* [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support
@ 2026-07-10 4:23 Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 01/15] bnxt_en: Add Midpath channel information Michael Chan
` (14 more replies)
0 siblings, 15 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
This patchset adds kTLS offload support for TX direction. A number
of new files are added:
bnxt_mpc.[ch] handle midpath channels (MPCs) used to offload kTLS
connections to the chip's crypto blocks without going through FW.
bnxt_crypto.[ch] handle the crypto interface and resources.
bnxt_ktls.[ch] handle kTLS offload.
A new CONFIG_BNXT_TLS is added to enable all of the above. The first 6
patches add the MPC logic including resource accounting and reservations.
The next 5 patches add the crypto logic to handle the crypto resources
and to send/receive control data using the MPCs. The last 4 patches
add kTLS offload for the TX direction.
There will be a follow-on patchset to make the TX offload more complete
and to add the RX direction offload.
v5:
Fix most valid Sashiko reported issues or add comments to clarify:
Patch #2:
Clarify in the commit log that kTLS, MPC rings are only supported on
P5_PLUS chips in response to some Sashiko comments.
Patch #3:
Improve the ethtool -L MPC calculation to use the actual MPC rings
during ring check.
Add a comment in the code to explain the bnxt_trim_mpc_ring() call.
Patch #5:
Check for P5_PLUS before allocating mpc_info to more clearly document that
MPC rings are only supported on P5_PLUS chips.
Patch #8:
Pre-existing Sashiko issue not addressed.
Patch #9:
More clearly document and explain that bnxt_clear_crypto() has no
concurrent readers/writers.
Add comment to explain that the bnxt_free_one_ctx() caller is reponsible
to check the epoch value when needed.
Patch #10:
Add description in commit log that crypto engines use short completions
only.
Already explained that only P5_PLUS supports MPC.
Patch #11:
Defer the MPC ring reset to bnxt_sp_task() just like other resets to
avoid any possibility od deadlock.
Add more comments to explain the MPC ring disable, stop, start.
Patch #12:
The bnxt_drv_busy() is the existing driver scheme to wait for activities
to stop during shutdown.
Patch #13:
The kTLS software counters match the other driver software counters
using plain u64. We can add u64_stats_sync for 32-bit systems but it
makes more sense to add it to all the existing counters as well.
Use BNXT_NO_FW_ACCESS() to fix possible massive AER timeout.
Patch #15:
Use bool instead of bit fields to keep track of kTLS states (requested by
Paolo).
v4:
https://lore.kernel.org/netdev/20260629184921.3496727-1-michael.chan@broadcom.com/
Fix kerneldoc prototype warning and uninitialized variable warnings reported
by Jakub.
Fix most valid Sashiko reported issues.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-1-michael.chan@broadcom.com/
Fix most AI reported issues from Jakub.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-1-michael.chan@broadcom.com/
Fix unused variable compile warnings in patch 10 and 12 by reorganizing
the patches (reported by Jakub)
Fix some error recovery issues in patch 12
v1:
https://lore.kernel.org/netdev/20260504235836.3019499-1-michael.chan@broadcom.com/
Michael Chan (15):
bnxt_en: Add Midpath channel information
bnxt_en: Account for the MPC TX and CP rings
bnxt_en: Set default MPC ring count
bnxt_en: Rename xdp_tx_lock to tx_lock
bnxt_en: Allocate and free MPC software structures
bnxt_en: Allocate and free MPC channels from firmware
bnxt_en: Allocate crypto structure and backing store
bnxt_en: Reserve crypto RX and TX key contexts on a PF
bnxt_en: Add infrastructure for crypto key context IDs
bnxt_en: Add MPC transmit and completion functions
bnxt_en: Add crypto MPC transmit/completion infrastructure
bnxt_en: Support kTLS TX offload by implementing .tls_dev_add/del()
bnxt_en: Implement kTLS TX normal path
bnxt_en: Add support for inline transmit BDs
bnxt_en: Add kTLS retransmission support
drivers/net/ethernet/broadcom/Kconfig | 9 +
drivers/net/ethernet/broadcom/bnxt/Makefile | 1 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 291 +++++--
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 95 ++-
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 617 ++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 230 +++++
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 61 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c | 2 +-
.../net/ethernet/broadcom/bnxt/bnxt_ktls.c | 578 +++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_ktls.h | 174 ++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 783 ++++++++++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 227 +++++
.../net/ethernet/broadcom/bnxt/bnxt_sriov.c | 6 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 8 +-
include/linux/bnxt/hsi.h | 37 +
15 files changed, 3052 insertions(+), 67 deletions(-)
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
--
2.51.0
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH net-next v5 01/15] bnxt_en: Add Midpath channel information
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 02/15] bnxt_en: Account for the MPC TX and CP rings Michael Chan
` (13 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde, Kalesh AP
Midpath channels (MPCs) are rings for hardware control paths. These
control paths are used to offload kTLS directly to the hardware
without going through firmware. This patch adds the basic information
structures for these MPCs.
An MPC is basically a TX and completion ring pair with a HW TLS block
as the destination. Two MPC channel types are used to offload
connections to the TX crypto engine (TCE) and the RX crypto
engine (RCE) respectively. In the driver, we re-use the
bnxt_tx_ring_info and bnxt_cp_ring_info control structs for the MPCs.
This patch also adds the CONFIG_BNXT_TLS Kconfig option to conditionally
include the MPC logic. The first few patches in the series add the MPC
support. kTLS support will be added later in the series.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/Kconfig | 9 ++++
drivers/net/ethernet/broadcom/bnxt/Makefile | 1 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 ++++
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 26 ++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 47 +++++++++++++++++++
6 files changed, 93 insertions(+)
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
diff --git a/drivers/net/ethernet/broadcom/Kconfig b/drivers/net/ethernet/broadcom/Kconfig
index f0bac0dd1439..b33b66f038b8 100644
--- a/drivers/net/ethernet/broadcom/Kconfig
+++ b/drivers/net/ethernet/broadcom/Kconfig
@@ -255,6 +255,15 @@ config BNXT_HWMON
Say Y if you want to expose the thermal sensor data on NetXtreme-C/E
devices, via the hwmon sysfs interface.
+config BNXT_TLS
+ bool "Broadcom NetXtreme-C/E TLS offload support"
+ default y
+ depends on BNXT && TLS_DEVICE
+ depends on TLS=y || BNXT=m
+ help
+ Say Y if you want to enable Transport Layer Security (TLS) hardware
+ encryption and decryption offload on supported NetXtreme-C/E devices.
+
config BNGE
tristate "Broadcom ThorUltra Ethernet device support"
depends on PCI
diff --git a/drivers/net/ethernet/broadcom/bnxt/Makefile b/drivers/net/ethernet/broadcom/bnxt/Makefile
index debef78c8b6d..0506574c007a 100644
--- a/drivers/net/ethernet/broadcom/bnxt/Makefile
+++ b/drivers/net/ethernet/broadcom/bnxt/Makefile
@@ -5,3 +5,4 @@ bnxt_en-y := bnxt.o bnxt_hwrm.o bnxt_sriov.o bnxt_ethtool.o bnxt_dcb.o bnxt_ulp.
bnxt_en-$(CONFIG_BNXT_FLOWER_OFFLOAD) += bnxt_tc.o
bnxt_en-$(CONFIG_DEBUG_FS) += bnxt_debugfs.o
bnxt_en-$(CONFIG_BNXT_HWMON) += bnxt_hwmon.o
+bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 7513618793da..8faab85d66d1 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -76,6 +76,7 @@
#include "bnxt_hwmon.h"
#include "bnxt_gso.h"
#include <net/tso.h>
+#include "bnxt_mpc.h"
#define BNXT_TX_TIMEOUT (5 * HZ)
#define BNXT_DEF_MSG_ENABLE (NETIF_MSG_DRV | NETIF_MSG_HW | \
@@ -9943,6 +9944,11 @@ static int __bnxt_hwrm_func_qcaps(struct bnxt *bp)
}
bp->tso_max_segs = le16_to_cpu(resp->max_tso_segs);
+ if (resp->mpc_chnls_cap)
+ bnxt_alloc_mpc_info(bp, resp->mpc_chnls_cap);
+ else
+ bnxt_free_mpc_info(bp);
+
hwrm_func_qcaps_exit:
hwrm_req_drop(bp, req);
return rc;
@@ -16547,6 +16553,7 @@ static void bnxt_remove_one(struct pci_dev *pdev)
bp->ptp_cfg = NULL;
kfree(bp->fw_health);
bp->fw_health = NULL;
+ bnxt_free_mpc_info(bp);
bnxt_cleanup_pci(bp);
bnxt_free_ctx_mem(bp, true);
bnxt_free_crash_dump_mem(bp);
@@ -17218,6 +17225,7 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
bnxt_ethtool_free(bp);
kfree(bp->fw_health);
bp->fw_health = NULL;
+ bnxt_free_mpc_info(bp);
bnxt_cleanup_pci(bp);
bnxt_free_ctx_mem(bp, true);
bnxt_free_crash_dump_mem(bp);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 6335dfc14c98..77b1748d12d1 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2452,6 +2452,8 @@ struct bnxt {
u8 tph_mode;
+ struct bnxt_mpc_info *mpc_info;
+
unsigned int current_interval;
#define BNXT_TIMER_INTERVAL HZ
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
new file mode 100644
index 000000000000..86087e538550
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#include <linux/stddef.h>
+#include <linux/types.h>
+#include <linux/slab.h>
+#include <linux/bnxt/hsi.h>
+
+#include "bnxt.h"
+#include "bnxt_mpc.h"
+
+void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
+{
+ if (!bp->mpc_info)
+ bp->mpc_info = kzalloc_obj(*bp->mpc_info);
+ if (bp->mpc_info)
+ bp->mpc_info->mpc_chnls_cap = mpc_chnls_cap;
+ else
+ netdev_warn(bp->dev, "Unable to allocate MPC info\n");
+}
+
+void bnxt_free_mpc_info(struct bnxt *bp)
+{
+ kfree(bp->mpc_info);
+ bp->mpc_info = NULL;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
new file mode 100644
index 000000000000..cd3f268a3a29
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -0,0 +1,47 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#ifndef BNXT_MPC_H
+#define BNXT_MPC_H
+
+/* Mid path channel (MPC) definitions. An MPC is special TX/completion
+ * ring pair to send/receive control plane data to the TCE and RCE
+ * (Transmit/Receive Crypto Engine) HW blocks.
+ */
+
+enum bnxt_mpc_type {
+ BNXT_MPC_TCE_TYPE = RING_ALLOC_REQ_MPC_CHNLS_TYPE_TCE,
+ BNXT_MPC_RCE_TYPE = RING_ALLOC_REQ_MPC_CHNLS_TYPE_RCE,
+ BNXT_MPC_TYPE_MAX,
+};
+
+#define BNXT_MAX_MPC 8
+
+struct bnxt_mpc_info {
+ u8 mpc_chnls_cap;
+ u8 mpc_cp_rings;
+ u8 mpc_ring_count[BNXT_MPC_TYPE_MAX];
+ struct bnxt_tx_ring_info *mpc_rings[BNXT_MPC_TYPE_MAX];
+};
+
+#define BNXT_MPC_CRYPTO_CAP \
+ (FUNC_QCAPS_RESP_MPC_CHNLS_CAP_TCE | FUNC_QCAPS_RESP_MPC_CHNLS_CAP_RCE)
+
+#define BNXT_MPC_CRYPTO_CAPABLE(bp) \
+ ((bp)->mpc_info ? \
+ ((bp)->mpc_info->mpc_chnls_cap & BNXT_MPC_CRYPTO_CAP) == \
+ BNXT_MPC_CRYPTO_CAP : false)
+
+#ifdef CONFIG_BNXT_TLS
+void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap);
+void bnxt_free_mpc_info(struct bnxt *bp);
+#else
+static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
+{
+}
+
+static inline void bnxt_free_mpc_info(struct bnxt *bp)
+{
+}
+#endif /* CONFIG_BNXT_TLS */
+#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 02/15] bnxt_en: Account for the MPC TX and CP rings
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 01/15] bnxt_en: Add Midpath channel information Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 03/15] bnxt_en: Set default MPC ring count Michael Chan
` (12 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde, Kalesh AP
Modify bnxt_cp_rings_in_use(), bnxt_get_max_func_cp_rings_for_en(),
and _bnxt_get_max_rings() to account for any TX rings and CP rings
used by MPCs. Add a new helper bnxt_total_tx_rings() to include
MPC TX rings. Ring reservations will now include the MPC rings.
Note that for bnxt_check_rings() that is called before we commit
the new rings requested by the user running ethtool -L, the next
patch will calculate the proposed MPC rings to be checked.
Note that only the newer FW APIs and the newer P5-plus chips
support MPC rings. The MPC values will always be zero in the
non-P5 plus code paths.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v5:
Clarify in the commit log that kTLS, MPC rings are only supported on
P5_PLUS chips in response to some Sashiko comments.
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 65 +++++++++++++------
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 3 +-
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 5 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 21 ++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 12 ++++
.../net/ethernet/broadcom/bnxt/bnxt_sriov.c | 6 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 4 +-
7 files changed, 90 insertions(+), 26 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 8faab85d66d1..519437d61298 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7752,6 +7752,11 @@ static void bnxt_hwrm_ring_free(struct bnxt *bp, bool close_path)
}
}
+int bnxt_total_tx_rings(struct bnxt *bp)
+{
+ return bp->tx_nr_rings + bnxt_mpc_tx_rings_in_use(bp);
+}
+
static int __bnxt_trim_rings(struct bnxt *bp, int *rx, int *tx, int max,
bool shared);
static int bnxt_trim_rings(struct bnxt *bp, int *rx, int *tx, int max,
@@ -7792,19 +7797,28 @@ static int bnxt_hwrm_get_rings(struct bnxt *bp)
stats = le16_to_cpu(resp->alloc_stat_ctx);
hw_resc->resv_irqs = cp;
if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS) {
+ int mpc_tx = bnxt_mpc_tx_rings_in_use(bp);
+ int mpc_cp = bnxt_mpc_cp_rings_in_use(bp);
int rx = hw_resc->resv_rx_rings;
int tx = hw_resc->resv_tx_rings;
+ int cp_p5;
+ if (tx <= mpc_tx || cp <= mpc_cp) {
+ rc = -ENOMEM;
+ goto get_rings_exit;
+ }
+ tx -= mpc_tx;
+ cp_p5 = cp - mpc_cp;
if (bp->flags & BNXT_FLAG_AGG_RINGS)
rx >>= 1;
- if (cp < (rx + tx)) {
- rc = __bnxt_trim_rings(bp, &rx, &tx, cp, false);
+ if (cp_p5 < (rx + tx)) {
+ rc = __bnxt_trim_rings(bp, &rx, &tx, cp_p5, false);
if (rc)
goto get_rings_exit;
if (bp->flags & BNXT_FLAG_AGG_RINGS)
rx <<= 1;
hw_resc->resv_rx_rings = rx;
- hw_resc->resv_tx_rings = tx;
+ hw_resc->resv_tx_rings = tx + mpc_tx;
}
hw_resc->resv_irqs = le16_to_cpu(resp->alloc_msix);
hw_resc->resv_hw_ring_grps = rx;
@@ -7996,7 +8010,7 @@ static int bnxt_cp_rings_in_use(struct bnxt *bp)
return bnxt_nq_rings_in_use(bp);
cp = bp->tx_nr_rings + bp->rx_nr_rings;
- return cp;
+ return cp + bnxt_mpc_cp_rings_in_use(bp);
}
static int bnxt_get_func_stat_ctxs(struct bnxt *bp)
@@ -8054,7 +8068,7 @@ static void bnxt_get_total_resources(struct bnxt *bp, struct bnxt_hw_rings *hwr)
hwr->cp_p5 = 0;
if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS)
hwr->cp_p5 = bnxt_cp_rings_in_use(bp);
- hwr->tx = bp->tx_nr_rings;
+ hwr->tx = bnxt_total_tx_rings(bp);
hwr->rx = bp->rx_nr_rings;
hwr->grp = hwr->rx;
hwr->vnic = bnxt_get_total_vnics(bp, hwr->rx);
@@ -8160,8 +8174,10 @@ static int __bnxt_reserve_rings(struct bnxt *bp)
hwr.rx = bp->rx_nr_rings;
if (bp->flags & BNXT_FLAG_SHARED_RINGS)
sh = true;
- if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS)
- hwr.cp_p5 = hwr.rx + hwr.tx;
+ if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS) {
+ hwr.cp_p5 = hwr.rx + hwr.tx + bnxt_mpc_cp_rings_in_use(bp);
+ hwr.tx += bnxt_mpc_tx_rings_in_use(bp);
+ }
hwr.vnic = bnxt_get_total_vnics(bp, hwr.rx);
@@ -8198,6 +8214,9 @@ static int __bnxt_reserve_rings(struct bnxt *bp)
if (bnxt_ulp_registered(edev) && hwr.stat > bnxt_get_ulp_stat_ctxs(bp))
hwr.stat -= bnxt_get_ulp_stat_ctxs(bp);
hwr.cp = min_t(int, hwr.cp, hwr.stat);
+ hwr.tx -= bnxt_mpc_tx_rings_in_use(bp);
+ if (hwr.tx < 0)
+ return -ENOMEM;
rc = bnxt_trim_rings(bp, &rx_rings, &hwr.tx, hwr.cp, sh);
if (bp->flags & BNXT_FLAG_AGG_RINGS)
hwr.rx = rx_rings << 1;
@@ -11515,14 +11534,15 @@ unsigned int bnxt_get_max_func_cp_rings(struct bnxt *bp)
return bp->hw_resc.max_cp_rings;
}
-static unsigned int bnxt_get_max_func_cp_rings_for_en(struct bnxt *bp)
+static unsigned int bnxt_get_max_func_cp_rings_for_en(struct bnxt *bp,
+ unsigned int mpc_cp)
{
unsigned int cp = bp->hw_resc.max_cp_rings;
if (!(bp->flags & BNXT_FLAG_CHIP_P5_PLUS))
cp -= bnxt_get_ulp_msix_num(bp);
- return cp;
+ return mpc_cp >= cp ? 0 : cp - mpc_cp;
}
static unsigned int bnxt_get_max_func_irqs(struct bnxt *bp)
@@ -11544,7 +11564,7 @@ unsigned int bnxt_get_avail_cp_rings_for_en(struct bnxt *bp)
{
unsigned int cp;
- cp = bnxt_get_max_func_cp_rings_for_en(bp);
+ cp = bnxt_get_max_func_cp_rings_for_en(bp, bnxt_mpc_cp_rings_in_use(bp));
if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS)
return cp - bp->rx_nr_rings - bp->tx_nr_rings;
else
@@ -14884,11 +14904,11 @@ static void bnxt_sp_task(struct work_struct *work)
}
static void _bnxt_get_max_rings(struct bnxt *bp, int *max_rx, int *max_tx,
- int *max_cp);
+ int *max_cp, int mpc_tx, int mpc_cp);
/* Under netdev instance lock */
int bnxt_check_rings(struct bnxt *bp, int tx, int rx, bool sh, int tcs,
- int tx_xdp)
+ int tx_xdp, int mpc_tx, int mpc_cp)
{
int max_rx, max_tx, max_cp, tx_sets = 1, tx_cp;
struct bnxt_hw_rings hwr = {0};
@@ -14898,7 +14918,7 @@ int bnxt_check_rings(struct bnxt *bp, int tx, int rx, bool sh, int tcs,
if (tcs)
tx_sets = tcs;
- _bnxt_get_max_rings(bp, &max_rx, &max_tx, &max_cp);
+ _bnxt_get_max_rings(bp, &max_rx, &max_tx, &max_cp, mpc_tx, mpc_cp);
if (max_rx < rx_rings)
return -ENOMEM;
@@ -14924,8 +14944,10 @@ int bnxt_check_rings(struct bnxt *bp, int tx, int rx, bool sh, int tcs,
hwr.grp = rx;
hwr.rss_ctx = bnxt_get_total_rss_ctxs(bp, &hwr);
}
- if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS)
- hwr.cp_p5 = hwr.tx + rx;
+ if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS) {
+ hwr.cp_p5 = hwr.tx + rx + mpc_cp;
+ hwr.tx += mpc_tx;
+ }
rc = bnxt_hwrm_check_rings(bp, &hwr);
if (!rc && pci_msix_can_alloc_dyn(bp->pdev)) {
if (!bnxt_ulp_registered(bp->edev[BNXT_AUXDEV_RDMA])) {
@@ -15646,7 +15668,9 @@ int bnxt_setup_mq_tc(struct net_device *dev, u8 tc)
sh = true;
rc = bnxt_check_rings(bp, bp->tx_nr_rings_per_tc, bp->rx_nr_rings,
- sh, tc, bp->tx_nr_rings_xdp);
+ sh, tc, bp->tx_nr_rings_xdp,
+ bnxt_mpc_tx_rings_in_use(bp),
+ bnxt_mpc_cp_rings_in_use(bp));
if (rc)
return rc;
@@ -16618,14 +16642,14 @@ static int bnxt_get_max_irq(struct pci_dev *pdev)
}
static void _bnxt_get_max_rings(struct bnxt *bp, int *max_rx, int *max_tx,
- int *max_cp)
+ int *max_cp, int mpc_tx, int mpc_cp)
{
struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
int max_ring_grps = 0, max_irq;
- *max_tx = hw_resc->max_tx_rings;
+ *max_tx = max(0, (int)hw_resc->max_tx_rings - mpc_tx);
*max_rx = hw_resc->max_rx_rings;
- *max_cp = bnxt_get_max_func_cp_rings_for_en(bp);
+ *max_cp = bnxt_get_max_func_cp_rings_for_en(bp, mpc_cp);
max_irq = min_t(int, bnxt_get_max_func_irqs(bp) -
bnxt_get_ulp_msix_num_in_use(bp),
hw_resc->max_stat_ctxs -
@@ -16657,7 +16681,8 @@ int bnxt_get_max_rings(struct bnxt *bp, int *max_rx, int *max_tx, bool shared)
{
int rx, tx, cp;
- _bnxt_get_max_rings(bp, &rx, &tx, &cp);
+ _bnxt_get_max_rings(bp, &rx, &tx, &cp, bnxt_mpc_tx_rings_in_use(bp),
+ bnxt_mpc_cp_rings_in_use(bp));
*max_rx = rx;
*max_tx = tx;
if (!rx || !tx || !cp)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 77b1748d12d1..fec88d40a606 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2992,6 +2992,7 @@ int bnxt_hwrm_vnic_cfg(struct bnxt *bp, struct bnxt_vnic_info *vnic);
int bnxt_hwrm_vnic_alloc(struct bnxt *bp, struct bnxt_vnic_info *vnic,
unsigned int start_rx_ring_idx,
unsigned int nr_rings);
+int bnxt_total_tx_rings(struct bnxt *bp);
int __bnxt_hwrm_get_tx_rings(struct bnxt *bp, u16 fid, int *tx_rings);
int bnxt_nq_rings_in_use(struct bnxt *bp);
int bnxt_hwrm_set_coal(struct bnxt *);
@@ -3040,7 +3041,7 @@ int bnxt_dbg_hwrm_rd_reg(struct bnxt *bp, u32 reg_off, u16 num_words,
void bnxt_fw_exception(struct bnxt *bp);
void bnxt_fw_reset(struct bnxt *bp);
int bnxt_check_rings(struct bnxt *bp, int tx, int rx, bool sh, int tcs,
- int tx_xdp);
+ int tx_xdp, int mpc_tx, int mpc_cp);
int bnxt_fw_init_one(struct bnxt *bp);
bool bnxt_hwrm_reset_permitted(struct bnxt *bp);
void bnxt_set_cp_rings(struct bnxt *bp, bool sh);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index 62bc9cae613c..88d879a27820 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -37,6 +37,7 @@
#include "bnxt_nvm_defs.h" /* NVRAM content constant and structure defs */
#include "bnxt_fw_hdr.h" /* Firmware hdr constant and structure defs */
#include "bnxt_coredump.h"
+#include "bnxt_mpc.h"
#define BNXT_NVM_ERR_MSG(dev, extack, msg) \
do { \
@@ -959,6 +960,7 @@ static int bnxt_set_channels(struct net_device *dev,
struct bnxt *bp = netdev_priv(dev);
int req_tx_rings, req_rx_rings, tcs;
u32 new_tbl_size = 0, old_tbl_size;
+ int mpc_per_type = 0, mpc_cp = 0;
bool sh = false;
int tx_xdp = 0;
int rc = 0;
@@ -993,7 +995,8 @@ static int bnxt_set_channels(struct net_device *dev,
tx_xdp = req_rx_rings;
}
- rc = bnxt_check_rings(bp, req_tx_rings, req_rx_rings, sh, tcs, tx_xdp);
+ rc = bnxt_check_rings(bp, req_tx_rings, req_rx_rings, sh, tcs, tx_xdp,
+ mpc_per_type * BNXT_MPC_TYPE_MAX, mpc_cp);
if (rc) {
netdev_warn(dev, "Unable to allocate the requested rings\n");
return rc;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index 86087e538550..9859a5f86268 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -24,3 +24,24 @@ void bnxt_free_mpc_info(struct bnxt *bp)
kfree(bp->mpc_info);
bp->mpc_info = NULL;
}
+
+int bnxt_mpc_tx_rings_in_use(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, mpc_tx = 0;
+
+ if (!mpc)
+ return 0;
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++)
+ mpc_tx += mpc->mpc_ring_count[i];
+ return mpc_tx;
+}
+
+int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+
+ if (!mpc)
+ return 0;
+ return mpc->mpc_cp_rings;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index cd3f268a3a29..7a7d81197ea6 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -35,6 +35,8 @@ struct bnxt_mpc_info {
#ifdef CONFIG_BNXT_TLS
void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap);
void bnxt_free_mpc_info(struct bnxt *bp);
+int bnxt_mpc_tx_rings_in_use(struct bnxt *bp);
+int bnxt_mpc_cp_rings_in_use(struct bnxt *bp);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -43,5 +45,15 @@ static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
static inline void bnxt_free_mpc_info(struct bnxt *bp)
{
}
+
+static inline int bnxt_mpc_tx_rings_in_use(struct bnxt *bp)
+{
+ return 0;
+}
+
+static inline int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
+{
+ return 0;
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
index edcc002e4ca3..d57059722f5b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
@@ -640,7 +640,7 @@ static int bnxt_hwrm_func_vf_resc_cfg(struct bnxt *bp, int num_vfs, bool reset)
vf_rx_rings = hw_resc->max_rx_rings - bp->rx_nr_rings * 2;
else
vf_rx_rings = hw_resc->max_rx_rings - bp->rx_nr_rings;
- vf_tx_rings = hw_resc->max_tx_rings - bp->tx_nr_rings;
+ vf_tx_rings = hw_resc->max_tx_rings - bnxt_total_tx_rings(bp);
vf_vnics = hw_resc->max_vnics - bp->nr_vnics;
vf_rss = hw_resc->max_rsscos_ctxs - bp->rsscos_nr_ctxs;
@@ -903,8 +903,8 @@ static int bnxt_sriov_enable(struct bnxt *bp, int *num_vfs)
avail_cp < min_rx_rings)
rx_ok = 0;
- if (hw_resc->max_tx_rings - bp->tx_nr_rings >= min_tx_rings &&
- avail_cp >= min_tx_rings)
+ if (hw_resc->max_tx_rings - bnxt_total_tx_rings(bp) >=
+ min_tx_rings && avail_cp >= min_tx_rings)
tx_ok = 1;
if (hw_resc->max_rsscos_ctxs - bp->rsscos_nr_ctxs >=
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
index 9e5009be8e98..b485e4d9b26f 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
@@ -19,6 +19,7 @@
#include <net/page_pool/helpers.h>
#include <linux/bnxt/hsi.h>
#include "bnxt.h"
+#include "bnxt_mpc.h"
#include "bnxt_xdp.h"
DEFINE_STATIC_KEY_FALSE(bnxt_xdp_locking_key);
@@ -410,7 +411,8 @@ static int bnxt_xdp_set(struct bnxt *bp, struct bpf_prog *prog)
if (!tc)
tc = 1;
rc = bnxt_check_rings(bp, bp->tx_nr_rings_per_tc, bp->rx_nr_rings,
- true, tc, tx_xdp);
+ true, tc, tx_xdp, bnxt_mpc_tx_rings_in_use(bp),
+ bnxt_mpc_cp_rings_in_use(bp));
if (rc) {
netdev_warn(dev, "Unable to reserve enough TX rings to support XDP.\n");
return rc;
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 03/15] bnxt_en: Set default MPC ring count
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 01/15] bnxt_en: Add Midpath channel information Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 02/15] bnxt_en: Account for the MPC TX and CP rings Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 04/15] bnxt_en: Rename xdp_tx_lock to tx_lock Michael Chan
` (11 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde
If the firmware supports MPC channels and CONFIG_BNXT_TLS is set, set
the default number of MPC channels. These MPC rings will share MSIX
with the TX rings. The number of MPC channels for each type must not
exceed the ethtool TX channel count. When changing ethtool channels,
bnxt_calc_dflt_mpc_rings() will determine the default MPC rings for
the newly requested channel count and we call bnxt_check_rings() to
check before we commit. bnxt_set_dflt_mpc_rings() will set the
committed MPC rings for the new committed channel count.
