH_EVENT_IPSEC, &desc);
-	rte_pktmbuf_free(mbuf);
+	cnxk_pktmbuf_free_no_cache(mbuf);
+}
+
+static void
+outb_dbg_iv_update(struct roc_ot_ipsec_outb_sa *outb_sa, const char *__iv_str)
+{
+	uint8_t *iv_dbg = outb_sa->iv.iv_dbg;
+	char *iv_str = strdup(__iv_str);
+	char *iv_b = NULL, len = 16;
+	char *save;
+	int i;
+
+	if (!iv_str)
+		return;
+
+	if (outb_sa->w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
+	    outb_sa->w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CTR ||
+	    outb_sa->w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
+	    outb_sa->w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) {
+		memset(outb_sa->iv.s.iv_dbg1, 0, sizeof(outb_sa->iv.s.iv_dbg1));
+		memset(outb_sa->iv.s.iv_dbg2, 0, sizeof(outb_sa->iv.s.iv_dbg2));
+
+		iv_dbg = outb_sa->iv.s.iv_dbg1;
+		for (i = 0; i < 4; i++) {
+			iv_b = strtok_r(i ? NULL : iv_str, ",", &save);
+			if (!iv_b)
+				break;
+			iv_dbg[i] = strtoul(iv_b, NULL, 0);
+		}
+		*(uint32_t *)iv_dbg = rte_be_to_cpu_32(*(uint32_t *)iv_dbg);
+
+		iv_dbg = outb_sa->iv.s.iv_dbg2;
+		for (i = 0; i < 4; i++) {
+			iv_b = strtok_r(NULL, ",", &save);
+			if (!iv_b)
+				break;
+			iv_dbg[i] = strtoul(iv_b, NULL, 0);
+		}
+		*(uint32_t *)iv_dbg = rte_be_to_cpu_32(*(uint32_t *)iv_dbg);
+
+	} else {
+		iv_dbg = outb_sa->iv.iv_dbg;
+		memset(iv_dbg, 0, sizeof(outb_sa->iv.iv_dbg));
+
+		for (i = 0; i < len; i++) {
+			iv_b = strtok_r(i ? NULL : iv_str, ",", &save);
+			if (!iv_b)
+				break;
+			iv_dbg[i] = strtoul(iv_b, NULL, 0);
+		}
+		*(uint64_t *)iv_dbg = rte_be_to_cpu_64(*(uint64_t *)iv_dbg);
+		*(uint64_t *)&iv_dbg[8] =
+			rte_be_to_cpu_64(*(uint64_t *)&iv_dbg[8]);
+	}
+
+	/* Update source of IV */
+	outb_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;
+	free(iv_str);
+}
+
+static int
+cn10k_eth_sec_outb_sa_misc_fill(struct roc_nix *roc_nix,
+				struct roc_ot_ipsec_outb_sa *sa, void *sa_cptr,
+				struct rte_security_ipsec_xform *ipsec_xfrm,
+				uint32_t sa_idx)
+{
+	uint64_t *ring_base, ring_addr;
+
+	if (ipsec_xfrm->life.bytes_soft_limit |
+	    ipsec_xfrm->life.packets_soft_limit) {
+		ring_base = roc_nix_inl_outb_ring_base_get(roc_nix);
+		if (ring_base == NULL)
+			return -ENOTSUP;
+
+		ring_addr = ring_base[sa_idx >>
+				      ROC_NIX_SOFT_EXP_ERR_RING_MAX_ENTRY_LOG2];
+		sa->ctx.err_ctl.s.mode = ROC_IE_OT_ERR_CTL_MODE_RING;
+		sa->ctx.err_ctl.s.address = ring_addr >> 3;
+		sa->w0.s.ctx_id = ((uintptr_t)sa_cptr >> 51) & 0x1ff;
+	}
+
+	return 0;
 }
 
 static int
@@ -237,6 +356,7 @@ cn10k_eth_sec_session_create(void *device,
 	struct cn10k_sec_sess_priv sess_priv;
 	struct rte_crypto_sym_xform *crypto;
 	struct cnxk_eth_sec_sess *eth_sec;
+	struct roc_nix *nix = &dev->nix;
 	bool inbound, inl_dev;
 	rte_spinlock_t *lock;
 	char tbuf[128] = {0};
@@ -251,8 +371,12 @@ cn10k_eth_sec_session_create(void *device,
 	if (rte_security_dynfield_register() < 0)
 		return -ENOTSUP;
 
