From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qt1-f228.google.com (mail-qt1-f228.google.com [209.85.160.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A27853803D7 for ; Tue, 12 May 2026 21:21:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.228 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778620911; cv=none; b=qIaHugDNoJVi2PNrLhcGpWDmABBpIXGYIjl6RDpfM5Ug6sedKyjYMvrReCAQK7Zbs0SpQ3mRYl/vfi46Cm3FucmMWvcCa99+2ZR7r7DGJVs4Y6VgNEV2SguBVcmxh9Z1XNC3AAWMH6Cf3Vyq7ZTQ2aJpToaStjMw+FAowaymzM0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778620911; c=relaxed/simple; bh=B9igamKuqexzvy2/mE2H6YhDkR7Fi40FxS9kPcECxFk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=vC/NfQa/gogCZ1b9QoUYhckIzT40S0ZW8P9CKlWmFJFYeCfE13eGcgr5VZsdbR2sYJav+rLIZIOwHJSxX7bVDo2eosAuCoYRoCJHM/sw3ASnwn8bdaCJagb4L3W1uTOf1snGCeEgrPRzG2SQBWkRRz0PEItluNEv0ap32zhxY5E= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=WSrk24/n; arc=none smtp.client-ip=209.85.160.228 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="WSrk24/n" Received: by mail-qt1-f228.google.com with SMTP id d75a77b69052e-50d6ab4476eso57078151cf.2 for ; Tue, 12 May 2026 14:21:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778620909; x=1779225709; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NO2o6NEGytY/2WyFLVBlQpsAZpDRNmoj/CbNojLyY6E=; b=QkDZeV3E+RYASqgC0gXjJDATdSR6gdnHnSxyLnpJC34hy1gsa202/tbmWFykTFUOM3 2KnbdsCx371+vwvdIFO7b6R9idAAa1opeYqthQjY1fAHB9ecqXQDQlNRXqYcZCD/mkxH 3iHtUHrXr8hmiRFcNPokoZ1vGyYsKOxbZkVT9X59K6ibRPA6WhtSkRXcxWtBYArYbQEt rtQWoq5d9Y980mKgly24T+RlaEDP9+Mv8ZCNLsPQh+m9IgY3E7o5Ev/asESBkZ0xAju4 0GPQpkKth/DwqUPtd8HlUVPCyiT4I4I1BE3nM62o4mq0d80hd0xsHk2boDFn0dk4EI3G 3XnQ== X-Gm-Message-State: AOJu0Ywuq9lpFbpoMCgiiNGi5NkXV60pwaIqzIHlmsXu5UKtjdNLPb3e WNAJLfnD1PrWJuAA7SX/ZOmh0QJDbwJwi3NrdnbgDBnWmDcLCySrk6GbLlqahkPc6Pp1X33I/v7 xkInKZ/A6sqP4eci2izTXdZOaTLCBVyl47zm6quUOBdPAwPWR0iYWm1BTUy5mBerb7M4f3/r/+K 80NnQIhSQJlA47rbLKVzU7V+62YtiEexKn2I5YBN+1kz2rhUqc0difEmnb88NgEqXYJrRvJ1BHu JYjng+rwVM= X-Gm-Gg: Acq92OGMlHJMh36w6Q2rk79Ib2wqJzInjMoN8pZOj5x1UC0bjTUJUV73zvji0sT0Wvx D01Fw0T2imXL0eGhcHKggQNPFsqeajODLs0KF/2bph+yZmfi5/zCJQ0JmUsfHpfmX2ToVqQMt0i KGlTThWIGwb/dKjiv8z7rKK+9akDA7CQViWs8w0jQJXoRC3mwdVY+DyRa/J6FENwaQdRjbLupcJ wC2E0xxxwXqDGuSk8mDqqYuSJv4SoGsYNk6ajI5nxLtXlshLpKCt0HDRY2A/ytPmY6jSJ1P55YK vTajlmIBk60Jtz/8955gux0JQXVtoD0sVIAh6b0bl+Vq0bQMvWnM/uWLino0wW2FLu0ZlaYXiTp BVXkVnsR3RneaS2CUwDcwsNU1i8v1agZ9d1OhGkN66DHs7Mj5jP1/UjTcBKemxXR6INvKf60DkA ilRwGNBG/Z8D8zO2CuOpKbfq8E1Ydp9cQ3JdhSeVcuEmWFt1s/IarTUKKc X-Received: by 2002:a05:622a:242:b0:50e:defb:77d9 with SMTP id d75a77b69052e-5162ff565b2mr2188061cf.46.1778620908518; Tue, 12 May 2026 14:21:48 -0700 (PDT) Received: from smtp-us-east1-p01-i01-si01.dlp.protect.broadcom.com (address-144-49-247-21.dlp.protect.broadcom.com. [144.49.247.21]) by smtp-relay.gmail.com with ESMTPS id d75a77b69052e-5148e7daca2sm8582781cf.19.2026.05.12.14.21.48 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 May 2026 14:21:48 -0700 (PDT) X-Relaying-Domain: broadcom.com X-CFilter-Loop: Reflected Received: by mail-dy1-f199.google.com with SMTP id 5a478bee46e88-2efc342ef15so8308221eec.1 for ; Tue, 12 May 2026 14:21:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1778620907; x=1779225707; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=NO2o6NEGytY/2WyFLVBlQpsAZpDRNmoj/CbNojLyY6E=; b=WSrk24/nMvb4GEFLuXepjsg7Jsbr+3sycTRhGoVKEQ1IJmi7myndirWZ6nkpuz8uQh 4iQ0J2HUKHGRw15ocubu5wGYvL/Q7OcvU6BPIvZnECQEEe2FuXrVxo8pdCoqzM7807Ge fwmS2Q0eZ0RkR7+p1DqV34rcrxuMJNoCseFwI= X-Received: by 2002:a05:7022:1a81:b0:12b:f616:1a4e with SMTP id a92af1059eb24-1349ab4de06mr72907c88.23.1778620906850; Tue, 12 May 2026 14:21:46 -0700 (PDT) X-Received: by 2002:a05:7022:1a81:b0:12b:f616:1a4e with SMTP id a92af1059eb24-1349ab4de06mr72883c88.23.1778620906251; Tue, 12 May 2026 14:21:46 -0700 (PDT) Received: from lvnvda3289.lvn.broadcom.net ([192.19.161.250]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-132787673ffsm26603202c88.15.2026.05.12.14.21.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 May 2026 14:21:44 -0700 (PDT) From: Michael Chan To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, andrew+netdev@lunn.ch, pavan.chebbi@broadcom.com, andrew.gospodarek@broadcom.com Subject: [PATCH net-next v2 07/15] bnxt_en: Allocate crypto structure and backing store Date: Tue, 12 May 2026 14:20:57 -0700 Message-ID: <20260512212105.3488258-8-michael.chan@broadcom.com> X-Mailer: git-send-email 2.45.4 In-Reply-To: <20260512212105.3488258-1-michael.chan@broadcom.com> References: <20260512212105.3488258-1-michael.chan@broadcom.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-DetectorID-Processed: b00c1d49-9d2e-4205-b15f-d015386d3d5e If the chip and firmware support crypto (TLS) offload, allocate a bp->crypto_info software structure and backing store to support the RX and TX contexts. Each offloaded TLS connection requires a backing store context for each direction. Reviewed-by: Andy Gospodarek Reviewed-by: Pavan Chebbi Signed-off-by: Michael Chan --- drivers/net/ethernet/broadcom/bnxt/Makefile | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 21 +++++ drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 + .../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 78 +++++++++++++++++++ .../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 47 +++++++++++ include/linux/bnxt/hsi.h | 37 +++++++++ 6 files changed, 185 insertions(+), 1 deletion(-) create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h diff --git a/drivers/net/ethernet/broadcom/bnxt/Makefile b/drivers/net/ethernet/broadcom/bnxt/Makefile index 0506574c007a..3acdb81fa958 100644 --- a/drivers/net/ethernet/broadcom/bnxt/Makefile +++ b/drivers/net/ethernet/broadcom/bnxt/Makefile @@ -5,4 +5,4 @@ bnxt_en-y := bnxt.o bnxt_hwrm.o bnxt_sriov.o bnxt_ethtool.o bnxt_dcb.o bnxt_ulp. bnxt_en-$(CONFIG_BNXT_FLOWER_OFFLOAD) += bnxt_tc.o bnxt_en-$(CONFIG_DEBUG_FS) += bnxt_debugfs.o bnxt_en-$(CONFIG_BNXT_HWMON) += bnxt_hwmon.o -bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o +bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o bnxt_crypto.o diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c index 9620eb9624d4..e2b5f81b36a6 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c @@ -77,6 +77,7 @@ #include "bnxt_gso.h" #include #include "bnxt_mpc.h" +#include "bnxt_crypto.h" #define BNXT_TX_TIMEOUT (5 * HZ) #define BNXT_DEF_MSG_ENABLE (NETIF_MSG_DRV | NETIF_MSG_HW | \ @@ -9370,6 +9371,7 @@ static int bnxt_hwrm_func_backing_store_cfg_v2(struct bnxt *bp, static int bnxt_backing_store_cfg_v2(struct bnxt *bp) { + struct bnxt_crypto_info *crypto = bp->crypto_info; struct bnxt_mpc_info *mpc = bp->mpc_info; struct bnxt_ctx_mem_info *ctx = bp->ctx; struct bnxt_ctx_mem_type *ctxm; @@ -9377,6 +9379,19 @@ static int bnxt_backing_store_cfg_v2(struct bnxt *bp) int rc = 0; u16 type; + if (crypto) { + ctxm = &ctx->ctx_arr[BNXT_CTX_TCK]; + rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm, + BNXT_TCK(crypto).max_ctx, 1); + if (rc) + return rc; + ctxm = &ctx->ctx_arr[BNXT_CTX_RCK]; + rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm, + BNXT_RCK(crypto).max_ctx, 1); + if (rc) + return rc; + last_type = BNXT_CTX_RCK; + } if (mpc && mpc->mpc_chnls_cap) { ctxm = &ctx->ctx_arr[BNXT_CTX_MTQM]; rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm, ctxm->max_entries, 1); @@ -9919,6 +9934,10 @@ static int __bnxt_hwrm_func_qcaps(struct bnxt *bp) bp->fw_cap |= BNXT_FW_CAP_BACKING_STORE_V2; if (flags_ext & FUNC_QCAPS_RESP_FLAGS_EXT_TX_COAL_CMPL_CAP) bp->flags |= BNXT_FLAG_TX_COAL_CMPL; + if (flags_ext & FUNC_QCAPS_RESP_FLAGS_EXT_KTLS_SUPPORTED) + bnxt_alloc_crypto_info(bp, resp); + else + bnxt_free_crypto_info(bp); flags_ext2 = le32_to_cpu(resp->flags_ext2); if (flags_ext2 & FUNC_QCAPS_RESP_FLAGS_EXT2_RX_ALL_PKTS_TIMESTAMPS_SUPPORTED) @@ -16549,6 +16568,7 @@ static void bnxt_remove_one(struct pci_dev *pdev) bp->ptp_cfg = NULL; kfree(bp->fw_health); bp->fw_health = NULL; + bnxt_free_crypto_info(bp); bnxt_free_mpc_info(bp); bnxt_cleanup_pci(bp); bnxt_free_ctx_mem(bp, true); @@ -17228,6 +17248,7 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) bnxt_ethtool_free(bp); kfree(bp->fw_health); bp->fw_health = NULL; + bnxt_free_crypto_info(bp); bnxt_free_mpc_info(bp); bnxt_cleanup_pci(bp); bnxt_free_ctx_mem(bp, true); diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h index 72a0b511b7e9..f6ff55015ad0 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h @@ -2460,6 +2460,7 @@ struct bnxt { u8 tph_mode; struct bnxt_mpc_info *mpc_info; + struct bnxt_crypto_info *crypto_info; unsigned int current_interval; #define BNXT_TIMER_INTERVAL HZ diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c new file mode 100644 index 000000000000..a5fee08eaa67 --- /dev/null +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Copyright (c) 2026 Broadcom Inc. */ + +#include +#include +#include +#include +#include + +#include "bnxt.h" +#include "bnxt_crypto.h" + +static u32 bnxt_get_max_crypto_key_ctx(struct bnxt *bp, int key_type) +{ + u32 fw_maj = BNXT_FW_MAJ(bp); + + if (key_type == BNXT_TX_CRYPTO_KEY_TYPE) + return (fw_maj < 233) ? BNXT_MAX_TX_CRYPTO_KEYS_PRE_233FW : + BNXT_MAX_TX_CRYPTO_KEYS; + + return (fw_maj < 233) ? BNXT_MAX_RX_CRYPTO_KEYS_PRE_233FW : + BNXT_MAX_RX_CRYPTO_KEYS; +} + +/** + * bnxt_alloc_crypto_info - Allocate and initialize crypto offload context + * @bp: pointer to bnxt device + * @resp: pointer to firmware capability response + * + * Allocates the main crypto info structure + * + * This function is called during device initialization when firmware + * reports crypto offload capability. If allocation fails, crypto offload + * will not be available but the device will still function. + * + * Context: Process context + */ +void bnxt_alloc_crypto_info(struct bnxt *bp, + struct hwrm_func_qcaps_output *resp) +{ + u16 max_keys = le16_to_cpu(resp->max_key_ctxs_alloc); + struct bnxt_crypto_info *crypto = bp->crypto_info; + + if (BNXT_VF(bp)) + return; + if (!crypto) { + struct bnxt_kctx *kctx; + int i; + + crypto = kzalloc_obj(*crypto); + if (!crypto) { + netdev_warn(bp->dev, + "Unable to allocate crypto info\n"); + return; + } + for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) { + kctx = &crypto->kctx[i]; + kctx->type = i; + kctx->max_ctx = bnxt_get_max_crypto_key_ctx(bp, i); + } + bp->crypto_info = crypto; + } + crypto->max_key_ctxs_alloc = max_keys; +} + +/** + * bnxt_free_crypto_info - Free crypto offload resources + * @bp: pointer to bnxt device + * + * Frees all resources associated with crypto offload + * + * Context: Process context during device shutdown/removal + */ +void bnxt_free_crypto_info(struct bnxt *bp) +{ + kfree(bp->crypto_info); + bp->crypto_info = NULL; +} diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h new file mode 100644 index 000000000000..629388fe1e6d --- /dev/null +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h @@ -0,0 +1,47 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* Copyright (c) 2026 Broadcom Inc. */ + +#ifndef BNXT_CRYPTO_H +#define BNXT_CRYPTO_H + +#define BNXT_MAX_TX_CRYPTO_KEYS 204800 +#define BNXT_MAX_RX_CRYPTO_KEYS 204800 + +#define BNXT_MAX_TX_CRYPTO_KEYS_PRE_233FW 65535 +#define BNXT_MAX_RX_CRYPTO_KEYS_PRE_233FW 65535 + +enum bnxt_crypto_type { + BNXT_TX_CRYPTO_KEY_TYPE = FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_TX, + BNXT_RX_CRYPTO_KEY_TYPE = FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_RX, + BNXT_MAX_CRYPTO_KEY_TYPE, +}; + +struct bnxt_kctx { + u8 type; + u32 max_ctx; +}; + +struct bnxt_crypto_info { + u16 max_key_ctxs_alloc; + + struct bnxt_kctx kctx[BNXT_MAX_CRYPTO_KEY_TYPE]; +}; + +#define BNXT_TCK(crypto) ((crypto)->kctx[BNXT_TX_CRYPTO_KEY_TYPE]) +#define BNXT_RCK(crypto) ((crypto)->kctx[BNXT_RX_CRYPTO_KEY_TYPE]) + +#ifdef CONFIG_BNXT_TLS +void bnxt_alloc_crypto_info(struct bnxt *bp, + struct hwrm_func_qcaps_output *resp); +void bnxt_free_crypto_info(struct bnxt *bp); +#else +static inline void bnxt_alloc_crypto_info(struct bnxt *bp, + struct hwrm_func_qcaps_output *resp) +{ +} + +static inline void bnxt_free_crypto_info(struct bnxt *bp) +{ +} +#endif /* CONFIG_BNXT_TLS */ +#endif /* BNXT_CRYPTO_H */ diff --git a/include/linux/bnxt/hsi.h b/include/linux/bnxt/hsi.h index 74a6bf278d88..03444b81beb0 100644 --- a/include/linux/bnxt/hsi.h +++ b/include/linux/bnxt/hsi.h @@ -3837,6 +3837,43 @@ struct hwrm_func_ptp_ext_qcfg_output { u8 valid; }; +/* hwrm_func_key_ctx_alloc_input (size:384b/48B) */ +struct hwrm_func_key_ctx_alloc_input { + __le16 req_type; + __le16 cmpl_ring; + __le16 seq_id; + __le16 target_id; + __le64 resp_addr; + __le16 fid; + __le16 num_key_ctxs; + __le32 dma_bufr_size_bytes; + u8 key_ctx_type; + #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_TX 0x0UL + #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_RX 0x1UL + #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_QUIC_TX 0x2UL + #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_QUIC_RX 0x3UL + #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_LAST FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_QUIC_RX + u8 unused_0[7]; + __le64 host_dma_addr; + __le32 partition_start_xid; + u8 unused_1[4]; +}; + +/* hwrm_func_key_ctx_alloc_output (size:192b/24B) */ +struct hwrm_func_key_ctx_alloc_output { + __le16 error_code; + __le16 req_type; + __le16 seq_id; + __le16 resp_len; + __le16 num_key_ctxs_allocated; + u8 flags; + #define FUNC_KEY_CTX_ALLOC_RESP_FLAGS_KEY_CTXS_CONTIGUOUS 0x1UL + u8 unused_0; + __le32 partition_start_xid; + u8 unused_1[7]; + u8 valid; +}; + /* hwrm_func_backing_store_cfg_v2_input (size:512b/64B) */ struct hwrm_func_backing_store_cfg_v2_input { __le16 req_type; -- 2.51.0