From: Tanmay Jagdale <tanmay@marvell.com>
To: Leon Romanovsky <leon@kernel.org>
Cc: <brezillon@kernel.org>, <schalla@marvell.com>,
<herbert@gondor.apana.org.au>, <davem@davemloft.net>,
<sgoutham@marvell.com>, <lcherian@marvell.com>,
<gakula@marvell.com>, <jerinj@marvell.com>, <hkelam@marvell.com>,
<sbhatta@marvell.com>, <andrew+netdev@lunn.ch>,
<edumazet@google.com>, <kuba@kernel.org>, <pabeni@redhat.com>,
<bbhushan2@marvell.com>, <bhelgaas@google.com>,
<pstanner@redhat.com>, <gregkh@linuxfoundation.org>,
<peterz@infradead.org>, <linux@treblig.org>,
<giovanni.cabiddu@intel.com>, <linux-crypto@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <netdev@vger.kernel.org>,
<rkannoth@marvell.com>, <sumang@marvell.com>,
<gcherian@marvell.com>
Subject: Re: [net-next PATCH v1 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC
Date: Tue, 13 May 2025 10:41:49 +0530 [thread overview]
Message-ID: <aCLUlStHT7_Aob4o@optiplex> (raw)
In-Reply-To: <20250505175232.GN5848@unreal>
Hi Leon,
On 2025-05-05 at 23:22:32, Leon Romanovsky (leon@kernel.org) wrote:
> On Fri, May 02, 2025 at 06:49:41PM +0530, Tanmay Jagdale wrote:
> > This patch series adds support for inbound inline IPsec flows for the
> > Marvell CN10K SoC.
>
> It will be much easier if in commit messages and comments you
> will use kernel naming, e.g. "IPsec packet offload" and not "inline IPsec", e.t.c.
Okay sure, I will update the patch series with the kernel naming
convention.
>
> Also, I'm wonder, do you have performance numbers for this code?
Sure, I'll share the performance numbers in the next version.
>
> Thanks
Thanks and regards,
Tanmay
>
> >
> > The packet flow
> > ---------------
> > An encrypted IPSec packet goes through two passes in the RVU hardware
> > before reaching the CPU.
> > First Pass:
> > The first pass involves identifying the packet as IPSec, assigning an RQ,
> > allocating a buffer from the Aura pool and then send it to CPT for decryption.
> >
> > Second Pass:
> > After CPT decrypts the packet, it sends a metapacket to NIXRX via the X2P
> > bus. The metapacket contains CPT_PARSE_HDR_S structure and some initial
> > bytes of the decrypted packet which would help NIXRX in classification.
> > CPT also sets BIT(11) of channel number to further help in identifcation.
> > NIXRX allocates a new buffer for this packet and submits it to the CPU.
> >
> > Once the decrypted metapacket packet is delivered to the CPU, get the WQE
> > pointer from CPT_PARSE_HDR_S in the packet buffer. This WQE points to the
> > complete decrypted packet. We create an skb using this, set the relevant
> > XFRM packet mode flags to indicate successful decryption, and submit it
> > to the network stack.
> >
> >
> > Patches are grouped as follows:
> > -------------------------------
> > 1) CPT LF movement from crypto driver to RVU AF
> > 0001-crypto-octeontx2-Share-engine-group-info-with-AF-dri.patch
> > 0002-octeontx2-af-Configure-crypto-hardware-for-inline-ip.patch
> > 0003-octeontx2-af-Setup-Large-Memory-Transaction-for-cryp.patch
> > 0004-octeontx2-af-Handle-inbound-inline-ipsec-config-in-A.patch
> > 0005-crypto-octeontx2-Remove-inbound-inline-ipsec-config.patch
> >
> > 2) RVU AF Mailbox changes for CPT 2nd pass RQ mask, SPI-to-SA table,
> > NIX-CPT BPID configuration
> > 0006-octeontx2-af-Add-support-for-CPT-second-pass.patch
> > 0007-octeontx2-af-Add-support-for-SPI-to-SA-index-transla.patch
> > 0008-octeontx2-af-Add-mbox-to-alloc-free-BPIDs.patch
> >
> > 3) Inbound Inline IPsec support patches
> > 0009-octeontx2-pf-ipsec-Allocate-Ingress-SA-table.patch
> > 0010-octeontx2-pf-ipsec-Setup-NIX-HW-resources-for-inboun.patch
> > 0011-octeontx2-pf-ipsec-Handle-NPA-threshhold-interrupt.patch
> > 0012-octeontx2-pf-ipsec-Initialize-ingress-IPsec.patch
> > 0013-octeontx2-pf-ipsec-Manage-NPC-rules-and-SPI-to-SA-ta.patch
> > 0014-octeontx2-pf-ipsec-Process-CPT-metapackets.patch
> > 0015-octeontx2-pf-ipsec-Add-XFRM-state-and-policy-hooks-f.patch
> >
> >
> > Bharat Bhushan (5):
> > crypto: octeontx2: Share engine group info with AF driver
> > octeontx2-af: Configure crypto hardware for inline ipsec
> > octeontx2-af: Setup Large Memory Transaction for crypto
> > octeontx2-af: Handle inbound inline ipsec config in AF
> > crypto: octeontx2: Remove inbound inline ipsec config
> >
> > Geetha sowjanya (1):
> > octeontx2-af: Add mbox to alloc/free BPIDs
> >
> > Kiran Kumar K (1):
> > octeontx2-af: Add support for SPI to SA index translation
> >
> > Rakesh Kudurumalla (1):
> > octeontx2-af: Add support for CPT second pass
> >
> > Tanmay Jagdale (7):
> > octeontx2-pf: ipsec: Allocate Ingress SA table
> > octeontx2-pf: ipsec: Setup NIX HW resources for inbound flows
> > octeontx2-pf: ipsec: Handle NPA threshold interrupt
> > octeontx2-pf: ipsec: Initialize ingress IPsec
> > octeontx2-pf: ipsec: Manage NPC rules and SPI-to-SA table entries
> > octeontx2-pf: ipsec: Process CPT metapackets
> > octeontx2-pf: ipsec: Add XFRM state and policy hooks for inbound flows
> >
> > .../marvell/octeontx2/otx2_cpt_common.h | 8 -
> > drivers/crypto/marvell/octeontx2/otx2_cptpf.h | 10 -
> > .../marvell/octeontx2/otx2_cptpf_main.c | 50 +-
> > .../marvell/octeontx2/otx2_cptpf_mbox.c | 286 +---
> > .../marvell/octeontx2/otx2_cptpf_ucode.c | 116 +-
> > .../marvell/octeontx2/otx2_cptpf_ucode.h | 3 +-
> > .../ethernet/marvell/octeontx2/af/Makefile | 2 +-
> > .../ethernet/marvell/octeontx2/af/common.h | 1 +
> > .../net/ethernet/marvell/octeontx2/af/mbox.h | 119 +-
> > .../net/ethernet/marvell/octeontx2/af/rvu.c | 9 +-
> > .../net/ethernet/marvell/octeontx2/af/rvu.h | 71 +
> > .../ethernet/marvell/octeontx2/af/rvu_cn10k.c | 11 +
> > .../ethernet/marvell/octeontx2/af/rvu_cpt.c | 706 +++++++++-
> > .../ethernet/marvell/octeontx2/af/rvu_cpt.h | 71 +
> > .../ethernet/marvell/octeontx2/af/rvu_nix.c | 230 +++-
> > .../marvell/octeontx2/af/rvu_nix_spi.c | 220 +++
> > .../ethernet/marvell/octeontx2/af/rvu_reg.h | 16 +
> > .../marvell/octeontx2/af/rvu_struct.h | 4 +-
> > .../marvell/octeontx2/nic/cn10k_ipsec.c | 1191 ++++++++++++++++-
> > .../marvell/octeontx2/nic/cn10k_ipsec.h | 152 +++
> > .../marvell/octeontx2/nic/otx2_common.c | 23 +-
> > .../marvell/octeontx2/nic/otx2_common.h | 16 +
> > .../ethernet/marvell/octeontx2/nic/otx2_pf.c | 17 +
> > .../marvell/octeontx2/nic/otx2_struct.h | 16 +
> > .../marvell/octeontx2/nic/otx2_txrx.c | 25 +-
> > .../ethernet/marvell/octeontx2/nic/otx2_vf.c | 4 +
> > 26 files changed, 2915 insertions(+), 462 deletions(-)
> > create mode 100644 drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.h
> > create mode 100644 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix_spi.c
> >
> > --
> > 2.43.0
> >
> >
prev parent reply other threads:[~2025-05-13 5:12 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-02 13:19 [net-next PATCH v1 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 01/15] crypto: octeontx2: Share engine group info with AF driver Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 02/15] octeontx2-af: Configure crypto hardware for inline ipsec Tanmay Jagdale
2025-05-06 20:24 ` Simon Horman
2025-05-08 10:56 ` Bharat Bhushan
2025-05-02 13:19 ` [net-next PATCH v1 03/15] octeontx2-af: Setup Large Memory Transaction for crypto Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 04/15] octeontx2-af: Handle inbound inline ipsec config in AF Tanmay Jagdale
2025-05-07 9:19 ` Simon Horman
2025-05-07 9:28 ` Simon Horman
2025-05-13 6:08 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 05/15] crypto: octeontx2: Remove inbound inline ipsec config Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 06/15] octeontx2-af: Add support for CPT second pass Tanmay Jagdale
2025-05-07 7:58 ` kernel test robot
2025-05-07 12:36 ` Simon Horman
2025-05-13 5:18 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 07/15] octeontx2-af: Add support for SPI to SA index translation Tanmay Jagdale
2025-05-03 16:12 ` Kalesh Anakkur Purayil
2025-05-13 5:08 ` Tanmay Jagdale
2025-05-07 12:45 ` Simon Horman
2025-05-13 6:12 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 08/15] octeontx2-af: Add mbox to alloc/free BPIDs Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 09/15] octeontx2-pf: ipsec: Allocate Ingress SA table Tanmay Jagdale
2025-05-07 12:56 ` Simon Horman
2025-05-22 9:21 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 10/15] octeontx2-pf: ipsec: Setup NIX HW resources for inbound flows Tanmay Jagdale
2025-05-07 10:03 ` kernel test robot
2025-05-07 13:46 ` Simon Horman
2025-05-22 9:56 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 11/15] octeontx2-pf: ipsec: Handle NPA threshold interrupt Tanmay Jagdale
2025-05-07 12:04 ` kernel test robot
2025-05-07 14:20 ` Simon Horman
2025-05-02 13:19 ` [net-next PATCH v1 12/15] octeontx2-pf: ipsec: Initialize ingress IPsec Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 13/15] octeontx2-pf: ipsec: Manage NPC rules and SPI-to-SA table entries Tanmay Jagdale
2025-05-07 15:58 ` Simon Horman
2025-05-22 10:01 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 14/15] octeontx2-pf: ipsec: Process CPT metapackets Tanmay Jagdale
2025-05-07 16:30 ` Simon Horman
2025-05-23 4:08 ` Tanmay Jagdale
2025-05-02 13:19 ` [net-next PATCH v1 15/15] octeontx2-pf: ipsec: Add XFRM state and policy hooks for inbound flows Tanmay Jagdale
2025-05-07 6:42 ` kernel test robot
2025-05-07 18:31 ` Simon Horman
2025-05-05 17:52 ` [net-next PATCH v1 00/15] Enable Inbound IPsec offload on Marvell CN10K SoC Leon Romanovsky
2025-05-13 5:11 ` Tanmay Jagdale [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aCLUlStHT7_Aob4o@optiplex \
--to=tanmay@marvell.com \
--cc=andrew+netdev@lunn.ch \
--cc=bbhushan2@marvell.com \
--cc=bhelgaas@google.com \
--cc=brezillon@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gakula@marvell.com \
--cc=gcherian@marvell.com \
--cc=giovanni.cabiddu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=hkelam@marvell.com \
--cc=jerinj@marvell.com \
--cc=kuba@kernel.org \
--cc=lcherian@marvell.com \
--cc=leon@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@treblig.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=peterz@infradead.org \
--cc=pstanner@redhat.com \
--cc=rkannoth@marvell.com \
--cc=sbhatta@marvell.com \
--cc=schalla@marvell.com \
--cc=sgoutham@marvell.com \
--cc=sumang@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).