Commit 71af6a2d authored by Jakub Kicinski's avatar Jakub Kicinski

Merge tag 'mlx5-updates-2023-01-30' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

Saeed Mahameed says:

====================
mlx5-updates-2023-01-30

Add fast update encryption key

Jianbo Liu Says:
================

Data encryption keys (DEKs) are the keys used for data encryption and
decryption operations. Starting from version 22.33.0783, firmware is
optimized to accelerate the update of user keys into DEK object in
hardware. The support for bulk allocation and destruction of DEK
objects is added, and the bulk allocated DEKs are uninitialized, as
the bulk creation requires no input key. When offload
encryption/decryption, user gets one object from a bulk, and updates
key by a new "modify DEK" command. This command is the same as create
DEK object, but requires no heavy context memory allocation in
firmware, which consumes most cpu cycles of the create DEK command.

DEKs are cached internally by the NIC, so invalidating internal NIC
caches is required before reusing DEKs. The SYNC_CRYPTO command is
added to support it. DEK object can be reused, the keys in it can be
updated after this command is executed.

This patchset enhances the key creation and destruction flow, to get
use of this new feature. Any user, for example, ktls, ipsec and
macsec, can use it to offload keys. But, only ktls uses it, as others
don't need many keys, and caching two many DEKs in pool is wasteful.

There are two new data struts added:
    a. DEK pool. One pool is created for each key type. The bulks by
the type, are placed in the pool's different bulk lists, according to
the number of available and in_used DEKs in the bulk.
    b. DEK bulk. All DEKs in one bulk allocation are store here. There
are two bitmaps to indicate the state of each DEK.

New APIs are then added. When user need a DEK object,
    a. Fetch one bulk with avail DEKs, from the partial_list or
avail_list, otherwise create new one.
    b. Pick one DEK, and set its need_sync and in_used bits to 1.
Move the bulk to full_list if no more available keys, or put it to
partial_list if the bulk is newly created.
    c. Update DEK object's key with user key, by the "modify DEK"
command.
    d. Return DEK struct to user, then it gets the object id and fills
it into the offload commands.
When user free a DEK,
    a. Set in_use bit to 0. If all need_sync bits are 1 and all in_use
bits of this bulk are 0, move it to sync_list.
    b. If the number of DEKs, which are freed by users, is over the
threshold (128), schedule a workqueue to do the sync process.

For the sync process, the SYNC_CRYPTO command is executed first. Then,
for each bulks in partial_list, full_list and sync_list, reset
need_sync bits of the freed DEK objects. If all need_sync bits in one
bulk are zero, move it to avail_list.

We already supported TIS pool to recycle the TISes. With this series
and TIS pool, TLS CPS performance is improved greatly.
And we tested https on the system:
    CPU: dual AMD EPYC 7763 64-Core processors
    RAM: 512G
    DEV: ConnectX-6 DX, with FW ver 22.33.0838 and TLS_OPTIMISE=true
TLS CPS performance numbers are:
    Before: 11k connections/sec
    After: 101 connections/sec

================

* tag 'mlx5-updates-2023-01-30' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux:
  net/mlx5e: kTLS, Improve connection rate by using fast update encryption key
  net/mlx5: Keep only one bulk of full available DEKs
  net/mlx5: Add async garbage collector for DEK bulk
  net/mlx5: Reuse DEKs after executing SYNC_CRYPTO command
  net/mlx5: Use bulk allocation for fast update encryption key
  net/mlx5: Add bulk allocation and modify_dek operation
  net/mlx5: Add support SYNC_CRYPTO command
  net/mlx5: Add new APIs for fast update encryption key
  net/mlx5: Refactor the encryption key creation
  net/mlx5: Add const to the key pointer of encryption key creation
  net/mlx5: Prepare for fast crypto key update if hardware supports it
  net/mlx5: Change key type to key purpose
  net/mlx5: Add IFC bits and enums for crypto key
  net/mlx5: Add IFC bits for general obj create param
  net/mlx5: Header file for crypto
====================

Link: https://lore.kernel.org/r/20230131031201.35336-1-saeed@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents c925ed5f f741db1a
...@@ -104,6 +104,7 @@ static bool mlx5_cmd_is_throttle_opcode(u16 op) ...@@ -104,6 +104,7 @@ static bool mlx5_cmd_is_throttle_opcode(u16 op)
case MLX5_CMD_OP_DESTROY_GENERAL_OBJECT: case MLX5_CMD_OP_DESTROY_GENERAL_OBJECT:
case MLX5_CMD_OP_MODIFY_GENERAL_OBJECT: case MLX5_CMD_OP_MODIFY_GENERAL_OBJECT:
case MLX5_CMD_OP_QUERY_GENERAL_OBJECT: case MLX5_CMD_OP_QUERY_GENERAL_OBJECT:
case MLX5_CMD_OP_SYNC_CRYPTO:
return true; return true;
} }
return false; return false;
...@@ -523,6 +524,7 @@ static int mlx5_internal_err_ret_value(struct mlx5_core_dev *dev, u16 op, ...@@ -523,6 +524,7 @@ static int mlx5_internal_err_ret_value(struct mlx5_core_dev *dev, u16 op,
case MLX5_CMD_OP_QUERY_VHCA_MIGRATION_STATE: case MLX5_CMD_OP_QUERY_VHCA_MIGRATION_STATE:
case MLX5_CMD_OP_SAVE_VHCA_STATE: case MLX5_CMD_OP_SAVE_VHCA_STATE:
case MLX5_CMD_OP_LOAD_VHCA_STATE: case MLX5_CMD_OP_LOAD_VHCA_STATE:
case MLX5_CMD_OP_SYNC_CRYPTO:
*status = MLX5_DRIVER_STATUS_ABORTED; *status = MLX5_DRIVER_STATUS_ABORTED;
*synd = MLX5_DRIVER_SYND; *synd = MLX5_DRIVER_SYND;
return -ENOLINK; return -ENOLINK;
...@@ -725,6 +727,7 @@ const char *mlx5_command_str(int command) ...@@ -725,6 +727,7 @@ const char *mlx5_command_str(int command)
MLX5_COMMAND_STR_CASE(QUERY_VHCA_MIGRATION_STATE); MLX5_COMMAND_STR_CASE(QUERY_VHCA_MIGRATION_STATE);
MLX5_COMMAND_STR_CASE(SAVE_VHCA_STATE); MLX5_COMMAND_STR_CASE(SAVE_VHCA_STATE);
MLX5_COMMAND_STR_CASE(LOAD_VHCA_STATE); MLX5_COMMAND_STR_CASE(LOAD_VHCA_STATE);
MLX5_COMMAND_STR_CASE(SYNC_CRYPTO);
default: return "unknown command opcode"; default: return "unknown command opcode";
} }
} }
......
...@@ -204,13 +204,15 @@ mlx5e_flow_meter_create_aso_obj(struct mlx5e_flow_meters *flow_meters, int *obj_ ...@@ -204,13 +204,15 @@ mlx5e_flow_meter_create_aso_obj(struct mlx5e_flow_meters *flow_meters, int *obj_
u32 in[MLX5_ST_SZ_DW(create_flow_meter_aso_obj_in)] = {}; u32 in[MLX5_ST_SZ_DW(create_flow_meter_aso_obj_in)] = {};
u32 out[MLX5_ST_SZ_DW(general_obj_out_cmd_hdr)]; u32 out[MLX5_ST_SZ_DW(general_obj_out_cmd_hdr)];
struct mlx5_core_dev *mdev = flow_meters->mdev; struct mlx5_core_dev *mdev = flow_meters->mdev;
void *obj; void *obj, *param;
int err; int err;
MLX5_SET(general_obj_in_cmd_hdr, in, opcode, MLX5_CMD_OP_CREATE_GENERAL_OBJECT); MLX5_SET(general_obj_in_cmd_hdr, in, opcode, MLX5_CMD_OP_CREATE_GENERAL_OBJECT);
MLX5_SET(general_obj_in_cmd_hdr, in, obj_type, MLX5_SET(general_obj_in_cmd_hdr, in, obj_type,
MLX5_GENERAL_OBJECT_TYPES_FLOW_METER_ASO); MLX5_GENERAL_OBJECT_TYPES_FLOW_METER_ASO);
MLX5_SET(general_obj_in_cmd_hdr, in, log_obj_range, flow_meters->log_granularity); param = MLX5_ADDR_OF(general_obj_in_cmd_hdr, in, op_param);
MLX5_SET(general_obj_create_param, param, log_obj_range,
flow_meters->log_granularity);
obj = MLX5_ADDR_OF(create_flow_meter_aso_obj_in, in, flow_meter_aso_obj); obj = MLX5_ADDR_OF(create_flow_meter_aso_obj_in, in, flow_meter_aso_obj);
MLX5_SET(flow_meter_aso_obj, obj, meter_aso_access_pd, flow_meters->pdn); MLX5_SET(flow_meter_aso_obj, obj, meter_aso_access_pd, flow_meters->pdn);
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
#include "mlx5_core.h" #include "mlx5_core.h"
#include "en.h" #include "en.h"
#include "ipsec.h" #include "ipsec.h"
#include "lib/mlx5.h" #include "lib/crypto.h"
enum { enum {
MLX5_IPSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET, MLX5_IPSEC_ASO_REMOVE_FLOW_PKT_CNT_OFFSET,
......
...@@ -4,16 +4,16 @@ ...@@ -4,16 +4,16 @@
#include <linux/debugfs.h> #include <linux/debugfs.h>
#include "en.h" #include "en.h"
#include "lib/mlx5.h" #include "lib/mlx5.h"
#include "lib/crypto.h"
#include "en_accel/ktls.h" #include "en_accel/ktls.h"
#include "en_accel/ktls_utils.h" #include "en_accel/ktls_utils.h"
#include "en_accel/fs_tcp.h" #include "en_accel/fs_tcp.h"
int mlx5_ktls_create_key(struct mlx5_core_dev *mdev, struct mlx5_crypto_dek *mlx5_ktls_create_key(struct mlx5_crypto_dek_pool *dek_pool,
struct tls_crypto_info *crypto_info, struct tls_crypto_info *crypto_info)
u32 *p_key_id)
{ {
const void *key;
u32 sz_bytes; u32 sz_bytes;
void *key;
switch (crypto_info->cipher_type) { switch (crypto_info->cipher_type) {
case TLS_CIPHER_AES_GCM_128: { case TLS_CIPHER_AES_GCM_128: {
...@@ -33,17 +33,16 @@ int mlx5_ktls_create_key(struct mlx5_core_dev *mdev, ...@@ -33,17 +33,16 @@ int mlx5_ktls_create_key(struct mlx5_core_dev *mdev,
break; break;
} }
default: default:
return -EINVAL; return ERR_PTR(-EINVAL);
} }
return mlx5_create_encryption_key(mdev, key, sz_bytes, return mlx5_crypto_dek_create(dek_pool, key, sz_bytes);
MLX5_ACCEL_OBJ_TLS_KEY,
p_key_id);
} }
void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id) void mlx5_ktls_destroy_key(struct mlx5_crypto_dek_pool *dek_pool,
struct mlx5_crypto_dek *dek)
{ {
mlx5_destroy_encryption_key(mdev, key_id); mlx5_crypto_dek_destroy(dek_pool, dek);
} }
static int mlx5e_ktls_add(struct net_device *netdev, struct sock *sk, static int mlx5e_ktls_add(struct net_device *netdev, struct sock *sk,
...@@ -189,6 +188,7 @@ static void mlx5e_tls_debugfs_init(struct mlx5e_tls *tls, ...@@ -189,6 +188,7 @@ static void mlx5e_tls_debugfs_init(struct mlx5e_tls *tls,
int mlx5e_ktls_init(struct mlx5e_priv *priv) int mlx5e_ktls_init(struct mlx5e_priv *priv)
{ {
struct mlx5_crypto_dek_pool *dek_pool;
struct mlx5e_tls *tls; struct mlx5e_tls *tls;
if (!mlx5e_is_ktls_device(priv->mdev)) if (!mlx5e_is_ktls_device(priv->mdev))
...@@ -197,9 +197,15 @@ int mlx5e_ktls_init(struct mlx5e_priv *priv) ...@@ -197,9 +197,15 @@ int mlx5e_ktls_init(struct mlx5e_priv *priv)
tls = kzalloc(sizeof(*tls), GFP_KERNEL); tls = kzalloc(sizeof(*tls), GFP_KERNEL);
if (!tls) if (!tls)
return -ENOMEM; return -ENOMEM;
tls->mdev = priv->mdev;
dek_pool = mlx5_crypto_dek_pool_create(priv->mdev, MLX5_ACCEL_OBJ_TLS_KEY);
if (IS_ERR(dek_pool)) {
kfree(tls);
return PTR_ERR(dek_pool);
}
tls->dek_pool = dek_pool;
priv->tls = tls; priv->tls = tls;
priv->tls->mdev = priv->mdev;
mlx5e_tls_debugfs_init(tls, priv->dfs_root); mlx5e_tls_debugfs_init(tls, priv->dfs_root);
...@@ -216,6 +222,7 @@ void mlx5e_ktls_cleanup(struct mlx5e_priv *priv) ...@@ -216,6 +222,7 @@ void mlx5e_ktls_cleanup(struct mlx5e_priv *priv)
debugfs_remove_recursive(tls->debugfs.dfs); debugfs_remove_recursive(tls->debugfs.dfs);
tls->debugfs.dfs = NULL; tls->debugfs.dfs = NULL;
mlx5_crypto_dek_pool_destroy(tls->dek_pool);
kfree(priv->tls); kfree(priv->tls);
priv->tls = NULL; priv->tls = NULL;
} }
...@@ -10,10 +10,12 @@ ...@@ -10,10 +10,12 @@
#include "en.h" #include "en.h"
#ifdef CONFIG_MLX5_EN_TLS #ifdef CONFIG_MLX5_EN_TLS
int mlx5_ktls_create_key(struct mlx5_core_dev *mdev, #include "lib/crypto.h"
struct tls_crypto_info *crypto_info,
u32 *p_key_id); struct mlx5_crypto_dek *mlx5_ktls_create_key(struct mlx5_crypto_dek_pool *dek_pool,
void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id); struct tls_crypto_info *crypto_info);
void mlx5_ktls_destroy_key(struct mlx5_crypto_dek_pool *dek_pool,
struct mlx5_crypto_dek *dek);
static inline bool mlx5e_is_ktls_device(struct mlx5_core_dev *mdev) static inline bool mlx5e_is_ktls_device(struct mlx5_core_dev *mdev)
{ {
...@@ -83,6 +85,7 @@ struct mlx5e_tls { ...@@ -83,6 +85,7 @@ struct mlx5e_tls {
struct mlx5e_tls_sw_stats sw_stats; struct mlx5e_tls_sw_stats sw_stats;
struct workqueue_struct *rx_wq; struct workqueue_struct *rx_wq;
struct mlx5e_tls_tx_pool *tx_pool; struct mlx5e_tls_tx_pool *tx_pool;
struct mlx5_crypto_dek_pool *dek_pool;
struct mlx5e_tls_debugfs debugfs; struct mlx5e_tls_debugfs debugfs;
}; };
......
...@@ -50,7 +50,7 @@ struct mlx5e_ktls_offload_context_rx { ...@@ -50,7 +50,7 @@ struct mlx5e_ktls_offload_context_rx {
struct mlx5e_tls_sw_stats *sw_stats; struct mlx5e_tls_sw_stats *sw_stats;
struct completion add_ctx; struct completion add_ctx;
struct mlx5e_tir tir; struct mlx5e_tir tir;
u32 key_id; struct mlx5_crypto_dek *dek;
u32 rxq; u32 rxq;
DECLARE_BITMAP(flags, MLX5E_NUM_PRIV_RX_FLAGS); DECLARE_BITMAP(flags, MLX5E_NUM_PRIV_RX_FLAGS);
...@@ -148,7 +148,8 @@ post_static_params(struct mlx5e_icosq *sq, ...@@ -148,7 +148,8 @@ post_static_params(struct mlx5e_icosq *sq,
wqe = MLX5E_TLS_FETCH_SET_STATIC_PARAMS_WQE(sq, pi); wqe = MLX5E_TLS_FETCH_SET_STATIC_PARAMS_WQE(sq, pi);
mlx5e_ktls_build_static_params(wqe, sq->pc, sq->sqn, &priv_rx->crypto_info, mlx5e_ktls_build_static_params(wqe, sq->pc, sq->sqn, &priv_rx->crypto_info,
mlx5e_tir_get_tirn(&priv_rx->tir), mlx5e_tir_get_tirn(&priv_rx->tir),
priv_rx->key_id, priv_rx->resync.seq, false, mlx5_crypto_dek_get_id(priv_rx->dek),
priv_rx->resync.seq, false,
TLS_OFFLOAD_CTX_DIR_RX); TLS_OFFLOAD_CTX_DIR_RX);
wi = (struct mlx5e_icosq_wqe_info) { wi = (struct mlx5e_icosq_wqe_info) {
.wqe_type = MLX5E_ICOSQ_WQE_UMR_TLS, .wqe_type = MLX5E_ICOSQ_WQE_UMR_TLS,
...@@ -610,20 +611,22 @@ int mlx5e_ktls_add_rx(struct net_device *netdev, struct sock *sk, ...@@ -610,20 +611,22 @@ int mlx5e_ktls_add_rx(struct net_device *netdev, struct sock *sk,
struct mlx5e_ktls_offload_context_rx *priv_rx; struct mlx5e_ktls_offload_context_rx *priv_rx;
struct mlx5e_ktls_rx_resync_ctx *resync; struct mlx5e_ktls_rx_resync_ctx *resync;
struct tls_context *tls_ctx; struct tls_context *tls_ctx;
struct mlx5_core_dev *mdev; struct mlx5_crypto_dek *dek;
struct mlx5e_priv *priv; struct mlx5e_priv *priv;
int rxq, err; int rxq, err;
tls_ctx = tls_get_ctx(sk); tls_ctx = tls_get_ctx(sk);
priv = netdev_priv(netdev); priv = netdev_priv(netdev);
mdev = priv->mdev;
priv_rx = kzalloc(sizeof(*priv_rx), GFP_KERNEL); priv_rx = kzalloc(sizeof(*priv_rx), GFP_KERNEL);
if (unlikely(!priv_rx)) if (unlikely(!priv_rx))
return -ENOMEM; return -ENOMEM;
err = mlx5_ktls_create_key(mdev, crypto_info, &priv_rx->key_id); dek = mlx5_ktls_create_key(priv->tls->dek_pool, crypto_info);
if (err) if (IS_ERR(dek)) {
err = PTR_ERR(dek);
goto err_create_key; goto err_create_key;
}
priv_rx->dek = dek;
INIT_LIST_HEAD(&priv_rx->list); INIT_LIST_HEAD(&priv_rx->list);
spin_lock_init(&priv_rx->lock); spin_lock_init(&priv_rx->lock);
...@@ -673,7 +676,7 @@ int mlx5e_ktls_add_rx(struct net_device *netdev, struct sock *sk, ...@@ -673,7 +676,7 @@ int mlx5e_ktls_add_rx(struct net_device *netdev, struct sock *sk,
err_post_wqes: err_post_wqes:
mlx5e_tir_destroy(&priv_rx->tir); mlx5e_tir_destroy(&priv_rx->tir);
err_create_tir: err_create_tir:
mlx5_ktls_destroy_key(mdev, priv_rx->key_id); mlx5_ktls_destroy_key(priv->tls->dek_pool, priv_rx->dek);
err_create_key: err_create_key:
kfree(priv_rx); kfree(priv_rx);
return err; return err;
...@@ -683,11 +686,9 @@ void mlx5e_ktls_del_rx(struct net_device *netdev, struct tls_context *tls_ctx) ...@@ -683,11 +686,9 @@ void mlx5e_ktls_del_rx(struct net_device *netdev, struct tls_context *tls_ctx)
{ {
struct mlx5e_ktls_offload_context_rx *priv_rx; struct mlx5e_ktls_offload_context_rx *priv_rx;
struct mlx5e_ktls_rx_resync_ctx *resync; struct mlx5e_ktls_rx_resync_ctx *resync;
struct mlx5_core_dev *mdev;
struct mlx5e_priv *priv; struct mlx5e_priv *priv;
priv = netdev_priv(netdev); priv = netdev_priv(netdev);
mdev = priv->mdev;
priv_rx = mlx5e_get_ktls_rx_priv_ctx(tls_ctx); priv_rx = mlx5e_get_ktls_rx_priv_ctx(tls_ctx);
set_bit(MLX5E_PRIV_RX_FLAG_DELETING, priv_rx->flags); set_bit(MLX5E_PRIV_RX_FLAG_DELETING, priv_rx->flags);
...@@ -707,7 +708,7 @@ void mlx5e_ktls_del_rx(struct net_device *netdev, struct tls_context *tls_ctx) ...@@ -707,7 +708,7 @@ void mlx5e_ktls_del_rx(struct net_device *netdev, struct tls_context *tls_ctx)
mlx5e_accel_fs_del_sk(priv_rx->rule.rule); mlx5e_accel_fs_del_sk(priv_rx->rule.rule);
mlx5e_tir_destroy(&priv_rx->tir); mlx5e_tir_destroy(&priv_rx->tir);
mlx5_ktls_destroy_key(mdev, priv_rx->key_id); mlx5_ktls_destroy_key(priv->tls->dek_pool, priv_rx->dek);
/* priv_rx should normally be freed here, but if there is an outstanding /* priv_rx should normally be freed here, but if there is an outstanding
* GET_PSV, deallocation will be delayed until the CQE for GET_PSV is * GET_PSV, deallocation will be delayed until the CQE for GET_PSV is
* processed. * processed.
......
...@@ -98,7 +98,7 @@ struct mlx5e_ktls_offload_context_tx { ...@@ -98,7 +98,7 @@ struct mlx5e_ktls_offload_context_tx {
struct tls_offload_context_tx *tx_ctx; struct tls_offload_context_tx *tx_ctx;
struct mlx5_core_dev *mdev; struct mlx5_core_dev *mdev;
struct mlx5e_tls_sw_stats *sw_stats; struct mlx5e_tls_sw_stats *sw_stats;
u32 key_id; struct mlx5_crypto_dek *dek;
u8 create_err : 1; u8 create_err : 1;
}; };
...@@ -457,6 +457,7 @@ int mlx5e_ktls_add_tx(struct net_device *netdev, struct sock *sk, ...@@ -457,6 +457,7 @@ int mlx5e_ktls_add_tx(struct net_device *netdev, struct sock *sk,
struct mlx5e_ktls_offload_context_tx *priv_tx; struct mlx5e_ktls_offload_context_tx *priv_tx;
struct mlx5e_tls_tx_pool *pool; struct mlx5e_tls_tx_pool *pool;
struct tls_context *tls_ctx; struct tls_context *tls_ctx;
struct mlx5_crypto_dek *dek;
struct mlx5e_priv *priv; struct mlx5e_priv *priv;
int err; int err;
...@@ -468,9 +469,12 @@ int mlx5e_ktls_add_tx(struct net_device *netdev, struct sock *sk, ...@@ -468,9 +469,12 @@ int mlx5e_ktls_add_tx(struct net_device *netdev, struct sock *sk,
if (IS_ERR(priv_tx)) if (IS_ERR(priv_tx))
return PTR_ERR(priv_tx); return PTR_ERR(priv_tx);
err = mlx5_ktls_create_key(pool->mdev, crypto_info, &priv_tx->key_id); dek = mlx5_ktls_create_key(priv->tls->dek_pool, crypto_info);
if (err) if (IS_ERR(dek)) {
err = PTR_ERR(dek);
goto err_create_key; goto err_create_key;
}
priv_tx->dek = dek;
priv_tx->expected_seq = start_offload_tcp_sn; priv_tx->expected_seq = start_offload_tcp_sn;
switch (crypto_info->cipher_type) { switch (crypto_info->cipher_type) {
...@@ -512,7 +516,7 @@ void mlx5e_ktls_del_tx(struct net_device *netdev, struct tls_context *tls_ctx) ...@@ -512,7 +516,7 @@ void mlx5e_ktls_del_tx(struct net_device *netdev, struct tls_context *tls_ctx)
pool = priv->tls->tx_pool; pool = priv->tls->tx_pool;
atomic64_inc(&priv_tx->sw_stats->tx_tls_del); atomic64_inc(&priv_tx->sw_stats->tx_tls_del);
mlx5_ktls_destroy_key(priv_tx->mdev, priv_tx->key_id); mlx5_ktls_destroy_key(priv->tls->dek_pool, priv_tx->dek);
pool_push(pool, priv_tx); pool_push(pool, priv_tx);
} }
...@@ -551,8 +555,9 @@ post_static_params(struct mlx5e_txqsq *sq, ...@@ -551,8 +555,9 @@ post_static_params(struct mlx5e_txqsq *sq,
pi = mlx5e_txqsq_get_next_pi(sq, num_wqebbs); pi = mlx5e_txqsq_get_next_pi(sq, num_wqebbs);
wqe = MLX5E_TLS_FETCH_SET_STATIC_PARAMS_WQE(sq, pi); wqe = MLX5E_TLS_FETCH_SET_STATIC_PARAMS_WQE(sq, pi);
mlx5e_ktls_build_static_params(wqe, sq->pc, sq->sqn, &priv_tx->crypto_info, mlx5e_ktls_build_static_params(wqe, sq->pc, sq->sqn, &priv_tx->crypto_info,
priv_tx->tisn, priv_tx->key_id, 0, fence, priv_tx->tisn,
TLS_OFFLOAD_CTX_DIR_TX); mlx5_crypto_dek_get_id(priv_tx->dek),
0, fence, TLS_OFFLOAD_CTX_DIR_TX);
tx_fill_wi(sq, pi, num_wqebbs, 0, NULL); tx_fill_wi(sq, pi, num_wqebbs, 0, NULL);
sq->pc += num_wqebbs; sq->pc += num_wqebbs;
} }
......
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
#include "en.h" #include "en.h"
#include "lib/aso.h" #include "lib/aso.h"
#include "lib/mlx5.h" #include "lib/crypto.h"
#include "en_accel/macsec.h" #include "en_accel/macsec.h"
#include "en_accel/macsec_fs.h" #include "en_accel/macsec_fs.h"
......
...@@ -31,6 +31,7 @@ ...@@ -31,6 +31,7 @@
*/ */
#include "en.h" #include "en.h"
#include "lib/crypto.h"
/* mlx5e global resources should be placed in this file. /* mlx5e global resources should be placed in this file.
* Global resources are common to all the netdevices created on the same nic. * Global resources are common to all the netdevices created on the same nic.
...@@ -104,6 +105,13 @@ int mlx5e_create_mdev_resources(struct mlx5_core_dev *mdev) ...@@ -104,6 +105,13 @@ int mlx5e_create_mdev_resources(struct mlx5_core_dev *mdev)
INIT_LIST_HEAD(&res->td.tirs_list); INIT_LIST_HEAD(&res->td.tirs_list);
mutex_init(&res->td.list_lock); mutex_init(&res->td.list_lock);
mdev->mlx5e_res.dek_priv = mlx5_crypto_dek_init(mdev);
if (IS_ERR(mdev->mlx5e_res.dek_priv)) {
mlx5_core_err(mdev, "crypto dek init failed, %ld\n",
PTR_ERR(mdev->mlx5e_res.dek_priv));
mdev->mlx5e_res.dek_priv = NULL;
}
return 0; return 0;
err_destroy_mkey: err_destroy_mkey:
...@@ -119,6 +127,8 @@ void mlx5e_destroy_mdev_resources(struct mlx5_core_dev *mdev) ...@@ -119,6 +127,8 @@ void mlx5e_destroy_mdev_resources(struct mlx5_core_dev *mdev)
{ {
struct mlx5e_hw_objs *res = &mdev->mlx5e_res.hw_objs; struct mlx5e_hw_objs *res = &mdev->mlx5e_res.hw_objs;
mlx5_crypto_dek_cleanup(mdev->mlx5e_res.dek_priv);
mdev->mlx5e_res.dek_priv = NULL;
mlx5_free_bfreg(mdev, &res->bfreg); mlx5_free_bfreg(mdev, &res->bfreg);
mlx5_core_destroy_mkey(mdev, res->mkey); mlx5_core_destroy_mkey(mdev, res->mkey);
mlx5_core_dealloc_transport_domain(mdev, res->td.tdn); mlx5_core_dealloc_transport_domain(mdev, res->td.tdn);
......
...@@ -267,6 +267,12 @@ int mlx5_query_hca_caps(struct mlx5_core_dev *dev) ...@@ -267,6 +267,12 @@ int mlx5_query_hca_caps(struct mlx5_core_dev *dev)
return err; return err;
} }
if (MLX5_CAP_GEN(dev, crypto)) {
err = mlx5_core_get_caps(dev, MLX5_CAP_CRYPTO);
if (err)
return err;
}
if (MLX5_CAP_GEN(dev, shampo)) { if (MLX5_CAP_GEN(dev, shampo)) {
err = mlx5_core_get_caps(dev, MLX5_CAP_DEV_SHAMPO); err = mlx5_core_get_caps(dev, MLX5_CAP_DEV_SHAMPO);
if (err) if (err)
......
/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
/* Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. All rights reserved. */
#ifndef __MLX5_LIB_CRYPTO_H__
#define __MLX5_LIB_CRYPTO_H__
enum {
MLX5_ACCEL_OBJ_TLS_KEY = MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_PURPOSE_TLS,
MLX5_ACCEL_OBJ_IPSEC_KEY = MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_PURPOSE_IPSEC,
MLX5_ACCEL_OBJ_MACSEC_KEY = MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_PURPOSE_MACSEC,
MLX5_ACCEL_OBJ_TYPE_KEY_NUM,
};
int mlx5_create_encryption_key(struct mlx5_core_dev *mdev,
const void *key, u32 sz_bytes,
u32 key_type, u32 *p_key_id);
void mlx5_destroy_encryption_key(struct mlx5_core_dev *mdev, u32 key_id);
struct mlx5_crypto_dek_pool;
struct mlx5_crypto_dek;
struct mlx5_crypto_dek_pool *mlx5_crypto_dek_pool_create(struct mlx5_core_dev *mdev,
int key_purpose);
void mlx5_crypto_dek_pool_destroy(struct mlx5_crypto_dek_pool *pool);
struct mlx5_crypto_dek *mlx5_crypto_dek_create(struct mlx5_crypto_dek_pool *dek_pool,
const void *key, u32 sz_bytes);
void mlx5_crypto_dek_destroy(struct mlx5_crypto_dek_pool *dek_pool,
struct mlx5_crypto_dek *dek);
u32 mlx5_crypto_dek_get_id(struct mlx5_crypto_dek *dek);
struct mlx5_crypto_dek_priv *mlx5_crypto_dek_init(struct mlx5_core_dev *mdev);
void mlx5_crypto_dek_cleanup(struct mlx5_crypto_dek_priv *dek_priv);
#endif /* __MLX5_LIB_CRYPTO_H__ */
...@@ -79,18 +79,6 @@ struct mlx5_pme_stats { ...@@ -79,18 +79,6 @@ struct mlx5_pme_stats {
void mlx5_get_pme_stats(struct mlx5_core_dev *dev, struct mlx5_pme_stats *stats); void mlx5_get_pme_stats(struct mlx5_core_dev *dev, struct mlx5_pme_stats *stats);
int mlx5_notifier_call_chain(struct mlx5_events *events, unsigned int event, void *data); int mlx5_notifier_call_chain(struct mlx5_events *events, unsigned int event, void *data);
/* Crypto */
enum {
MLX5_ACCEL_OBJ_TLS_KEY = MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_TLS,
MLX5_ACCEL_OBJ_IPSEC_KEY = MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_IPSEC,
MLX5_ACCEL_OBJ_MACSEC_KEY = MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_MACSEC,
};
int mlx5_create_encryption_key(struct mlx5_core_dev *mdev,
void *key, u32 sz_bytes,
u32 key_type, u32 *p_key_id);
void mlx5_destroy_encryption_key(struct mlx5_core_dev *mdev, u32 key_id);
static inline struct net *mlx5_core_net(struct mlx5_core_dev *dev) static inline struct net *mlx5_core_net(struct mlx5_core_dev *dev)
{ {
return devlink_net(priv_to_devlink(dev)); return devlink_net(priv_to_devlink(dev));
......
...@@ -1555,6 +1555,7 @@ static const int types[] = { ...@@ -1555,6 +1555,7 @@ static const int types[] = {
MLX5_CAP_DEV_SHAMPO, MLX5_CAP_DEV_SHAMPO,
MLX5_CAP_MACSEC, MLX5_CAP_MACSEC,
MLX5_CAP_ADV_VIRTUALIZATION, MLX5_CAP_ADV_VIRTUALIZATION,
MLX5_CAP_CRYPTO,
}; };
static void mlx5_hca_caps_free(struct mlx5_core_dev *dev) static void mlx5_hca_caps_free(struct mlx5_core_dev *dev)
......
...@@ -1204,6 +1204,7 @@ enum mlx5_cap_type { ...@@ -1204,6 +1204,7 @@ enum mlx5_cap_type {
MLX5_CAP_VDPA_EMULATION = 0x13, MLX5_CAP_VDPA_EMULATION = 0x13,
MLX5_CAP_DEV_EVENT = 0x14, MLX5_CAP_DEV_EVENT = 0x14,
MLX5_CAP_IPSEC, MLX5_CAP_IPSEC,
MLX5_CAP_CRYPTO = 0x1a,
MLX5_CAP_DEV_SHAMPO = 0x1d, MLX5_CAP_DEV_SHAMPO = 0x1d,
MLX5_CAP_MACSEC = 0x1f, MLX5_CAP_MACSEC = 0x1f,
MLX5_CAP_GENERAL_2 = 0x20, MLX5_CAP_GENERAL_2 = 0x20,
...@@ -1460,6 +1461,9 @@ enum mlx5_qcam_feature_groups { ...@@ -1460,6 +1461,9 @@ enum mlx5_qcam_feature_groups {
#define MLX5_CAP_IPSEC(mdev, cap)\ #define MLX5_CAP_IPSEC(mdev, cap)\
MLX5_GET(ipsec_cap, (mdev)->caps.hca[MLX5_CAP_IPSEC]->cur, cap) MLX5_GET(ipsec_cap, (mdev)->caps.hca[MLX5_CAP_IPSEC]->cur, cap)
#define MLX5_CAP_CRYPTO(mdev, cap)\
MLX5_GET(crypto_cap, (mdev)->caps.hca[MLX5_CAP_CRYPTO]->cur, cap)
#define MLX5_CAP_DEV_SHAMPO(mdev, cap)\ #define MLX5_CAP_DEV_SHAMPO(mdev, cap)\
MLX5_GET(shampo_cap, mdev->caps.hca_cur[MLX5_CAP_DEV_SHAMPO], cap) MLX5_GET(shampo_cap, mdev->caps.hca_cur[MLX5_CAP_DEV_SHAMPO], cap)
......
...@@ -516,6 +516,7 @@ struct mlx5_vhca_state_notifier; ...@@ -516,6 +516,7 @@ struct mlx5_vhca_state_notifier;
struct mlx5_sf_dev_table; struct mlx5_sf_dev_table;
struct mlx5_sf_hw_table; struct mlx5_sf_hw_table;
struct mlx5_sf_table; struct mlx5_sf_table;
struct mlx5_crypto_dek_priv;
struct mlx5_rate_limit { struct mlx5_rate_limit {
u32 rate; u32 rate;
...@@ -673,6 +674,7 @@ struct mlx5e_resources { ...@@ -673,6 +674,7 @@ struct mlx5e_resources {
} hw_objs; } hw_objs;
struct devlink_port dl_port; struct devlink_port dl_port;
struct net_device *uplink_netdev; struct net_device *uplink_netdev;
struct mlx5_crypto_dek_priv *dek_priv;
}; };
enum mlx5_sw_icm_type { enum mlx5_sw_icm_type {
......
...@@ -306,6 +306,7 @@ enum { ...@@ -306,6 +306,7 @@ enum {
MLX5_CMD_OP_SYNC_STEERING = 0xb00, MLX5_CMD_OP_SYNC_STEERING = 0xb00,
MLX5_CMD_OP_QUERY_VHCA_STATE = 0xb0d, MLX5_CMD_OP_QUERY_VHCA_STATE = 0xb0d,
MLX5_CMD_OP_MODIFY_VHCA_STATE = 0xb0e, MLX5_CMD_OP_MODIFY_VHCA_STATE = 0xb0e,
MLX5_CMD_OP_SYNC_CRYPTO = 0xb12,
MLX5_CMD_OP_MAX MLX5_CMD_OP_MAX
}; };
...@@ -1112,6 +1113,30 @@ struct mlx5_ifc_sync_steering_out_bits { ...@@ -1112,6 +1113,30 @@ struct mlx5_ifc_sync_steering_out_bits {
u8 reserved_at_40[0x40]; u8 reserved_at_40[0x40];
}; };
struct mlx5_ifc_sync_crypto_in_bits {
u8 opcode[0x10];
u8 uid[0x10];
u8 reserved_at_20[0x10];
u8 op_mod[0x10];
u8 reserved_at_40[0x20];
u8 reserved_at_60[0x10];
u8 crypto_type[0x10];
u8 reserved_at_80[0x80];
};
struct mlx5_ifc_sync_crypto_out_bits {
u8 status[0x8];
u8 reserved_at_8[0x18];
u8 syndrome[0x20];
u8 reserved_at_40[0x40];
};
struct mlx5_ifc_device_mem_cap_bits { struct mlx5_ifc_device_mem_cap_bits {
u8 memic[0x1]; u8 memic[0x1];
u8 reserved_at_1[0x1f]; u8 reserved_at_1[0x1f];
...@@ -1768,7 +1793,8 @@ struct mlx5_ifc_cmd_hca_cap_bits { ...@@ -1768,7 +1793,8 @@ struct mlx5_ifc_cmd_hca_cap_bits {
u8 ats[0x1]; u8 ats[0x1];
u8 reserved_at_462[0x1]; u8 reserved_at_462[0x1];
u8 log_max_uctx[0x5]; u8 log_max_uctx[0x5];
u8 reserved_at_468[0x2]; u8 reserved_at_468[0x1];
u8 crypto[0x1];
u8 ipsec_offload[0x1]; u8 ipsec_offload[0x1];
u8 log_max_umem[0x5]; u8 log_max_umem[0x5];
u8 max_num_eqs[0x10]; u8 max_num_eqs[0x10];
...@@ -3351,6 +3377,30 @@ struct mlx5_ifc_shampo_cap_bits { ...@@ -3351,6 +3377,30 @@ struct mlx5_ifc_shampo_cap_bits {
u8 reserved_at_40[0x7c0]; u8 reserved_at_40[0x7c0];
}; };
struct mlx5_ifc_crypto_cap_bits {
u8 reserved_at_0[0x3];
u8 synchronize_dek[0x1];
u8 int_kek_manual[0x1];
u8 int_kek_auto[0x1];
u8 reserved_at_6[0x1a];
u8 reserved_at_20[0x3];
u8 log_dek_max_alloc[0x5];
u8 reserved_at_28[0x3];
u8 log_max_num_deks[0x5];
u8 reserved_at_30[0x10];
u8 reserved_at_40[0x20];
u8 reserved_at_60[0x3];
u8 log_dek_granularity[0x5];
u8 reserved_at_68[0x3];
u8 log_max_num_int_kek[0x5];
u8 sw_wrapped_dek[0x10];
u8 reserved_at_80[0x780];
};
union mlx5_ifc_hca_cap_union_bits { union mlx5_ifc_hca_cap_union_bits {
struct mlx5_ifc_cmd_hca_cap_bits cmd_hca_cap; struct mlx5_ifc_cmd_hca_cap_bits cmd_hca_cap;
struct mlx5_ifc_cmd_hca_cap_2_bits cmd_hca_cap_2; struct mlx5_ifc_cmd_hca_cap_2_bits cmd_hca_cap_2;
...@@ -3371,6 +3421,7 @@ union mlx5_ifc_hca_cap_union_bits { ...@@ -3371,6 +3421,7 @@ union mlx5_ifc_hca_cap_union_bits {
struct mlx5_ifc_virtio_emulation_cap_bits virtio_emulation_cap; struct mlx5_ifc_virtio_emulation_cap_bits virtio_emulation_cap;
struct mlx5_ifc_shampo_cap_bits shampo_cap; struct mlx5_ifc_shampo_cap_bits shampo_cap;
struct mlx5_ifc_macsec_cap_bits macsec_cap; struct mlx5_ifc_macsec_cap_bits macsec_cap;
struct mlx5_ifc_crypto_cap_bits crypto_cap;
u8 reserved_at_0[0x8000]; u8 reserved_at_0[0x8000];
}; };
...@@ -6196,6 +6247,18 @@ struct mlx5_ifc_match_definer_bits { ...@@ -6196,6 +6247,18 @@ struct mlx5_ifc_match_definer_bits {
}; };
}; };
struct mlx5_ifc_general_obj_create_param_bits {
u8 alias_object[0x1];
u8 reserved_at_1[0x2];
u8 log_obj_range[0x5];
u8 reserved_at_8[0x18];
};
struct mlx5_ifc_general_obj_query_param_bits {
u8 alias_object[0x1];
u8 obj_offset[0x1f];
};
struct mlx5_ifc_general_obj_in_cmd_hdr_bits { struct mlx5_ifc_general_obj_in_cmd_hdr_bits {
u8 opcode[0x10]; u8 opcode[0x10];
u8 uid[0x10]; u8 uid[0x10];
...@@ -6205,9 +6268,10 @@ struct mlx5_ifc_general_obj_in_cmd_hdr_bits { ...@@ -6205,9 +6268,10 @@ struct mlx5_ifc_general_obj_in_cmd_hdr_bits {
u8 obj_id[0x20]; u8 obj_id[0x20];
u8 reserved_at_60[0x3]; union {
u8 log_obj_range[0x5]; struct mlx5_ifc_general_obj_create_param_bits create;
u8 reserved_at_68[0x18]; struct mlx5_ifc_general_obj_query_param_bits query;
} op_param;
}; };
struct mlx5_ifc_general_obj_out_cmd_hdr_bits { struct mlx5_ifc_general_obj_out_cmd_hdr_bits {
...@@ -11702,6 +11766,7 @@ enum { ...@@ -11702,6 +11766,7 @@ enum {
MLX5_GENERAL_OBJECT_TYPES_SAMPLER = 0x20, MLX5_GENERAL_OBJECT_TYPES_SAMPLER = 0x20,
MLX5_GENERAL_OBJECT_TYPES_FLOW_METER_ASO = 0x24, MLX5_GENERAL_OBJECT_TYPES_FLOW_METER_ASO = 0x24,
MLX5_GENERAL_OBJECT_TYPES_MACSEC = 0x27, MLX5_GENERAL_OBJECT_TYPES_MACSEC = 0x27,
MLX5_GENERAL_OBJECT_TYPES_INT_KEK = 0x47,
}; };
enum { enum {
...@@ -11881,21 +11946,62 @@ struct mlx5_ifc_query_macsec_obj_out_bits { ...@@ -11881,21 +11946,62 @@ struct mlx5_ifc_query_macsec_obj_out_bits {
struct mlx5_ifc_macsec_offload_obj_bits macsec_object; struct mlx5_ifc_macsec_offload_obj_bits macsec_object;
}; };
struct mlx5_ifc_wrapped_dek_bits {
u8 gcm_iv[0x60];
u8 reserved_at_60[0x20];
u8 const0[0x1];
u8 key_size[0x1];
u8 reserved_at_82[0x2];
u8 key2_invalid[0x1];
u8 reserved_at_85[0x3];
u8 pd[0x18];
u8 key_purpose[0x5];
u8 reserved_at_a5[0x13];
u8 kek_id[0x8];
u8 reserved_at_c0[0x40];
u8 key1[0x8][0x20];
u8 key2[0x8][0x20];
u8 reserved_at_300[0x40];
u8 const1[0x1];
u8 reserved_at_341[0x1f];
u8 reserved_at_360[0x20];
u8 auth_tag[0x80];
};
struct mlx5_ifc_encryption_key_obj_bits { struct mlx5_ifc_encryption_key_obj_bits {
u8 modify_field_select[0x40]; u8 modify_field_select[0x40];
u8 reserved_at_40[0x14]; u8 state[0x8];
u8 sw_wrapped[0x1];
u8 reserved_at_49[0xb];
u8 key_size[0x4]; u8 key_size[0x4];
u8 reserved_at_58[0x4]; u8 reserved_at_58[0x4];
u8 key_type[0x4]; u8 key_purpose[0x4];
u8 reserved_at_60[0x8]; u8 reserved_at_60[0x8];
u8 pd[0x18]; u8 pd[0x18];
u8 reserved_at_80[0x180]; u8 reserved_at_80[0x100];
u8 key[8][0x20];
u8 opaque[0x40];
u8 reserved_at_1c0[0x40];
u8 key[8][0x80];
u8 sw_wrapped_dek[8][0x80];
u8 reserved_at_300[0x500]; u8 reserved_at_a00[0x600];
}; };
struct mlx5_ifc_create_encryption_key_in_bits { struct mlx5_ifc_create_encryption_key_in_bits {
...@@ -11903,6 +12009,11 @@ struct mlx5_ifc_create_encryption_key_in_bits { ...@@ -11903,6 +12009,11 @@ struct mlx5_ifc_create_encryption_key_in_bits {
struct mlx5_ifc_encryption_key_obj_bits encryption_key_object; struct mlx5_ifc_encryption_key_obj_bits encryption_key_object;
}; };
struct mlx5_ifc_modify_encryption_key_in_bits {
struct mlx5_ifc_general_obj_in_cmd_hdr_bits general_obj_in_cmd_hdr;
struct mlx5_ifc_encryption_key_obj_bits encryption_key_object;
};
enum { enum {
MLX5_FLOW_METER_MODE_BYTES_IP_LENGTH = 0x0, MLX5_FLOW_METER_MODE_BYTES_IP_LENGTH = 0x0,
MLX5_FLOW_METER_MODE_BYTES_CALC_WITH_L2 = 0x1, MLX5_FLOW_METER_MODE_BYTES_CALC_WITH_L2 = 0x1,
...@@ -11958,6 +12069,34 @@ struct mlx5_ifc_create_flow_meter_aso_obj_in_bits { ...@@ -11958,6 +12069,34 @@ struct mlx5_ifc_create_flow_meter_aso_obj_in_bits {
struct mlx5_ifc_flow_meter_aso_obj_bits flow_meter_aso_obj; struct mlx5_ifc_flow_meter_aso_obj_bits flow_meter_aso_obj;
}; };
struct mlx5_ifc_int_kek_obj_bits {
u8 modify_field_select[0x40];
u8 state[0x8];
u8 auto_gen[0x1];
u8 reserved_at_49[0xb];
u8 key_size[0x4];
u8 reserved_at_58[0x8];
u8 reserved_at_60[0x8];
u8 pd[0x18];
u8 reserved_at_80[0x180];
u8 key[8][0x80];
u8 reserved_at_600[0x200];
};
struct mlx5_ifc_create_int_kek_obj_in_bits {
struct mlx5_ifc_general_obj_in_cmd_hdr_bits general_obj_in_cmd_hdr;
struct mlx5_ifc_int_kek_obj_bits int_kek_object;
};
struct mlx5_ifc_create_int_kek_obj_out_bits {
struct mlx5_ifc_general_obj_out_cmd_hdr_bits general_obj_out_cmd_hdr;
struct mlx5_ifc_int_kek_obj_bits int_kek_object;
};
struct mlx5_ifc_sampler_obj_bits { struct mlx5_ifc_sampler_obj_bits {
u8 modify_field_select[0x40]; u8 modify_field_select[0x40];
...@@ -11996,9 +12135,9 @@ enum { ...@@ -11996,9 +12135,9 @@ enum {
}; };
enum { enum {
MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_TLS = 0x1, MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_PURPOSE_TLS = 0x1,
MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_IPSEC = 0x2, MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_PURPOSE_IPSEC = 0x2,
MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_MACSEC = 0x4, MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_PURPOSE_MACSEC = 0x4,
}; };
struct mlx5_ifc_tls_static_params_bits { struct mlx5_ifc_tls_static_params_bits {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment