Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F96626604
D29291.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
15 KB
Referenced Files
None
Subscribers
None
D29291.diff
View Options
diff --git a/sys/dev/cxgbe/adapter.h b/sys/dev/cxgbe/adapter.h
--- a/sys/dev/cxgbe/adapter.h
+++ b/sys/dev/cxgbe/adapter.h
@@ -163,7 +163,7 @@
ADAP_ERR = (1 << 5),
BUF_PACKING_OK = (1 << 6),
IS_VF = (1 << 7),
- KERN_TLS_OK = (1 << 8),
+ KERN_TLS_ON = (1 << 8), /* HW is configured for KERN_TLS */
CXGBE_BUSY = (1 << 9),
/* port flags */
diff --git a/sys/dev/cxgbe/common/common.h b/sys/dev/cxgbe/common/common.h
--- a/sys/dev/cxgbe/common/common.h
+++ b/sys/dev/cxgbe/common/common.h
@@ -499,6 +499,11 @@
return adap->params.hash_filter;
}
+static inline int is_ktls(const struct adapter *adap)
+{
+ return adap->cryptocaps & FW_CAPS_CONFIG_TLS_HW;
+}
+
static inline int chip_id(struct adapter *adap)
{
return adap->params.chipid;
diff --git a/sys/dev/cxgbe/firmware/t6fw_cfg.txt b/sys/dev/cxgbe/firmware/t6fw_cfg.txt
--- a/sys/dev/cxgbe/firmware/t6fw_cfg.txt
+++ b/sys/dev/cxgbe/firmware/t6fw_cfg.txt
@@ -161,7 +161,7 @@
nserver = 512
nhpfilter = 0
nhash = 16384
- protocol = ofld, rddp, rdmac, iscsi_initiator_pdu, iscsi_target_pdu, iscsi_t10dif, tlskeys, crypto_lookaside
+ protocol = ofld, rddp, rdmac, iscsi_initiator_pdu, iscsi_target_pdu, iscsi_t10dif, tlskeys, crypto_lookaside, nic_ktls_ofld
tp_l2t = 4096
tp_ddp = 2
tp_ddp_iscsi = 2
@@ -273,7 +273,7 @@
[fini]
version = 0x1
- checksum = 0xa92352a8
+ checksum = 0x5fbc0a4a
#
# $FreeBSD$
#
diff --git a/sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt b/sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt
deleted file mode 100644
--- a/sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt
+++ /dev/null
@@ -1,278 +0,0 @@
-# Firmware configuration file.
-#
-# Global limits (some are hardware limits, others are due to the firmware).
-# nvi = 128 virtual interfaces
-# niqflint = 1023 ingress queues with freelists and/or interrupts
-# nethctrl = 64K Ethernet or ctrl egress queues
-# neq = 64K egress queues of all kinds, including freelists
-# nexactf = 512 MPS TCAM entries, can oversubscribe.
-
-[global]
- rss_glb_config_mode = basicvirtual
- rss_glb_config_options = tnlmapen,hashtoeplitz,tnlalllkp
-
- # PL_TIMEOUT register
- pl_timeout_value = 200 # the timeout value in units of us
-
- sge_timer_value = 1, 5, 10, 50, 100, 200 # SGE_TIMER_VALUE* in usecs
-
- reg[0x10c4] = 0x20000000/0x20000000 # GK_CONTROL, enable 5th thread
-
- reg[0x7dc0] = 0x0e2f8849 # TP_SHIFT_CNT
-
- #Tick granularities in kbps
- tsch_ticks = 100000, 10000, 1000, 10
-
- filterMode = fragmentation, mpshittype, protocol, vlan, port, fcoe
- filterMask = protocol
-
- tp_pmrx = 10, 512
- tp_pmrx_pagesize = 64K
-
- # TP number of RX channels (0 = auto)
- tp_nrxch = 0
-
- tp_pmtx = 10, 512
- tp_pmtx_pagesize = 64K
-
- # TP number of TX channels (0 = auto)
- tp_ntxch = 0
-
- # TP OFLD MTUs
- tp_mtus = 88, 256, 512, 576, 808, 1024, 1280, 1488, 1500, 2002, 2048, 4096, 4352, 8192, 9000, 9600
-
- # enable TP_OUT_CONFIG.IPIDSPLITMODE and CRXPKTENC
- reg[0x7d04] = 0x00010008/0x00010008
-
- # TP_GLOBAL_CONFIG
- reg[0x7d08] = 0x00000800/0x00000800 # set IssFromCplEnable
-
- # TP_PC_CONFIG
- reg[0x7d48] = 0x00000000/0x00000400 # clear EnableFLMError
-
- # TP_PARA_REG0
- reg[0x7d60] = 0x06000000/0x07000000 # set InitCWND to 6
-
- # cluster, lan, or wan.
- tp_tcptuning = lan
-
- # LE_DB_CONFIG
- reg[0x19c04] = 0x00000000/0x00440000 # LE Server SRAM disabled
- # LE IPv4 compression disabled
- # LE_DB_HASH_CONFIG
- reg[0x19c28] = 0x00800000/0x01f00000 # LE Hash bucket size 8,
-
- # ULP_TX_CONFIG
- reg[0x8dc0] = 0x00000104/0x00000104 # Enable ITT on PI err
- # Enable more error msg for ...
- # TPT error.
-
- # ULP_RX_MISC_FEATURE_ENABLE
- #reg[0x1925c] = 0x01003400/0x01003400 # iscsi tag pi bit
- # Enable offset decrement after ...
- # PI extraction and before DDP
- # ulp insert pi source info in DIF
- # iscsi_eff_offset_en
-
- #Enable iscsi completion moderation feature
- reg[0x1925c] = 0x000041c0/0x000031c0 # Enable offset decrement after
- # PI extraction and before DDP.
- # ulp insert pi source info in
- # DIF.
- # Enable iscsi hdr cmd mode.
- # iscsi force cmd mode.
- # Enable iscsi cmp mode.
- # MC configuration
- #mc_mode_brc[0] = 1 # mc0 - 1: enable BRC, 0: enable RBC
-
-# PFs 0-3. These get 8 MSI/8 MSI-X vectors each. VFs are supported by
-# these 4 PFs only.
-[function "0"]
- wx_caps = all
- r_caps = all
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x1
-
-[function "1"]
- wx_caps = all
- r_caps = all
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x2
-
-[function "2"]
- wx_caps = all
- r_caps = all
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x4
-
-[function "3"]
- wx_caps = all
- r_caps = all
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x8
-
-# PF4 is the resource-rich PF that the bus/nexus driver attaches to.
-# It gets 32 MSI/128 MSI-X vectors.
-[function "4"]
- wx_caps = all
- r_caps = all
- nvi = 32
- rssnvi = 32
- niqflint = 512
- nethctrl = 1024
- neq = 2048
- nqpcq = 8192
- nexactf = 456
- cmask = all
- pmask = all
- ncrypto_lookaside = 16
- nclip = 320
- nethofld = 8192
-
- # TCAM has 6K cells; each region must start at a multiple of 128 cell.
- # Each entry in these categories takes 2 cells each. nhash will use the
- # TCAM iff there is room left (that is, the rest don't add up to 3072).
- nfilter = 48
- nserver = 64
- nhpfilter = 0
- nhash = 524288
- protocol = ofld, tlskeys, crypto_lookaside
- tp_l2t = 4096
- tp_ddp = 2
- tp_ddp_iscsi = 2
- tp_tls_key = 3
- tp_tls_mxrxsize = 17408 # 16384 + 1024, governs max rx data, pm max xfer len, rx coalesce sizes
- tp_stag = 2
- tp_pbl = 5
- tp_rq = 7
- tp_srq = 128
-
-# PF5 is the SCSI Controller PF. It gets 32 MSI/40 MSI-X vectors.
-# Not used right now.
-[function "5"]
- nvi = 1
- rssnvi = 0
-
-# PF6 is the FCoE Controller PF. It gets 32 MSI/40 MSI-X vectors.
-# Not used right now.
-[function "6"]
- nvi = 1
- rssnvi = 0
-
-# The following function, 1023, is not an actual PCIE function but is used to
-# configure and reserve firmware internal resources that come from the global
-# resource pool.
-#
-[function "1023"]
- wx_caps = all
- r_caps = all
- nvi = 4
- rssnvi = 0
- cmask = all
- pmask = all
- nexactf = 8
- nfilter = 16
-
-
-# For Virtual functions, we only allow NIC functionality and we only allow
-# access to one port (1 << PF). Note that because of limitations in the
-# Scatter Gather Engine (SGE) hardware which checks writes to VF KDOORBELL
-# and GTS registers, the number of Ingress and Egress Queues must be a power
-# of 2.
-#
-[function "0/*"]
- wx_caps = 0x82
- r_caps = 0x86
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x1
-
-[function "1/*"]
- wx_caps = 0x82
- r_caps = 0x86
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x2
-
-[function "2/*"]
- wx_caps = 0x82
- r_caps = 0x86
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x1
-
-[function "3/*"]
- wx_caps = 0x82
- r_caps = 0x86
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x2
-
-# MPS has 192K buffer space for ingress packets from the wire as well as
-# loopback path of the L2 switch.
-[port "0"]
- dcb = none
- #bg_mem = 25
- #lpbk_mem = 25
- hwm = 60
- lwm = 15
- dwm = 30
-
-[port "1"]
- dcb = none
- #bg_mem = 25
- #lpbk_mem = 25
- hwm = 60
- lwm = 15
- dwm = 30
-
-[fini]
- version = 0x1
- checksum = 0xa737b06f
-#
-# $FreeBSD$
-#
diff --git a/sys/dev/cxgbe/t4_clip.c b/sys/dev/cxgbe/t4_clip.c
--- a/sys/dev/cxgbe/t4_clip.c
+++ b/sys/dev/cxgbe/t4_clip.c
@@ -273,7 +273,7 @@
inet_ntop(AF_INET6, &ce->lip, &ip[0],
sizeof(ip));
- if (sc->flags & KERN_TLS_OK ||
+ if (sc->flags & KERN_TLS_ON ||
sc->active_ulds != 0) {
log(LOG_ERR,
"%s: could not add %s (%d)\n",
diff --git a/sys/dev/cxgbe/t4_main.c b/sys/dev/cxgbe/t4_main.c
--- a/sys/dev/cxgbe/t4_main.c
+++ b/sys/dev/cxgbe/t4_main.c
@@ -812,9 +812,12 @@
static int read_i2c(struct adapter *, struct t4_i2c_data *);
static int clear_stats(struct adapter *, u_int);
#ifdef TCP_OFFLOAD
-static int toe_capability(struct vi_info *, int);
+static int toe_capability(struct vi_info *, bool);
static void t4_async_event(void *, int);
#endif
+#ifdef KERN_TLS
+static int ktls_capability(struct adapter *, bool);
+#endif
static int mod_event(module_t, int, void *);
static int notify_siblings(device_t, int);
@@ -1838,7 +1841,7 @@
}
#ifdef TCP_OFFLOAD
- if (vi->nofldrxq != 0 && (sc->flags & KERN_TLS_OK) == 0)
+ if (vi->nofldrxq != 0)
ifp->if_capabilities |= IFCAP_TOE;
#endif
#ifdef RATELIMIT
@@ -1859,9 +1862,10 @@
#endif
ifp->if_hw_tsomaxsegsize = 65536;
#ifdef KERN_TLS
- if (sc->flags & KERN_TLS_OK) {
+ if (is_ktls(sc)) {
ifp->if_capabilities |= IFCAP_TXTLS;
- ifp->if_capenable |= IFCAP_TXTLS;
+ if (sc->flags & KERN_TLS_ON)
+ ifp->if_capenable |= IFCAP_TXTLS;
}
#endif
@@ -2186,8 +2190,15 @@
ifp->if_capenable ^= IFCAP_MEXTPG;
#ifdef KERN_TLS
- if (mask & IFCAP_TXTLS)
+ if (mask & IFCAP_TXTLS) {
+ int enable = (ifp->if_capenable ^ mask) & IFCAP_TXTLS;
+
+ rc = ktls_capability(sc, enable);
+ if (rc != 0)
+ goto fail;
+
ifp->if_capenable ^= (mask & IFCAP_TXTLS);
+ }
#endif
if (mask & IFCAP_VXLAN_HWCSUM) {
ifp->if_capenable ^= IFCAP_VXLAN_HWCSUM;
@@ -4782,47 +4793,36 @@
uint32_t tstamp;
sc = arg;
-
- tstamp = tcp_ts_getticks();
- t4_write_reg(sc, A_TP_SYNC_TIME_HI, tstamp >> 1);
- t4_write_reg(sc, A_TP_SYNC_TIME_LO, tstamp << 31);
-
+ if (sc->flags & KERN_TLS_ON) {
+ tstamp = tcp_ts_getticks();
+ t4_write_reg(sc, A_TP_SYNC_TIME_HI, tstamp >> 1);
+ t4_write_reg(sc, A_TP_SYNC_TIME_LO, tstamp << 31);
+ }
callout_schedule_sbt(&sc->ktls_tick, SBT_1MS, 0, C_HARDCLOCK);
}
-static void
-t4_enable_kern_tls(struct adapter *sc)
+static int
+t4_config_kern_tls(struct adapter *sc, bool enable)
{
- uint32_t m, v;
-
- m = F_ENABLECBYP;
- v = F_ENABLECBYP;
- t4_set_reg_field(sc, A_TP_PARA_REG6, m, v);
-
- m = F_CPL_FLAGS_UPDATE_EN | F_SEQ_UPDATE_EN;
- v = F_CPL_FLAGS_UPDATE_EN | F_SEQ_UPDATE_EN;
- t4_set_reg_field(sc, A_ULP_TX_CONFIG, m, v);
-
- m = F_NICMODE;
- v = F_NICMODE;
- t4_set_reg_field(sc, A_TP_IN_CONFIG, m, v);
-
- m = F_LOOKUPEVERYPKT;
- v = 0;
- t4_set_reg_field(sc, A_TP_INGRESS_CONFIG, m, v);
-
- m = F_TXDEFERENABLE | F_DISABLEWINDOWPSH | F_DISABLESEPPSHFLAG;
- v = F_DISABLEWINDOWPSH;
- t4_set_reg_field(sc, A_TP_PC_CONFIG, m, v);
+ int rc;
+ uint32_t param = V_FW_PARAMS_MNEM(FW_PARAMS_MNEM_DEV) |
+ V_FW_PARAMS_PARAM_X(FW_PARAMS_PARAM_DEV_KTLS_HW) |
+ V_FW_PARAMS_PARAM_Y(enable ? 1 : 0) |
+ V_FW_PARAMS_PARAM_Z(FW_PARAMS_PARAM_DEV_KTLS_HW_USER_ENABLE);
- m = V_TIMESTAMPRESOLUTION(M_TIMESTAMPRESOLUTION);
- v = V_TIMESTAMPRESOLUTION(0x1f);
- t4_set_reg_field(sc, A_TP_TIMER_RESOLUTION, m, v);
+ rc = -t4_set_params(sc, sc->mbox, sc->pf, 0, 1, ¶m, ¶m);
+ if (rc != 0) {
+ CH_ERR(sc, "failed to %s NIC TLS: %d\n",
+ enable ? "enable" : "disable", rc);
+ return (rc);
+ }
- sc->flags |= KERN_TLS_OK;
+ if (enable)
+ sc->flags |= KERN_TLS_ON;
+ else
+ sc->flags &= ~KERN_TLS_ON;
- sc->tlst.inline_keys = t4_tls_inline_keys;
- sc->tlst.combo_wrs = t4_tls_combo_wrs;
+ return (rc);
}
#endif
@@ -4936,18 +4936,19 @@
#ifdef KERN_TLS
if (sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS &&
sc->toecaps & FW_CAPS_CONFIG_TOE) {
- if (t4_kern_tls != 0)
- t4_enable_kern_tls(sc);
- else {
- /*
- * Limit TOE connections to 2 reassembly
- * "islands". This is required for TOE TLS
- * connections to downgrade to plain TOE
- * connections if an unsupported TLS version
- * or ciphersuite is used.
- */
- t4_tp_wr_bits_indirect(sc, A_TP_FRAG_CONFIG,
- V_PASSMODE(M_PASSMODE), V_PASSMODE(2));
+ /*
+ * Limit TOE connections to 2 reassembly "islands". This is
+ * required for TOE TLS connections to downgrade to plain TOE
+ * connections if an unsupported TLS version or ciphersuite is
+ * used.
+ */
+ t4_tp_wr_bits_indirect(sc, A_TP_FRAG_CONFIG,
+ V_PASSMODE(M_PASSMODE), V_PASSMODE(2));
+ if (is_ktls(sc)) {
+ sc->tlst.inline_keys = t4_tls_inline_keys;
+ sc->tlst.combo_wrs = t4_tls_combo_wrs;
+ if (t4_kern_tls != 0)
+ t4_config_kern_tls(sc, true);
}
}
#endif
@@ -5863,7 +5864,7 @@
t4_intr_enable(sc);
}
#ifdef KERN_TLS
- if (sc->flags & KERN_TLS_OK)
+ if (is_ktls(sc))
callout_reset_sbt(&sc->ktls_tick, SBT_1MS, 0, ktls_tick, sc,
C_HARDCLOCK);
#endif
@@ -6753,7 +6754,7 @@
}
#ifdef KERN_TLS
- if (sc->flags & KERN_TLS_OK) {
+ if (is_ktls(sc)) {
/*
* dev.t4nex.0.tls.
*/
@@ -11047,7 +11048,7 @@
#ifdef TCP_OFFLOAD
static int
-toe_capability(struct vi_info *vi, int enable)
+toe_capability(struct vi_info *vi, bool enable)
{
int rc;
struct port_info *pi = vi->pi;
@@ -11059,6 +11060,39 @@
return (ENODEV);
if (enable) {
+#ifdef KERN_TLS
+ if (sc->flags & KERN_TLS_ON) {
+ int i, j, n;
+ struct port_info *p;
+ struct vi_info *v;
+
+ /*
+ * Reconfigure hardware for TOE if TXTLS is not enabled
+ * on any ifnet.
+ */
+ n = 0;
+ for_each_port(sc, i) {
+ p = sc->port[i];
+ for_each_vi(p, j, v) {
+ if (v->ifp->if_capenable & IFCAP_TXTLS) {
+ CH_WARN(sc,
+ "%s has NIC TLS enabled.\n",
+ device_get_nameunit(v->dev));
+ n++;
+ }
+ }
+ }
+ if (n > 0) {
+ CH_WARN(sc, "Disable NIC TLS on all interfaces "
+ "associated with this adapter before "
+ "trying to enable TOE.\n");
+ return (EAGAIN);
+ }
+ rc = t4_config_kern_tls(sc, false);
+ if (rc)
+ return (rc);
+ }
+#endif
if ((vi->ifp->if_capenable & IFCAP_TOE) != 0) {
/* TOE is already enabled. */
return (0);
@@ -11267,6 +11301,35 @@
}
#endif
+#ifdef KERN_TLS
+static int
+ktls_capability(struct adapter *sc, bool enable)
+{
+ ASSERT_SYNCHRONIZED_OP(sc);
+
+ if (!is_ktls(sc))
+ return (ENODEV);
+
+ if (enable) {
+ if (sc->flags & KERN_TLS_ON)
+ return (0); /* already on */
+ if (sc->offload_map != 0) {
+ CH_WARN(sc,
+ "Disable TOE on all interfaces associated with "
+ "this adapter before trying to enable NIC TLS.\n");
+ return (EAGAIN);
+ }
+ return (t4_config_kern_tls(sc, true));
+ } else {
+ /*
+ * Nothing to do for disable. If TOE is enabled sometime later
+ * then toe_capability will reconfigure the hardware.
+ */
+ return (0);
+ }
+}
+#endif
+
/*
* t = ptr to tunable.
* nc = number of CPUs.
diff --git a/sys/dev/cxgbe/t4_sge.c b/sys/dev/cxgbe/t4_sge.c
--- a/sys/dev/cxgbe/t4_sge.c
+++ b/sys/dev/cxgbe/t4_sge.c
@@ -4419,7 +4419,7 @@
"# of times hardware assisted with inner checksums (VXLAN)");
#ifdef KERN_TLS
- if (sc->flags & KERN_TLS_OK) {
+ if (is_ktls(sc)) {
SYSCTL_ADD_UQUAD(&vi->ctx, children, OID_AUTO,
"kern_tls_records", CTLFLAG_RD, &txq->kern_tls_records,
"# of NIC TLS records transmitted");
diff --git a/sys/dev/cxgbe/tom/t4_connect.c b/sys/dev/cxgbe/tom/t4_connect.c
--- a/sys/dev/cxgbe/tom/t4_connect.c
+++ b/sys/dev/cxgbe/tom/t4_connect.c
@@ -256,7 +256,7 @@
DONT_OFFLOAD_ACTIVE_OPEN(ENOSYS); /* XXX: implement lagg+TOE */
else
DONT_OFFLOAD_ACTIVE_OPEN(ENOTSUP);
- if (sc->flags & KERN_TLS_OK)
+ if (sc->flags & KERN_TLS_ON)
DONT_OFFLOAD_ACTIVE_OPEN(ENOTSUP);
rw_rlock(&sc->policy_lock);
diff --git a/sys/dev/cxgbe/tom/t4_listen.c b/sys/dev/cxgbe/tom/t4_listen.c
--- a/sys/dev/cxgbe/tom/t4_listen.c
+++ b/sys/dev/cxgbe/tom/t4_listen.c
@@ -538,7 +538,7 @@
if (!(inp->inp_vflag & INP_IPV6) &&
IN_LOOPBACK(ntohl(inp->inp_laddr.s_addr)))
return (0);
- if (sc->flags & KERN_TLS_OK)
+ if (sc->flags & KERN_TLS_ON)
return (0);
#if 0
ADAPTER_LOCK(sc);
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, Sep 26, 7:25 PM (22 h, 4 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
12856890
Default Alt Text
D29291.diff (15 KB)
Attached To
Mode
D29291: cxgbe(4): Allow a T6 adapter to switch between TOE and KTLS mode.
Attached
Detach File
Event Timeline
Log In to Comment