From: Leon Romanovsky <leon@kernel.org>
To: Tanmay Jagdale <tanmay@marvell.com>
Cc: bbrezillon@kernel.org, arno@natisbad.org, schalla@marvell.com,
herbert@gondor.apana.org.au, davem@davemloft.net,
sgoutham@marvell.com, lcherian@marvell.com, gakula@marvell.com,
jerinj@marvell.com, hkelam@marvell.com, sbhatta@marvell.com,
andrew+netdev@lunn.ch, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, bbhushan2@marvell.com, bhelgaas@google.com,
pstanner@redhat.com, gregkh@linuxfoundation.org,
peterz@infradead.org, linux@treblig.org,
krzysztof.kozlowski@linaro.org, giovanni.cabiddu@intel.com,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, rkannoth@marvell.com, sumang@marvell.com,
gcherian@marvell.com
Subject: Re: [net-next PATCH v1 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC
Date: Mon, 5 May 2025 20:52:32 +0300 [thread overview]
Message-ID: <20250505175232.GN5848@unreal> (raw)
In-Reply-To: <20250502132005.611698-1-tanmay@marvell.com>
On Fri, May 02, 2025 at 06:49:41PM +0530, Tanmay Jagdale wrote:
> This patch series adds support for inbound inline IPsec flows for the
> Marvell CN10K SoC.
It will be much easier if in commit messages and comments you
will use kernel naming, e.g. "IPsec packet offload" and not "inline IPsec", e.t.c.
Also, I'm wonder, do you have performance numbers for this code?
Thanks
>
> The packet flow
> ---------------
> An encrypted IPSec packet goes through two passes in the RVU hardware
> before reaching the CPU.
> First Pass:
> The first pass involves identifying the packet as IPSec, assigning an RQ,
> allocating a buffer from the Aura pool and then send it to CPT for decryption.
>
> Second Pass:
> After CPT decrypts the packet, it sends a metapacket to NIXRX via the X2P
> bus. The metapacket contains CPT_PARSE_HDR_S structure and some initial
> bytes of the decrypted packet which would help NIXRX in classification.
> CPT also sets BIT(11) of channel number to further help in identifcation.
> NIXRX allocates a new buffer for this packet and submits it to the CPU.
>
> Once the decrypted metapacket packet is delivered to the CPU, get the WQE
> pointer from CPT_PARSE_HDR_S in the packet buffer. This WQE points to the
> complete decrypted packet. We create an skb using this, set the relevant
> XFRM packet mode flags to indicate successful decryption, and submit it
> to the network stack.
>
>
> Patches are grouped as follows:
> -------------------------------
> 1) CPT LF movement from crypto driver to RVU AF
> 0001-crypto-octeontx2-Share-engine-group-info-with-AF-dri.patch
> 0002-octeontx2-af-Configure-crypto-hardware-for-inline-ip.patch
> 0003-octeontx2-af-Setup-Large-Memory-Transaction-for-cryp.patch
> 0004-octeontx2-af-Handle-inbound-inline-ipsec-config-in-A.patch
> 0005-crypto-octeontx2-Remove-inbound-inline-ipsec-config.patch
>
> 2) RVU AF Mailbox changes for CPT 2nd pass RQ mask, SPI-to-SA table,
> NIX-CPT BPID configuration
> 0006-octeontx2-af-Add-support-for-CPT-second-pass.patch
> 0007-octeontx2-af-Add-support-for-SPI-to-SA-index-transla.patch
> 0008-octeontx2-af-Add-mbox-to-alloc-free-BPIDs.patch
>
> 3) Inbound Inline IPsec support patches
> 0009-octeontx2-pf-ipsec-Allocate-Ingress-SA-table.patch
> 0010-octeontx2-pf-ipsec-Setup-NIX-HW-resources-for-inboun.patch
> 0011-octeontx2-pf-ipsec-Handle-NPA-threshhold-interrupt.patch
> 0012-octeontx2-pf-ipsec-Initialize-ingress-IPsec.patch
> 0013-octeontx2-pf-ipsec-Manage-NPC-rules-and-SPI-to-SA-ta.patch
> 0014-octeontx2-pf-ipsec-Process-CPT-metapackets.patch
> 0015-octeontx2-pf-ipsec-Add-XFRM-state-and-policy-hooks-f.patch
>
>
> Bharat Bhushan (5):
> crypto: octeontx2: Share engine group info with AF driver
> octeontx2-af: Configure crypto hardware for inline ipsec
> octeontx2-af: Setup Large Memory Transaction for crypto
> octeontx2-af: Handle inbound inline ipsec config in AF
> crypto: octeontx2: Remove inbound inline ipsec config
>
> Geetha sowjanya (1):
> octeontx2-af: Add mbox to alloc/free BPIDs
>
> Kiran Kumar K (1):
> octeontx2-af: Add support for SPI to SA index translation
>
> Rakesh Kudurumalla (1):
> octeontx2-af: Add support for CPT second pass
>
> Tanmay Jagdale (7):
> octeontx2-pf: ipsec: Allocate Ingress SA table
> octeontx2-pf: ipsec: Setup NIX HW resources for inbound flows
> octeontx2-pf: ipsec: Handle NPA threshold interrupt
> octeontx2-pf: ipsec: Initialize ingress IPsec
> octeontx2-pf: ipsec: Manage NPC rules and SPI-to-SA table entries
> octeontx2-pf: ipsec: Process CPT metapackets
> octeontx2-pf: ipsec: Add XFRM state and policy hooks for inbound flows
>
> .../marvell/octeontx2/otx2_cpt_common.h | 8 -
> drivers/crypto/marvell/octeontx2/otx2_cptpf.h | 10 -
> .../marvell/octeontx2/otx2_cptpf_main.c | 50 +-
> .../marvell/octeontx2/otx2_cptpf_mbox.c | 286 +---
> .../marvell/octeontx2/otx2_cptpf_ucode.c | 116 +-
> .../marvell/octeontx2/otx2_cptpf_ucode.h | 3 +-
> .../ethernet/marvell/octeontx2/af/Makefile | 2 +-
> .../ethernet/marvell/octeontx2/af/common.h | 1 +
> .../net/ethernet/marvell/octeontx2/af/mbox.h | 119 +-
> .../net/ethernet/marvell/octeontx2/af/rvu.c | 9 +-
> .../net/ethernet/marvell/octeontx2/af/rvu.h | 71 +
> .../ethernet/marvell/octeontx2/af/rvu_cn10k.c | 11 +
> .../ethernet/marvell/octeontx2/af/rvu_cpt.c | 706 +++++++++-
> .../ethernet/marvell/octeontx2/af/rvu_cpt.h | 71 +
> .../ethernet/marvell/octeontx2/af/rvu_nix.c | 230 +++-
> .../marvell/octeontx2/af/rvu_nix_spi.c | 220 +++
> .../ethernet/marvell/octeontx2/af/rvu_reg.h | 16 +
> .../marvell/octeontx2/af/rvu_struct.h | 4 +-
> .../marvell/octeontx2/nic/cn10k_ipsec.c | 1191 ++++++++++++++++-
> .../marvell/octeontx2/nic/cn10k_ipsec.h | 152 +++
> .../marvell/octeontx2/nic/otx2_common.c | 23 +-
> .../marvell/octeontx2/nic/otx2_common.h | 16 +
> .../ethernet/marvell/octeontx2/nic/otx2_pf.c | 17 +
> .../marvell/octeontx2/nic/otx2_struct.h | 16 +
> .../marvell/octeontx2/nic/otx2_txrx.c | 25 +-
> .../ethernet/marvell/octeontx2/nic/otx2_vf.c | 4 +
> 26 files changed, 2915 insertions(+), 462 deletions(-)
> create mode 100644 drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.h
> create mode 100644 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix_spi.c
>
> --
> 2.43.0
>
>
next prev parent reply other threads:[~2025-05-05 17:52 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-02 13:19 [net-next PATCH v1 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 01/15] crypto: octeontx2: Share engine group info with AF driver Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 02/15] octeontx2-af: Configure crypto hardware for inline ipsec Tanmay Jagdale
2025-05-06 20:24 ` Simon Horman
2025-05-08 10:56 ` Bharat Bhushan
2025-05-02 13:19 ` [net-next PATCH v1 03/15] octeontx2-af: Setup Large Memory Transaction for crypto Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 04/15] octeontx2-af: Handle inbound inline ipsec config in AF Tanmay Jagdale
2025-05-07 9:19 ` Simon Horman
2025-05-07 9:28 ` Simon Horman
2025-05-13 6:08 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 05/15] crypto: octeontx2: Remove inbound inline ipsec config Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 06/15] octeontx2-af: Add support for CPT second pass Tanmay Jagdale
2025-05-07 7:58 ` kernel test robot
2025-05-07 12:36 ` Simon Horman
2025-05-13 5:18 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 07/15] octeontx2-af: Add support for SPI to SA index translation Tanmay Jagdale
2025-05-03 16:12 ` Kalesh Anakkur Purayil
2025-05-13 5:08 ` Tanmay Jagdale
2025-05-07 12:45 ` Simon Horman
2025-05-13 6:12 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 08/15] octeontx2-af: Add mbox to alloc/free BPIDs Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 09/15] octeontx2-pf: ipsec: Allocate Ingress SA table Tanmay Jagdale
2025-05-07 12:56 ` Simon Horman
2025-05-22 9:21 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 10/15] octeontx2-pf: ipsec: Setup NIX HW resources for inbound flows Tanmay Jagdale
2025-05-07 10:03 ` kernel test robot
2025-05-07 13:46 ` Simon Horman
2025-05-22 9:56 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 11/15] octeontx2-pf: ipsec: Handle NPA threshold interrupt Tanmay Jagdale
2025-05-07 12:04 ` kernel test robot
2025-05-07 14:20 ` Simon Horman
2025-05-02 13:19 ` [net-next PATCH v1 12/15] octeontx2-pf: ipsec: Initialize ingress IPsec Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 13/15] octeontx2-pf: ipsec: Manage NPC rules and SPI-to-SA table entries Tanmay Jagdale
2025-05-07 15:58 ` Simon Horman
2025-05-22 10:01 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 14/15] octeontx2-pf: ipsec: Process CPT metapackets Tanmay Jagdale
2025-05-07 16:30 ` Simon Horman
2025-05-23 4:08 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 15/15] octeontx2-pf: ipsec: Add XFRM state and policy hooks for inbound flows Tanmay Jagdale
2025-05-07 6:42 ` kernel test robot
2025-05-07 18:31 ` Simon Horman
2025-05-05 17:52 ` Leon Romanovsky [this message]
2025-05-13 5:11 ` [net-next PATCH v1 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC Tanmay Jagdale
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250505175232.GN5848@unreal \
--to=leon@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=arno@natisbad.org \
--cc=bbhushan2@marvell.com \
--cc=bbrezillon@kernel.org \
--cc=bhelgaas@google.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gakula@marvell.com \
--cc=gcherian@marvell.com \
--cc=giovanni.cabiddu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=hkelam@marvell.com \
--cc=jerinj@marvell.com \
--cc=krzysztof.kozlowski@linaro.org \
--cc=kuba@kernel.org \
--cc=lcherian@marvell.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@treblig.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=peterz@infradead.org \
--cc=pstanner@redhat.com \
--cc=rkannoth@marvell.com \
--cc=sbhatta@marvell.com \
--cc=schalla@marvell.com \
--cc=sgoutham@marvell.com \
--cc=sumang@marvell.com \
--cc=tanmay@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox