octeontx2-pf: mcs: Introduce MACSEC hardware offloading

This patch introduces the macsec offload feature to cn10k
PF netdev driver. The macsec offload ops like adding, deleting
and updating SecYs, SCs, SAs and stats are supported. XPN support
will be added in later patches. Some stats use same counter in hardware
which means based on the SecY mode the same counter represents different
stat. Hence when SecY mode/policy is changed then snapshot of current
stats are captured. Also there is no provision to specify the unique
flow-id/SCI per packet to hardware hence different mac address needs to
be set for macsec interfaces.

Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com>
Signed-off-by: Sunil Goutham <sgoutham@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Subbaraya Sundeep 2022-10-01 10:29:49 +05:30 committed by David S. Miller
parent d06c2aba51
commit c54ffc7360
5 changed files with 1776 additions and 0 deletions

View File

@ -13,5 +13,6 @@ rvu_nicvf-y := otx2_vf.o otx2_devlink.o
rvu_nicpf-$(CONFIG_DCB) += otx2_dcbnl.o
rvu_nicvf-$(CONFIG_DCB) += otx2_dcbnl.o
rvu_nicpf-$(CONFIG_MACSEC) += cn10k_macsec.o
ccflags-y += -I$(srctree)/drivers/net/ethernet/marvell/octeontx2/af

File diff suppressed because it is too large Load Diff

View File

@ -1827,4 +1827,5 @@ otx2_mbox_up_handler_ ## _fn_name(struct otx2_nic *pfvf, \
} \
EXPORT_SYMBOL(otx2_mbox_up_handler_ ## _fn_name);
MBOX_UP_CGX_MESSAGES
MBOX_UP_MCS_MESSAGES
#undef M

View File

@ -19,6 +19,7 @@
#include <net/devlink.h>
#include <linux/time64.h>
#include <linux/dim.h>
#include <uapi/linux/if_macsec.h>
#include <mbox.h>
#include <npc.h>
@ -33,6 +34,7 @@
#define PCI_DEVID_OCTEONTX2_RVU_AFVF 0xA0F8
#define PCI_SUBSYS_DEVID_96XX_RVU_PFVF 0xB200
#define PCI_SUBSYS_DEVID_CN10K_B_RVU_PFVF 0xBD00
/* PCI BAR nos */
#define PCI_CFG_REG_BAR_NUM 2
@ -244,6 +246,7 @@ struct otx2_hw {
#define CN10K_LMTST 2
#define CN10K_RPM 3
#define CN10K_PTP_ONESTEP 4
#define CN10K_HW_MACSEC 5
unsigned long cap_flag;
#define LMT_LINE_SIZE 128
@ -351,6 +354,66 @@ struct dev_hw_ops {
void (*aura_freeptr)(void *dev, int aura, u64 buf);
};
#define CN10K_MCS_SA_PER_SC 4
/* Stats which need to be accumulated in software because
* of shared counters in hardware.
*/
struct cn10k_txsc_stats {
u64 InPktsUntagged;
u64 InPktsNoTag;
u64 InPktsBadTag;
u64 InPktsUnknownSCI;
u64 InPktsNoSCI;
u64 InPktsOverrun;
};
struct cn10k_rxsc_stats {
u64 InOctetsValidated;
u64 InOctetsDecrypted;
u64 InPktsUnchecked;
u64 InPktsDelayed;
u64 InPktsOK;
u64 InPktsInvalid;
u64 InPktsLate;
u64 InPktsNotValid;
u64 InPktsNotUsingSA;
u64 InPktsUnusedSA;
};
struct cn10k_mcs_txsc {
struct macsec_secy *sw_secy;
struct cn10k_txsc_stats stats;
struct list_head entry;
enum macsec_validation_type last_validate_frames;
bool last_protect_frames;
u16 hw_secy_id_tx;
u16 hw_secy_id_rx;
u16 hw_flow_id;
u16 hw_sc_id;
u16 hw_sa_id[CN10K_MCS_SA_PER_SC];
u8 sa_bmap;
u8 sa_key[CN10K_MCS_SA_PER_SC][MACSEC_MAX_KEY_LEN];
u8 encoding_sa;
};
struct cn10k_mcs_rxsc {
struct macsec_secy *sw_secy;
struct macsec_rx_sc *sw_rxsc;
struct cn10k_rxsc_stats stats;
struct list_head entry;
u16 hw_flow_id;
u16 hw_sc_id;
u16 hw_sa_id[CN10K_MCS_SA_PER_SC];
u8 sa_bmap;
u8 sa_key[CN10K_MCS_SA_PER_SC][MACSEC_MAX_KEY_LEN];
};
struct cn10k_mcs_cfg {
struct list_head txsc_list;
struct list_head rxsc_list;
};
struct otx2_nic {
void __iomem *reg_base;
struct net_device *netdev;
@ -438,6 +501,10 @@ struct otx2_nic {
/* napi event count. It is needed for adaptive irq coalescing. */
u32 napi_events;
#if IS_ENABLED(CONFIG_MACSEC)
struct cn10k_mcs_cfg *macsec_cfg;
#endif
};
static inline bool is_otx2_lbkvf(struct pci_dev *pdev)
@ -477,6 +544,11 @@ static inline bool is_dev_otx2(struct pci_dev *pdev)
midr == PCI_REVISION_ID_95XXMM || midr == PCI_REVISION_ID_95XXO);
}
static inline bool is_dev_cn10kb(struct pci_dev *pdev)
{
return pdev->subsystem_device == PCI_SUBSYS_DEVID_CN10K_B_RVU_PFVF;
}
static inline void otx2_setup_dev_hw_settings(struct otx2_nic *pfvf)
{
struct otx2_hw *hw = &pfvf->hw;
@ -508,6 +580,9 @@ static inline void otx2_setup_dev_hw_settings(struct otx2_nic *pfvf)
__set_bit(CN10K_RPM, &hw->cap_flag);
__set_bit(CN10K_PTP_ONESTEP, &hw->cap_flag);
}
if (is_dev_cn10kb(pfvf->pdev))
__set_bit(CN10K_HW_MACSEC, &hw->cap_flag);
}
/* Register read/write APIs */
@ -763,6 +838,7 @@ otx2_mbox_up_handler_ ## _fn_name(struct otx2_nic *pfvf, \
struct _rsp_type *rsp); \
MBOX_UP_CGX_MESSAGES
MBOX_UP_MCS_MESSAGES
#undef M
/* Time to wait before watchdog kicks off */
@ -945,4 +1021,18 @@ int otx2_pfc_txschq_alloc(struct otx2_nic *pfvf);
int otx2_pfc_txschq_update(struct otx2_nic *pfvf);
int otx2_pfc_txschq_stop(struct otx2_nic *pfvf);
#endif
#if IS_ENABLED(CONFIG_MACSEC)
/* MACSEC offload support */
int cn10k_mcs_init(struct otx2_nic *pfvf);
void cn10k_mcs_free(struct otx2_nic *pfvf);
void cn10k_handle_mcs_event(struct otx2_nic *pfvf, struct mcs_intr_info *event);
#else
static inline int cn10k_mcs_init(struct otx2_nic *pfvf) { return 0; }
static inline void cn10k_mcs_free(struct otx2_nic *pfvf) {}
static inline void cn10k_handle_mcs_event(struct otx2_nic *pfvf,
struct mcs_intr_info *event)
{}
#endif /* CONFIG_MACSEC */
#endif /* OTX2_COMMON_H */

View File

@ -858,6 +858,15 @@ static void otx2_handle_link_event(struct otx2_nic *pf)
}
}
int otx2_mbox_up_handler_mcs_intr_notify(struct otx2_nic *pf,
struct mcs_intr_info *event,
struct msg_rsp *rsp)
{
cn10k_handle_mcs_event(pf, event);
return 0;
}
int otx2_mbox_up_handler_cgx_link_event(struct otx2_nic *pf,
struct cgx_link_info_msg *msg,
struct msg_rsp *rsp)
@ -917,6 +926,7 @@ static int otx2_process_mbox_msg_up(struct otx2_nic *pf,
return err; \
}
MBOX_UP_CGX_MESSAGES
MBOX_UP_MCS_MESSAGES
#undef M
break;
default:
@ -2764,6 +2774,10 @@ static int otx2_probe(struct pci_dev *pdev, const struct pci_device_id *id)
if (err)
goto err_ptp_destroy;
err = cn10k_mcs_init(pf);
if (err)
goto err_del_mcam_entries;
if (pf->flags & OTX2_FLAG_NTUPLE_SUPPORT)
netdev->hw_features |= NETIF_F_NTUPLE;
@ -2978,6 +2992,8 @@ static void otx2_remove(struct pci_dev *pdev)
otx2_config_pause_frm(pf);
}
cn10k_mcs_free(pf);
#ifdef CONFIG_DCB
/* Disable PFC config */
if (pf->pfc_en) {