From: Tanmay Jagdale <tanmay@marvell.com>
To: Simon Horman <horms@kernel.org>
Cc: <herbert@gondor.apana.org.au>, <davem@davemloft.net>,
<sgoutham@marvell.com>, <lcherian@marvell.com>,
<gakula@marvell.com>, <jerinj@marvell.com>, <hkelam@marvell.com>,
<sbhatta@marvell.com>, <andrew+netdev@lunn.ch>,
<edumazet@google.com>, <kuba@kernel.org>, <pabeni@redhat.com>,
<bbhushan2@marvell.com>, <bhelgaas@google.com>,
<pstanner@redhat.com>, <gregkh@linuxfoundation.org>,
<peterz@infradead.org>, <linux@treblig.org>,
<linux-crypto@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<netdev@vger.kernel.org>, <rkannoth@marvell.com>,
<sumang@marvell.com>, <gcherian@marvell.com>
Subject: Re: [net-next PATCH v1 14/15] octeontx2-pf: ipsec: Process CPT metapackets
Date: Fri, 23 May 2025 09:38:51 +0530 [thread overview]
Message-ID: <aC_003av7qNpNO93@optiplex> (raw)
In-Reply-To: <20250507163050.GH3339421@horms.kernel.org>
Hi Simon,
On 2025-05-07 at 22:00:50, Simon Horman (horms@kernel.org) wrote:
> On Fri, May 02, 2025 at 06:49:55PM +0530, Tanmay Jagdale wrote:
> > CPT hardware forwards decrypted IPsec packets to NIX via the X2P bus
> > as metapackets which are of 256 bytes in length. Each metapacket
> > contains CPT_PARSE_HDR_S and initial bytes of the decrypted packet
> > that helps NIX RX in classifying and submitting to CPU. Additionally,
> > CPT also sets BIT(11) of the channel number to indicate that it's a
> > 2nd pass packet from CPT.
> >
> > Since the metapackets are not complete packets, they don't have to go
> > through L3/L4 layer length and checksum verification so these are
> > disabled via the NIX_LF_INLINE_RQ_CFG mailbox during IPsec initialization.
> >
> > The CPT_PARSE_HDR_S contains a WQE pointer to the complete decrypted
> > packet. Add code in the rx NAPI handler to parse the header and extract
> > WQE pointer. Later, use this WQE pointer to construct the skb, set the
> > XFRM packet mode flags to indicate successful decryption before submitting
> > it to the network stack.
> >
> > Signed-off-by: Tanmay Jagdale <tanmay@marvell.com>
> > ---
> > .../marvell/octeontx2/nic/cn10k_ipsec.c | 61 +++++++++++++++++++
> > .../marvell/octeontx2/nic/cn10k_ipsec.h | 47 ++++++++++++++
> > .../marvell/octeontx2/nic/otx2_struct.h | 16 +++++
> > .../marvell/octeontx2/nic/otx2_txrx.c | 25 +++++++-
> > 4 files changed, 147 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> > index 91c8f13b6e48..bebf5cdedee4 100644
> > --- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> > +++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
> > @@ -346,6 +346,67 @@ static int cn10k_outb_cpt_init(struct net_device *netdev)
> > return ret;
> > }
> >
> > +struct nix_wqe_rx_s *cn10k_ipsec_process_cpt_metapkt(struct otx2_nic *pfvf,
> > + struct nix_rx_sg_s *sg,
> > + struct sk_buff *skb,
> > + int qidx)
> > +{
> > + struct nix_wqe_rx_s *wqe = NULL;
> > + u64 *seg_addr = &sg->seg_addr;
> > + struct cpt_parse_hdr_s *cptp;
> > + struct xfrm_offload *xo;
> > + struct otx2_pool *pool;
> > + struct xfrm_state *xs;
> > + struct sec_path *sp;
> > + u64 *va_ptr;
> > + void *va;
> > + int i;
> > +
> > + /* CPT_PARSE_HDR_S is present in the beginning of the buffer */
> > + va = phys_to_virt(otx2_iova_to_phys(pfvf->iommu_domain, *seg_addr));
> > +
> > + /* Convert CPT_PARSE_HDR_S from BE to LE */
> > + va_ptr = (u64 *)va;
>
> phys_to_virt returns a void *. And there is no need to explicitly cast
> another pointer type to or from a void *.
>
> So probably this can simply be:
>
> va_ptr = phys_to_virt(...);
ACK.
>
>
> > + for (i = 0; i < (sizeof(struct cpt_parse_hdr_s) / sizeof(u64)); i++)
> > + va_ptr[i] = be64_to_cpu(va_ptr[i]);
>
> Please don't use the same variable to hold both big endian and
> host byte order values. Because tooling can no longer provide
> information about endian mismatches.
>
> Flagged by Sparse.
>
> Also, isn't only the long word that exactly comprises the
> wqe_ptr field of cpt_parse_hdr_s used? If so, perhaps
> only that portion needs to be converted to host byte order?
Yes I don't need the complete cpt_parse_hdr_s to be converted,
just wqe_ptr and cookie. So I'll rework this logic.
>
> I'd explore describing the members of struct cpt_parse_hdr_s as __be64.
> And use FIELD_PREP and FIELD_GET to deal with parts of each __be64.
> I think that would lead to a simpler implementation.
ACK. I'll explore defining structure in a big endian format
and using the FIELD_XX macros.
>
> > +
> > + cptp = (struct cpt_parse_hdr_s *)va;
> > +
> > + /* Convert the wqe_ptr from CPT_PARSE_HDR_S to a CPU usable pointer */
> > + wqe = (struct nix_wqe_rx_s *)phys_to_virt(otx2_iova_to_phys(pfvf->iommu_domain,
> > + cptp->wqe_ptr));
>
> There is probably no need to cast from void * here either.
>
> wqe = phys_to_virt(otx2_iova_to_phys(pfvf->iommu_domain,
> cptp->wqe_ptr));
>
ACK.
> > +
> > + /* Get the XFRM state pointer stored in SA context */
> > + va_ptr = pfvf->ipsec.inb_sa->base +
> > + (cptp->cookie * pfvf->ipsec.sa_tbl_entry_sz) + 1024;
> > + xs = (struct xfrm_state *)*va_ptr;
>
> Maybe this can be more succinctly written as follows?
>
> xs = pfvf->ipsec.inb_sa->base +
> (cptp->cookie * pfvf->ipsec.sa_tbl_entry_sz) + 1024;
>
ACK.
> > +
> > + /* Set XFRM offload status and flags for successful decryption */
> > + sp = secpath_set(skb);
> > + if (!sp) {
> > + netdev_err(pfvf->netdev, "Failed to secpath_set\n");
> > + wqe = NULL;
> > + goto err_out;
> > + }
> > +
> > + rcu_read_lock();
> > + xfrm_state_hold(xs);
> > + rcu_read_unlock();
> > +
> > + sp->xvec[sp->len++] = xs;
> > + sp->olen++;
> > +
> > + xo = xfrm_offload(skb);
> > + xo->flags = CRYPTO_DONE;
> > + xo->status = CRYPTO_SUCCESS;
> > +
> > +err_out:
> > + /* Free the metapacket memory here since it's not needed anymore */
> > + pool = &pfvf->qset.pool[qidx];
> > + otx2_free_bufs(pfvf, pool, *seg_addr - OTX2_HEAD_ROOM, pfvf->rbsize);
> > + return wqe;
> > +}
> > +
> > static int cn10k_inb_alloc_mcam_entry(struct otx2_nic *pfvf,
> > struct cn10k_inb_sw_ctx_info *inb_ctx_info)
> > {
> > diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.h b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.h
> > index aad5ebea64ef..68046e377486 100644
> > --- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.h
> > +++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.h
> > @@ -8,6 +8,7 @@
> > #define CN10K_IPSEC_H
> >
> > #include <linux/types.h>
> > +#include "otx2_struct.h"
> >
> > DECLARE_STATIC_KEY_FALSE(cn10k_ipsec_sa_enabled);
> >
> > @@ -302,6 +303,41 @@ struct cpt_sg_s {
> > u64 rsvd_63_50 : 14;
> > };
> >
> > +/* CPT Parse Header Structure for Inbound packets */
> > +struct cpt_parse_hdr_s {
> > + /* Word 0 */
> > + u64 cookie : 32;
> > + u64 match_id : 16;
> > + u64 err_sum : 1;
> > + u64 reas_sts : 4;
> > + u64 reserved_53 : 1;
> > + u64 et_owr : 1;
> > + u64 pkt_fmt : 1;
> > + u64 pad_len : 3;
> > + u64 num_frags : 3;
> > + u64 pkt_out : 2;
> > +
> > + /* Word 1 */
> > + u64 wqe_ptr;
> > +
> > + /* Word 2 */
> > + u64 frag_age : 16;
> > + u64 res_32_16 : 16;
> > + u64 pf_func : 16;
> > + u64 il3_off : 8;
> > + u64 fi_pad : 3;
> > + u64 fi_offset : 5;
> > +
> > + /* Word 3 */
> > + u64 hw_ccode : 8;
> > + u64 uc_ccode : 8;
> > + u64 res3_32_16 : 16;
> > + u64 spi : 32;
> > +
> > + /* Word 4 */
> > + u64 misc;
> > +};
> > +
> > /* CPT LF_INPROG Register */
> > #define CPT_LF_INPROG_INFLIGHT GENMASK_ULL(8, 0)
> > #define CPT_LF_INPROG_GRB_CNT GENMASK_ULL(39, 32)
>
> ...
>
> > diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c
>
> ...
>
> > @@ -355,8 +359,25 @@ static void otx2_rcv_pkt_handler(struct otx2_nic *pfvf,
> > if (unlikely(!skb))
> > return;
> >
> > - start = (void *)sg;
> > - end = start + ((cqe->parse.desc_sizem1 + 1) * 16);
> > + if (parse->chan & 0x800) {
> > + orig_pkt_wqe = cn10k_ipsec_process_cpt_metapkt(pfvf, sg, skb, cq->cq_idx);
> > + if (!orig_pkt_wqe) {
> > + netdev_err(pfvf->netdev, "Invalid WQE in CPT metapacket\n");
> > + napi_free_frags(napi);
> > + cq->pool_ptrs++;
> > + return;
> > + }
> > + /* Switch *sg to the orig_pkt_wqe's *sg which has the actual
> > + * complete decrypted packet by CPT.
> > + */
> > + sg = &orig_pkt_wqe->sg;
> > + start = (void *)sg;
>
> I don't think this cast is necessary, start is a void *.
> Likewise below.
ACK.
>
> > + end = start + ((orig_pkt_wqe->parse.desc_sizem1 + 1) * 16);
> > + } else {
> > + start = (void *)sg;
> > + end = start + ((cqe->parse.desc_sizem1 + 1) * 16);
> > + }
>
> The (size + 1) * 16 calculation seems to be repeated.
> Perhaps a helper function is appropriate.
ACK.
Thanks,
Tanmay
>
> > +
> > while (start < end) {
> > sg = (struct nix_rx_sg_s *)start;
> > seg_addr = &sg->seg_addr;
> > --
> > 2.43.0
> >
> >
next prev parent reply other threads:[~2025-05-23 4:09 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-02 13:19 [net-next PATCH v1 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 01/15] crypto: octeontx2: Share engine group info with AF driver Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 02/15] octeontx2-af: Configure crypto hardware for inline ipsec Tanmay Jagdale
2025-05-06 20:24 ` Simon Horman
2025-05-08 10:56 ` Bharat Bhushan
2025-05-02 13:19 ` [net-next PATCH v1 03/15] octeontx2-af: Setup Large Memory Transaction for crypto Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 04/15] octeontx2-af: Handle inbound inline ipsec config in AF Tanmay Jagdale
2025-05-07 9:19 ` Simon Horman
2025-05-07 9:28 ` Simon Horman
2025-05-13 6:08 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 05/15] crypto: octeontx2: Remove inbound inline ipsec config Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 06/15] octeontx2-af: Add support for CPT second pass Tanmay Jagdale
2025-05-07 7:58 ` kernel test robot
2025-05-07 12:36 ` Simon Horman
2025-05-13 5:18 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 07/15] octeontx2-af: Add support for SPI to SA index translation Tanmay Jagdale
2025-05-03 16:12 ` Kalesh Anakkur Purayil
2025-05-13 5:08 ` Tanmay Jagdale
2025-05-07 12:45 ` Simon Horman
2025-05-13 6:12 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 08/15] octeontx2-af: Add mbox to alloc/free BPIDs Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 09/15] octeontx2-pf: ipsec: Allocate Ingress SA table Tanmay Jagdale
2025-05-07 12:56 ` Simon Horman
2025-05-22 9:21 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 10/15] octeontx2-pf: ipsec: Setup NIX HW resources for inbound flows Tanmay Jagdale
2025-05-07 10:03 ` kernel test robot
2025-05-07 13:46 ` Simon Horman
2025-05-22 9:56 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 11/15] octeontx2-pf: ipsec: Handle NPA threshold interrupt Tanmay Jagdale
2025-05-07 12:04 ` kernel test robot
2025-05-07 14:20 ` Simon Horman
2025-05-02 13:19 ` [net-next PATCH v1 12/15] octeontx2-pf: ipsec: Initialize ingress IPsec Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 13/15] octeontx2-pf: ipsec: Manage NPC rules and SPI-to-SA table entries Tanmay Jagdale
2025-05-07 15:58 ` Simon Horman
2025-05-22 10:01 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 14/15] octeontx2-pf: ipsec: Process CPT metapackets Tanmay Jagdale
2025-05-07 16:30 ` Simon Horman
2025-05-23 4:08 ` Tanmay Jagdale [this message]
2025-05-02 13:19 ` [net-next PATCH v1 15/15] octeontx2-pf: ipsec: Add XFRM state and policy hooks for inbound flows Tanmay Jagdale
2025-05-07 6:42 ` kernel test robot
2025-05-07 18:31 ` Simon Horman
2025-05-05 17:52 ` [net-next PATCH v1 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC Leon Romanovsky
2025-05-13 5:11 ` Tanmay Jagdale
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aC_003av7qNpNO93@optiplex \
--to=tanmay@marvell.com \
--cc=andrew+netdev@lunn.ch \
--cc=bbhushan2@marvell.com \
--cc=bhelgaas@google.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gakula@marvell.com \
--cc=gcherian@marvell.com \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=hkelam@marvell.com \
--cc=horms@kernel.org \
--cc=jerinj@marvell.com \
--cc=kuba@kernel.org \
--cc=lcherian@marvell.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@treblig.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=peterz@infradead.org \
--cc=pstanner@redhat.com \
--cc=rkannoth@marvell.com \
--cc=sbhatta@marvell.com \
--cc=sgoutham@marvell.com \
--cc=sumang@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox