mbox series

[net-next,v10,0/8] cn10k-ipsec: Add outbound inline ipsec support

Message ID 20241204055659.1700459-1-bbhushan2@marvell.com (mailing list archive)
Headers show
Series cn10k-ipsec: Add outbound inline ipsec support | expand

Message

Bharat Bhushan Dec. 4, 2024, 5:56 a.m. UTC 
This patch series adds outbound inline ipsec support on Marvell
cn10k series of platform. One crypto hardware logical function
(cpt-lf) per netdev is required for inline ipsec outbound
functionality. Software prepare and submit crypto hardware
(CPT) instruction for outbound inline ipsec crypto mode offload.
The CPT instruction have details for encryption and authentication
Crypto hardware encrypt, authenticate and provide the ESP packet
to network hardware logic to transmit ipsec packet.

First patch makes dma memory writable for in-place encryption,
Second patch moves code to common file, Third patch disable
backpressure on crypto (CPT) and network (NIX) hardware.
Patch four onwards enables inline outbound ipsec.

v9->v10:
 - Removed unlikely() in data-patch and used static_branch when at least
   a SA is configured.
 - Added missing READ_ONCE() as per comment on previous patch
 - Removed "\n" from end of extack messages
 - Poll for context write status check reduced to 100ms from 10s 

v8->v9:
 - Removed mutex lock to use hardware, now using hardware state
 - Previous versions were supporting only 64 SAs and a bitmap was
   used for same. That limitation is removed from this version.
 - Replaced netdev_err with NL_SET_ERR_MSG_MOD in state add flow
   as per comment in previous version 

v7->v8:
 - spell correction in patch 1/8 (s/sdk/skb)

v6->v7:
 - skb data was mapped as device writeable but it was not ensured
   that skb is writeable. This version calls skb_unshare() to make
   skb data writeable (Thanks Jakub Kicinski for pointing out).

v4->v5:
 - Fixed un-initialized warning and pointer check
   (comment from Kalesh Anakkur Purayil)

v3->v4:
 - Few error messages in data-path removed and some moved
   under netif_msg_tx_err().
 - Added check for crypto offload (XFRM_DEV_OFFLOAD_CRYPTO)
   Thanks "Leon Romanovsky" for pointing out
 - Fixed codespell error as per comment from Simon Horman
 - Added some other cleanup comment from Kalesh Anakkur Purayil

v2->v3:
 - Fix smatch and sparse errors (Comment from Simon Horman)
 - Fix build error with W=1 (Comment from Simon Horman)
   https://patchwork.kernel.org/project/netdevbpf/patch/20240513105446.297451-6-bbhushan2@marvell.com/
 - Some other minor cleanup as per comment
   https://www.spinics.net/lists/netdev/msg997197.html

v1->v2:
 - Fix compilation error to build driver a module
 - Use dma_wmb() instead of architecture specific barrier
 - Fix couple of other compilation warnings

Bharat Bhushan (8):
  octeontx2-pf: map skb data as device writeable
  octeontx2-pf: Move skb fragment map/unmap to common code
  octeontx2-af: Disable backpressure between CPT and NIX
  cn10k-ipsec: Init hardware for outbound ipsec crypto offload
  cn10k-ipsec: Add SA add/del support for outb ipsec crypto offload
  cn10k-ipsec: Process outbound ipsec crypto offload
  cn10k-ipsec: Allow ipsec crypto offload for skb with SA
  cn10k-ipsec: Enable outbound ipsec crypto offload

 MAINTAINERS                                   |    1 +
 .../net/ethernet/marvell/octeontx2/af/mbox.h  |    4 +
 .../ethernet/marvell/octeontx2/af/rvu_nix.c   |   68 +-
 .../ethernet/marvell/octeontx2/nic/Makefile   |    1 +
 .../marvell/octeontx2/nic/cn10k_ipsec.c       | 1058 +++++++++++++++++
 .../marvell/octeontx2/nic/cn10k_ipsec.h       |  265 +++++
 .../marvell/octeontx2/nic/otx2_common.c       |  113 +-
 .../marvell/octeontx2/nic/otx2_common.h       |   26 +
 .../marvell/octeontx2/nic/otx2_dcbnl.c        |    3 +
 .../ethernet/marvell/octeontx2/nic/otx2_pf.c  |   19 +-
 .../marvell/octeontx2/nic/otx2_txrx.c         |   64 +-
 .../marvell/octeontx2/nic/otx2_txrx.h         |    3 +
 .../ethernet/marvell/octeontx2/nic/otx2_vf.c  |   10 +-
 13 files changed, 1581 insertions(+), 54 deletions(-)
 create mode 100644 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
 create mode 100644 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.h

Comments

patchwork-bot+netdevbpf@kernel.org Dec. 9, 2024, 12:20 p.m. UTC | #1 
Hello:

This series was applied to netdev/net-next.git (main)
by David S. Miller <davem@davemloft.net>:

On Wed, 4 Dec 2024 11:26:51 +0530 you wrote:
> This patch series adds outbound inline ipsec support on Marvell
> cn10k series of platform. One crypto hardware logical function
> (cpt-lf) per netdev is required for inline ipsec outbound
> functionality. Software prepare and submit crypto hardware
> (CPT) instruction for outbound inline ipsec crypto mode offload.
> The CPT instruction have details for encryption and authentication
> Crypto hardware encrypt, authenticate and provide the ESP packet
> to network hardware logic to transmit ipsec packet.
> 
> [...]

Here is the summary with links:
  - [net-next,v10,1/8] octeontx2-pf: map skb data as device writeable
    https://git.kernel.org/netdev/net-next/c/195c3d463181
  - [net-next,v10,2/8] octeontx2-pf: Move skb fragment map/unmap to common code
    https://git.kernel.org/netdev/net-next/c/c460b7442a6b
  - [net-next,v10,3/8] octeontx2-af: Disable backpressure between CPT and NIX
    https://git.kernel.org/netdev/net-next/c/a7ef63dbd588
  - [net-next,v10,4/8] cn10k-ipsec: Init hardware for outbound ipsec crypto offload
    https://git.kernel.org/netdev/net-next/c/fe079ab05d49
  - [net-next,v10,5/8] cn10k-ipsec: Add SA add/del support for outb ipsec crypto offload
    https://git.kernel.org/netdev/net-next/c/c45211c23697
  - [net-next,v10,6/8] cn10k-ipsec: Process outbound ipsec crypto offload
    https://git.kernel.org/netdev/net-next/c/6a77a158848a
  - [net-next,v10,7/8] cn10k-ipsec: Allow ipsec crypto offload for skb with SA
    https://git.kernel.org/netdev/net-next/c/32188be805d0
  - [net-next,v10,8/8] cn10k-ipsec: Enable outbound ipsec crypto offload
    https://git.kernel.org/netdev/net-next/c/b3ae3dc3a30f

You are awesome, thank you!