-	if (rte_eal_process_type() == RTE_PROC_PRIMARY)
-		roc_nix_inl_cb_register(cn10k_eth_sec_sso_work_cb, NULL);
+	if (conf->ipsec.options.ip_reassembly_en &&
+			dev->reass_dynfield_off < 0) {
+		if (rte_eth_ip_reassembly_dynfield_register(&dev->reass_dynfield_off,
+					&dev->reass_dynflag_bit) < 0)
+			return -rte_errno;
+	}
 
 	ipsec = &conf->ipsec;
 	crypto = conf->crypto_xform;
@@ -284,13 +408,16 @@ cn10k_eth_sec_session_create(void *device,
 	if (inbound) {
 		struct roc_ot_ipsec_inb_sa *inb_sa, *inb_sa_dptr;
 		struct cn10k_inb_priv_data *inb_priv;
+		uint32_t spi_mask;
 		uintptr_t sa;
 
 		PLT_STATIC_ASSERT(sizeof(struct cn10k_inb_priv_data) <
 				  ROC_NIX_INL_OT_IPSEC_INB_SW_RSVD);
 
+		spi_mask = roc_nix_inl_inb_spi_range(nix, inl_dev, NULL, NULL);
+
 		/* Get Inbound SA from NIX_RX_IPSEC_SA_BASE */
-		sa = roc_nix_inl_inb_sa_get(&dev->nix, inl_dev, ipsec->spi);
+		sa = roc_nix_inl_inb_sa_get(nix, inl_dev, ipsec->spi);
 		if (!sa && dev->inb.inl_dev) {
 			snprintf(tbuf, sizeof(tbuf),
 				 "Failed to create ingress sa, inline dev "
@@ -334,16 +461,17 @@ cn10k_eth_sec_session_create(void *device,
 		inb_priv->userdata = conf->userdata;
 
 		/* Save SA index/SPI in cookie for now */
-		inb_sa_dptr->w1.s.cookie = rte_cpu_to_be_32(ipsec->spi);
+		inb_sa_dptr->w1.s.cookie =
+			rte_cpu_to_be_32(ipsec->spi & spi_mask);
 
 		/* Prepare session priv */
 		sess_priv.inb_sa = 1;
-		sess_priv.sa_idx = ipsec->spi;
+		sess_priv.sa_idx = ipsec->spi & spi_mask;
 
 		/* Pointer from eth_sec -> inb_sa */
 		eth_sec->sa = inb_sa;
 		eth_sec->sess = sess;
-		eth_sec->sa_idx = ipsec->spi;
+		eth_sec->sa_idx = ipsec->spi & spi_mask;
 		eth_sec->spi = ipsec->spi;
 		eth_sec->inl_dev = !!dev->inb.inl_dev;
 		eth_sec->inb = true;
@@ -356,11 +484,18 @@ cn10k_eth_sec_session_create(void *device,
 					   sizeof(struct roc_ot_ipsec_inb_sa));
 		if (rc)
 			goto mempool_put;
+
+		if (conf->ipsec.options.ip_reassembly_en) {
+			inb_priv->reass_dynfield_off = dev->reass_dynfield_off;
+			inb_priv->reass_dynflag_bit = dev->reass_dynflag_bit;
+		}
+
 	} else {
 		struct roc_ot_ipsec_outb_sa *outb_sa, *outb_sa_dptr;
 		struct cn10k_outb_priv_data *outb_priv;
 		struct cnxk_ipsec_outb_rlens *rlens;
 		uint64_t sa_base = dev->outb.sa_base;
+		const char *iv_str;
 		uint32_t sa_idx;
 
 		PLT_STATIC_ASSERT(sizeof(struct cn10k_outb_priv_data) <
@@ -387,6 +522,21 @@ cn10k_eth_sec_session_create(void *device,
 			goto mempool_put;
 		}
 
+		iv_str = getenv("CN10K_ETH_SEC_IV_OVR");
+		if (iv_str)
+			outb_dbg_iv_update(outb_sa_dptr, iv_str);
+
+		/* Fill outbound sa misc params */
+		rc = cn10k_eth_sec_outb_sa_misc_fill(&dev->nix, outb_sa_dptr,
+						     outb_sa, ipsec, sa_idx);
+		if (rc) {
+			snprintf(tbuf, sizeof(tbuf),
+				 "Failed to init outb sa misc params, rc=%d",
+				 rc);
+			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
+			goto mempool_put;
+		}
+
 		/* Save userdata */
 		outb_priv->userdata = conf->userdata;
 		outb_priv->sa_idx = sa_idx;