We also add bnxt_trim_mpc_rings() to make final adjustments in case
the number of reserved TX channels is less than expected.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v5:
Improve the ethtool -L MPC calculation to use the actual MPC rings
during ring check.
Add a comment in the code to explain the bnxt_trim_mpc_ring() call.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-4-michael.chan@broadcom.com/
Use proper int type for min_t().
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-4-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 11 +++
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 8 ++-
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 72 +++++++++++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 27 +++++++
4 files changed, 117 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 519437d61298..56de663f3027 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -13196,6 +13196,7 @@ static int __bnxt_open_nic(struct bnxt *bp, bool irq_re_init, bool link_re_init)
return rc;
bnxt_adj_tx_rings(bp);
+ bnxt_trim_mpc_rings(bp);
rc = bnxt_alloc_mem(bp, irq_re_init);
if (rc) {
netdev_err(bp->dev, "bnxt_alloc_mem err: %x\n", rc);
@@ -16745,6 +16746,7 @@ static void bnxt_trim_dflt_sh_rings(struct bnxt *bp)
bp->rx_nr_rings = bp->cp_nr_rings;
bp->tx_nr_rings_per_tc = bp->cp_nr_rings;
bp->tx_nr_rings = bnxt_tx_nr_rings(bp);
+ bnxt_trim_mpc_rings(bp);
}
static void bnxt_adj_dflt_rings(struct bnxt *bp, bool sh)
@@ -16796,6 +16798,8 @@ static int bnxt_set_dflt_rings(struct bnxt *bp, bool sh)
bnxt_set_dflt_ulp_stat_ctxs(bp);
}
+ bnxt_set_dflt_mpc_rings(bp);
+
rc = __bnxt_reserve_rings(bp);
if (rc && rc != -ENODEV)
netdev_warn(bp->dev, "Unable to reserve tx rings\n");
@@ -16810,6 +16814,11 @@ static int bnxt_set_dflt_rings(struct bnxt *bp, bool sh)
if (rc && rc != -ENODEV)
netdev_warn(bp->dev, "2nd rings reservation failed.\n");
bnxt_adj_tx_rings(bp);
+ /* Re-cap MPC ring counts against the reduced TX rings.
+ * Any extra reserved MPC rings will be reconciled on
+ * the next open.
+ */
+ bnxt_trim_mpc_rings(bp);
}
if (BNXT_CHIP_TYPE_NITRO_A0(bp)) {
bp->rx_nr_rings++;
@@ -16844,6 +16853,7 @@ static int bnxt_init_dflt_ring_mode(struct bnxt *bp)
goto init_dflt_ring_err;
bnxt_adj_tx_rings(bp);
+ bnxt_trim_mpc_rings(bp);
bnxt_set_dflt_rfs(bp);
@@ -17187,6 +17197,7 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
* limited MSIX, so we re-initialize the TX rings per TC.
*/
bp->tx_nr_rings_per_tc = bp->tx_nr_rings;
+ bnxt_trim_mpc_rings(bp);
if (BNXT_PF(bp)) {
if (!bnxt_pf_wq) {
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index 88d879a27820..4bc3cac57b13 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -960,7 +960,7 @@ static int bnxt_set_channels(struct net_device *dev,
struct bnxt *bp = netdev_priv(dev);
int req_tx_rings, req_rx_rings, tcs;
u32 new_tbl_size = 0, old_tbl_size;
- int mpc_per_type = 0, mpc_cp = 0;
+ int mpc_per_type, mpc_cp;
bool sh = false;
int tx_xdp = 0;
int rc = 0;
@@ -995,6 +995,10 @@ static int bnxt_set_channels(struct net_device *dev,
tx_xdp = req_rx_rings;
}
+ bnxt_calc_dflt_mpc_rings(bp,
+ req_tx_rings * (tcs > 1 ? tcs : 1) + tx_xdp,
+ req_tx_rings, req_rx_rings, &mpc_per_type,
+ &mpc_cp);
rc = bnxt_check_rings(bp, req_tx_rings, req_rx_rings, sh, tcs, tx_xdp,
mpc_per_type * BNXT_MPC_TYPE_MAX, mpc_cp);
if (rc) {
@@ -1054,6 +1058,8 @@ static int bnxt_set_channels(struct net_device *dev,
bnxt_set_cp_rings(bp, sh);
+ bnxt_set_dflt_mpc_rings(bp);
+
/* After changing number of rx channels, update NTUPLE feature. */
netdev_update_features(dev);
if (netif_running(dev)) {
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index 9859a5f86268..26eef764c544 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -3,6 +3,7 @@
#include <linux/stddef.h>
#include <linux/types.h>
+#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/bnxt/hsi.h>
@@ -45,3 +46,74 @@ int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
return 0;
return mpc->mpc_cp_rings;
}
+
+void bnxt_trim_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int max = bp->tx_nr_rings_per_tc;
+ u8 max_cp = 0;
+ int i;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ mpc->mpc_ring_count[i] = min_t(int, mpc->mpc_ring_count[i],
+ max);
+ max_cp = max(max_cp, mpc->mpc_ring_count[i]);
+ }
+ mpc->mpc_cp_rings = max_cp;
+}
+
+void bnxt_calc_dflt_mpc_rings(struct bnxt *bp, int tx_nr_rings,
+ int tx_nr_rings_per_tc, int rx_nr_rings,
+ int *mpc_per_type, int *mpc_cp)
+{
+ struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ int mpc_tce, avail;
+
+ *mpc_per_type = 0;
+ *mpc_cp = 0;
+
+ if (!BNXT_MPC_CRYPTO_CAPABLE(bp))
+ return;
+
+ avail = hw_resc->max_tx_rings - tx_nr_rings;
+ /* don't use more than 80% */
+ avail = avail * 4 / 5;
+
+ if (avail < (BNXT_MIN_MPC_TCE + BNXT_MIN_MPC_RCE))
+ return;
+
+ mpc_tce = min_t(int, avail / 2, tx_nr_rings_per_tc);
+ mpc_tce = min_t(int, mpc_tce, BNXT_DFLT_MPC_TCE);
+
+ avail = hw_resc->max_cp_rings - tx_nr_rings - rx_nr_rings;
+
+ if (avail < BNXT_MIN_MPC_TCE || avail < BNXT_MIN_MPC_RCE)
+ return;
+
+ mpc_tce = min(mpc_tce, avail);
+
+ /* TCE and RCE are sized equally, so the per-type count is also the
+ * MPC CP ring count (max(mpc_tce, mpc_rce)).
+ */
+ *mpc_per_type = mpc_tce;
+ *mpc_cp = mpc_tce;
+}
+
+void bnxt_set_dflt_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int per_type, mpc_cp, i;
+
+ if (!BNXT_MPC_CRYPTO_CAPABLE(bp))
+ return;
+
+ bnxt_calc_dflt_mpc_rings(bp, bp->tx_nr_rings, bp->tx_nr_rings_per_tc,
+ bp->rx_nr_rings, &per_type, &mpc_cp);
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++)
+ mpc->mpc_ring_count[i] = per_type;
+ mpc->mpc_cp_rings = mpc_cp;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index 7a7d81197ea6..6d50ca8c45ab 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -17,6 +17,11 @@ enum bnxt_mpc_type {
#define BNXT_MAX_MPC 8
+#define BNXT_MIN_MPC_TCE 1
+#define BNXT_MIN_MPC_RCE 1
+#define BNXT_DFLT_MPC_TCE BNXT_MAX_MPC
+#define BNXT_DFLT_MPC_RCE BNXT_MAX_MPC
+
struct bnxt_mpc_info {
u8 mpc_chnls_cap;
u8 mpc_cp_rings;
@@ -37,6 +42,11 @@ void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap);
void bnxt_free_mpc_info(struct bnxt *bp);
int bnxt_mpc_tx_rings_in_use(struct bnxt *bp);
int bnxt_mpc_cp_rings_in_use(struct bnxt *bp);
+void bnxt_trim_mpc_rings(struct bnxt *bp);
+void bnxt_calc_dflt_mpc_rings(struct bnxt *bp, int tx_nr_rings,
+ int tx_nr_rings_per_tc, int rx_nr_rings,
+ int *mpc_per_type, int *mpc_cp);
+void bnxt_set_dflt_mpc_rings(struct bnxt *bp);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -55,5 +65,22 @@ static inline int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
{
return 0;
}
+
+static inline void bnxt_trim_mpc_rings(struct bnxt *bp)
+{
+}
+
+static inline void bnxt_calc_dflt_mpc_rings(struct bnxt *bp, int tx_nr_rings,
+ int tx_nr_rings_per_tc,
+ int rx_nr_rings, int *mpc_per_type,
+ int *mpc_cp)
+{
+ *mpc_per_type = 0;
+ *mpc_cp = 0;
+}
+
+static inline void bnxt_set_dflt_mpc_rings(struct bnxt *bp)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 04/15] bnxt_en: Rename xdp_tx_lock to tx_lock
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (2 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 03/15] bnxt_en: Set default MPC ring count Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 05/15] bnxt_en: Allocate and free MPC software structures Michael Chan
` (10 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Kalesh AP
xdp_tx_lock in struct bnxt_tx_ring_info is used to serialize
XDP_REDIRECT on the same TX ring. MPCs will also need this lock
for a similar purpose to serialize sending multiple messages on
the same MPC, so rename it to tx_lock.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 4 ++--
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 56de663f3027..22770751567c 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -4154,7 +4154,7 @@ static int bnxt_alloc_tx_rings(struct bnxt *bp)
}
qidx = bp->tc_to_qidx[j];
ring->queue_id = bp->q_info[qidx].queue_id;
- spin_lock_init(&txr->xdp_tx_lock);
+ spin_lock_init(&txr->tx_lock);
if (i < bp->tx_nr_rings_xdp)
continue;
if (BNXT_RING_TO_TC_OFF(bp, i) == (bp->tx_nr_rings_per_tc - 1))
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index fec88d40a606..91016684c02a 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1014,8 +1014,8 @@ struct bnxt_tx_ring_info {
u32 dev_state;
struct bnxt_ring_struct tx_ring_struct;
- /* Synchronize simultaneous xdp_xmit on same ring */
- spinlock_t xdp_tx_lock;
+ /* Synchronize simultaneous xdp_xmit on same ring or for MPC ring */
+ spinlock_t tx_lock;
};
#define BNXT_LEGACY_COAL_CMPL_PARAMS \
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
index b485e4d9b26f..d1873124893a 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
@@ -352,7 +352,7 @@ int bnxt_xdp_xmit(struct net_device *dev, int num_frames,
return -EINVAL;
if (static_branch_unlikely(&bnxt_xdp_locking_key))
- spin_lock(&txr->xdp_tx_lock);
+ spin_lock(&txr->tx_lock);
for (i = 0; i < num_frames; i++) {
struct xdp_frame *xdp = frames[i];
@@ -377,7 +377,7 @@ int bnxt_xdp_xmit(struct net_device *dev, int num_frames,
}
if (static_branch_unlikely(&bnxt_xdp_locking_key))
- spin_unlock(&txr->xdp_tx_lock);
+ spin_unlock(&txr->tx_lock);
return nxmit;
}
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 05/15] bnxt_en: Allocate and free MPC software structures
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (3 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 04/15] bnxt_en: Rename xdp_tx_lock to tx_lock Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 06/15] bnxt_en: Allocate and free MPC channels from firmware Michael Chan
` (9 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde
Each MPC consists of a special TX ring and a completion ring. Use
existing structs bnxt_tx_ring_info and bnxt_cp_ring_info as control
structures. The 2 MPC channels to TCE and RCE that share the MSIX
will use a shared completion ring.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v5:
Check for P5_PLUS before allocating mpc_info to more clearly document that
MPC rings are only supported on P5_PLUS chips.
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 35 ++-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 12 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 208 ++++++++++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 46 ++++
4 files changed, 294 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 22770751567c..e606cce3af0f 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -3685,7 +3685,7 @@ static size_t __bnxt_copy_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem,
return total_len;
}
-static void bnxt_free_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
+void bnxt_free_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
{
struct pci_dev *pdev = bp->pdev;
int i;
@@ -3718,7 +3718,7 @@ static void bnxt_free_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
}
}
-static int bnxt_alloc_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
+int bnxt_alloc_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
{
struct pci_dev *pdev = bp->pdev;
u64 valid_bit = 0;
@@ -4325,6 +4325,8 @@ static int bnxt_alloc_cp_rings(struct bnxt *bp)
(!sh && i >= bp->rx_nr_rings)) {
cp_count += tcs;
tx = 1;
+ if (bnxt_napi_has_mpc(bp, i))
+ cp_count++;
}
cpr->cp_ring_arr = kzalloc_objs(*cpr, cp_count);
@@ -4346,6 +4348,11 @@ static int bnxt_alloc_cp_rings(struct bnxt *bp)
} else {
int n, tc = k - rx;
+ /* MPC rings are at the highest k indices */
+ if (tc >= tcs) {
+ bnxt_set_mpc_cp_ring(bp, i, cpr2);
+ continue;
+ }
n = BNXT_TC_TO_RING_BASE(bp, tc) + j;
bp->tx_ring[n].tx_cpr = cpr2;
cpr2->cp_ring_type = BNXT_NQ_HDL_TYPE_TX;
@@ -4478,6 +4485,7 @@ static void bnxt_init_ring_struct(struct bnxt *bp)
rmem->vmem = (void **)&txr->tx_buf_ring;
}
}
+ bnxt_init_mpc_ring_struct(bp);
}
static void bnxt_init_rxbd_pages(struct bnxt_ring_struct *ring, u32 type)
@@ -5554,6 +5562,7 @@ static void bnxt_init_l2_fltr_tbl(struct bnxt *bp)
static void bnxt_free_mem(struct bnxt *bp, bool irq_re_init)
{
bnxt_free_vnic_attributes(bp);
+ bnxt_free_mpc_rings(bp);
bnxt_free_tx_rings(bp);
bnxt_free_rx_rings(bp);
bnxt_free_cp_rings(bp);
@@ -5567,6 +5576,7 @@ static void bnxt_free_mem(struct bnxt *bp, bool irq_re_init)
bnxt_free_port_stats(bp);
bnxt_free_ring_grps(bp);
bnxt_free_vnics(bp);
+ bnxt_free_mpcs(bp);
kfree(bp->tx_ring_map);
bp->tx_ring_map = NULL;
kfree(bp->tx_ring);
@@ -5676,6 +5686,10 @@ static int bnxt_alloc_mem(struct bnxt *bp, bool irq_re_init)
txr->tx_cpr = &bnapi2->cp_ring;
}
+ rc = bnxt_alloc_mpcs(bp);
+ if (rc)
+ goto alloc_mem_err;
+
rc = bnxt_alloc_stats(bp);
if (rc)
goto alloc_mem_err;
@@ -5704,6 +5718,10 @@ static int bnxt_alloc_mem(struct bnxt *bp, bool irq_re_init)
if (rc)
goto alloc_mem_err;
+ rc = bnxt_alloc_mpc_rings(bp);
+ if (rc)
+ goto alloc_mem_err;
+
rc = bnxt_alloc_cp_rings(bp);
if (rc)
goto alloc_mem_err;
@@ -7258,10 +7276,15 @@ static int hwrm_ring_alloc_send_msg(struct bnxt *bp,
req->cmpl_ring_id = cpu_to_le16(bnxt_cp_ring_for_tx(bp, txr));
req->length = cpu_to_le32(bp->tx_ring_mask + 1);
req->stat_ctx_id = cpu_to_le32(grp_info->fw_stats_ctx);
- req->queue_id = cpu_to_le16(ring->queue_id);
- if (bp->flags & BNXT_FLAG_TX_COAL_CMPL)
- req->cmpl_coal_cnt =
- RING_ALLOC_REQ_CMPL_COAL_CNT_COAL_64;
+ if (ring->queue_id == BNXT_MPC_QUEUE_ID) {
+ req->mpc_chnls_type = ring->mpc_chnl_type;
+ req->enables |= cpu_to_le32(RING_ALLOC_REQ_ENABLES_MPC_CHNLS_TYPE);
+ } else {
+ req->queue_id = cpu_to_le16(ring->queue_id);
+ if (bp->flags & BNXT_FLAG_TX_COAL_CMPL)
+ req->cmpl_coal_cnt =
+ RING_ALLOC_REQ_CMPL_COAL_CNT_COAL_64;
+ }
if ((bp->fw_cap & BNXT_FW_CAP_TX_TS_CMP) && bp->ptp_cfg)
flags |= RING_ALLOC_REQ_FLAGS_TX_PKT_TS_CMPL_ENABLE;
req->flags = cpu_to_le16(flags);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 91016684c02a..11edc5752d99 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -686,6 +686,7 @@ struct nqe_cn {
#define BNXT_NQ_HDL_TYPE_SHIFT 24
#define BNXT_NQ_HDL_TYPE_RX 0x00
#define BNXT_NQ_HDL_TYPE_TX 0x01
+#define BNXT_NQ_HDL_TYPE_MP 0x02
#define BNXT_NQ_HDL_IDX(hdl) ((hdl) & BNXT_NQ_HDL_IDX_MASK)
#define BNXT_NQ_HDL_TYPE(hdl) (((hdl) & BNXT_NQ_HDL_TYPE_MASK) >> \
@@ -951,6 +952,8 @@ struct bnxt_ring_struct {
};
u32 handle;
u8 queue_id;
+#define BNXT_MPC_QUEUE_ID 0xff
+ u8 mpc_chnl_type;
};
struct tx_push_bd {
@@ -991,12 +994,16 @@ struct bnxt_tx_ring_info {
u16 tx_cons;
u16 tx_hw_cons;
u16 txq_index;
+ /* index for tx_ring[] or tx_mpc_ring[] in struct bnxt_napi */
u8 tx_napi_idx;
u8 kick_pending;
struct bnxt_db_info tx_db;
struct tx_bd *tx_desc_ring[MAX_TX_PAGES];
- struct bnxt_sw_tx_bd *tx_buf_ring;
+ union {
+ struct bnxt_sw_tx_bd *tx_buf_ring;
+ struct bnxt_sw_mpc_tx_bd *tx_mpc_buf_ring;
+ };
dma_addr_t tx_desc_mapping[MAX_TX_PAGES];
@@ -1242,6 +1249,7 @@ struct bnxt_napi {
struct bnxt_cp_ring_info cp_ring;
struct bnxt_rx_ring_info *rx_ring;
struct bnxt_tx_ring_info *tx_ring[BNXT_MAX_TXR_PER_NAPI];
+ struct bnxt_tx_ring_info **tx_mpc_ring;
void (*tx_int)(struct bnxt *, struct bnxt_napi *,
int budget);
@@ -2964,6 +2972,8 @@ int bnxt_alloc_rx_data(struct bnxt *bp, struct bnxt_rx_ring_info *rxr,
void bnxt_reuse_rx_data(struct bnxt_rx_ring_info *rxr, u16 cons, void *data);
u32 bnxt_fw_health_readl(struct bnxt *bp, int reg_idx);
bool bnxt_bs_trace_avail(struct bnxt *bp, u16 type);
+void bnxt_free_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem);
+int bnxt_alloc_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem);
void bnxt_set_tpa_flags(struct bnxt *bp);
void bnxt_set_ring_params(struct bnxt *);
void bnxt_set_rx_skb_mode(struct bnxt *bp, bool page_mode);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index 26eef764c544..a595c9b36218 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -12,6 +12,9 @@
void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
+ if (!(bp->flags & BNXT_FLAG_CHIP_P5_PLUS))
+ return;
+
if (!bp->mpc_info)
bp->mpc_info = kzalloc_obj(*bp->mpc_info);
if (bp->mpc_info)
@@ -22,6 +25,8 @@ void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
void bnxt_free_mpc_info(struct bnxt *bp)
{
+ bnxt_free_mpc_rings(bp);
+ bnxt_free_mpcs(bp);
kfree(bp->mpc_info);
bp->mpc_info = NULL;
}
@@ -47,6 +52,55 @@ int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
return mpc->mpc_cp_rings;
}
+bool bnxt_napi_has_mpc(struct bnxt *bp, int i)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ struct bnxt_napi *bnapi = bp->bnapi[i];
+ struct bnxt_tx_ring_info *txr;
+
+ if (!mpc)
+ return false;
+
+ txr = bnapi->tx_ring[0];
+ if (txr && !(bnapi->flags & BNXT_NAPI_FLAG_XDP))
+ return txr->txq_index < mpc->mpc_cp_rings;
+ return false;
+}
+
+void bnxt_set_mpc_cp_ring(struct bnxt *bp, int bnapi_idx,
+ struct bnxt_cp_ring_info *cpr)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ struct bnxt_napi *bnapi;
+ bool found = false;
+ int i, j;
+
+ if (!mpc)
+ return;
+ bnapi = bp->bnapi[bnapi_idx];
+ /* Check both TCE and RCE MPCs for the matching NAPI */
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+
+ /* Only 1 ring with index j will use this NAPI */
+ if (txr->bnapi == bnapi) {
+ txr->tx_cpr = cpr;
+ txr->tx_napi_idx = i;
+ bnapi->tx_mpc_ring[i] = txr;
+ found = true;
+ break;
+ }
+ }
+ }
+ if (!found)
+ netdev_warn_once(bp->dev, "No MPC match for napi index %d\n",
+ bnapi_idx);
+ cpr->cp_ring_type = BNXT_NQ_HDL_TYPE_MP;
+}
+
void bnxt_trim_mpc_rings(struct bnxt *bp)
{
struct bnxt_mpc_info *mpc = bp->mpc_info;
@@ -117,3 +171,157 @@ void bnxt_set_dflt_mpc_rings(struct bnxt *bp)
mpc->mpc_ring_count[i] = per_type;
mpc->mpc_cp_rings = mpc_cp;
}
+
+void bnxt_init_mpc_ring_struct(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j;
+
+ if (!BNXT_MPC_CRYPTO_CAPABLE(bp))
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ if (!mpc->mpc_rings[i])
+ continue;
+ for (j = 0; j < num; j++) {
+ struct bnxt_ring_mem_info *rmem;
+ struct bnxt_ring_struct *ring;
+ struct bnxt_tx_ring_info *txr;
+
+ txr = &mpc->mpc_rings[i][j];
+
+ txr->tx_ring_struct.ring_mem.flags =
+ BNXT_RMEM_RING_PTE_FLAG;
+ txr->bnapi = bp->tx_ring[bp->tx_ring_map[j]].bnapi;
+ txr->txq_index = j;
+
+ ring = &txr->tx_ring_struct;
+ rmem = &ring->ring_mem;
+ rmem->nr_pages = bp->tx_nr_pages;
+ rmem->page_size = HW_TXBD_RING_SIZE;
+ rmem->pg_arr = (void **)txr->tx_desc_ring;
+ rmem->dma_arr = txr->tx_desc_mapping;
+ rmem->vmem_size = SW_MPC_TXBD_RING_SIZE *
+ bp->tx_nr_pages;
+ rmem->vmem = (void **)&txr->tx_mpc_buf_ring;
+ }
+ }
+}
+
+int bnxt_alloc_mpcs(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, rc = 0;
+
+ if (!BNXT_MPC_CRYPTO_CAPABLE(bp))
+ return 0;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+ struct bnxt_tx_ring_info *txr;
+
+ if (!num)
+ continue;
+ txr = kzalloc_objs(*txr, num);
+ if (!txr) {
+ rc = -ENOMEM;
+ goto alloc_mpcs_exit;
+ }
+ mpc->mpc_rings[i] = txr;
+ }
+
+ for (i = 0; i < bp->cp_nr_rings; i++) {
+ struct bnxt_napi *bnapi = bp->bnapi[i];
+
+ if (!bnxt_napi_has_mpc(bp, i))
+ continue;
+ bnapi->tx_mpc_ring = kzalloc_objs(*bnapi->tx_mpc_ring,
+ BNXT_MPC_TYPE_MAX);
+ if (!bnapi->tx_mpc_ring) {
+ rc = -ENOMEM;
+ goto alloc_mpcs_exit;
+ }
+ }
+alloc_mpcs_exit:
+ if (rc)
+ bnxt_free_mpcs(bp);
+ return rc;
+}
+
+void bnxt_free_mpcs(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ kfree(mpc->mpc_rings[i]);
+ mpc->mpc_rings[i] = NULL;
+ }
+ if (!bp->bnapi)
+ return;
+ for (i = 0; i < bp->cp_nr_rings; i++) {
+ struct bnxt_napi *bnapi = bp->bnapi[i];
+
+ kfree(bnapi->tx_mpc_ring);
+ bnapi->tx_mpc_ring = NULL;
+ }
+}
+
+int bnxt_alloc_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j, rc = 0;
+
+ if (!mpc)
+ return 0;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+ struct bnxt_ring_struct *ring;
+
+ ring = &txr->tx_ring_struct;
+ rc = bnxt_alloc_ring(bp, &ring->ring_mem);
+ if (rc)
+ goto alloc_mpc_rings_exit;
+ ring->queue_id = BNXT_MPC_QUEUE_ID;
+ ring->mpc_chnl_type = i;
+ /* for stats context */
+ ring->grp_idx = txr->bnapi->index;
+ spin_lock_init(&txr->tx_lock);
+ }
+ }
+alloc_mpc_rings_exit:
+ if (rc)
+ bnxt_free_mpc_rings(bp);
+ return rc;
+}
+
+void bnxt_free_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ if (!mpc->mpc_rings[i])
+ continue;
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+ struct bnxt_ring_struct *ring = &txr->tx_ring_struct;
+
+ bnxt_free_ring(bp, &ring->ring_mem);
+ }
+ }
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index 6d50ca8c45ab..90aec8e0955a 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -29,6 +29,12 @@ struct bnxt_mpc_info {
struct bnxt_tx_ring_info *mpc_rings[BNXT_MPC_TYPE_MAX];
};
+struct bnxt_sw_mpc_tx_bd {
+ unsigned long handle;
+};
+
+#define SW_MPC_TXBD_RING_SIZE (sizeof(struct bnxt_sw_mpc_tx_bd) * TX_DESC_CNT)
+
#define BNXT_MPC_CRYPTO_CAP \
(FUNC_QCAPS_RESP_MPC_CHNLS_CAP_TCE | FUNC_QCAPS_RESP_MPC_CHNLS_CAP_RCE)
@@ -42,11 +48,19 @@ void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap);
void bnxt_free_mpc_info(struct bnxt *bp);
int bnxt_mpc_tx_rings_in_use(struct bnxt *bp);
int bnxt_mpc_cp_rings_in_use(struct bnxt *bp);
+bool bnxt_napi_has_mpc(struct bnxt *bp, int i);
+void bnxt_set_mpc_cp_ring(struct bnxt *bp, int bnapi_idx,
+ struct bnxt_cp_ring_info *cpr);
void bnxt_trim_mpc_rings(struct bnxt *bp);
void bnxt_calc_dflt_mpc_rings(struct bnxt *bp, int tx_nr_rings,
int tx_nr_rings_per_tc, int rx_nr_rings,
int *mpc_per_type, int *mpc_cp);
void bnxt_set_dflt_mpc_rings(struct bnxt *bp);
+void bnxt_init_mpc_ring_struct(struct bnxt *bp);
+int bnxt_alloc_mpcs(struct bnxt *bp);
+void bnxt_free_mpcs(struct bnxt *bp);
+int bnxt_alloc_mpc_rings(struct bnxt *bp);
+void bnxt_free_mpc_rings(struct bnxt *bp);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -66,6 +80,16 @@ static inline int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
return 0;
}
+static inline bool bnxt_napi_has_mpc(struct bnxt *bp, int i)
+{
+ return false;
+}
+
+static inline void bnxt_set_mpc_cp_ring(struct bnxt *bp, int bnapi_idx,
+ struct bnxt_cp_ring_info *cpr)
+{
+}
+
static inline void bnxt_trim_mpc_rings(struct bnxt *bp)
{
}
@@ -82,5 +106,27 @@ static inline void bnxt_calc_dflt_mpc_rings(struct bnxt *bp, int tx_nr_rings,
static inline void bnxt_set_dflt_mpc_rings(struct bnxt *bp)
{
}
+
+static inline void bnxt_init_mpc_ring_struct(struct bnxt *bp)
+{
+}
+
+static inline int bnxt_alloc_mpcs(struct bnxt *bp)
+{
+ return 0;
+}
+
+static inline void bnxt_free_mpcs(struct bnxt *bp)
+{
+}
+
+static inline int bnxt_alloc_mpc_rings(struct bnxt *bp)
+{
+ return 0;
+}
+
+static inline void bnxt_free_mpc_rings(struct bnxt *bp)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 06/15] bnxt_en: Allocate and free MPC channels from firmware
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (4 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 05/15] bnxt_en: Allocate and free MPC software structures Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 07/15] bnxt_en: Allocate crypto structure and backing store Michael Chan
` (8 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde
Allocate and free the reserved MPC TX rings and completion rings from
firmware. MPC backing store memory also needs to be configured in
order to successfully allocate the MPC TX rings.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 30 ++++--
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 6 ++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 93 +++++++++++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 16 ++++
4 files changed, 136 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index e606cce3af0f..e68b970bf21b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7479,8 +7479,7 @@ static int bnxt_hwrm_rx_agg_ring_alloc(struct bnxt *bp,
return 0;
}
-static int bnxt_hwrm_cp_ring_alloc_p5(struct bnxt *bp,
- struct bnxt_cp_ring_info *cpr)
+int bnxt_hwrm_cp_ring_alloc_p5(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
{
const u32 type = HWRM_RING_ALLOC_CMPL;
struct bnxt_napi *bnapi = cpr->bnapi;
@@ -7498,8 +7497,8 @@ static int bnxt_hwrm_cp_ring_alloc_p5(struct bnxt *bp,
return 0;
}
-static int bnxt_hwrm_tx_ring_alloc(struct bnxt *bp,
- struct bnxt_tx_ring_info *txr, u32 tx_idx)
+int bnxt_hwrm_tx_ring_alloc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ u32 tx_idx)
{
struct bnxt_ring_struct *ring = &txr->tx_ring_struct;
const u32 type = HWRM_RING_ALLOC_TX;
@@ -7584,6 +7583,9 @@ static int bnxt_hwrm_ring_alloc(struct bnxt *bp)
goto err_out;
}
}
+
+ rc = bnxt_hwrm_mpc_ring_alloc(bp);
+
err_out:
return rc;
}
@@ -7641,9 +7643,8 @@ static int hwrm_ring_free_send_msg(struct bnxt *bp,
return 0;
}
-static void bnxt_hwrm_tx_ring_free(struct bnxt *bp,
- struct bnxt_tx_ring_info *txr,
- bool close_path)
+void bnxt_hwrm_tx_ring_free(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ bool close_path)
{
struct bnxt_ring_struct *ring = &txr->tx_ring_struct;
u32 cmpl_ring_id;
@@ -7702,8 +7703,7 @@ static void bnxt_hwrm_rx_agg_ring_free(struct bnxt *bp,
bp->grp_info[grp_idx].agg_fw_ring_id = INVALID_HW_RING_ID;
}
-static void bnxt_hwrm_cp_ring_free(struct bnxt *bp,
- struct bnxt_cp_ring_info *cpr)
+void bnxt_hwrm_cp_ring_free(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
{
struct bnxt_ring_struct *ring;
@@ -7737,6 +7737,8 @@ static void bnxt_hwrm_ring_free(struct bnxt *bp, bool close_path)
if (!bp->bnapi)
return;
+ bnxt_hwrm_mpc_ring_free(bp, close_path);
+
for (i = 0; i < bp->tx_nr_rings; i++)
bnxt_hwrm_tx_ring_free(bp, &bp->tx_ring[i], close_path);
@@ -9374,12 +9376,21 @@ static int bnxt_hwrm_func_backing_store_cfg_v2(struct bnxt *bp,
static int bnxt_backing_store_cfg_v2(struct bnxt *bp)
{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
struct bnxt_ctx_mem_info *ctx = bp->ctx;
struct bnxt_ctx_mem_type *ctxm;
u16 last_type = BNXT_CTX_INV;
int rc = 0;
u16 type;
+ if (mpc && mpc->mpc_chnls_cap) {
+ ctxm = &ctx->ctx_arr[BNXT_CTX_MTQM];
+ rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm, ctxm->max_entries, 1);
+ if (rc)
+ return rc;
+ last_type = BNXT_CTX_MTQM;
+ }
+
for (type = BNXT_CTX_SRT; type <= BNXT_CTX_QPC; type++) {
ctxm = &ctx->ctx_arr[type];
if (!bnxt_bs_trace_avail(bp, type))
@@ -11369,6 +11380,7 @@ static int bnxt_init_nic(struct bnxt *bp, bool irq_re_init)
bnxt_init_cp_rings(bp);
bnxt_init_rx_rings(bp);
bnxt_init_tx_rings(bp);
+ bnxt_init_mpc_rings(bp);
bnxt_init_ring_grps(bp, irq_re_init);
bnxt_init_vnics(bp);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 11edc5752d99..416ae86111fa 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -3002,6 +3002,12 @@ int bnxt_hwrm_vnic_cfg(struct bnxt *bp, struct bnxt_vnic_info *vnic);
int bnxt_hwrm_vnic_alloc(struct bnxt *bp, struct bnxt_vnic_info *vnic,
unsigned int start_rx_ring_idx,
unsigned int nr_rings);
+int bnxt_hwrm_cp_ring_alloc_p5(struct bnxt *bp, struct bnxt_cp_ring_info *cpr);
+int bnxt_hwrm_tx_ring_alloc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ u32 tx_idx);
+void bnxt_hwrm_tx_ring_free(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ bool close_path);
+void bnxt_hwrm_cp_ring_free(struct bnxt *bp, struct bnxt_cp_ring_info *cpr);
int bnxt_total_tx_rings(struct bnxt *bp);
int __bnxt_hwrm_get_tx_rings(struct bnxt *bp, u16 fid, int *tx_rings);
int bnxt_nq_rings_in_use(struct bnxt *bp);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index a595c9b36218..40351b7c0b82 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -325,3 +325,96 @@ void bnxt_free_mpc_rings(struct bnxt *bp)
}
}
}
+
+void bnxt_init_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+ struct bnxt_ring_struct *ring = &txr->tx_ring_struct;
+
+ txr->tx_prod = 0;
+ txr->tx_cons = 0;
+ txr->tx_hw_cons = 0;
+ WRITE_ONCE(txr->dev_state, 0);
+ ring->fw_ring_id = INVALID_HW_RING_ID;
+ }
+ }
+}
+
+static int bnxt_hwrm_one_mpc_ring_alloc(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr)
+{
+ struct bnxt_cp_ring_info *cpr = txr->tx_cpr;
+ struct bnxt_ring_struct *ring;
+ int rc;
+
+ ring = &cpr->cp_ring_struct;
+ if (ring->fw_ring_id == INVALID_HW_RING_ID) {
+ rc = bnxt_hwrm_cp_ring_alloc_p5(bp, cpr);
+ if (rc)
+ return rc;
+ }
+ /* tx_idx not used on P5_PLUS, so set it to 0 */
+ return bnxt_hwrm_tx_ring_alloc(bp, txr, 0);
+}
+
+int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j, rc = 0;
+
+ if (!mpc)
+ return 0;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+
+ rc = bnxt_hwrm_one_mpc_ring_alloc(bp, txr);
+ if (rc)
+ goto mpc_ring_alloc_exit;
+ }
+ }
+mpc_ring_alloc_exit:
+ if (rc)
+ bnxt_hwrm_mpc_ring_free(bp, false);
+ return rc;
+}
+
+void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ struct bnxt_cp_ring_info *cpr;
+ int i, j;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ for (j = 0; j < mpc->mpc_ring_count[i]; j++)
+ bnxt_hwrm_tx_ring_free(bp, &mpc->mpc_rings[i][j],
+ close_path);
+ }
+ /* CP rings must be freed at the end to guarantee that the HWRM_DONE
+ * responses for HWRM_RING_FREE can still be seen on the CP rings.
+ */
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ for (j = 0; j < mpc->mpc_ring_count[i]; j++) {
+ cpr = mpc->mpc_rings[i][j].tx_cpr;
+ if (cpr && cpr->cp_ring_struct.fw_ring_id !=
+ INVALID_HW_RING_ID)
+ bnxt_hwrm_cp_ring_free(bp, cpr);
+ }
+ }
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index 90aec8e0955a..3210ecf29c76 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -61,6 +61,9 @@ int bnxt_alloc_mpcs(struct bnxt *bp);
void bnxt_free_mpcs(struct bnxt *bp);
int bnxt_alloc_mpc_rings(struct bnxt *bp);
void bnxt_free_mpc_rings(struct bnxt *bp);
+void bnxt_init_mpc_rings(struct bnxt *bp);
+int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp);
+void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -128,5 +131,18 @@ static inline int bnxt_alloc_mpc_rings(struct bnxt *bp)
static inline void bnxt_free_mpc_rings(struct bnxt *bp)
{
}
+
+static inline void bnxt_init_mpc_rings(struct bnxt *bp)
+{
+}
+
+static inline int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp)
+{
+ return 0;
+}
+
+static inline void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 07/15] bnxt_en: Allocate crypto structure and backing store
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (5 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 06/15] bnxt_en: Allocate and free MPC channels from firmware Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 08/15] bnxt_en: Reserve crypto RX and TX key contexts on a PF Michael Chan
` (7 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
If the chip and firmware support crypto (TLS) offload, allocate a
bp->crypto_info software structure and backing store to support the RX
and TX contexts. Each offloaded TLS connection requires a backing
store context for each direction.
bp->crypto_info will stay persistent even if kTLS is no longer
supported after a FW reset. This makes it easier to avoid NULL
dereference of bp->crypto_info during FW reset and kTLS offload
race conditions.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v4:
Clear BNXT_FW_CAP_KTLS in bnxt_free_cryto_info()
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-8-michael.chan@broadcom.com/
bp->crypto_info and bp->ktls_info now stay persistent for the driver's
lifetime. max keys are refreshed after re-init.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-8-michael.chan@broadcom.
---
drivers/net/ethernet/broadcom/bnxt/Makefile | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 21 +++++
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 4 +
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 83 +++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 47 +++++++++++
include/linux/bnxt/hsi.h | 37 +++++++++
6 files changed, 193 insertions(+), 1 deletion(-)
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
diff --git a/drivers/net/ethernet/broadcom/bnxt/Makefile b/drivers/net/ethernet/broadcom/bnxt/Makefile
index 0506574c007a..3acdb81fa958 100644
--- a/drivers/net/ethernet/broadcom/bnxt/Makefile
+++ b/drivers/net/ethernet/broadcom/bnxt/Makefile
@@ -5,4 +5,4 @@ bnxt_en-y := bnxt.o bnxt_hwrm.o bnxt_sriov.o bnxt_ethtool.o bnxt_dcb.o bnxt_ulp.
bnxt_en-$(CONFIG_BNXT_FLOWER_OFFLOAD) += bnxt_tc.o
bnxt_en-$(CONFIG_DEBUG_FS) += bnxt_debugfs.o
bnxt_en-$(CONFIG_BNXT_HWMON) += bnxt_hwmon.o
-bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o
+bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o bnxt_crypto.o
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index e68b970bf21b..b663824cb559 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -77,6 +77,7 @@
#include "bnxt_gso.h"
#include <net/tso.h>
#include "bnxt_mpc.h"
+#include "bnxt_crypto.h"
#define BNXT_TX_TIMEOUT (5 * HZ)
#define BNXT_DEF_MSG_ENABLE (NETIF_MSG_DRV | NETIF_MSG_HW | \
@@ -9376,6 +9377,7 @@ static int bnxt_hwrm_func_backing_store_cfg_v2(struct bnxt *bp,
static int bnxt_backing_store_cfg_v2(struct bnxt *bp)
{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
struct bnxt_mpc_info *mpc = bp->mpc_info;
struct bnxt_ctx_mem_info *ctx = bp->ctx;
struct bnxt_ctx_mem_type *ctxm;
@@ -9383,6 +9385,19 @@ static int bnxt_backing_store_cfg_v2(struct bnxt *bp)
int rc = 0;
u16 type;
+ if (BNXT_SUPPORTS_KTLS(bp)) {
+ ctxm = &ctx->ctx_arr[BNXT_CTX_TCK];
+ rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm,
+ BNXT_TCK(crypto).max_ctx, 1);
+ if (rc)
+ return rc;
+ ctxm = &ctx->ctx_arr[BNXT_CTX_RCK];
+ rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm,
+ BNXT_RCK(crypto).max_ctx, 1);
+ if (rc)
+ return rc;
+ last_type = BNXT_CTX_RCK;
+ }
if (mpc && mpc->mpc_chnls_cap) {
ctxm = &ctx->ctx_arr[BNXT_CTX_MTQM];
rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm, ctxm->max_entries, 1);
@@ -9925,6 +9940,10 @@ static int __bnxt_hwrm_func_qcaps(struct bnxt *bp)
bp->fw_cap |= BNXT_FW_CAP_BACKING_STORE_V2;
if (flags_ext & FUNC_QCAPS_RESP_FLAGS_EXT_TX_COAL_CMPL_CAP)
bp->flags |= BNXT_FLAG_TX_COAL_CMPL;
+ if (flags_ext & FUNC_QCAPS_RESP_FLAGS_EXT_KTLS_SUPPORTED)
+ bnxt_alloc_crypto_info(bp, resp);
+ else
+ bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
flags_ext2 = le32_to_cpu(resp->flags_ext2);
if (flags_ext2 & FUNC_QCAPS_RESP_FLAGS_EXT2_RX_ALL_PKTS_TIMESTAMPS_SUPPORTED)
@@ -16613,6 +16632,7 @@ static void bnxt_remove_one(struct pci_dev *pdev)
bp->ptp_cfg = NULL;
kfree(bp->fw_health);
bp->fw_health = NULL;
+ bnxt_free_crypto_info(bp);
bnxt_free_mpc_info(bp);
bnxt_cleanup_pci(bp);
bnxt_free_ctx_mem(bp, true);
@@ -17296,6 +17316,7 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
bnxt_ethtool_free(bp);
kfree(bp->fw_health);
bp->fw_health = NULL;
+ bnxt_free_crypto_info(bp);
bnxt_free_mpc_info(bp);
bnxt_cleanup_pci(bp);
bnxt_free_ctx_mem(bp, true);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 416ae86111fa..621f275b49fd 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2461,6 +2461,7 @@ struct bnxt {
u8 tph_mode;
struct bnxt_mpc_info *mpc_info;
+ struct bnxt_crypto_info *crypto_info;
unsigned int current_interval;
#define BNXT_TIMER_INTERVAL HZ
@@ -2548,6 +2549,7 @@ struct bnxt {
#define BNXT_FW_CAP_NPAR_1_2 BIT_ULL(42)
#define BNXT_FW_CAP_MIRROR_ON_ROCE BIT_ULL(43)
#define BNXT_FW_CAP_PTP_PTM BIT_ULL(44)
+ #define BNXT_FW_CAP_KTLS BIT_ULL(45)
u32 fw_dbg_cap;
@@ -2573,6 +2575,8 @@ struct bnxt {
((bp)->fw_cap & BNXT_FW_CAP_SW_MAX_RESOURCE_LIMITS)
#define BNXT_MIRROR_ON_ROCE_CAP(bp) \
((bp)->fw_cap & BNXT_FW_CAP_MIRROR_ON_ROCE)
+#define BNXT_SUPPORTS_KTLS(bp) \
+ ((bp)->fw_cap & BNXT_FW_CAP_KTLS)
u32 hwrm_spec_code;
u16 hwrm_cmd_seq;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
new file mode 100644
index 000000000000..5bc31ee8d7fd
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -0,0 +1,83 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#include <linux/stddef.h>
+#include <linux/types.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/bnxt/hsi.h>
+
+#include "bnxt.h"
+#include "bnxt_crypto.h"
+
+static u32 bnxt_get_max_crypto_key_ctx(struct bnxt *bp, int key_type)
+{
+ u32 fw_maj = BNXT_FW_MAJ(bp);
+
+ if (key_type == BNXT_TX_CRYPTO_KEY_TYPE)
+ return (fw_maj < 233) ? BNXT_MAX_TX_CRYPTO_KEYS_PRE_233FW :
+ BNXT_MAX_TX_CRYPTO_KEYS;
+
+ return (fw_maj < 233) ? BNXT_MAX_RX_CRYPTO_KEYS_PRE_233FW :
+ BNXT_MAX_RX_CRYPTO_KEYS;
+}
+
+/**
+ * bnxt_alloc_crypto_info - Allocate and initialize crypto offload context
+ * @bp: pointer to bnxt device
+ * @resp: pointer to firmware capability response
+ *
+ * Allocates the main crypto info structure
+ *
+ * This function is called during device initialization when firmware
+ * reports crypto offload capability. If allocation fails, crypto offload
+ * will not be available but the device will still function.
+ *
+ * Context: Process context
+ */
+void bnxt_alloc_crypto_info(struct bnxt *bp,
+ struct hwrm_func_qcaps_output *resp)
+{
+ u16 max_keys = le16_to_cpu(resp->max_key_ctxs_alloc);
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_kctx *kctx;
+ int i;
+
+ if (BNXT_VF(bp))
+ return;
+ if (!crypto) {
+ crypto = kzalloc_obj(*crypto);
+ if (!crypto) {
+ netdev_warn(bp->dev,
+ "Unable to allocate crypto info\n");
+ return;
+ }
+ for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
+ kctx = &crypto->kctx[i];
+ kctx->type = i;
+ }
+ bp->crypto_info = crypto;
+ }
+ for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
+ kctx = &crypto->kctx[i];
+ kctx->max_ctx = bnxt_get_max_crypto_key_ctx(bp, i);
+ }
+ crypto->max_key_ctxs_alloc = max_keys;
+ bp->fw_cap |= BNXT_FW_CAP_KTLS;
+}
+
+/**
+ * bnxt_free_crypto_info - Free crypto offload resources
+ * @bp: pointer to bnxt device
+ *
+ * Frees all resources associated with crypto offload. Call this function
+ * only when it is idle with nothing in-flight.
+ *
+ * Context: Process context during device shutdown/removal
+ */
+void bnxt_free_crypto_info(struct bnxt *bp)
+{
+ kfree(bp->crypto_info);
+ bp->crypto_info = NULL;
+ bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
new file mode 100644
index 000000000000..629388fe1e6d
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -0,0 +1,47 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#ifndef BNXT_CRYPTO_H
+#define BNXT_CRYPTO_H
+
+#define BNXT_MAX_TX_CRYPTO_KEYS 204800
+#define BNXT_MAX_RX_CRYPTO_KEYS 204800
+
+#define BNXT_MAX_TX_CRYPTO_KEYS_PRE_233FW 65535
+#define BNXT_MAX_RX_CRYPTO_KEYS_PRE_233FW 65535
+
+enum bnxt_crypto_type {
+ BNXT_TX_CRYPTO_KEY_TYPE = FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_TX,
+ BNXT_RX_CRYPTO_KEY_TYPE = FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_RX,
+ BNXT_MAX_CRYPTO_KEY_TYPE,
+};
+
+struct bnxt_kctx {
+ u8 type;
+ u32 max_ctx;
+};
+
+struct bnxt_crypto_info {
+ u16 max_key_ctxs_alloc;
+
+ struct bnxt_kctx kctx[BNXT_MAX_CRYPTO_KEY_TYPE];
+};
+
+#define BNXT_TCK(crypto) ((crypto)->kctx[BNXT_TX_CRYPTO_KEY_TYPE])
+#define BNXT_RCK(crypto) ((crypto)->kctx[BNXT_RX_CRYPTO_KEY_TYPE])
+
+#ifdef CONFIG_BNXT_TLS
+void bnxt_alloc_crypto_info(struct bnxt *bp,
+ struct hwrm_func_qcaps_output *resp);
+void bnxt_free_crypto_info(struct bnxt *bp);
+#else
+static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
+ struct hwrm_func_qcaps_output *resp)
+{
+}
+
+static inline void bnxt_free_crypto_info(struct bnxt *bp)
+{
+}
+#endif /* CONFIG_BNXT_TLS */
+#endif /* BNXT_CRYPTO_H */
diff --git a/include/linux/bnxt/hsi.h b/include/linux/bnxt/hsi.h
index 74a6bf278d88..03444b81beb0 100644
--- a/include/linux/bnxt/hsi.h
+++ b/include/linux/bnxt/hsi.h
@@ -3837,6 +3837,43 @@ struct hwrm_func_ptp_ext_qcfg_output {
u8 valid;
};
+/* hwrm_func_key_ctx_alloc_input (size:384b/48B) */
+struct hwrm_func_key_ctx_alloc_input {
+ __le16 req_type;
+ __le16 cmpl_ring;
+ __le16 seq_id;
+ __le16 target_id;
+ __le64 resp_addr;
+ __le16 fid;
+ __le16 num_key_ctxs;
+ __le32 dma_bufr_size_bytes;
+ u8 key_ctx_type;
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_TX 0x0UL
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_RX 0x1UL
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_QUIC_TX 0x2UL
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_QUIC_RX 0x3UL
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_LAST FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_QUIC_RX
+ u8 unused_0[7];
+ __le64 host_dma_addr;
+ __le32 partition_start_xid;
+ u8 unused_1[4];
+};
+
+/* hwrm_func_key_ctx_alloc_output (size:192b/24B) */
+struct hwrm_func_key_ctx_alloc_output {
+ __le16 error_code;
+ __le16 req_type;
+ __le16 seq_id;
+ __le16 resp_len;
+ __le16 num_key_ctxs_allocated;
+ u8 flags;
+ #define FUNC_KEY_CTX_ALLOC_RESP_FLAGS_KEY_CTXS_CONTIGUOUS 0x1UL
+ u8 unused_0;
+ __le32 partition_start_xid;
+ u8 unused_1[7];
+ u8 valid;
+};
+
/* hwrm_func_backing_store_cfg_v2_input (size:512b/64B) */
struct hwrm_func_backing_store_cfg_v2_input {
__le16 req_type;
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 08/15] bnxt_en: Reserve crypto RX and TX key contexts on a PF
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (6 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 07/15] bnxt_en: Allocate crypto structure and backing store Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 09/15] bnxt_en: Add infrastructure for crypto key context IDs Michael Chan
` (6 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
If kTLS crypto offload is supported, reserve RX and TX key contexts.
These keys will later be allocated during run-time to support offloading
TX and RX kTLS connections.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v3:
Add missing ASSETS_TEST flag when checking reserved crypto keys.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-9-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 22 +++++++++++--
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 11 +++++++
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 32 +++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 7 ++++
4 files changed, 70 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index b663824cb559..27f9843f9c5d 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7791,6 +7791,7 @@ static int bnxt_trim_rings(struct bnxt *bp, int *rx, int *tx, int max,
static int bnxt_hwrm_get_rings(struct bnxt *bp)
{
struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ struct bnxt_hw_crypto_resc *crypto_resc;
struct hwrm_func_qcfg_output *resp;
struct hwrm_func_qcfg_input *req;
int rc;
@@ -7851,6 +7852,10 @@ static int bnxt_hwrm_get_rings(struct bnxt *bp)
}
hw_resc->resv_cp_rings = cp;
hw_resc->resv_stat_ctxs = stats;
+
+ crypto_resc = &hw_resc->crypto_resc;
+ crypto_resc->resv_tx_key_ctxs = le32_to_cpu(resp->num_ktls_tx_key_ctxs);
+ crypto_resc->resv_rx_key_ctxs = le32_to_cpu(resp->num_ktls_rx_key_ctxs);
}
get_rings_exit:
hwrm_req_drop(bp, req);
@@ -7921,8 +7926,9 @@ __bnxt_hwrm_reserve_pf_rings(struct bnxt *bp, struct bnxt_hw_rings *hwr)
}
req->num_stat_ctxs = cpu_to_le16(hwr->stat);
req->num_vnics = cpu_to_le16(hwr->vnic);
+ bnxt_hwrm_reserve_pf_key_ctxs(bp, req);
}
- req->enables = cpu_to_le32(enables);
+ req->enables |= cpu_to_le32(enables);
return req;
}
@@ -8324,7 +8330,7 @@ static int bnxt_hwrm_check_vf_rings(struct bnxt *bp, struct bnxt_hw_rings *hwr)
static int bnxt_hwrm_check_pf_rings(struct bnxt *bp, struct bnxt_hw_rings *hwr)
{
struct hwrm_func_cfg_input *req;
- u32 flags;
+ u32 flags, flags2 = 0;
req = __bnxt_hwrm_reserve_pf_rings(bp, hwr);
flags = FUNC_CFG_REQ_FLAGS_TX_ASSETS_TEST;
@@ -8338,9 +8344,14 @@ static int bnxt_hwrm_check_pf_rings(struct bnxt *bp, struct bnxt_hw_rings *hwr)
FUNC_CFG_REQ_FLAGS_NQ_ASSETS_TEST;
else
flags |= FUNC_CFG_REQ_FLAGS_RING_GRP_ASSETS_TEST;
+ if (req->enables &
+ cpu_to_le32(FUNC_CFG_REQ_ENABLES_KTLS_TX_KEY_CTXS |
+ FUNC_CFG_REQ_ENABLES_KTLS_RX_KEY_CTXS))
+ flags2 |= FUNC_CFG_REQ_FLAGS2_KTLS_KEY_CTX_ASSETS_TEST;
}
req->flags = cpu_to_le32(flags);
+ req->flags2 = cpu_to_le32(flags2);
return hwrm_req_send_silent(bp, req);
}
@@ -9754,6 +9765,7 @@ int bnxt_hwrm_func_resc_qcaps(struct bnxt *bp, bool all)
struct hwrm_func_resource_qcaps_output *resp;
struct hwrm_func_resource_qcaps_input *req;
struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ struct bnxt_hw_crypto_resc *crypto_resc;
int rc;
rc = hwrm_req_init(bp, req, HWRM_FUNC_RESOURCE_QCAPS);
@@ -9791,6 +9803,12 @@ int bnxt_hwrm_func_resc_qcaps(struct bnxt *bp, bool all)
hw_resc->max_vnics * BNXT_LARGE_RSS_TO_VNIC_RATIO)
bp->rss_cap |= BNXT_RSS_CAP_LARGE_RSS_CTX;
+ crypto_resc = &hw_resc->crypto_resc;
+ crypto_resc->min_tx_key_ctxs = le32_to_cpu(resp->min_ktls_tx_key_ctxs);
+ crypto_resc->max_tx_key_ctxs = le32_to_cpu(resp->max_ktls_tx_key_ctxs);
+ crypto_resc->min_rx_key_ctxs = le32_to_cpu(resp->min_ktls_rx_key_ctxs);
+ crypto_resc->max_rx_key_ctxs = le32_to_cpu(resp->max_ktls_rx_key_ctxs);
+
if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS) {
u16 max_msix = le16_to_cpu(resp->max_msix);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 621f275b49fd..1302c39a7af9 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1363,6 +1363,15 @@ struct bnxt_hw_rings {
int rss_ctx;
};
+struct bnxt_hw_crypto_resc {
+ u32 min_tx_key_ctxs;
+ u32 max_tx_key_ctxs;
+ u32 resv_tx_key_ctxs;
+ u32 min_rx_key_ctxs;
+ u32 max_rx_key_ctxs;
+ u32 resv_rx_key_ctxs;
+};
+
struct bnxt_hw_resc {
u16 min_rsscos_ctxs;
u16 max_rsscos_ctxs;
@@ -1397,6 +1406,8 @@ struct bnxt_hw_resc {
u32 max_tx_wm_flows;
u32 max_rx_em_flows;
u32 max_rx_wm_flows;
+
+ struct bnxt_hw_crypto_resc crypto_resc;
};
#define BNXT_LARGE_RSS_TO_VNIC_RATIO 7
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index 5bc31ee8d7fd..b2a96ac725ea 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -81,3 +81,35 @@ void bnxt_free_crypto_info(struct bnxt *bp)
bp->crypto_info = NULL;
bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
}
+
+/**
+ * bnxt_hwrm_reserve_pf_key_ctxs - Reserve key contexts with firmware
+ * @bp: pointer to bnxt device
+ * @req: pointer to HWRM function config request
+ *
+ * Populates the firmware request with key context reservation parameters
+ * for crypto offload based on current max settings and capabilities.
+ *
+ * Context: Process context during device configuration
+ */
+void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
+ struct hwrm_func_cfg_input *req)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ struct bnxt_hw_crypto_resc *crypto_resc;
+ u32 tx, rx;
+
+ if (!crypto || !BNXT_SUPPORTS_KTLS(bp))
+ return;
+
+ crypto_resc = &hw_resc->crypto_resc;
+ tx = min(BNXT_TCK(crypto).max_ctx, crypto_resc->max_tx_key_ctxs);
+ rx = min(BNXT_RCK(crypto).max_ctx, crypto_resc->max_rx_key_ctxs);
+ req->num_ktls_tx_key_ctxs = cpu_to_le32(tx);
+ req->num_ktls_rx_key_ctxs = cpu_to_le32(rx);
+ if (tx)
+ req->enables |= cpu_to_le32(FUNC_CFG_REQ_ENABLES_KTLS_TX_KEY_CTXS);
+ if (rx)
+ req->enables |= cpu_to_le32(FUNC_CFG_REQ_ENABLES_KTLS_RX_KEY_CTXS);
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
index 629388fe1e6d..e090491006db 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -34,6 +34,8 @@ struct bnxt_crypto_info {
void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp);
void bnxt_free_crypto_info(struct bnxt *bp);
+void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
+ struct hwrm_func_cfg_input *req);
#else
static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp)
@@ -43,5 +45,10 @@ static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
static inline void bnxt_free_crypto_info(struct bnxt *bp)
{
}
+
+static inline void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
+ struct hwrm_func_cfg_input *req)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_CRYPTO_H */
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 09/15] bnxt_en: Add infrastructure for crypto key context IDs
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (7 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 08/15] bnxt_en: Reserve crypto RX and TX key contexts on a PF Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 10/15] bnxt_en: Add MPC transmit and completion functions Michael Chan
` (5 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
Each kTLS connection requires a crypto key context ID (KID). These KIDs
are allocated from the firmware in batches. Add data structure to store
these IDs. The bnxt_kid_info structure stores a batch of IDs and it can be
linked as we allocate more batches. There is a bitmap in the structure
to keep track of which ones are in use. Add APIs to allocate and free
these KIDs.
Once allocated, these KIDs are not freed during run-time. They are
re-used for new connections. FW reset or HWRM_FUNC_RESET will free
all KIDs. Call bnxt_clear_crypto() to clear all KIDs in the driver's
structures during these reset events.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v5:
More clearly document and explain that bnxt_clear_crypto() has no
concurrent readers/writers.
Add comment to explain that the bnxt_free_one_ctx() caller is reponsible
to check the epoch value when needed.
v4:
https://lore.kernel.org/netdev/20260629184921.3496727-10-michael.chan@broadcom.com/
Fix kernel doc for bnxt_free_one_kctx().
Add BNXT_NEXT_EPOCH() to mask the epoch value.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-10-michael.chan@broadcom.com/
Use a larger (12-bit) epoch value for the keys.
Improve comments, kerneldoc, and dmesg.
Make sure bnxt_clear_crypto() is called during shutdown with the
BNXT_STATE_OPEN flag cleared.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-10-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 285 ++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 70 +++++
3 files changed, 365 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 27f9843f9c5d..4f7042d91078 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -12899,6 +12899,8 @@ static int bnxt_hwrm_if_change(struct bnxt *bp, bool up)
bnxt_ulp_irq_stop(bp);
bnxt_free_ctx_mem(bp, false);
bnxt_dcb_free(bp);
+ if (fw_reset || caps_change)
+ bnxt_clear_crypto(bp);
rc = bnxt_fw_init_one(bp);
if (rc) {
clear_bit(BNXT_STATE_FW_RESET_DET, &bp->state);
@@ -14636,6 +14638,7 @@ static void bnxt_fw_reset_close(struct bnxt *bp)
bnxt_hwrm_func_drv_unrgtr(bp);
if (pci_is_enabled(bp->pdev))
pci_disable_device(bp->pdev);
+ bnxt_clear_crypto(bp);
bnxt_free_ctx_mem(bp, false);
}
@@ -17292,6 +17295,12 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
rc = bnxt_dl_register(bp);
if (rc)
goto init_err_dl;
+ rc = bnxt_crypto_init(bp);
+ if (rc) {
+ bnxt_free_crypto_info(bp);
+ netdev_warn(bp->dev, "Failed to initialize crypto offload, err = %d\n",
+ rc);
+ }
INIT_LIST_HEAD(&bp->usr_fltr_list);
@@ -17518,6 +17527,7 @@ static pci_ers_result_t bnxt_io_error_detected(struct pci_dev *pdev,
if (pci_is_enabled(pdev))
pci_disable_device(pdev);
+ bnxt_clear_crypto(bp);
bnxt_free_ctx_mem(bp, false);
netdev_unlock(netdev);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index b2a96ac725ea..72927c32bf0c 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -8,6 +8,7 @@
#include <linux/bnxt/hsi.h>
#include "bnxt.h"
+#include "bnxt_hwrm.h"
#include "bnxt_crypto.h"
static u32 bnxt_get_max_crypto_key_ctx(struct bnxt *bp, int key_type)
@@ -55,6 +56,10 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
kctx = &crypto->kctx[i];
kctx->type = i;
+ INIT_LIST_HEAD(&kctx->list);
+ spin_lock_init(&kctx->lock);
+ atomic_set(&kctx->alloc_pending, 0);
+ init_waitqueue_head(&kctx->alloc_pending_wq);
}
bp->crypto_info = crypto;
}
@@ -66,6 +71,43 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
bp->fw_cap |= BNXT_FW_CAP_KTLS;
}
+/**
+ * bnxt_clear_crypto - Clear all crypto key contexts
+ * @bp: pointer to bnxt device
+ *
+ * Clears all key context allocations during shutdown or firmware reset.
+ * Frees all key info structures and bitmaps, and increments the epoch
+ * counter to invalidate any outstanding key references.
+ *
+ * Locking: the caller must have cleared BNXT_STATE_OPEN and waited for all
+ * in-flight kTLS control ops to drain. Under these preconditions there are
+ * no concurrent readers or writers of the KID lists, so the lists can be
+ * walked without rcu_read_lock() or the kctx lock.
+ *
+ * Context: Process context during shutdown/reset
+ */
+void bnxt_clear_crypto(struct bnxt *bp)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_kid_info *kid, *tmp;
+ struct bnxt_kctx *kctx;
+ int i;
+
+ if (!crypto)
+ return;
+
+ /* No concurrent access; see the locking note above. */
+ for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
+ kctx = &crypto->kctx[i];
+ list_for_each_entry_safe(kid, tmp, &kctx->list, list) {
+ list_del(&kid->list);
+ kfree(kid);
+ }
+ kctx->total_alloc = 0;
+ kctx->epoch = BNXT_NEXT_EPOCH(kctx->epoch);
+ }
+}
+
/**
* bnxt_free_crypto_info - Free crypto offload resources
* @bp: pointer to bnxt device
@@ -77,6 +119,7 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
*/
void bnxt_free_crypto_info(struct bnxt *bp)
{
+ bnxt_clear_crypto(bp);
kfree(bp->crypto_info);
bp->crypto_info = NULL;
bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
@@ -113,3 +156,245 @@ void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
if (rx)
req->enables |= cpu_to_le32(FUNC_CFG_REQ_ENABLES_KTLS_RX_KEY_CTXS);
}
+
+static int bnxt_key_ctx_store(struct bnxt_kctx *kctx, __le32 *key_buf, u32 num,
+ bool contig, u8 kind, u32 *id)
+{
+ struct bnxt_kid_info *kid;
+ u32 i;
+
+ for (i = 0; i < num; ) {
+ kid = kzalloc_obj(*kid);
+ /* If we cannot store the IDs, they will be lost and only
+ * reclaimed by the FW during reset/reinit.
+ */
+ if (!kid)
+ return -ENOMEM;
+ kid->start_id = le32_to_cpu(key_buf[i]);
+ kid->type = kctx->type;
+ kid->kind = kind;
+ if (contig)
+ kid->count = num;
+ else
+ kid->count = 1;
+ bitmap_set(kid->ids, 0, kid->count);
+ if (id && !i) {
+ clear_bit(0, kid->ids);
+ *id = BNXT_SET_KID(kctx, kid->start_id);
+ }
+ spin_lock(&kctx->lock);
+ list_add_tail_rcu(&kid->list, &kctx->list);
+ WRITE_ONCE(kctx->total_alloc,
+ READ_ONCE(kctx->total_alloc) + kid->count);
+ spin_unlock(&kctx->lock);
+ i += kid->count;
+ }
+ return 0;
+}
+
+/* Note that the driver does not free the key contexts. They are freed
+ * by the FW during FLR and HWRM_FUNC_RESET.
+ */
+static int bnxt_hwrm_key_ctx_alloc(struct bnxt *bp, struct bnxt_kctx *kctx,
+ u8 kind, u32 num, u32 *id)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct hwrm_func_key_ctx_alloc_output *resp;
+ struct hwrm_func_key_ctx_alloc_input *req;
+ dma_addr_t mapping;
+ int pending_count;
+ __le32 *key_buf;
+ u32 num_alloc;
+ bool contig;
+ int rc;
+
+ num = min3(num, crypto->max_key_ctxs_alloc, (u32)BNXT_KID_BATCH_SIZE);
+ rc = hwrm_req_init(bp, req, HWRM_FUNC_KEY_CTX_ALLOC);
+ if (rc)
+ return rc;
+
+ key_buf = hwrm_req_dma_slice(bp, req, num * 4, &mapping);
+ if (!key_buf) {
+ rc = -ENOMEM;
+ goto key_alloc_exit;
+ }
+ req->dma_bufr_size_bytes = cpu_to_le32(num * 4);
+ req->host_dma_addr = cpu_to_le64(mapping);
+ resp = hwrm_req_hold(bp, req);
+
+ req->key_ctx_type = kctx->type;
+ req->num_key_ctxs = cpu_to_le16(num);
+
+ pending_count = atomic_inc_return(&kctx->alloc_pending);
+ rc = hwrm_req_send(bp, req);
+ atomic_dec(&kctx->alloc_pending);
+ if (rc)
+ goto key_alloc_exit_wake;
+
+ num_alloc = le16_to_cpu(resp->num_key_ctxs_allocated);
+ if (num_alloc > num) {
+ netdev_warn(bp->dev,
+ "FW allocated more type %d keys (%d) than requested (%d)\n",
+ kctx->type, num_alloc, num);
+ } else if (!num_alloc) {
+ netdev_warn(bp->dev,
+ "FW allocated 0 type %d keys\n", kctx->type);
+ rc = -ENOENT;
+ goto key_alloc_exit_wake;
+ } else {
+ num = num_alloc;
+ }
+ contig = resp->flags &
+ FUNC_KEY_CTX_ALLOC_RESP_FLAGS_KEY_CTXS_CONTIGUOUS;
+ rc = bnxt_key_ctx_store(kctx, key_buf, num, contig, kind, id);
+
+key_alloc_exit_wake:
+ if (pending_count >= BNXT_KCTX_ALLOC_PENDING_MAX)
+ wake_up_all(&kctx->alloc_pending_wq);
+key_alloc_exit:
+ hwrm_req_drop(bp, req);
+ return rc;
+}
+
+bool bnxt_kid_valid(struct bnxt_kctx *kctx, u32 id)
+{
+ struct bnxt_kid_info *kid;
+ bool valid = false;
+ u32 epoch;
+
+ epoch = BNXT_KID_EPOCH(id);
+ if (epoch != kctx->epoch)
+ return false;
+
+ id = BNXT_KID_HW(id);
+ rcu_read_lock();
+ list_for_each_entry_rcu(kid, &kctx->list, list) {
+ if (id >= kid->start_id && id < kid->start_id + kid->count) {
+ if (!test_bit(id - kid->start_id, kid->ids)) {
+ valid = true;
+ break;
+ }
+ }
+ }
+ rcu_read_unlock();
+ return valid;
+}
+
+static int bnxt_alloc_one_kctx(struct bnxt_kctx *kctx, u8 kind, u32 *id)
+{
+ struct bnxt_kid_info *kid;
+ int rc = -ENOMEM;
+
+ rcu_read_lock();
+ list_for_each_entry_rcu(kid, &kctx->list, list) {
+ u32 idx = 0;
+
+ if (kid->kind != kind)
+ continue;
+ do {
+ idx = find_next_bit(kid->ids, kid->count, idx);
+ if (idx >= kid->count)
+ break;
+ if (test_and_clear_bit(idx, kid->ids)) {
+ *id = BNXT_SET_KID(kctx, kid->start_id + idx);
+ rc = 0;
+ goto alloc_done;
+ }
+ } while (1);
+ }
+
+alloc_done:
+ rcu_read_unlock();
+ return rc;
+}
+
+/**
+ * bnxt_free_one_kctx - Free a key context for later re-use
+ * @kctx: pointer to bnxt_kctx key context structure
+ * @id: Key context ID
+ *
+ * This function is called to free a key context ID when the offload
+ * using the ID has successfully terminated or aborted. If the offload
+ * cannot be terminated, the caller should not call this function to free
+ * the ID. The ID will only be recycled by the FW during reset/reinit.
+ *
+ * The ID is matched by its hardware id only (epoch stripped), so the caller
+ * must ensure it is valid for the current epoch.
+ */
+void bnxt_free_one_kctx(struct bnxt_kctx *kctx, u32 id)
+{
+ struct bnxt_kid_info *kid;
+
+ id = BNXT_KID_HW(id);
+ rcu_read_lock();
+ list_for_each_entry_rcu(kid, &kctx->list, list) {
+ if (id >= kid->start_id && id < kid->start_id + kid->count) {
+ set_bit(id - kid->start_id, kid->ids);
+ break;
+ }
+ }
+ rcu_read_unlock();
+}
+
+#define BNXT_KCTX_ALLOC_RETRY_MAX 3
+
+int bnxt_key_ctx_alloc_one(struct bnxt *bp, struct bnxt_kctx *kctx, u8 kind,
+ u32 *id)
+{
+ int rc, retry = 0;
+
+ while (retry++ < BNXT_KCTX_ALLOC_RETRY_MAX) {
+ rc = bnxt_alloc_one_kctx(kctx, kind, id);
+ if (!rc)
+ return 0;
+
+ /* When approaching the max, multiple threads may proceed
+ * and exceed the max. Some may fail the serialized HWRM call
+ * later when the max is exceeded.
+ */
+ if ((READ_ONCE(kctx->total_alloc) + BNXT_KID_BATCH_SIZE) >
+ kctx->max_ctx)
+ return -ENOSPC;
+
+ if (!BNXT_KCTX_ALLOC_OK(kctx)) {
+ wait_event(kctx->alloc_pending_wq,
+ BNXT_KCTX_ALLOC_OK(kctx));
+ continue;
+ }
+ rc = bnxt_hwrm_key_ctx_alloc(bp, kctx, kind,
+ BNXT_KID_BATCH_SIZE, id);
+ if (!rc)
+ return 0;
+ }
+ return -EAGAIN;
+}
+
+int bnxt_crypto_init(struct bnxt *bp)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ struct bnxt_hw_crypto_resc *crypto_resc;
+ int rc;
+
+ if (!crypto || !BNXT_SUPPORTS_KTLS(bp))
+ return 0;
+
+ crypto_resc = &hw_resc->crypto_resc;
+ BNXT_TCK(crypto).max_ctx = crypto_resc->resv_tx_key_ctxs;
+ BNXT_RCK(crypto).max_ctx = crypto_resc->resv_rx_key_ctxs;
+
+ if (!BNXT_TCK(crypto).max_ctx || !BNXT_RCK(crypto).max_ctx)
+ return -ENODEV;
+
+ rc = bnxt_hwrm_key_ctx_alloc(bp, &BNXT_TCK(crypto), BNXT_CTX_KIND_CK_TX,
+ BNXT_KID_BATCH_SIZE, NULL);
+ if (rc)
+ return rc;
+
+ rc = bnxt_hwrm_key_ctx_alloc(bp, &BNXT_RCK(crypto), BNXT_CTX_KIND_CK_RX,
+ BNXT_KID_BATCH_SIZE, NULL);
+ if (rc)
+ return rc;
+
+ return 0;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
index e090491006db..f88aa410efdd 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -16,11 +16,47 @@ enum bnxt_crypto_type {
BNXT_MAX_CRYPTO_KEY_TYPE,
};
+/* Maximum keys supported by newer FW always multiples of 128 */
+#define BNXT_KID_BATCH_SIZE 128
+
+struct bnxt_kid_info {
+ struct list_head list;
+ u8 type;
+ u8 kind;
+ u32 start_id;
+ u32 count;
+ DECLARE_BITMAP(ids, BNXT_KID_BATCH_SIZE);
+};
+
struct bnxt_kctx {
+ struct list_head list;
+ /* to serialize update to the linked list and total_alloc */
+ spinlock_t lock;
u8 type;
+ u16 epoch;
+ u32 total_alloc;
u32 max_ctx;
+ atomic_t alloc_pending;
+#define BNXT_KCTX_ALLOC_PENDING_MAX 8
+ wait_queue_head_t alloc_pending_wq;
};
+#define BNXT_KID_HW_MASK 0x000fffff
+#define BNXT_KID_HW(kid) ((kid) & BNXT_KID_HW_MASK)
+#define BNXT_KID_EPOCH_MASK 0xfff00000
+#define BNXT_KID_EPOCH_SHIFT 20
+#define BNXT_KID_EPOCH(kid) (((kid) & BNXT_KID_EPOCH_MASK) >> \
+ BNXT_KID_EPOCH_SHIFT)
+
+#define BNXT_NEXT_EPOCH(epoch) \
+ (((epoch) + 1) & (BNXT_KID_EPOCH_MASK >> BNXT_KID_EPOCH_SHIFT))
+
+#define BNXT_SET_KID(kctx, kid) \
+ ((kid) | ((u32)(kctx)->epoch << BNXT_KID_EPOCH_SHIFT))
+
+#define BNXT_KCTX_ALLOC_OK(kctx) \
+ (atomic_read(&((kctx)->alloc_pending)) < BNXT_KCTX_ALLOC_PENDING_MAX)
+
struct bnxt_crypto_info {
u16 max_key_ctxs_alloc;
@@ -30,18 +66,31 @@ struct bnxt_crypto_info {
#define BNXT_TCK(crypto) ((crypto)->kctx[BNXT_TX_CRYPTO_KEY_TYPE])
#define BNXT_RCK(crypto) ((crypto)->kctx[BNXT_RX_CRYPTO_KEY_TYPE])
+#define BNXT_CTX_KIND_CK_TX 0x11
+#define BNXT_CTX_KIND_CK_RX 0x12
+
#ifdef CONFIG_BNXT_TLS
void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp);
+void bnxt_clear_crypto(struct bnxt *bp);
void bnxt_free_crypto_info(struct bnxt *bp);
void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
struct hwrm_func_cfg_input *req);
+bool bnxt_kid_valid(struct bnxt_kctx *kctx, u32 id);
+void bnxt_free_one_kctx(struct bnxt_kctx *kctx, u32 id);
+int bnxt_key_ctx_alloc_one(struct bnxt *bp, struct bnxt_kctx *kctx, u8 kind,
+ u32 *id);
+int bnxt_crypto_init(struct bnxt *bp);
#else
static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp)
{
}
+static inline void bnxt_clear_crypto(struct bnxt *bp)
+{
+}
+
static inline void bnxt_free_crypto_info(struct bnxt *bp)
{
}
@@ -50,5 +99,26 @@ static inline void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
struct hwrm_func_cfg_input *req)
{
}
+
+static inline bool bnxt_kid_valid(struct bnxt_kctx *kctx, u32 id)
+{
+ return false;
+}
+
+static inline void bnxt_free_one_kctx(struct bnxt_kctx *kctx, u32 id)
+{
+}
+
+static inline int bnxt_key_ctx_alloc_one(struct bnxt *bp,
+ struct bnxt_kctx *kctx, u8 kind,
+ u32 *id)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline int bnxt_crypto_init(struct bnxt *bp)
+{
+ return 0;
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_CRYPTO_H */
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 10/15] bnxt_en: Add MPC transmit and completion functions
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (8 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 09/15] bnxt_en: Add infrastructure for crypto key context IDs Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 11/15] bnxt_en: Add crypto MPC transmit/completion infrastructure Michael Chan
` (4 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
Add transmit, ring selection, and completion functions for midpath rings.
These will be used to send control data to the crypto engines.
All TCE/RCE completions are short (16-byte) completions. The long
completions logic in bnxt_mpc_cmp() is added for completeness only.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v5:
Add description in commit log that crypto engines use short completions
only.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-11-michael.chan@broadcom.com/
Use WRITE_ONCE() for TX prod/cons.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-11-michael.chan@broadcom.com/
Fix unused variable warnings
v1:
https://lore.kernel.org/netdev/20260504235836.3019499-11-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 +
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 157 ++++++++++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 65 ++++++++
4 files changed, 227 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 4f7042d91078..d8b9c39dda5c 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -3115,6 +3115,9 @@ static int __bnxt_poll_work(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
rx_pkts++;
else if (rc == -EBUSY) /* partial completion */
break;
+ } else if (cmp_type == CMP_TYPE_MPC_CMP) {
+ if (bnxt_mpc_cmp(bp, cpr, &raw_cons))
+ break;
} else if (unlikely(cmp_type == CMPL_BASE_TYPE_HWRM_DONE ||
cmp_type == CMPL_BASE_TYPE_HWRM_FWD_REQ ||
cmp_type == CMPL_BASE_TYPE_HWRM_ASYNC_EVENT)) {
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 1302c39a7af9..e62b856e78f9 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -47,6 +47,7 @@ struct tx_bd {
__le32 tx_bd_len_flags_type;
#define TX_BD_TYPE (0x3f << 0)
#define TX_BD_TYPE_SHORT_TX_BD (0x00 << 0)
+ #define TX_BD_TYPE_MPC_TX_BD (0x08 << 0)
#define TX_BD_TYPE_LONG_TX_BD (0x10 << 0)
#define TX_BD_FLAGS_PACKET_END (1 << 6)
#define TX_BD_FLAGS_NO_CMPL (1 << 7)
@@ -160,6 +161,7 @@ struct tx_cmp {
#define CMP_TYPE_RX_TPA_AGG_CMP 22
#define CMP_TYPE_RX_L2_V3_CMP 23
#define CMP_TYPE_RX_L2_TPA_START_V3_CMP 25
+ #define CMP_TYPE_MPC_CMP 30
#define CMP_TYPE_STATUS_CMP 32
#define CMP_TYPE_REMOTE_DRIVER_REQ 34
#define CMP_TYPE_REMOTE_DRIVER_RESP 36
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index 40351b7c0b82..a8d757712b38 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -418,3 +418,160 @@ void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path)
}
}
}
+
+struct bnxt_tx_ring_info *bnxt_select_mpc_ring(struct bnxt *bp, int ring_type)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int n;
+
+ if (!mpc || ring_type >= BNXT_MPC_TYPE_MAX ||
+ !mpc->mpc_ring_count[ring_type])
+ return NULL;
+
+ n = raw_smp_processor_id() % mpc->mpc_ring_count[ring_type];
+ return &mpc->mpc_rings[ring_type][n];
+}
+
+/**
+ * bnxt_start_xmit_mpc - Transmit message on an MPC ring
+ * @bp: pointer to bnxt device
+ * @txr: MPC TX ring structure pointer
+ * @data: MPC message pointer
+ * @len: MPC message length
+ * @handle: Non-zero handle passed back for the completion
+ *
+ * This function is called to transmit an MPC message on an MPC TX ring.
+ * The caller must hold txr->tx_lock. When successful, the HW will return
+ * a completion and bnxt_crypto_mpc_cmp() will be called with the handle
+ * passed back.
+ *
+ * Return: zero on success, negative error code otherwise:
+ * ENODEV: MPC TX ring is shutting down.
+ * EBUSY: MPC TX ring is full
+ */
+int bnxt_start_xmit_mpc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ void *data, unsigned int len, unsigned long handle)
+{
+ u32 bds, total_bds, bd_space, free_size;
+ struct bnxt_sw_mpc_tx_bd *tx_buf;
+ struct tx_bd *txbd;
+ u16 prod;
+
+ if (READ_ONCE(txr->dev_state) == BNXT_DEV_STATE_CLOSING)
+ return -ENODEV;
+
+ bds = DIV_ROUND_UP(len, sizeof(*txbd));
+ total_bds = bds + 1;
+ free_size = bnxt_tx_avail(bp, txr);
+ if (free_size < total_bds)
+ return -EBUSY;
+
+ prod = txr->tx_prod;
+ txbd = &txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ tx_buf = &txr->tx_mpc_buf_ring[RING_TX(bp, prod)];
+ tx_buf->handle = handle;
+ tx_buf->inline_bds = total_bds;
+
+ txbd->tx_bd_len_flags_type =
+ cpu_to_le32((len << TX_BD_LEN_SHIFT) | TX_BD_TYPE_MPC_TX_BD |
+ TX_BD_CNT(total_bds));
+ txbd->tx_bd_opaque = SET_TX_OPAQUE(bp, txr, prod, total_bds);
+
+ prod = NEXT_TX(prod);
+ txbd = &txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ bd_space = TX_DESC_CNT - TX_IDX(prod);
+ if (bd_space < bds) {
+ unsigned int len0 = bd_space * sizeof(*txbd);
+
+ memcpy(txbd, data, len0);
+ prod += bd_space;
+ txbd = &txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ bds -= bd_space;
+ len -= len0;
+ data += len0;
+ }
+ memcpy(txbd, data, len);
+ prod += bds;
+ WRITE_ONCE(txr->tx_prod, prod);
+
+ /* Sync BD data before updating doorbell */
+ wmb();
+ bnxt_db_write(bp, &txr->tx_db, prod);
+
+ return 0;
+}
+
+static bool bnxt_mpc_unsolicit(struct mpc_cmp *mpcmp)
+{
+ u32 client = MPC_CMP_CLIENT_TYPE(mpcmp);
+
+ if (client != MPC_CMP_CLIENT_TCE && client != MPC_CMP_CLIENT_RCE)
+ return false;
+ return MPC_CMP_UNSOLICIT_SUBTYPE(mpcmp);
+}
+
+int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons)
+{
+ struct bnxt_cmpl_entry cmpl_entry_arr[2];
+ struct bnxt_napi *bnapi = cpr->bnapi;
+ u16 cons = RING_CMP(*raw_cons);
+ struct mpc_cmp *mpcmp, *mpcmp1;
+ u32 tmp_raw_cons = *raw_cons;
+ u32 client, cmpl_num;
+ u8 type;
+
+ mpcmp = (struct mpc_cmp *)
+ &cpr->cp_desc_ring[CP_RING(cons)][CP_IDX(cons)];
+ type = MPC_CMP_CMP_TYPE(mpcmp);
+ cmpl_entry_arr[0].cmpl = mpcmp;
+ cmpl_entry_arr[0].len = sizeof(*mpcmp);
+ cmpl_num = 1;
+ if (type == MPC_CMP_TYPE_MID_PATH_LONG) {
+ tmp_raw_cons = NEXT_RAW_CMP(tmp_raw_cons);
+ cons = RING_CMP(tmp_raw_cons);
+ mpcmp1 = (struct mpc_cmp *)
+ &cpr->cp_desc_ring[CP_RING(cons)][CP_IDX(cons)];
+
+ if (!MPC_CMP_VALID(bp, mpcmp1, tmp_raw_cons))
+ return -EBUSY;
+ /* The valid test of the entry must be done first before
+ * reading any further.
+ */
+ dma_rmb();
+ if (mpcmp1 == mpcmp + 1) {
+ cmpl_entry_arr[cmpl_num - 1].len += sizeof(*mpcmp1);
+ } else {
+ cmpl_entry_arr[cmpl_num].cmpl = mpcmp1;
+ cmpl_entry_arr[cmpl_num].len = sizeof(*mpcmp1);
+ cmpl_num++;
+ }
+ }
+ client = MPC_CMP_CLIENT_TYPE(mpcmp) >> MPC_CMP_CLIENT_SFT;
+ if (client >= BNXT_MPC_TYPE_MAX)
+ goto cmp_done;
+
+ if (!bnxt_mpc_unsolicit(mpcmp)) {
+ struct bnxt_sw_mpc_tx_bd *mpc_buf;
+ struct bnxt_tx_ring_info *txr;
+ u16 tx_cons;
+ u32 opaque;
+
+ opaque = mpcmp->mpc_cmp_opaque;
+ txr = bnapi->tx_mpc_ring[client];
+ tx_cons = txr->tx_cons;
+ if (TX_OPAQUE_RING(opaque) != txr->tx_napi_idx) {
+ netdev_warn(bp->dev, "Wrong opaque %x, expected ring %x, cons idx %x\n",
+ opaque, txr->tx_napi_idx, txr->tx_cons);
+ goto cmp_done;
+ }
+ mpc_buf = &txr->tx_mpc_buf_ring[RING_TX(bp, tx_cons)];
+ mpc_buf->handle = 0;
+ tx_cons += mpc_buf->inline_bds;
+ WRITE_ONCE(txr->tx_cons, tx_cons);
+ txr->tx_hw_cons = RING_TX(bp, tx_cons);
+ }
+
+cmp_done:
+ *raw_cons = tmp_raw_cons;
+ return 0;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index 3210ecf29c76..91fb27ba8090 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -30,11 +30,53 @@ struct bnxt_mpc_info {
};
struct bnxt_sw_mpc_tx_bd {
+ u8 inline_bds;
unsigned long handle;
};
#define SW_MPC_TXBD_RING_SIZE (sizeof(struct bnxt_sw_mpc_tx_bd) * TX_DESC_CNT)
+struct bnxt_cmpl_entry {
+ void *cmpl;
+ u32 len;
+};
+
+struct mpc_cmp {
+ __le32 mpc_cmp_client_subtype_type;
+ #define MPC_CMP_TYPE (0x3f << 0)
+ #define MPC_CMP_TYPE_MID_PATH_SHORT 0x1e
+ #define MPC_CMP_TYPE_MID_PATH_LONG 0x1f
+ #define MPC_CMP_SUBTYPE 0xf00
+ #define MPC_CMP_SUBTYPE_SFT 8
+ #define MPC_CMP_SUBTYPE_SOLICITED (0x0 << 8)
+ #define MPC_CMP_SUBTYPE_ERR (0x1 << 8)
+ #define MPC_CMP_SUBTYPE_RESYNC (0x2 << 8)
+ #define MPC_CMP_CLIENT (0xf << 12)
+ #define MPC_CMP_CLIENT_SFT 12
+ #define MPC_CMP_CLIENT_TCE (0x0 << 12)
+ #define MPC_CMP_CLIENT_RCE (0x1 << 12)
+ #define MPC_CMP_CLIENT_TE_CFA (0x2 << 12)
+ #define MPC_CMP_CLIENT_RE_CFA (0x3 << 12)
+ u32 mpc_cmp_opaque;
+ __le32 mpc_cmp_v;
+ #define MPC_CMP_V (1 << 0)
+ __le32 mpc_cmp_filler;
+};
+
+#define MPC_CMP_CMP_TYPE(mpcmp) \
+ (le32_to_cpu((mpcmp)->mpc_cmp_client_subtype_type) & MPC_CMP_TYPE)
+
+#define MPC_CMP_CLIENT_TYPE(mpcmp) \
+ (le32_to_cpu((mpcmp)->mpc_cmp_client_subtype_type) & MPC_CMP_CLIENT)
+
+#define MPC_CMP_UNSOLICIT_SUBTYPE(mpcmp) \
+ ((le32_to_cpu((mpcmp)->mpc_cmp_client_subtype_type) & \
+ MPC_CMP_SUBTYPE) != MPC_CMP_SUBTYPE_SOLICITED)
+
+#define MPC_CMP_VALID(bp, mpcmp, raw_cons) \
+ (!!((mpcmp)->mpc_cmp_v & cpu_to_le32(MPC_CMP_V)) == \
+ !((raw_cons) & (bp)->cp_bit))
+
#define BNXT_MPC_CRYPTO_CAP \
(FUNC_QCAPS_RESP_MPC_CHNLS_CAP_TCE | FUNC_QCAPS_RESP_MPC_CHNLS_CAP_RCE)
@@ -64,6 +106,10 @@ void bnxt_free_mpc_rings(struct bnxt *bp);
void bnxt_init_mpc_rings(struct bnxt *bp);
int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp);
void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path);
+struct bnxt_tx_ring_info *bnxt_select_mpc_ring(struct bnxt *bp, int ring_type);
+int bnxt_start_xmit_mpc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ void *data, unsigned int len, unsigned long handle);
+int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -144,5 +190,24 @@ static inline int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp)
static inline void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path)
{
}
+
+static inline struct bnxt_tx_ring_info *bnxt_select_mpc_ring(struct bnxt *bp,
+ int ring_type)
+{
+ return NULL;
+}
+
+static inline int bnxt_start_xmit_mpc(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr, void *data,
+ unsigned int len, unsigned long handle)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
+ u32 *raw_cons)
+{
+ return 0;
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 11/15] bnxt_en: Add crypto MPC transmit/completion infrastructure
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (9 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 10/15] bnxt_en: Add MPC transmit and completion functions Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 12/15] bnxt_en: Support kTLS TX offload by implementing .tls_dev_add/del() Michael Chan
` (3 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
Add infrastructure to support sending crypto commands using the
midpath channels (MPCs). bnxt_xmit_crypto_cmd() is used to send a
crypto command and sleep with timeout until the completion is received.
If it times out, we recover by resetting the MPC. The reset is
deferred to bnxt_sp_task() similar to other resets to prevent
deadlock with a concurent close. The concurrent close may have
acquired the netdev_lock and waiting for the MPC operation to
finish.
The next patch will use this infrastructure to offload kTLS connections.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v5:
Defer the MPC ring reset to bnxt_sp_task() just like other resets to
avoid any possibility od deadlock.
Add more comments to explain the MPC ring disable, stop, start.
v4:
https://lore.kernel.org/netdev/20260629184921.3496727-12-michael.chan@broadcom.com/
Clear MPC entries in bnxt_mpc_ring_reset() if device is going down.
Only clear MPC handle in bnxt_mpc_cmp() if the ring is in normal state to
ensure proper ref counting during reset.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-12-michael.chan@broadcom.com/
Multiple improvements for the MPC timeout logic, including the use of
refcount to terminate the timeout instead of the arbitrary 200msec poll
wait, add synchronize_net().
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-12-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 16 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 4 +
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 138 +++++++++++-
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 95 ++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 208 +++++++++++++++++-
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 14 ++
6 files changed, 470 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index d8b9c39dda5c..316733299e23 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -394,7 +394,7 @@ static void __bnxt_queue_sp_work(struct bnxt *bp)
schedule_work(&bp->sp_task);
}
-static void bnxt_queue_sp_work(struct bnxt *bp, unsigned int event)
+void bnxt_queue_sp_work(struct bnxt *bp, unsigned int event)
{
set_bit(event, &bp->sp_event);
__bnxt_queue_sp_work(bp);
@@ -7720,7 +7720,7 @@ void bnxt_hwrm_cp_ring_free(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
ring->fw_ring_id = INVALID_HW_RING_ID;
}
-static void bnxt_clear_one_cp_ring(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
+void bnxt_clear_one_cp_ring(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
{
struct bnxt_ring_struct *ring = &cpr->cp_ring_struct;
int i, size = ring->ring_mem.page_size;
@@ -14424,7 +14424,7 @@ static int bnxt_hwrm_rx_ring_reset(struct bnxt *bp, int ring_nr)
return hwrm_req_send_silent(bp, req);
}
-static void bnxt_reset_task(struct bnxt *bp, bool silent)
+void bnxt_reset_task(struct bnxt *bp, bool silent)
{
if (!silent)
bnxt_dbg_dump_states(bp);
@@ -14873,6 +14873,13 @@ static void bnxt_ulp_restart(struct bnxt *bp)
bnxt_ulp_start(bp);
}
+static void bnxt_mpc_ring_reset_sp(struct bnxt *bp)
+{
+ bnxt_rtnl_lock_sp(bp);
+ bnxt_mpc_ring_reset_task(bp);
+ bnxt_rtnl_unlock_sp(bp);
+}
+
static void bnxt_sp_task(struct work_struct *work)
{
struct bnxt *bp = container_of(work, struct bnxt, sp_task);
@@ -14965,6 +14972,9 @@ static void bnxt_sp_task(struct work_struct *work)
if (test_and_clear_bit(BNXT_RST_RING_SP_EVENT, &bp->sp_event))
bnxt_rx_ring_reset(bp);
+ if (test_and_clear_bit(BNXT_MPC_RESET_SP_EVENT, &bp->sp_event))
+ bnxt_mpc_ring_reset_sp(bp);
+
if (test_and_clear_bit(BNXT_FW_RESET_NOTIFY_SP_EVENT, &bp->sp_event)) {
if (test_bit(BNXT_STATE_FW_FATAL_COND, &bp->state) ||
test_bit(BNXT_STATE_FW_NON_FATAL_COND, &bp->state))
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index e62b856e78f9..b65538fda3bd 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2672,6 +2672,7 @@ struct bnxt {
#define BNXT_THERMAL_THRESHOLD_SP_EVENT 22
#define BNXT_FW_ECHO_REQUEST_SP_EVENT 23
#define BNXT_RESTART_ULP_SP_EVENT 24
+#define BNXT_MPC_RESET_SP_EVENT 25
struct delayed_work fw_reset_task;
int fw_reset_state;
@@ -2984,6 +2985,7 @@ static inline enum pkt_hash_types bnxt_rss_ext_op(struct bnxt *bp,
extern const u16 bnxt_bstore_to_trace[];
extern const u16 bnxt_lhint_arr[];
+void bnxt_queue_sp_work(struct bnxt *bp, unsigned int event);
int bnxt_alloc_rx_data(struct bnxt *bp, struct bnxt_rx_ring_info *rxr,
u16 prod, gfp_t gfp);
void bnxt_reuse_rx_data(struct bnxt_rx_ring_info *rxr, u16 cons, void *data);
@@ -3025,6 +3027,7 @@ int bnxt_hwrm_tx_ring_alloc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
void bnxt_hwrm_tx_ring_free(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
bool close_path);
void bnxt_hwrm_cp_ring_free(struct bnxt *bp, struct bnxt_cp_ring_info *cpr);
+void bnxt_clear_one_cp_ring(struct bnxt *bp, struct bnxt_cp_ring_info *cpr);
int bnxt_total_tx_rings(struct bnxt *bp);
int __bnxt_hwrm_get_tx_rings(struct bnxt *bp, u16 fid, int *tx_rings);
int bnxt_nq_rings_in_use(struct bnxt *bp);
@@ -3071,6 +3074,7 @@ void bnxt_sync_ring_stats(struct bnxt *bp);
bool bnxt_rfs_capable(struct bnxt *bp, bool new_rss_ctx);
int bnxt_dbg_hwrm_rd_reg(struct bnxt *bp, u32 reg_off, u16 num_words,
u32 *reg_buf);
+void bnxt_reset_task(struct bnxt *bp, bool silent);
void bnxt_fw_exception(struct bnxt *bp);
void bnxt_fw_reset(struct bnxt *bp);
int bnxt_check_rings(struct bnxt *bp, int tx, int rx, bool sh, int tcs,
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index 72927c32bf0c..27a61173dd7c 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -5,10 +5,12 @@
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/slab.h>
+#include <linux/pci.h>
#include <linux/bnxt/hsi.h>
#include "bnxt.h"
#include "bnxt_hwrm.h"
+#include "bnxt_mpc.h"
#include "bnxt_crypto.h"
static u32 bnxt_get_max_crypto_key_ctx(struct bnxt *bp, int key_type)
@@ -42,6 +44,7 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
u16 max_keys = le16_to_cpu(resp->max_key_ctxs_alloc);
struct bnxt_crypto_info *crypto = bp->crypto_info;
struct bnxt_kctx *kctx;
+ char name[64];
int i;
if (BNXT_VF(bp))
@@ -53,6 +56,15 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
"Unable to allocate crypto info\n");
return;
}
+ snprintf(name, sizeof(name), "bnxt_crypto-%s",
+ dev_name(&bp->pdev->dev));
+ crypto->mpc_cache =
+ kmem_cache_create(name,
+ sizeof(struct bnxt_crypto_cmd_ctx),
+ 0, SLAB_HWCACHE_ALIGN, NULL);
+ if (!crypto->mpc_cache)
+ goto alloc_err;
+
for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
kctx = &crypto->kctx[i];
kctx->type = i;
@@ -69,6 +81,10 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
}
crypto->max_key_ctxs_alloc = max_keys;
bp->fw_cap |= BNXT_FW_CAP_KTLS;
+ return;
+
+alloc_err:
+ kfree(crypto);
}
/**
@@ -119,8 +135,13 @@ void bnxt_clear_crypto(struct bnxt *bp)
*/
void bnxt_free_crypto_info(struct bnxt *bp)
{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+
+ if (!crypto)
+ return;
bnxt_clear_crypto(bp);
- kfree(bp->crypto_info);
+ kmem_cache_destroy(crypto->mpc_cache);
+ kfree(crypto);
bp->crypto_info = NULL;
bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
}
@@ -369,6 +390,82 @@ int bnxt_key_ctx_alloc_one(struct bnxt *bp, struct bnxt_kctx *kctx, u8 kind,
return -EAGAIN;
}
+#define BNXT_XMIT_CRYPTO_RETRY_MAX 10
+#define BNXT_XMIT_CRYPTO_MIN_TMO 100
+#define BNXT_XMIT_CRYPTO_MAX_TMO 150
+
+int bnxt_xmit_crypto_cmd(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ void *cmd, unsigned int len, unsigned int tmo)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_crypto_cmd_ctx *ctx = NULL;
+ unsigned long tmo_left, handle = 0;
+ int rc, retry = 0;
+
+ if (tmo) {
+ u32 kid = CE_CMD_KID(cmd);
+
+ ctx = kmem_cache_alloc(crypto->mpc_cache, GFP_KERNEL);
+ if (!ctx)
+ return -ENOMEM;
+ init_completion(&ctx->cmp);
+ handle = (unsigned long)ctx;
+ ctx->kid = kid;
+ ctx->client = txr->tx_ring_struct.mpc_chnl_type;
+ ctx->status = 0;
+ /* One reference for this caller, one for the handle stored in
+ * the TX buf ring. The latter is dropped by
+ * bnxt_crypto_mpc_cmp() when the command is completed normally
+ * or after timeout.
+ */
+ refcount_set(&ctx->refcnt, 2);
+ retry = BNXT_XMIT_CRYPTO_RETRY_MAX;
+ might_sleep();
+ }
+ do {
+ spin_lock_bh(&txr->tx_lock);
+ rc = bnxt_start_xmit_mpc(bp, txr, cmd, len, handle);
+ spin_unlock_bh(&txr->tx_lock);
+ if (rc == -EBUSY && tmo && retry)
+ usleep_range(BNXT_XMIT_CRYPTO_MIN_TMO,
+ BNXT_XMIT_CRYPTO_MAX_TMO);
+ else
+ break;
+ } while (retry--);
+ if (rc || !tmo) {
+ /* The completion will never arrive, drop one reference */
+ if (ctx)
+ refcount_dec(&ctx->refcnt);
+ goto xmit_done;
+ }
+
+ tmo_left = wait_for_completion_timeout(&ctx->cmp, msecs_to_jiffies(tmo));
+ if (!tmo_left) {
+ netdev_warn(bp->dev, "crypto MP cmd %08x timed out\n",
+ *((u32 *)cmd));
+ bnxt_mpc_timeout(bp, txr);
+ rc = -ETIMEDOUT;
+ goto xmit_done;
+ }
+ if (ctx->status == BNXT_CMD_CTX_COMPLETED &&
+ CE_CMPL_STATUS(&ctx->ce_cmp) == CE_CMPL_STATUS_OK)
+ rc = 0;
+ else
+ rc = -EIO;
+xmit_done:
+ if (rc) {
+ u8 status = ctx ? ctx->status : 0;
+
+ netdev_warn(bp->dev,
+ "MPC transmit failed, ring idx %d, op 0x%x, kid 0x%x, status 0x%x\n",
+ txr->bnapi->index, CE_CMD_OP(cmd), CE_CMD_KID(cmd),
+ status);
+ }
+ if (ctx && refcount_dec_and_test(&ctx->refcnt))
+ kmem_cache_free(crypto->mpc_cache, ctx);
+ return rc;
+}
+
int bnxt_crypto_init(struct bnxt *bp)
{
struct bnxt_crypto_info *crypto = bp->crypto_info;
@@ -398,3 +495,42 @@ int bnxt_crypto_init(struct bnxt *bp)
return 0;
}
+
+void bnxt_crypto_mpc_cmp(struct bnxt *bp, u32 client, unsigned long handle,
+ struct bnxt_cmpl_entry cmpl[], u32 entries)
+{
+ struct bnxt_crypto_cmd_ctx *ctx;
+ struct ce_cmpl *cmp = NULL;
+ u32 len, kid;
+
+ if (likely(cmpl))
+ cmp = cmpl[0].cmpl;
+ if (!handle || entries != 1) {
+ if (entries != 1 && cmpl) {
+ netdev_warn(bp->dev, "Invalid entries %d with handle %lx cmpl %08x in %s()\n",
+ entries, handle, *(u32 *)cmp, __func__);
+ }
+ if (!handle)
+ return;
+ }
+ ctx = (void *)handle;
+ ctx->status = BNXT_CMD_CTX_COMPLETED;
+ if (unlikely(!cmpl)) {
+ ctx->status |= BNXT_CMD_CTX_RESET;
+ goto cmp_done;
+ }
+ kid = CE_CMPL_KID(cmp);
+ if (ctx->kid != kid || ctx->client != client || entries != 1) {
+ netdev_warn(bp->dev,
+ "Invalid CE cmpl 0x%08x with entries %d for client %d with status 0x%x, expected kid 0x%x and client %d\n",
+ *(u32 *)cmp, entries, client, ctx->status, ctx->kid,
+ ctx->client);
+ ctx->status |= BNXT_CMD_CTX_ERROR;
+ }
+ len = min_t(u32, cmpl[0].len, sizeof(ctx->ce_cmp));
+ memcpy(&ctx->ce_cmp, cmpl[0].cmpl, len);
+cmp_done:
+ complete(&ctx->cmp);
+ if (refcount_dec_and_test(&ctx->refcnt))
+ kmem_cache_free(bp->crypto_info->mpc_cache, ctx);
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
index f88aa410efdd..8a2cbb7603a8 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -4,6 +4,8 @@
#ifndef BNXT_CRYPTO_H
#define BNXT_CRYPTO_H
+#include <linux/refcount.h>
+
#define BNXT_MAX_TX_CRYPTO_KEYS 204800
#define BNXT_MAX_RX_CRYPTO_KEYS 204800
@@ -61,6 +63,80 @@ struct bnxt_crypto_info {
u16 max_key_ctxs_alloc;
struct bnxt_kctx kctx[BNXT_MAX_CRYPTO_KEY_TYPE];
+
+ struct kmem_cache *mpc_cache;
+};
+
+struct ce_delete_cmd {
+ __le32 ctx_kind_kid_opcode;
+ #define CE_DELETE_CMD_OPCODE_MASK 0xfUL
+ #define CE_DELETE_CMD_OPCODE_SFT 0
+ #define CE_DELETE_CMD_OPCODE_DEL 0x2UL
+ #define CE_DELETE_CMD_KID_MASK 0xfffff0UL
+ #define CE_DELETE_CMD_KID_SFT 4
+ #define CE_DELETE_CMD_CTX_KIND_MASK 0x1f000000UL
+ #define CE_DELETE_CMD_CTX_KIND_SFT 24
+ #define CE_DELETE_CMD_CTX_KIND_CK_TX (0x11UL << 24)
+ #define CE_DELETE_CMD_CTX_KIND_CK_RX (0x12UL << 24)
+};
+
+#define CE_CMD_OP_MASK 0x00000fU
+#define CE_CMD_KID_MASK 0xfffff0U
+#define CE_CMD_KID_SFT 4
+
+#define CE_CMD_OP(cmd_p) \
+ (le32_to_cpu(*(__le32 *)(cmd_p)) & CE_CMD_OP_MASK)
+
+#define CE_CMD_KID(cmd_p) \
+ ((le32_to_cpu(*(__le32 *)(cmd_p)) & CE_CMD_KID_MASK) >> CE_CMD_KID_SFT)
+
+struct ce_cmpl {
+ __le16 client_subtype_type;
+ #define CE_CMPL_TYPE_MASK 0x3fUL
+ #define CE_CMPL_TYPE_SFT 0
+ #define CE_CMPL_TYPE_MID_PATH_SHORT 0x1eUL
+ #define CE_CMPL_SUBTYPE_MASK 0xf00UL
+ #define CE_CMPL_SUBTYPE_SFT 8
+ #define CE_CMPL_SUBTYPE_SOLICITED (0x0UL << 8)
+ #define CE_CMPL_SUBTYPE_ERR (0x1UL << 8)
+ #define CE_CMPL_SUBTYPE_RESYNC (0x2UL << 8)
+ #define CE_CMPL_MP_CLIENT_MASK 0xf000UL
+ #define CE_CMPL_MP_CLIENT_SFT 12
+ #define CE_CMPL_MP_CLIENT_TCE (0x0UL << 12)
+ #define CE_CMPL_MP_CLIENT_RCE (0x1UL << 12)
+ __le16 status;
+ #define CE_CMPL_STATUS_MASK 0xfUL
+ #define CE_CMPL_STATUS_SFT 0
+ #define CE_CMPL_STATUS_OK 0x0UL
+ #define CE_CMPL_STATUS_CTX_LD_ERR 0x1UL
+ #define CE_CMPL_STATUS_FID_CHK_ERR 0x2UL
+ #define CE_CMPL_STATUS_CTX_VER_ERR 0x3UL
+ #define CE_CMPL_STATUS_DST_ID_ERR 0x4UL
+ #define CE_CMPL_STATUS_MP_CMD_ERR 0x5UL
+ u32 opaque;
+ __le32 v;
+ #define CE_CMPL_V 0x1UL
+ __le32 kid;
+ #define CE_CMPL_KID_MASK 0xfffffUL
+ #define CE_CMPL_KID_SFT 0
+};
+
+#define CE_CMPL_STATUS(ce_cmpl) \
+ (le16_to_cpu((ce_cmpl)->status) & CE_CMPL_STATUS_MASK)
+
+#define CE_CMPL_KID(ce_cmpl) \
+ (le32_to_cpu((ce_cmpl)->kid) & CE_CMPL_KID_MASK)
+
+struct bnxt_crypto_cmd_ctx {
+ struct completion cmp;
+ struct ce_cmpl ce_cmp;
+ refcount_t refcnt;
+ u32 kid;
+ u16 client;
+ u8 status;
+#define BNXT_CMD_CTX_COMPLETED 0x1
+#define BNXT_CMD_CTX_ERROR 0x2
+#define BNXT_CMD_CTX_RESET 0x4
};
#define BNXT_TCK(crypto) ((crypto)->kctx[BNXT_TX_CRYPTO_KEY_TYPE])
@@ -80,7 +156,11 @@ bool bnxt_kid_valid(struct bnxt_kctx *kctx, u32 id);
void bnxt_free_one_kctx(struct bnxt_kctx *kctx, u32 id);
int bnxt_key_ctx_alloc_one(struct bnxt *bp, struct bnxt_kctx *kctx, u8 kind,
u32 *id);
+int bnxt_xmit_crypto_cmd(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ void *cmd, unsigned int len, unsigned int tmo);
int bnxt_crypto_init(struct bnxt *bp);
+void bnxt_crypto_mpc_cmp(struct bnxt *bp, u32 client, unsigned long handle,
+ struct bnxt_cmpl_entry cmpl[], u32 entries);
#else
static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp)
@@ -116,9 +196,24 @@ static inline int bnxt_key_ctx_alloc_one(struct bnxt *bp,
return -EOPNOTSUPP;
}
+static inline int bnxt_xmit_crypto_cmd(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr,
+ void *cmd, unsigned int len,
+ unsigned int tmo)
+{
+ return -EOPNOTSUPP;
+}
+
static inline int bnxt_crypto_init(struct bnxt *bp)
{
return 0;
}
+
+static inline void bnxt_crypto_mpc_cmp(struct bnxt *bp, u32 client,
+ unsigned long handle,
+ struct bnxt_cmpl_entry cmpl[],
+ u32 entries)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_CRYPTO_H */
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index a8d757712b38..71ebeb6ff33a 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -9,6 +9,7 @@
#include "bnxt.h"
#include "bnxt_mpc.h"
+#include "bnxt_crypto.h"
void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -501,6 +502,206 @@ int bnxt_start_xmit_mpc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
return 0;
}
+/* Returns true if the ring is successfully marked as closing. It
+ * means that there will be no more MPC transmissions and NAPI will now
+ * complete any MPC completions on the completion ring with NULL handles
+ * to signal abort.
+ */
+static bool bnxt_disable_mpc_ring(struct bnxt_mpc_info *mpc, int mpc_ring)
+{
+ struct bnxt_tx_ring_info *txr;
+ bool disabled = false;
+ int i;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc_ring >= mpc->mpc_ring_count[i])
+ continue;
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ spin_lock_bh(&txr->tx_lock);
+ if (!READ_ONCE(txr->dev_state)) {
+ disabled = true;
+ WRITE_ONCE(txr->dev_state, BNXT_DEV_STATE_CLOSING);
+ }
+ spin_unlock_bh(&txr->tx_lock);
+ if (!disabled)
+ break;
+ }
+ /* Make sure napi polls see @dev_state change */
+ if (disabled)
+ synchronize_net();
+ return disabled;
+}
+
+static void bnxt_enable_mpc_ring(struct bnxt_mpc_info *mpc, int mpc_ring)
+{
+ struct bnxt_tx_ring_info *txr;
+ int i;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc_ring >= mpc->mpc_ring_count[i])
+ continue;
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ WRITE_ONCE(txr->dev_state, 0);
+ }
+}
+
+static void bnxt_clear_one_mpc_entries(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr)
+{
+ struct bnxt_sw_mpc_tx_bd *tx_buf;
+ unsigned long handle;
+ int i, max_idx;
+ u32 client;
+
+ max_idx = bp->tx_nr_pages * TX_DESC_CNT;
+
+ for (i = 0; i < max_idx; i++) {
+ tx_buf = &txr->tx_mpc_buf_ring[i];
+ handle = tx_buf->handle;
+ if (handle) {
+ client = txr->tx_ring_struct.mpc_chnl_type;
+ bnxt_crypto_mpc_cmp(bp, client, handle, NULL, 0);
+ tx_buf->handle = 0;
+ }
+ }
+}
+
+static void bnxt_mpc_ring_stop(struct bnxt *bp, struct bnxt_mpc_info *mpc,
+ int mpc_ring)
+{
+ struct bnxt_tx_ring_info *txr;
+ struct bnxt_cp_ring_info *cpr;
+ int i;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc->mpc_ring_count[i] > mpc_ring) {
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ bnxt_hwrm_tx_ring_free(bp, txr, true);
+ }
+ }
+ /* CP ring must be freed at the end to guarantee that the HWRM_DONE
+ * responses for HWRM_RING_FREE can still be seen on the CP ring.
+ */
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc->mpc_ring_count[i] > mpc_ring) {
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ cpr = txr->tx_cpr;
+ if (cpr)
+ bnxt_hwrm_cp_ring_free(bp, cpr);
+ }
+ }
+ /* No new DMA to the CP ring at this point, but we need to wait
+ * for any in-flight NAPI poll to finish before we zero the
+ * completion entries in the CP ring.
+ */
+ synchronize_net();
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc->mpc_ring_count[i] > mpc_ring) {
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ cpr = txr->tx_cpr;
+ if (cpr)
+ bnxt_clear_one_cp_ring(bp, cpr);
+ bnxt_clear_one_mpc_entries(bp, txr);
+ }
+ }
+}
+
+static int bnxt_mpc_ring_start(struct bnxt *bp, struct bnxt_mpc_info *mpc,
+ int mpc_ring)
+{
+ struct bnxt_tx_ring_info *txr;
+ int i, rc;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc->mpc_ring_count[i] > mpc_ring) {
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ txr->tx_prod = 0;
+ txr->tx_cons = 0;
+ txr->tx_hw_cons = 0;
+ rc = bnxt_hwrm_one_mpc_ring_alloc(bp, txr);
+ if (rc)
+ return rc;
+ }
+ }
+ return 0;
+}
+
+/* Called from bnxt_sp_task() with netdev_lock held. If the device is not
+ * open there is nothing to do: the open path will re-allocate and
+ * re-initialize all MPC rings.
+ */
+void bnxt_mpc_ring_reset_task(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ struct bnxt_tx_ring_info *txr;
+ int i, j;
+
+ if (!mpc || !test_bit(BNXT_STATE_OPEN, &bp->state))
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ for (j = 0; j < mpc->mpc_ring_count[i]; j++) {
+ txr = &mpc->mpc_rings[i][j];
+ if (READ_ONCE(txr->dev_state) != BNXT_DEV_STATE_CLOSING)
+ continue;
+
+ /* Resets the whole ring (both types) */
+ netdev_warn(bp->dev, "Resetting MPC ring %d\n", j);
+ bnxt_mpc_ring_stop(bp, mpc, j);
+ if (bnxt_mpc_ring_start(bp, mpc, j)) {
+ netdev_err(bp->dev, "Error starting MPC ring %d, resetting device\n",
+ j);
+ bnxt_mpc_ring_stop(bp, mpc, j);
+ bnxt_reset_task(bp, true);
+ /* bnxt_reset_task() will clear everything */
+ return;
+ }
+ bnxt_enable_mpc_ring(mpc, j);
+ }
+ }
+}
+
+static int bnxt_mpc_ring_reset(struct bnxt *bp, int mpc_ring)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ struct bnxt_tx_ring_info *txr;
+ int i;
+
+ if (!mpc)
+ return 0;
+ if (mpc_ring >= mpc->mpc_cp_rings)
+ return -EINVAL;
+
+ if (!bnxt_disable_mpc_ring(mpc, mpc_ring))
+ return 0;
+
+ /* Completion handles will no longer be processed at this point
+ * from NAPI, so we can complete the outstanding commands and
+ * release the command contexts.
+ */
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc->mpc_ring_count[i] > mpc_ring) {
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ bnxt_clear_one_mpc_entries(bp, txr);
+ }
+ }
+
+ /* If the device is going down, the reopen will re-allocate and
+ * re-initialize all MPC rings. Otherwise defer the reset to
+ * bnxt_sp_task() to safely hold the netdev_lock.
+ */
+ if (test_bit(BNXT_STATE_OPEN, &bp->state))
+ bnxt_queue_sp_work(bp, BNXT_MPC_RESET_SP_EVENT);
+ return 0;
+}
+
+int bnxt_mpc_timeout(struct bnxt *bp, struct bnxt_tx_ring_info *txr)
+{
+ if (txr->tx_ring_struct.queue_id == BNXT_MPC_QUEUE_ID)
+ return bnxt_mpc_ring_reset(bp, txr->txq_index);
+ return -EINVAL;
+}
+
static bool bnxt_mpc_unsolicit(struct mpc_cmp *mpcmp)
{
u32 client = MPC_CMP_CLIENT_TYPE(mpcmp);
@@ -517,6 +718,7 @@ int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons)
u16 cons = RING_CMP(*raw_cons);
struct mpc_cmp *mpcmp, *mpcmp1;
u32 tmp_raw_cons = *raw_cons;
+ unsigned long handle = 0;
u32 client, cmpl_num;
u8 type;
@@ -565,11 +767,15 @@ int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons)
goto cmp_done;
}
mpc_buf = &txr->tx_mpc_buf_ring[RING_TX(bp, tx_cons)];
- mpc_buf->handle = 0;
+ if (!READ_ONCE(txr->dev_state)) {
+ handle = mpc_buf->handle;
+ mpc_buf->handle = 0;
+ }
tx_cons += mpc_buf->inline_bds;
WRITE_ONCE(txr->tx_cons, tx_cons);
txr->tx_hw_cons = RING_TX(bp, tx_cons);
}
+ bnxt_crypto_mpc_cmp(bp, client, handle, cmpl_entry_arr, cmpl_num);
cmp_done:
*raw_cons = tmp_raw_cons;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index 91fb27ba8090..b0b1e783cdc7 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -22,6 +22,8 @@ enum bnxt_mpc_type {
#define BNXT_DFLT_MPC_TCE BNXT_MAX_MPC
#define BNXT_DFLT_MPC_RCE BNXT_MAX_MPC
+#define BNXT_MPC_TMO_MSECS 1000
+
struct bnxt_mpc_info {
u8 mpc_chnls_cap;
u8 mpc_cp_rings;
@@ -109,6 +111,8 @@ void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path);
struct bnxt_tx_ring_info *bnxt_select_mpc_ring(struct bnxt *bp, int ring_type);
int bnxt_start_xmit_mpc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
void *data, unsigned int len, unsigned long handle);
+void bnxt_mpc_ring_reset_task(struct bnxt *bp);
+int bnxt_mpc_timeout(struct bnxt *bp, struct bnxt_tx_ring_info *txr);
int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
@@ -204,6 +208,16 @@ static inline int bnxt_start_xmit_mpc(struct bnxt *bp,
return -EOPNOTSUPP;
}
+static inline void bnxt_mpc_ring_reset_task(struct bnxt *bp)
+{
+}
+
+static inline int bnxt_mpc_timeout(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr)
+{
+ return -EOPNOTSUPP;
+}
+
static inline int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
u32 *raw_cons)
{
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 12/15] bnxt_en: Support kTLS TX offload by implementing .tls_dev_add/del()
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (10 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 11/15] bnxt_en: Add crypto MPC transmit/completion infrastructure Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 13/15] bnxt_en: Implement kTLS TX normal path Michael Chan
` (2 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
Add basic infrastructure to allocate and free kTLS context IDs (KIDs)
to support kTLS TX offload. To offload a connection in .tls_dev_add(),
the first step is to allocate a KID. After that the kTLS offload
command is sent to the HW via MPC using the function
bnxt_xmit_crypto_cmd() introduced in the last patch.
In .tls_dev_del(), we send the delete command to the HW using the
same bnxt_xmit_crypto_cmd(). After that we free the KID, making it
available for new offload. There is extra logic to handle ifdown,
FW reset, and device reconfiguration while deleting the connection.
bnxt_ktls_init() assigns bnxt_ktls_ops to the netdev and sets up
the TLS TX offload feature. bnxt_ktls_init() will be called in
the next patch.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v4:
Fix uninitialized kctx_tx variable warning.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-13-michael.chan@broadcom.com/
Use wait_event() in bnxt_ktls_dev_del() in case the device is in transient
reconfig state instead of poll wait.
Call bnxt_crypto_del_all() after BNXT_STATE_OPEN is cleared as documented.
Use memzero_explicit() to clear sensitive TLS parameters.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-13-michael.chan@broadcom.com/
Fix unused variable warning
Fix error recovery issues
v1:
https://lore.kernel.org/netdev/20260504235836.3019499-13-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/Makefile | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 16 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 +
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 82 ++++-
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 11 +
.../net/ethernet/broadcom/bnxt/bnxt_ktls.c | 345 ++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_ktls.h | 112 ++++++
7 files changed, 566 insertions(+), 3 deletions(-)
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
diff --git a/drivers/net/ethernet/broadcom/bnxt/Makefile b/drivers/net/ethernet/broadcom/bnxt/Makefile
index 3acdb81fa958..88e68248aad4 100644
--- a/drivers/net/ethernet/broadcom/bnxt/Makefile
+++ b/drivers/net/ethernet/broadcom/bnxt/Makefile
@@ -5,4 +5,4 @@ bnxt_en-y := bnxt.o bnxt_hwrm.o bnxt_sriov.o bnxt_ethtool.o bnxt_dcb.o bnxt_ulp.
bnxt_en-$(CONFIG_BNXT_FLOWER_OFFLOAD) += bnxt_tc.o
bnxt_en-$(CONFIG_DEBUG_FS) += bnxt_debugfs.o
bnxt_en-$(CONFIG_BNXT_HWMON) += bnxt_hwmon.o
-bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o bnxt_crypto.o
+bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o bnxt_crypto.o bnxt_ktls.o
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 316733299e23..ef73e992756b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -78,6 +78,7 @@
#include <net/tso.h>
#include "bnxt_mpc.h"
#include "bnxt_crypto.h"
+#include "bnxt_ktls.h"
#define BNXT_TX_TIMEOUT (5 * HZ)
#define BNXT_DEF_MSG_ENABLE (NETIF_MSG_DRV | NETIF_MSG_HW | \
@@ -13326,6 +13327,7 @@ static int __bnxt_open_nic(struct bnxt *bp, bool irq_re_init, bool link_re_init)
static_branch_disable(&bnxt_xdp_locking_key);
}
set_bit(BNXT_STATE_OPEN, &bp->state);
+ bnxt_ktls_wake(bp);
bnxt_enable_int(bp);
/* Enable TX queues */
bnxt_tx_enable(bp);
@@ -13467,7 +13469,8 @@ static int bnxt_open(struct net_device *dev)
static bool bnxt_drv_busy(struct bnxt *bp)
{
return (test_bit(BNXT_STATE_IN_SP_TASK, &bp->state) ||
- test_bit(BNXT_STATE_READ_STATS, &bp->state));
+ test_bit(BNXT_STATE_READ_STATS, &bp->state) ||
+ bnxt_ktls_busy(bp));
}
static void bnxt_get_ring_stats(struct bnxt *bp,
@@ -13485,9 +13488,20 @@ static void __bnxt_close_nic(struct bnxt *bp, bool irq_re_init,
clear_bit(BNXT_STATE_OPEN, &bp->state);
smp_mb__after_atomic();
+ /* Wake any kTLS delete waiting on a reconfig so it re-evaluates and
+ * either keeps waiting for the reopen or aborts (ifdown / FW reset).
+ */
+ bnxt_ktls_wake(bp);
while (bnxt_drv_busy(bp))
msleep(20);
+ /* Delete all crypto connections and KIDs only on ifdown and FW reset,
+ * not ethtool config changes.
+ */
+ if (!netif_running(bp->dev) ||
+ test_bit(BNXT_STATE_IN_FW_RESET, &bp->state))
+ bnxt_crypto_del_all(bp);
+
if (BNXT_SUPPORTS_MULTI_RSS_CTX(bp))
bnxt_clear_rss_ctxs(bp);
/* Flush rings and disable interrupts */
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index b65538fda3bd..b7ad665b47ae 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2475,6 +2475,7 @@ struct bnxt {
struct bnxt_mpc_info *mpc_info;
struct bnxt_crypto_info *crypto_info;
+ struct bnxt_tls_info *ktls_info;
unsigned int current_interval;
#define BNXT_TIMER_INTERVAL HZ
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index 27a61173dd7c..6376a85d4b83 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -11,6 +11,7 @@
#include "bnxt.h"
#include "bnxt_hwrm.h"
#include "bnxt_mpc.h"
+#include "bnxt_ktls.h"
#include "bnxt_crypto.h"
static u32 bnxt_get_max_crypto_key_ctx(struct bnxt *bp, int key_type)
@@ -80,13 +81,91 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
kctx->max_ctx = bnxt_get_max_crypto_key_ctx(bp, i);
}
crypto->max_key_ctxs_alloc = max_keys;
- bp->fw_cap |= BNXT_FW_CAP_KTLS;
+ if (!bp->ktls_info)
+ bnxt_alloc_ktls_info(bp);
+ if (bp->ktls_info)
+ bp->fw_cap |= BNXT_FW_CAP_KTLS;
return;
alloc_err:
kfree(crypto);
}
+int bnxt_crypto_del(struct bnxt *bp, u8 type, u8 kind, u32 kid)
+{
+ struct bnxt_tx_ring_info *txr;
+ struct ce_delete_cmd cmd = {};
+ u32 data;
+
+ if (BNXT_NO_FW_ACCESS(bp))
+ return 0;
+
+ txr = bnxt_select_mpc_ring(bp, type);
+ if (!txr)
+ return -ENODEV;
+ if (kind == BNXT_CTX_KIND_CK_TX)
+ data = CE_DELETE_CMD_CTX_KIND_CK_TX;
+ else if (kind == BNXT_CTX_KIND_CK_RX)
+ data = CE_DELETE_CMD_CTX_KIND_CK_RX;
+ else
+ return -EINVAL;
+
+ data |= CE_DELETE_CMD_OPCODE_DEL |
+ (BNXT_KID_HW(kid) << CE_DELETE_CMD_KID_SFT);
+
+ cmd.ctx_kind_kid_opcode = cpu_to_le32(data);
+ return bnxt_xmit_crypto_cmd(bp, txr, &cmd, sizeof(cmd),
+ BNXT_MPC_TMO_MSECS);
+}
+
+static void bnxt_crypto_del_all_kids(struct bnxt *bp, struct bnxt_kid_info *kid)
+{
+ int i, rc;
+
+ for (i = 0; i < kid->count; i++) {
+ if (!test_bit(i, kid->ids)) {
+ rc = bnxt_crypto_del(bp, kid->type, kid->kind,
+ kid->start_id + i);
+ if (!rc)
+ set_bit(i, kid->ids);
+ }
+ }
+}
+
+/**
+ * bnxt_crypto_del_all - Delete all crypto connections
+ * @bp: pointer to bnxt device
+ *
+ * Delete all crypto connections and free all KIDs for re-use during
+ * shutdown. Increment the epoch counter to invalidate any outstanding
+ * key references.
+ *
+ * Locking: the caller must have cleared BNXT_STATE_OPEN and waited for all
+ * in-flight kTLS control ops to drain. Under these preconditions there are
+ * no concurrent readers or writers of the KID lists, so the lists can be
+ * walked without rcu_read_lock() or the kctx lock.
+ *
+ * Context: Process context during shutdown/reset
+ */
+void bnxt_crypto_del_all(struct bnxt *bp)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_kid_info *kid;
+ struct bnxt_kctx *kctx;
+ int i;
+
+ if (!crypto)
+ return;
+
+ /* No concurrent access; see the locking note above. */
+ for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
+ kctx = &crypto->kctx[i];
+ list_for_each_entry(kid, &kctx->list, list)
+ bnxt_crypto_del_all_kids(bp, kid);
+ kctx->epoch = BNXT_NEXT_EPOCH(kctx->epoch);
+ }
+}
+
/**
* bnxt_clear_crypto - Clear all crypto key contexts
* @bp: pointer to bnxt device
@@ -137,6 +216,7 @@ void bnxt_free_crypto_info(struct bnxt *bp)
{
struct bnxt_crypto_info *crypto = bp->crypto_info;
+ bnxt_free_ktls_info(bp);
if (!crypto)
return;
bnxt_clear_crypto(bp);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
index 8a2cbb7603a8..d4759059a6d2 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -148,6 +148,8 @@ struct bnxt_crypto_cmd_ctx {
#ifdef CONFIG_BNXT_TLS
void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp);
+int bnxt_crypto_del(struct bnxt *bp, u8 type, u8 kind, u32 kid);
+void bnxt_crypto_del_all(struct bnxt *bp);
void bnxt_clear_crypto(struct bnxt *bp);
void bnxt_free_crypto_info(struct bnxt *bp);
void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
@@ -167,6 +169,15 @@ static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
{
}
+static inline int bnxt_crypto_del(struct bnxt *bp, u8 type, u8 kind, u32 kid)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline void bnxt_crypto_del_all(struct bnxt *bp)
+{
+}
+
static inline void bnxt_clear_crypto(struct bnxt *bp)
{
}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
new file mode 100644
index 000000000000..cec877075b16
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
@@ -0,0 +1,345 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#include <net/tls.h>
+#include <linux/bnxt/hsi.h>
+
+#include "bnxt.h"
+#include "bnxt_mpc.h"
+#include "bnxt_crypto.h"
+#include "bnxt_ktls.h"
+
+/**
+ * bnxt_alloc_ktls_info - Allocate and initialize kTLS offload context
+ * @bp: pointer to bnxt device
+ *
+ * Allocates the main kTLS crypto info structure
+ *
+ * This function is called during device initialization when firmware
+ * reports kTLS offload capability. If allocation fails, kTLS offload
+ * will not be available but the device will still function.
+ *
+ * Context: Process context
+ *
+ * Return: zero on success, negative error code otherwise:
+ * ENOMEM: out of memory
+ */
+int bnxt_alloc_ktls_info(struct bnxt *bp)
+{
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+
+ if (BNXT_VF(bp))
+ return -EOPNOTSUPP;
+ if (ktls)
+ return 0;
+
+ ktls = kzalloc_obj(*ktls);
+ if (!ktls) {
+ netdev_warn(bp->dev, "Unable to allocate kTLS info\n");
+ return -ENOMEM;
+ }
+ ktls->counters = kzalloc_objs(*ktls->counters,
+ BNXT_KTLS_MAX_CTRL_COUNTERS);
+ if (!ktls->counters)
+ goto ktls_err;
+
+ init_waitqueue_head(&ktls->open_wq);
+ bp->ktls_info = ktls;
+ return 0;
+
+ktls_err:
+ kfree(ktls->counters);
+ kfree(ktls);
+ return -ENOMEM;
+}
+
+/**
+ * bnxt_free_ktls_info - Free kTLS crypto offload resources
+ * @bp: pointer to bnxt device
+ *
+ * Frees all resources associated with kTLS crypto offload
+ *
+ * Context: Process context during device shutdown/removal
+ */
+void bnxt_free_ktls_info(struct bnxt *bp)
+{
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+
+ if (!ktls)
+ return;
+ kfree(ktls->counters);
+ kfree(ktls);
+ bp->ktls_info = NULL;
+}
+
+/* Copy in reverse byte order */
+static void bnxt_copy_tls_mp_data(u8 *dst, u8 *src, int bytes)
+{
+ int i;
+
+ for (i = 0; i < bytes; i++)
+ dst[bytes - i - 1] = src[i];
+}
+
+static int bnxt_crypto_add(struct bnxt *bp, enum tls_offload_ctx_dir direction,
+ struct tls_crypto_info *crypto_info, u32 tcp_seq_no,
+ u32 kid)
+{
+ struct bnxt_tx_ring_info *txr;
+ struct ce_add_cmd cmd = {0};
+ u32 data;
+ int rc;
+
+ if (direction == TLS_OFFLOAD_CTX_DIR_TX) {
+ txr = bnxt_select_mpc_ring(bp, BNXT_MPC_TCE_TYPE);
+ cmd.ctx_kind = CE_ADD_CMD_CTX_KIND_CK_TX;
+ } else {
+ return -EOPNOTSUPP;
+ }
+ if (!txr)
+ return -ENODEV;
+
+ data = CE_ADD_CMD_OPCODE_ADD | (BNXT_KID_HW(kid) << CE_ADD_CMD_KID_SFT);
+ switch (crypto_info->cipher_type) {
+ case TLS_CIPHER_AES_GCM_128: {
+ struct tls12_crypto_info_aes_gcm_128 *aes;
+
+ aes = (void *)crypto_info;
+ data |= CE_ADD_CMD_ALGORITHM_AES_GCM_128;
+ if (crypto_info->version == TLS_1_3_VERSION)
+ data |= CE_ADD_CMD_VERSION_TLS1_3;
+ memcpy(&cmd.session_key, aes->key, sizeof(aes->key));
+ memcpy(&cmd.salt, aes->salt, sizeof(aes->salt));
+ memcpy(&cmd.addl_iv, aes->iv, sizeof(aes->iv));
+ bnxt_copy_tls_mp_data(cmd.record_seq_num, aes->rec_seq,
+ sizeof(aes->rec_seq));
+ break;
+ }
+ case TLS_CIPHER_AES_GCM_256: {
+ struct tls12_crypto_info_aes_gcm_256 *aes;
+
+ aes = (void *)crypto_info;
+ data |= CE_ADD_CMD_ALGORITHM_AES_GCM_256;
+ if (crypto_info->version == TLS_1_3_VERSION)
+ data |= CE_ADD_CMD_VERSION_TLS1_3;
+ memcpy(&cmd.session_key, aes->key, sizeof(aes->key));
+ memcpy(&cmd.salt, aes->salt, sizeof(aes->salt));
+ memcpy(&cmd.addl_iv, aes->iv, sizeof(aes->iv));
+ bnxt_copy_tls_mp_data(cmd.record_seq_num, aes->rec_seq,
+ sizeof(aes->rec_seq));
+ break;
+ }
+ default:
+ return -EOPNOTSUPP;
+ }
+ cmd.ver_algo_kid_opcode = cpu_to_le32(data);
+ cmd.pkt_tcp_seq_num = cpu_to_le32(tcp_seq_no);
+ cmd.tls_header_tcp_seq_num = cmd.pkt_tcp_seq_num;
+ rc = bnxt_xmit_crypto_cmd(bp, txr, &cmd, sizeof(cmd),
+ BNXT_MPC_TMO_MSECS);
+ memzero_explicit(&cmd, sizeof(cmd));
+ return rc;
+}
+
+static bool bnxt_ktls_cipher_supported(struct bnxt *bp,
+ struct tls_crypto_info *crypto_info)
+{
+ u16 type = crypto_info->cipher_type;
+ u16 version = crypto_info->version;
+
+ if ((type == TLS_CIPHER_AES_GCM_128 ||
+ type == TLS_CIPHER_AES_GCM_256) &&
+ (version == TLS_1_2_VERSION ||
+ version == TLS_1_3_VERSION))
+ return true;
+ return false;
+}
+
+static void bnxt_set_ktls_ctx_tx(struct tls_context *tls_ctx,
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx)
+{
+ struct bnxt_ktls_tx_driver_state *tx =
+ __tls_driver_ctx(tls_ctx, TLS_OFFLOAD_CTX_DIR_TX);
+
+ tx->ctx_tx = kctx_tx;
+}
+
+static struct bnxt_ktls_offload_ctx_tx *
+bnxt_get_ktls_ctx_tx(struct tls_context *tls_ctx)
+{
+ struct bnxt_ktls_tx_driver_state *tx =
+ __tls_driver_ctx(tls_ctx, TLS_OFFLOAD_CTX_DIR_TX);
+
+ return tx->ctx_tx;
+}
+
+static int bnxt_ktls_dev_add(struct net_device *dev, struct sock *sk,
+ enum tls_offload_ctx_dir direction,
+ struct tls_crypto_info *crypto_info,
+ u32 start_offload_tcp_sn)
+{
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx;
+ struct bnxt *bp = netdev_priv(dev);
+ struct bnxt_crypto_info *crypto;
+ struct tls_context *tls_ctx;
+ struct bnxt_tls_info *ktls;
+ struct bnxt_kctx *kctx;
+ u32 kid;
+ int rc;
+
+ BUILD_BUG_ON(sizeof(struct bnxt_ktls_tx_driver_state) >
+ TLS_DRIVER_STATE_SIZE_TX);
+
+ ktls = bp->ktls_info;
+ if (direction == TLS_OFFLOAD_CTX_DIR_RX)
+ return -EOPNOTSUPP;
+
+ if (!BNXT_SUPPORTS_KTLS(bp)) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_NO_CAP]);
+ return -EOPNOTSUPP;
+ }
+ atomic_inc(&ktls->pending);
+ /* Make sure bnxt_close_nic() sees pending before we check the
+ * BNXT_STATE_OPEN flag.
+ */
+ smp_mb__after_atomic();
+ if (!test_bit(BNXT_STATE_OPEN, &bp->state)) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_STATE_NOT_OPEN]);
+ rc = -ENODEV;
+ goto exit;
+ }
+
+ if (!bnxt_ktls_cipher_supported(bp, crypto_info)) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_INVALID_CIPHER]);
+ rc = -EOPNOTSUPP;
+ goto exit;
+ }
+
+ kctx_tx = kzalloc_obj(*kctx_tx);
+ if (!kctx_tx) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_NO_MEM]);
+ rc = -ENOMEM;
+ goto exit;
+ }
+ tls_ctx = tls_get_ctx(sk);
+ crypto = bp->crypto_info;
+ kctx = &crypto->kctx[BNXT_TX_CRYPTO_KEY_TYPE];
+ rc = bnxt_key_ctx_alloc_one(bp, kctx, BNXT_CTX_KIND_CK_TX, &kid);
+ if (rc) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_KEY_CTX_ALLOC]);
+ goto free_ctx;
+ }
+ rc = bnxt_crypto_add(bp, direction, crypto_info, start_offload_tcp_sn,
+ kid);
+ if (rc) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_CRYPTO_CMD]);
+ goto free_kctx;
+ }
+ kctx_tx->kid = kid;
+ kctx_tx->tcp_seq_no = start_offload_tcp_sn;
+ bnxt_set_ktls_ctx_tx(tls_ctx, kctx_tx);
+ atomic64_inc(&ktls->counters[BNXT_KTLS_TX_ADD]);
+ goto exit;
+
+free_kctx:
+ /* This KID was just allocated while holding ktls->pending, so epoch
+ * check is unnecessary.
+ */
+ bnxt_free_one_kctx(kctx, kid);
+free_ctx:
+ kfree(kctx_tx);
+exit:
+ atomic_dec(&ktls->pending);
+ return rc;
+}
+
+#define KTLS_RETRY_MAX 100
+#define KTLS_WAIT_TMO_MS 100
+
+static void bnxt_ktls_dev_del(struct net_device *dev,
+ struct tls_context *tls_ctx,
+ enum tls_offload_ctx_dir direction)
+{
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx;
+ struct bnxt *bp = netdev_priv(dev);
+ struct bnxt_crypto_info *crypto;
+ struct bnxt_tls_info *ktls;
+ struct bnxt_kctx *kctx;
+ int retry_cnt = 0;
+ u8 kind;
+ u32 kid;
+
+ ktls = bp->ktls_info;
+ kctx_tx = bnxt_get_ktls_ctx_tx(tls_ctx);
+retry:
+ if (!test_bit(BNXT_STATE_OPEN, &bp->state)) {
+ /* During ifdown or FW reset, all connections will be torn
+ * down by bnxt_crypto_del_all() / FUNC_RESET, so nothing to
+ * do here. Only a reconfiguration is transient and
+ * __bnxt_open_nic() will set BNXT_STATE_OPEN again and wake us.
+ */
+ if (!netif_running(dev) ||
+ test_bit(BNXT_STATE_IN_FW_RESET, &bp->state))
+ goto free;
+ /* Bound the wait so a wedged reconfig can't block the kTLS
+ * destruct work indefinitely.
+ */
+ if (retry_cnt++ > KTLS_RETRY_MAX) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_RETRY_EXCEEDED]);
+ netdev_warn(dev, "%s timed out waiting for device, state %lx\n",
+ __func__, bp->state);
+ goto free;
+ }
+ wait_event_timeout(ktls->open_wq,
+ test_bit(BNXT_STATE_OPEN, &bp->state) ||
+ !netif_running(dev) ||
+ test_bit(BNXT_STATE_IN_FW_RESET, &bp->state),
+ msecs_to_jiffies(KTLS_WAIT_TMO_MS));
+ goto retry;
+ }
+ atomic_inc(&ktls->pending);
+ /* Make sure bnxt_close_nic() sees pending before we check the
+ * BNXT_STATE_OPEN flag.
+ */
+ smp_mb__after_atomic();
+ if (!test_bit(BNXT_STATE_OPEN, &bp->state)) {
+ atomic_dec(&ktls->pending);
+ goto retry;
+ }
+
+ crypto = bp->crypto_info;
+ kid = kctx_tx->kid;
+ kctx = &crypto->kctx[BNXT_TX_CRYPTO_KEY_TYPE];
+ kind = BNXT_CTX_KIND_CK_TX;
+ atomic64_inc(&ktls->counters[BNXT_KTLS_TX_DEL]);
+ /* This KID was allocated by an earlier add and may have outlived a FW
+ * reset, so validate its epoch before deleting/freeing it.
+ */
+ if (bnxt_kid_valid(kctx, kid) &&
+ !bnxt_crypto_del(bp, kctx->type, kind, kid))
+ bnxt_free_one_kctx(kctx, kid);
+
+ atomic_dec(&ktls->pending);
+free:
+ bnxt_set_ktls_ctx_tx(tls_ctx, NULL);
+ kfree(kctx_tx);
+}
+
+static const struct tlsdev_ops bnxt_ktls_ops = {
+ .tls_dev_add = bnxt_ktls_dev_add,
+ .tls_dev_del = bnxt_ktls_dev_del,
+};
+
+int bnxt_ktls_init(struct bnxt *bp)
+{
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+ struct net_device *dev = bp->dev;
+
+ if (!ktls)
+ return 0;
+
+ dev->tlsdev_ops = &bnxt_ktls_ops;
+ dev->hw_features |= NETIF_F_HW_TLS_TX;
+ dev->features |= NETIF_F_HW_TLS_TX;
+ return 0;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
new file mode 100644
index 000000000000..5a4f39f15e80
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
@@ -0,0 +1,112 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#ifndef BNXT_KTLS_H
+#define BNXT_KTLS_H
+
+#include <linux/wait.h>
+
+/* Control plane counters */
+enum bnxt_ktls_ctrl_counters {
+ BNXT_KTLS_TX_ADD = 0,
+ BNXT_KTLS_TX_DEL,
+
+ /* Error counters for debugging */
+ BNXT_KTLS_ERR_NO_MEM, /* Memory allocation failure */
+ BNXT_KTLS_ERR_NO_CAP, /* Capability lost after FW reset */
+ BNXT_KTLS_ERR_KEY_CTX_ALLOC, /* Key context alloc failure */
+ BNXT_KTLS_ERR_CRYPTO_CMD, /* Crypto command failure */
+ BNXT_KTLS_ERR_DEVICE_BUSY, /* Device not ready */
+ BNXT_KTLS_ERR_INVALID_CIPHER, /* Unsupported cipher */
+ BNXT_KTLS_ERR_STATE_NOT_OPEN, /* Device not open */
+ BNXT_KTLS_ERR_RETRY_EXCEEDED, /* Retry limit exceeded */
+
+ BNXT_KTLS_MAX_CTRL_COUNTERS,
+};
+
+struct bnxt_tls_info {
+ atomic_t pending;
+
+ /* Woken from __bnxt_open_nic()/__bnxt_close_nic() when
+ * BNXT_STATE_OPEN changes, so a kTLS delete can wait out a ring
+ * reconfiguration instead of polling the state bit.
+ */
+ wait_queue_head_t open_wq;
+
+ /* Atomic counters for control path */
+ atomic64_t *counters;
+};
+
+struct bnxt_ktls_offload_ctx_tx {
+ u32 tcp_seq_no; /* tcp seq no in sync with HW */
+ u32 next_tcp_seq_no;/* staged tcp seq no */
+ u32 kid;
+ u32 pending_bytes; /* staged payload bytes */
+};
+
+struct bnxt_ktls_tx_driver_state {
+ struct bnxt_ktls_offload_ctx_tx *ctx_tx;
+};
+
+struct ce_add_cmd {
+ __le32 ver_algo_kid_opcode;
+ #define CE_ADD_CMD_OPCODE_MASK 0xfUL
+ #define CE_ADD_CMD_OPCODE_SFT 0
+ #define CE_ADD_CMD_OPCODE_ADD 0x1UL
+ #define CE_ADD_CMD_KID_MASK 0xfffff0UL
+ #define CE_ADD_CMD_KID_SFT 4
+ #define CE_ADD_CMD_ALGORITHM_MASK 0xf000000UL
+ #define CE_ADD_CMD_ALGORITHM_SFT 24
+ #define CE_ADD_CMD_ALGORITHM_AES_GCM_128 0x1000000UL
+ #define CE_ADD_CMD_ALGORITHM_AES_GCM_256 0x2000000UL
+ #define CE_ADD_CMD_VERSION_MASK 0xf0000000UL
+ #define CE_ADD_CMD_VERSION_SFT 28
+ #define CE_ADD_CMD_VERSION_TLS1_2 (0x0UL << 28)
+ #define CE_ADD_CMD_VERSION_TLS1_3 (0x1UL << 28)
+ u8 ctx_kind;
+ #define CE_ADD_CMD_CTX_KIND_MASK 0x1fUL
+ #define CE_ADD_CMD_CTX_KIND_SFT 0
+ #define CE_ADD_CMD_CTX_KIND_CK_TX 0x11UL
+ #define CE_ADD_CMD_CTX_KIND_CK_RX 0x12UL
+ u8 unused0[3];
+ u8 salt[4];
+ u8 unused1[4];
+ __le32 pkt_tcp_seq_num;
+ __le32 tls_header_tcp_seq_num;
+ u8 record_seq_num[8];
+ u8 session_key[32];
+ u8 addl_iv[8];
+};
+
+static inline bool bnxt_ktls_busy(struct bnxt *bp)
+{
+ return bp->ktls_info && atomic_read(&bp->ktls_info->pending) > 0;
+}
+
+/* Wake any kTLS control op waiting for a BNXT_STATE_OPEN transition. */
+static inline void bnxt_ktls_wake(struct bnxt *bp)
+{
+ if (bp->ktls_info)
+ wake_up_all(&bp->ktls_info->open_wq);
+}
+
+#ifdef CONFIG_BNXT_TLS
+int bnxt_alloc_ktls_info(struct bnxt *bp);
+void bnxt_free_ktls_info(struct bnxt *bp);
+int bnxt_ktls_init(struct bnxt *bp);
+#else
+static inline int bnxt_alloc_ktls_info(struct bnxt *bp)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline void bnxt_free_ktls_info(struct bnxt *bp)
+{
+}
+
+static inline int bnxt_ktls_init(struct bnxt *bp)
+{
+ return -EOPNOTSUPP;
+}
+#endif /* CONFIG_BNXT_TLS */
+#endif /* BNXT_KTLS_H */
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 13/15] bnxt_en: Implement kTLS TX normal path
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (11 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 12/15] bnxt_en: Support kTLS TX offload by implementing .tls_dev_add/del() Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 14/15] bnxt_en: Add support for inline transmit BDs Michael Chan
2026-07-10 4:24 ` [PATCH net-next v5 15/15] bnxt_en: Add kTLS retransmission support Michael Chan
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde
Offload TLS encryption of TX packets to the hardware if the TCP sequence
number is the expected one. Fall back to software encryption otherwise.
Implement all the TLS TX logic to check the TCP sequence number and set
up the BD in the new function bnxt_ktls_xmit(). The stored TCP sequence
number is only updated when BD is in the ring and guaranteed to be
transmitted.
Basic kTLS statistics reporting for ethtool -S is also added. Because
there can be multiple TX rings (if there are MQPRIO TCs) sharing the
same bnxt_cp_ring_info containing the bnxt_sw_stats, we need to store
the kTLS software TX stats in bnxt_tx_ring_info instead.
The next patches will add support for the exception path with
out-of-order TCP sequence number.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v5:
Use BNXT_NO_FW_ACCESS() to fix possible massive AER timeout.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-14-michael.chan@broadcom.com/
Use per TX ring TLS stats structures.
Defer tcp sequence and stats update until the BD is on the ring.
Increment the drop counter if kTLS drops the packet.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-14-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 23 ++++-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 41 +++++++-
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 1 +
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 46 +++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c | 2 +-
.../net/ethernet/broadcom/bnxt/bnxt_ktls.c | 93 +++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_ktls.h | 60 ++++++++++++
7 files changed, 258 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index ef73e992756b..af11f0744d0a 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -481,6 +481,7 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
dma_addr_t mapping;
unsigned int length, pad = 0;
u32 len, free_size, vlan_tag_flags, cfa_action, flags;
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx = NULL;
struct bnxt_ptp_cfg *ptp = bp->ptp_cfg;
struct pci_dev *pdev = bp->pdev;
u16 prod, last_frag, txts_prod;
@@ -488,6 +489,7 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
struct bnxt_sw_tx_bd *tx_buf;
__le32 lflags = 0;
skb_frag_t *frag;
+ u32 kid = 0;
i = skb_get_queue_mapping(skb);
if (unlikely(i >= bp->tx_nr_rings)) {
@@ -527,6 +529,12 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
return NETDEV_TX_BUSY;
}
+ skb = bnxt_ktls_xmit(bp, txr, skb, &lflags, &kid, &kctx_tx);
+ if (unlikely(!skb)) {
+ dev_core_stats_tx_dropped_inc(dev);
+ return NETDEV_TX_OK;
+ }
+
length = skb->len;
len = skb_headlen(skb);
last_frag = skb_shinfo(skb)->nr_frags;
@@ -675,7 +683,7 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
prod = NEXT_TX(prod);
txbd1 = bnxt_init_ext_bd(bp, txr, prod, lflags, vlan_tag_flags,
- cfa_action);
+ cfa_action, kid);
if (skb_is_gso(skb)) {
bool udp_gso = !!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4);
@@ -696,9 +704,10 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
txbd1->tx_bd_hsize_lflags |= cpu_to_le32(TX_BD_FLAGS_LSO |
TX_BD_FLAGS_T_IPID |
- (hdr_len << (TX_BD_HSIZE_SHIFT - 1)));
+ ((hdr_len >> 1) << TX_BD_HSIZE_SHIFT));
length = skb_shinfo(skb)->gso_size;
- txbd1->tx_bd_mss = cpu_to_le32(length);
+ txbd1->tx_bd_kid_mss = cpu_to_le32(BNXT_TX_KID_HI(kid) |
+ (length & TX_BD_MSS));
length += hdr_len;
} else if (skb->ip_summed == CHECKSUM_PARTIAL) {
txbd1->tx_bd_hsize_lflags |=
@@ -751,6 +760,9 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
prod = NEXT_TX(prod);
WRITE_ONCE(txr->tx_prod, prod);
+ /* Commit the kTLS state now that the BD is in the ring. */
+ bnxt_ktls_xmit_commit(txr, kctx_tx);
+
if (!netdev_xmit_more() || netif_xmit_stopped(txq)) {
bnxt_txr_db_kick(bp, txr, prod);
} else {
@@ -4085,6 +4097,8 @@ static void bnxt_free_tx_rings(struct bnxt *bp)
bnxt_free_tx_inline_buf(txr, pdev);
+ bnxt_ktls_free_tx_ring_stats(txr);
+
ring = &txr->tx_ring_struct;
bnxt_free_ring(bp, &ring->ring_mem);
@@ -4160,6 +4174,9 @@ static int bnxt_alloc_tx_rings(struct bnxt *bp)
qidx = bp->tc_to_qidx[j];
ring->queue_id = bp->q_info[qidx].queue_id;
spin_lock_init(&txr->tx_lock);
+ rc = bnxt_ktls_alloc_tx_ring_stats(bp, txr);
+ if (rc)
+ return rc;
if (i < bp->tx_nr_rings_xdp)
continue;
if (BNXT_RING_TO_TC_OFF(bp, i) == (bp->tx_nr_rings_per_tc - 1))
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index b7ad665b47ae..5b6f629d7bcf 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -101,10 +101,18 @@ struct tx_bd_ext {
#define TX_BD_FLAGS_LSO (1 << 5)
#define TX_BD_FLAGS_IPID_FMT (1 << 6)
#define TX_BD_FLAGS_T_IPID (1 << 7)
+ #define TX_BD_FLAGS_CRYPTO_EN (1 << 15)
#define TX_BD_HSIZE (0xff << 16)
#define TX_BD_HSIZE_SHIFT 16
-
- __le32 tx_bd_mss;
+ #define TX_BD_KID_LO (0x7f << 25)
+ #define TX_BD_KID_LO_MASK 0x7f
+ #define TX_BD_KID_LO_SHIFT 25
+
+ __le32 tx_bd_kid_mss;
+ #define TX_BD_MSS 0x7fff
+ #define TX_BD_KID_HI (0x1ffff << 15)
+ #define TX_BD_KID_HI_MASK 0xffff80
+ #define TX_BD_KID_HI_SHIFT 8
__le32 tx_bd_cfa_action;
#define TX_BD_CFA_ACTION (0xffff << 16)
#define TX_BD_CFA_ACTION_SHIFT 16
@@ -122,6 +130,16 @@ struct tx_bd_ext {
};
#define BNXT_TX_PTP_IS_SET(lflags) ((lflags) & cpu_to_le32(TX_BD_FLAGS_STAMP))
+#define BNXT_TX_KID_LO(kid) (((kid) & TX_BD_KID_LO_MASK) << TX_BD_KID_LO_SHIFT)
+#define BNXT_TX_KID_HI(kid) (((kid) & TX_BD_KID_HI_MASK) << TX_BD_KID_HI_SHIFT)
+
+struct tx_bd_presync {
+ __le32 tx_bd_len_flags_type;
+ #define TX_BD_TYPE_PRESYNC_TX_BD (0x09 << 0)
+ u32 tx_bd_opaque;
+ __le32 tx_bd_kid;
+ u32 tx_bd_unused;
+};
struct rx_bd {
__le32 rx_bd_len_flags_type;
@@ -1025,6 +1043,9 @@ struct bnxt_tx_ring_info {
struct bnxt_ring_struct tx_ring_struct;
/* Synchronize simultaneous xdp_xmit on same ring or for MPC ring */
spinlock_t tx_lock;
+
+ /* Per-TX-ring kTLS counters; allocated only when kTLS is enabled. */
+ struct bnxt_tls_sw_stats *tls_stats;
};
#define BNXT_LEGACY_COAL_CMPL_PARAMS \
@@ -1166,6 +1187,18 @@ struct bnxt_cmn_sw_stats {
u64 missed_irqs;
};
+/* Data plane kTLS counters */
+enum bnxt_ktls_data_counters {
+ BNXT_KTLS_TX_PKTS = 0,
+ BNXT_KTLS_TX_BYTES,
+
+ BNXT_KTLS_MAX_DATA_COUNTERS,
+};
+
+struct bnxt_tls_sw_stats {
+ u64 counters[BNXT_KTLS_MAX_DATA_COUNTERS];
+};
+
struct bnxt_sw_stats {
struct bnxt_rx_sw_stats rx;
struct bnxt_tx_sw_stats tx;
@@ -2885,14 +2918,14 @@ static inline u32 bnxt_tx_avail(struct bnxt *bp,
static inline struct tx_bd_ext *
bnxt_init_ext_bd(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
u16 prod, __le32 lflags, u32 vlan_tag_flags,
- u32 cfa_action)
+ u32 cfa_action, u32 kid)
{
struct tx_bd_ext *txbd1;
txbd1 = (struct tx_bd_ext *)
&txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
txbd1->tx_bd_hsize_lflags = lflags;
- txbd1->tx_bd_mss = 0;
+ txbd1->tx_bd_kid_mss = cpu_to_le32(BNXT_TX_KID_HI(kid));
txbd1->tx_bd_cfa_meta = cpu_to_le32(vlan_tag_flags);
txbd1->tx_bd_cfa_action =
cpu_to_le32(cfa_action << TX_BD_CFA_ACTION_SHIFT);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index 6376a85d4b83..27a978bd18e2 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -573,6 +573,7 @@ int bnxt_crypto_init(struct bnxt *bp)
if (rc)
return rc;
+ bnxt_ktls_init(bp);
return 0;
}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index 4bc3cac57b13..66a35876c00b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -38,6 +38,7 @@
#include "bnxt_fw_hdr.h" /* Firmware hdr constant and structure defs */
#include "bnxt_coredump.h"
#include "bnxt_mpc.h"
+#include "bnxt_ktls.h"
#define BNXT_NVM_ERR_MSG(dev, extack, msg) \
do { \
@@ -354,6 +355,26 @@ static const char *const bnxt_ring_drv_stats_arr[] = {
"total_missed_irqs",
};
+/* kTLS data plane counter strings indexed by enum bnxt_ktls_data_counters */
+static const char *const bnxt_ktls_data_stats[] = {
+ [BNXT_KTLS_TX_PKTS] = "tx_tls_encrypted_packets",
+ [BNXT_KTLS_TX_BYTES] = "tx_tls_encrypted_bytes",
+};
+
+/* kTLS control plane counter strings indexed by enum bnxt_ktls_ctrl_counters */
+static const char *const bnxt_ktls_ctrl_stats[] = {
+ [BNXT_KTLS_TX_ADD] = "tx_tls_add",
+ [BNXT_KTLS_TX_DEL] = "tx_tls_del",
+ [BNXT_KTLS_ERR_NO_MEM] = "tls_err_no_mem",
+ [BNXT_KTLS_ERR_NO_CAP] = "tls_err_no_cap",
+ [BNXT_KTLS_ERR_KEY_CTX_ALLOC] = "tls_err_key_ctx_alloc",
+ [BNXT_KTLS_ERR_CRYPTO_CMD] = "tls_err_crypto_cmd",
+ [BNXT_KTLS_ERR_DEVICE_BUSY] = "tls_err_device_busy",
+ [BNXT_KTLS_ERR_INVALID_CIPHER] = "tls_err_invalid_cipher",
+ [BNXT_KTLS_ERR_STATE_NOT_OPEN] = "tls_err_state_not_open",
+ [BNXT_KTLS_ERR_RETRY_EXCEEDED] = "tls_err_retry_exceeded",
+};
+
#define NUM_RING_RX_SW_STATS ARRAY_SIZE(bnxt_rx_sw_stats_str)
#define NUM_RING_CMN_SW_STATS ARRAY_SIZE(bnxt_cmn_sw_stats_str)
#define NUM_RING_RX_HW_STATS ARRAY_SIZE(bnxt_ring_rx_stats_str)
@@ -536,12 +557,21 @@ static int bnxt_get_num_ring_stats(struct bnxt *bp)
cmn * bp->cp_nr_rings;
}
+static int bnxt_get_num_ktls_stats(struct bnxt *bp)
+{
+ if (!bp->ktls_info)
+ return 0;
+ return ARRAY_SIZE(bnxt_ktls_ctrl_stats) +
+ ARRAY_SIZE(bnxt_ktls_data_stats);
+}
+
static int bnxt_get_num_stats(struct bnxt *bp)
{
int num_stats = bnxt_get_num_ring_stats(bp);
int len;
num_stats += BNXT_NUM_RING_DRV_STATS;
+ num_stats += bnxt_get_num_ktls_stats(bp);
if (bp->flags & BNXT_FLAG_PORT_STATS)
num_stats += BNXT_NUM_PORT_STATS;
@@ -654,6 +684,16 @@ static void bnxt_get_ethtool_stats(struct net_device *dev,
for (i = 0; i < BNXT_NUM_RING_DRV_STATS; i++, j++, curr++, prev++)
buf[j] = *curr + *prev;
+ if (bp->ktls_info) {
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+ struct bnxt_tls_sw_stats tls_stats = {};
+
+ bnxt_get_ring_tls_stats(bp, &tls_stats);
+ for (i = 0; i < ARRAY_SIZE(bnxt_ktls_data_stats); i++, j++)
+ buf[j] = tls_stats.counters[i];
+ for (i = 0; i < ARRAY_SIZE(bnxt_ktls_ctrl_stats); i++, j++)
+ buf[j] = atomic64_read(&ktls->counters[i]);
+ }
if (bp->flags & BNXT_FLAG_PORT_STATS) {
u64 *port_stats = bp->port_stats.sw_stats;
@@ -764,6 +804,12 @@ static void bnxt_get_strings(struct net_device *dev, u32 stringset, u8 *buf)
for (i = 0; i < BNXT_NUM_RING_DRV_STATS; i++)
ethtool_puts(&buf, bnxt_ring_drv_stats_arr[i]);
+ if (bp->ktls_info) {
+ for (i = 0; i < ARRAY_SIZE(bnxt_ktls_data_stats); i++)
+ ethtool_puts(&buf, bnxt_ktls_data_stats[i]);
+ for (i = 0; i < ARRAY_SIZE(bnxt_ktls_ctrl_stats); i++)
+ ethtool_puts(&buf, bnxt_ktls_ctrl_stats[i]);
+ }
if (bp->flags & BNXT_FLAG_PORT_STATS)
for (i = 0; i < BNXT_NUM_PORT_STATS; i++) {
str = bnxt_port_stats_arr[i].string;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c
index f317f60414e8..b4c37a6c9f0f 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c
@@ -168,7 +168,7 @@ netdev_tx_t bnxt_sw_udp_gso_xmit(struct bnxt *bp,
prod = NEXT_TX(prod);
bnxt_init_ext_bd(bp, txr, prod, csum,
- vlan_tag_flags, cfa_action);
+ vlan_tag_flags, cfa_action, 0);
/* set dma_unmap_len on the LAST BD touching each
* region. Since completions are in-order, the last segment
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
index cec877075b16..cf71356cdfcf 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-only
/* Copyright (c) 2026 Broadcom Inc. */
+#include <linux/tcp.h>
#include <net/tls.h>
#include <linux/bnxt/hsi.h>
@@ -343,3 +344,95 @@ int bnxt_ktls_init(struct bnxt *bp)
dev->features |= NETIF_F_HW_TLS_TX;
return 0;
}
+
+static void bnxt_ktls_inc_tx_stats(struct bnxt_tx_ring_info *txr, u32 bytes)
+{
+ struct bnxt_tls_sw_stats *ring_stats = txr->tls_stats;
+
+ if (!ring_stats)
+ return;
+ ring_stats->counters[BNXT_KTLS_TX_PKTS]++;
+ ring_stats->counters[BNXT_KTLS_TX_BYTES] += bytes;
+}
+
+struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ struct sk_buff *skb, __le32 *lflags, u32 *kid,
+ struct bnxt_ktls_offload_ctx_tx **kctx_tx_p)
+{
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx;
+ struct tls_context *tls_ctx;
+ u32 seq, payload_len;
+
+ if (!IS_ENABLED(CONFIG_TLS_DEVICE) || !ktls ||
+ !tls_is_skb_tx_device_offloaded(skb))
+ return skb;
+
+ seq = ntohl(tcp_hdr(skb)->seq);
+ tls_ctx = tls_get_ctx(skb->sk);
+ kctx_tx = bnxt_get_ktls_ctx_tx(tls_ctx);
+ payload_len = skb->len - skb_tcp_all_headers(skb);
+ if (!payload_len)
+ return skb;
+ if (kctx_tx->tcp_seq_no == seq) {
+ /* Stage the advance only. tcp_seq_no and the counters are
+ * committed by bnxt_ktls_xmit_commit() once the BD reaches the
+ * ring.
+ */
+ kctx_tx->next_tcp_seq_no = seq + payload_len;
+ kctx_tx->pending_bytes = payload_len;
+ *kid = BNXT_KID_HW(kctx_tx->kid);
+ *kctx_tx_p = kctx_tx;
+ *lflags |= cpu_to_le32(TX_BD_FLAGS_CRYPTO_EN |
+ BNXT_TX_KID_LO(*kid));
+ } else {
+ skb = tls_encrypt_skb(skb);
+ if (!skb)
+ return NULL;
+ }
+ return skb;
+}
+
+void bnxt_ktls_xmit_commit(struct bnxt_tx_ring_info *txr,
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx)
+{
+ if (!kctx_tx)
+ return;
+ kctx_tx->tcp_seq_no = kctx_tx->next_tcp_seq_no;
+ bnxt_ktls_inc_tx_stats(txr, kctx_tx->pending_bytes);
+}
+
+int bnxt_ktls_alloc_tx_ring_stats(struct bnxt *bp, struct bnxt_tx_ring_info *txr)
+{
+ struct bnxt_tls_sw_stats *ring_stats;
+
+ if (!bp->ktls_info)
+ return 0;
+ ring_stats = kzalloc_obj(*ring_stats);
+ if (!ring_stats)
+ return -ENOMEM;
+ txr->tls_stats = ring_stats;
+ return 0;
+}
+
+void bnxt_ktls_free_tx_ring_stats(struct bnxt_tx_ring_info *txr)
+{
+ kfree(txr->tls_stats);
+ txr->tls_stats = NULL;
+}
+
+void bnxt_get_ring_tls_stats(struct bnxt *bp, struct bnxt_tls_sw_stats *stats)
+{
+ struct bnxt_tls_sw_stats *ring_stats;
+ int i, j;
+
+ if (!bp->ktls_info || !bp->tx_ring)
+ return;
+ for (i = 0; i < bp->tx_nr_rings; i++) {
+ ring_stats = bp->tx_ring[i].tls_stats;
+ if (!ring_stats)
+ continue;
+ for (j = 0; j < BNXT_KTLS_MAX_DATA_COUNTERS; j++)
+ stats->counters[j] += ring_stats->counters[j];
+ }
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
index 5a4f39f15e80..fd17d2ddb8b8 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
@@ -78,6 +78,28 @@ struct ce_add_cmd {
u8 addl_iv[8];
};
+struct crypto_prefix_cmd {
+ __le32 flags;
+ #define CRYPTO_PREFIX_CMD_FLAGS_UPDATE_IN_ORDER_VAR 0x1UL
+ #define CRYPTO_PREFIX_CMD_FLAGS_FULL_REPLAY_RETRAN 0x2UL
+ __le32 header_tcp_seq_num;
+ __le32 start_tcp_seq_num;
+ __le32 end_tcp_seq_num;
+ u8 explicit_nonce[8];
+ u8 record_seq_num[8];
+};
+
+#define CRYPTO_PREFIX_CMD_FLAGS_UPDATE_IN_ORDER_VAR_LE \
+ cpu_to_le32(CRYPTO_PREFIX_CMD_FLAGS_UPDATE_IN_ORDER_VAR)
+
+#define CRYPTO_PREFIX_CMD_SIZE ((u32)sizeof(struct crypto_prefix_cmd))
+#define CRYPTO_PREFIX_CMD_BDS (CRYPTO_PREFIX_CMD_SIZE / sizeof(struct tx_bd))
+#define CRYPTO_PRESYNC_BDS (CRYPTO_PREFIX_CMD_BDS + 1)
+
+#define CRYPTO_PRESYNC_BD_CMD \
+ (cpu_to_le32((CRYPTO_PREFIX_CMD_SIZE << TX_BD_LEN_SHIFT) | \
+ TX_BD_CNT(CRYPTO_PRESYNC_BDS) | TX_BD_TYPE_PRESYNC_TX_BD))
+
static inline bool bnxt_ktls_busy(struct bnxt *bp)
{
return bp->ktls_info && atomic_read(&bp->ktls_info->pending) > 0;
@@ -94,6 +116,15 @@ static inline void bnxt_ktls_wake(struct bnxt *bp)
int bnxt_alloc_ktls_info(struct bnxt *bp);
void bnxt_free_ktls_info(struct bnxt *bp);
int bnxt_ktls_init(struct bnxt *bp);
+struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ struct sk_buff *skb, __le32 *lflags, u32 *kid,
+ struct bnxt_ktls_offload_ctx_tx **kctx_tx_p);
+void bnxt_ktls_xmit_commit(struct bnxt_tx_ring_info *txr,
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx);
+int bnxt_ktls_alloc_tx_ring_stats(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr);
+void bnxt_ktls_free_tx_ring_stats(struct bnxt_tx_ring_info *txr);
+void bnxt_get_ring_tls_stats(struct bnxt *bp, struct bnxt_tls_sw_stats *stats);
#else
static inline int bnxt_alloc_ktls_info(struct bnxt *bp)
{
@@ -108,5 +139,34 @@ static inline int bnxt_ktls_init(struct bnxt *bp)
{
return -EOPNOTSUPP;
}
+
+static inline struct sk_buff *
+bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ struct sk_buff *skb, __le32 *lflags, u32 *kid,
+ struct bnxt_ktls_offload_ctx_tx **kctx_tx_p)
+{
+ return skb;
+}
+
+static inline void
+bnxt_ktls_xmit_commit(struct bnxt_tx_ring_info *txr,
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx)
+{
+}
+
+static inline int bnxt_ktls_alloc_tx_ring_stats(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr)
+{
+ return 0;
+}
+
+static inline void bnxt_ktls_free_tx_ring_stats(struct bnxt_tx_ring_info *txr)
+{
+}
+
+static inline void bnxt_get_ring_tls_stats(struct bnxt *bp,
+ struct bnxt_tls_sw_stats *stats)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_KTLS_H */
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 14/15] bnxt_en: Add support for inline transmit BDs
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (12 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 13/15] bnxt_en: Implement kTLS TX normal path Michael Chan
@ 2026-07-10 4:23 ` Michael Chan
2026-07-10 4:24 ` [PATCH net-next v5 15/15] bnxt_en: Add kTLS retransmission support Michael Chan
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:23 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
Newer chips (P5_PLUS) support inline transmit BDs that contain extra
data. One such use case is to transmit out-of-sequence kTLS packets
with encryption enabled. To account for these inline BDs during TX
completion, we add the inline_data_bds field to struct bnxt_sw_tx_bd
(tx_buf). tx_buf->is_push will always be set when sending these
inline BDs as the operation is similar to push packets. tx_buf->skb
will always be NULL as there is no associated SKB.
The next patch will make use of this feature.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 ++++++++++++---
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 +
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index af11f0744d0a..44b0787fef89 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -848,7 +848,7 @@ static bool __bnxt_tx_int(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
head_buf = tx_buf;
skb = tx_buf->skb;
- if (unlikely(!skb)) {
+ if (unlikely(!skb && !tx_buf->is_push)) {
bnxt_sched_reset_txr(bp, txr, cons);
return rc;
}
@@ -860,13 +860,22 @@ static bool __bnxt_tx_int(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
}
cons = NEXT_TX(cons);
- tx_pkts++;
- tx_bytes += skb->len;
+ if (skb) {
+ tx_pkts++;
+ tx_bytes += skb->len;
+ }
tx_buf->skb = NULL;
tx_buf->is_ts_pkt = 0;
if (tx_buf->is_push) {
tx_buf->is_push = 0;
+ cons += tx_buf->inline_data_bds;
+ tx_buf->inline_data_bds = 0;
+ if (!skb) {
+ /* presync BD */
+ cons = NEXT_TX(cons);
+ continue;
+ }
goto next_tx_int;
}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 5b6f629d7bcf..0a60055b3e17 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -917,6 +917,7 @@ struct bnxt_sw_tx_bd {
u8 is_push;
u8 is_sw_gso;
u8 action;
+ u8 inline_data_bds;
unsigned short nr_frags;
union {
u16 rx_prod;
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH net-next v5 15/15] bnxt_en: Add kTLS retransmission support
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
` (13 preceding siblings ...)
2026-07-10 4:23 ` [PATCH net-next v5 14/15] bnxt_en: Add support for inline transmit BDs Michael Chan
@ 2026-07-10 4:24 ` Michael Chan
14 siblings, 0 replies; 16+ messages in thread
From: Michael Chan @ 2026-07-10 4:24 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
If TCP retransmits a TLS packet that requires encryption by the NIC, the
TCP sequence number will go backwards and the hardware will require some
assistance from the driver. The driver needs to retrieve the TLS record
that covers the byte sequence of the retransmitted packet. If the
retransmitted packet does not include the tag, the hardware can simply
encrypt the packet using the informtaion in the TLS record.
The driver provides the TLS record information for the retransmitted
packet in the presync TX BD. The presync TX BD introduced in the last
patch is treated very much like a TX push BD with inline data. The only
exception is that no SKB will be stored for the presync TX BD.
Retransmission that includes the TLS tag will be handled in future
patches.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v5:
Use bool instead of bit fields to keep track of kTLS states (requested by
Paolo).
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-16-michael.chan@broadcom.com/
Unwind the TX ring properly if the TLS packet cannot be sent.
Improve the OOO TLS counters.
Fix endianness of the record sequence number.
Check valid return address from skb_frag_address_safe().
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-16-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 14 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 4 +
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 4 +
.../net/ethernet/broadcom/bnxt/bnxt_ktls.c | 152 +++++++++++++++++-
.../net/ethernet/broadcom/bnxt/bnxt_ktls.h | 2 +
5 files changed, 167 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 44b0787fef89..f084c19ffddd 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -482,9 +482,9 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
unsigned int length, pad = 0;
u32 len, free_size, vlan_tag_flags, cfa_action, flags;
struct bnxt_ktls_offload_ctx_tx *kctx_tx = NULL;
+ u16 prod, start_prod, last_frag, txts_prod;
struct bnxt_ptp_cfg *ptp = bp->ptp_cfg;
struct pci_dev *pdev = bp->pdev;
- u16 prod, last_frag, txts_prod;
struct bnxt_tx_ring_info *txr;
struct bnxt_sw_tx_bd *tx_buf;
__le32 lflags = 0;
@@ -500,7 +500,6 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
txq = netdev_get_tx_queue(dev, i);
txr = &bp->tx_ring[bp->tx_ring_map[i]];
- prod = txr->tx_prod;
#if (MAX_SKB_FRAGS > TX_MAX_FRAGS)
if (skb_shinfo(skb)->nr_frags > TX_MAX_FRAGS) {
@@ -529,12 +528,14 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
return NETDEV_TX_BUSY;
}
+ start_prod = txr->tx_prod;
skb = bnxt_ktls_xmit(bp, txr, skb, &lflags, &kid, &kctx_tx);
if (unlikely(!skb)) {
dev_core_stats_tx_dropped_inc(dev);
return NETDEV_TX_OK;
}
+ prod = txr->tx_prod;
length = skb->len;
len = skb_headlen(skb);
last_frag = skb_shinfo(skb)->nr_frags;
@@ -817,9 +818,16 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
/* set SKB to err so PTP worker will clean up */
ptp->txts_req[txts_prod].tx_skb = ERR_PTR(-EIO);
}
+ txr->tx_buf_ring[RING_TX(bp, txr->tx_prod)].skb = NULL;
+ /* Unwind any kTLS presync BDs */
+ if (unlikely(txr->tx_prod != start_prod)) {
+ tx_buf = &txr->tx_buf_ring[RING_TX(bp, start_prod)];
+ tx_buf->is_push = 0;
+ tx_buf->inline_data_bds = 0;
+ WRITE_ONCE(txr->tx_prod, start_prod);
+ }
if (txr->kick_pending)
bnxt_txr_db_kick(bp, txr, txr->tx_prod);
- txr->tx_buf_ring[RING_TX(bp, txr->tx_prod)].skb = NULL;
dev_core_stats_tx_dropped_inc(dev);
return NETDEV_TX_OK;
}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 0a60055b3e17..70947bcc3116 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1192,6 +1192,10 @@ struct bnxt_cmn_sw_stats {
enum bnxt_ktls_data_counters {
BNXT_KTLS_TX_PKTS = 0,
BNXT_KTLS_TX_BYTES,
+ BNXT_KTLS_TX_OOO_PKTS,
+ BNXT_KTLS_TX_OOO_FALLBACK_NO_SYNC,
+ BNXT_KTLS_TX_OOO_FALLBACK_NO_SPACE,
+ BNXT_KTLS_TX_OOO_FALLBACK_NO_HDR,
BNXT_KTLS_MAX_DATA_COUNTERS,
};
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index 66a35876c00b..cee743996d3f 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -359,6 +359,10 @@ static const char *const bnxt_ring_drv_stats_arr[] = {
static const char *const bnxt_ktls_data_stats[] = {
[BNXT_KTLS_TX_PKTS] = "tx_tls_encrypted_packets",
[BNXT_KTLS_TX_BYTES] = "tx_tls_encrypted_bytes",
+ [BNXT_KTLS_TX_OOO_PKTS] = "tx_tls_ooo_packets",
+ [BNXT_KTLS_TX_OOO_FALLBACK_NO_SYNC] = "tx_tls_ooo_fallback_no_sync",
+ [BNXT_KTLS_TX_OOO_FALLBACK_NO_SPACE] = "tx_tls_ooo_fallback_no_space",
+ [BNXT_KTLS_TX_OOO_FALLBACK_NO_HDR] = "tx_tls_ooo_fallback_no_hdr",
};
/* kTLS control plane counter strings indexed by enum bnxt_ktls_ctrl_counters */
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
index cf71356cdfcf..0cb438c5c509 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
@@ -345,7 +345,8 @@ int bnxt_ktls_init(struct bnxt *bp)
return 0;
}
-static void bnxt_ktls_inc_tx_stats(struct bnxt_tx_ring_info *txr, u32 bytes)
+static void bnxt_ktls_inc_tx_stats(struct bnxt_tx_ring_info *txr, u32 bytes,
+ bool ooo)
{
struct bnxt_tls_sw_stats *ring_stats = txr->tls_stats;
@@ -353,6 +354,128 @@ static void bnxt_ktls_inc_tx_stats(struct bnxt_tx_ring_info *txr, u32 bytes)
return;
ring_stats->counters[BNXT_KTLS_TX_PKTS]++;
ring_stats->counters[BNXT_KTLS_TX_BYTES] += bytes;
+ if (ooo)
+ ring_stats->counters[BNXT_KTLS_TX_OOO_PKTS]++;
+}
+
+static void bnxt_ktls_pre_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ u32 kid, struct crypto_prefix_cmd *pre_cmd)
+{
+ struct bnxt_sw_tx_bd *tx_buf;
+ struct tx_bd_presync *psbd;
+ u32 bd_space, space;
+ u8 *pcmd;
+ u16 prod;
+
+ prod = txr->tx_prod;
+ tx_buf = &txr->tx_buf_ring[RING_TX(bp, prod)];
+
+ psbd = (void *)&txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ psbd->tx_bd_len_flags_type = CRYPTO_PRESYNC_BD_CMD;
+ psbd->tx_bd_kid = cpu_to_le32(BNXT_KID_HW(kid));
+ psbd->tx_bd_opaque =
+ SET_TX_OPAQUE(bp, txr, prod, CRYPTO_PREFIX_CMD_BDS + 1);
+
+ prod = NEXT_TX(prod);
+ pcmd = (void *)&txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ bd_space = TX_DESC_CNT - TX_IDX(prod);
+ space = bd_space * sizeof(struct tx_bd);
+ if (space >= CRYPTO_PREFIX_CMD_SIZE) {
+ memcpy(pcmd, pre_cmd, CRYPTO_PREFIX_CMD_SIZE);
+ prod += CRYPTO_PREFIX_CMD_BDS;
+ } else {
+ memcpy(pcmd, pre_cmd, space);
+ prod += bd_space;
+ pcmd = (void *)&txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ memcpy(pcmd, (u8 *)pre_cmd + space,
+ CRYPTO_PREFIX_CMD_SIZE - space);
+ prod += CRYPTO_PREFIX_CMD_BDS - bd_space;
+ }
+ txr->tx_prod = prod;
+ tx_buf->is_push = 1;
+ /* Minus 1 since the header psbd is a single entry short BD */
+ tx_buf->inline_data_bds = CRYPTO_PREFIX_CMD_BDS - 1;
+}
+
+static int bnxt_ktls_tx_ooo(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ struct sk_buff *skb, u32 payload_len, u32 seq,
+ struct tls_context *tls_ctx)
+{
+ struct bnxt_tls_sw_stats *ring_stats = txr->tls_stats;
+ struct tls_offload_context_tx *tx_tls_ctx;
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx;
+ u32 hdr_tcp_seq, end_seq, total_bds;
+ struct crypto_prefix_cmd pcmd = {};
+ struct tls_record_info *record;
+ unsigned long flags;
+ bool fwd = false;
+ __le64 le_rec_sn;
+ u64 rec_sn;
+ u8 *hdr;
+ int rc;
+
+ tx_tls_ctx = tls_offload_ctx_tx(tls_ctx);
+ kctx_tx = bnxt_get_ktls_ctx_tx(tls_ctx);
+ end_seq = seq + skb->len - skb_tcp_all_headers(skb);
+ if (unlikely(after(seq, kctx_tx->tcp_seq_no) ||
+ after(end_seq, kctx_tx->tcp_seq_no))) {
+ fwd = true;
+ pcmd.flags = CRYPTO_PREFIX_CMD_FLAGS_UPDATE_IN_ORDER_VAR_LE;
+ }
+
+ spin_lock_irqsave(&tx_tls_ctx->lock, flags);
+ record = tls_get_record(tx_tls_ctx, seq, &rec_sn);
+ if (!record || !record->num_frags) {
+ rc = -EPROTO;
+ ring_stats->counters[BNXT_KTLS_TX_OOO_FALLBACK_NO_SYNC]++;
+ goto unlock_exit;
+ }
+ hdr_tcp_seq = tls_record_start_seq(record);
+ hdr = skb_frag_address_safe(&record->frags[0]);
+
+ total_bds = CRYPTO_PRESYNC_BDS + skb_shinfo(skb)->nr_frags + 2;
+ if (bnxt_tx_avail(bp, txr) < total_bds) {
+ rc = -ENOSPC;
+ ring_stats->counters[BNXT_KTLS_TX_OOO_FALLBACK_NO_SPACE]++;
+ goto unlock_exit;
+ }
+
+ if (before(record->end_seq - tls_ctx->prot_info.tag_size,
+ seq + payload_len)) {
+ /* retransmission includes tag bytes */
+ rc = -EOPNOTSUPP;
+ goto unlock_exit;
+ }
+ pcmd.header_tcp_seq_num = cpu_to_le32(hdr_tcp_seq);
+ pcmd.start_tcp_seq_num = cpu_to_le32(seq);
+ pcmd.end_tcp_seq_num = cpu_to_le32(seq + payload_len - 1);
+ if (tls_ctx->prot_info.version == TLS_1_2_VERSION) {
+ u32 nonce_bytes = tls_ctx->prot_info.iv_size;
+ u32 retrans_off = seq - hdr_tcp_seq;
+
+ if (!hdr) {
+ rc = -ENOBUFS;
+ ring_stats->counters[BNXT_KTLS_TX_OOO_FALLBACK_NO_HDR]++;
+ goto unlock_exit;
+ }
+ if (retrans_off > 5 && retrans_off < 5 + nonce_bytes)
+ nonce_bytes = retrans_off - 5;
+ memcpy(pcmd.explicit_nonce, hdr + 5, nonce_bytes);
+ }
+ le_rec_sn = cpu_to_le64(rec_sn);
+ memcpy(&pcmd.record_seq_num[0], &le_rec_sn, sizeof(le_rec_sn));
+
+ rc = 0;
+ bnxt_ktls_pre_xmit(bp, txr, kctx_tx->kid, &pcmd);
+
+ if (fwd) {
+ kctx_tx->next_tcp_seq_no = end_seq;
+ kctx_tx->pending_fwd = true;
+ }
+
+unlock_exit:
+ spin_unlock_irqrestore(&tx_tls_ctx->lock, flags);
+ return rc;
}
struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
@@ -363,6 +486,7 @@ struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
struct bnxt_ktls_offload_ctx_tx *kctx_tx;
struct tls_context *tls_ctx;
u32 seq, payload_len;
+ int rc;
if (!IS_ENABLED(CONFIG_TLS_DEVICE) || !ktls ||
!tls_is_skb_tx_device_offloaded(skb))
@@ -381,14 +505,25 @@ struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
*/
kctx_tx->next_tcp_seq_no = seq + payload_len;
kctx_tx->pending_bytes = payload_len;
+ kctx_tx->pending_ooo = false;
+ kctx_tx->pending_fwd = true;
*kid = BNXT_KID_HW(kctx_tx->kid);
*kctx_tx_p = kctx_tx;
*lflags |= cpu_to_le32(TX_BD_FLAGS_CRYPTO_EN |
BNXT_TX_KID_LO(*kid));
} else {
- skb = tls_encrypt_skb(skb);
- if (!skb)
- return NULL;
+ kctx_tx->pending_fwd = false;
+ rc = bnxt_ktls_tx_ooo(bp, txr, skb, payload_len, seq, tls_ctx);
+ if (rc)
+ return tls_encrypt_skb(skb);
+
+ kctx_tx->pending_bytes = payload_len;
+ kctx_tx->pending_ooo = true;
+ *kid = BNXT_KID_HW(kctx_tx->kid);
+ *kctx_tx_p = kctx_tx;
+ *lflags |= cpu_to_le32(TX_BD_FLAGS_CRYPTO_EN |
+ BNXT_TX_KID_LO(*kid));
+ return skb;
}
return skb;
}
@@ -398,8 +533,13 @@ void bnxt_ktls_xmit_commit(struct bnxt_tx_ring_info *txr,
{
if (!kctx_tx)
return;
- kctx_tx->tcp_seq_no = kctx_tx->next_tcp_seq_no;
- bnxt_ktls_inc_tx_stats(txr, kctx_tx->pending_bytes);
+ if (kctx_tx->pending_fwd)
+ kctx_tx->tcp_seq_no = kctx_tx->next_tcp_seq_no;
+ bnxt_ktls_inc_tx_stats(txr, kctx_tx->pending_bytes,
+ kctx_tx->pending_ooo);
+ kctx_tx->pending_bytes = 0;
+ kctx_tx->pending_fwd = false;
+ kctx_tx->pending_ooo = false;
}
int bnxt_ktls_alloc_tx_ring_stats(struct bnxt *bp, struct bnxt_tx_ring_info *txr)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
index fd17d2ddb8b8..3ec56b8f08d4 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
@@ -42,6 +42,8 @@ struct bnxt_ktls_offload_ctx_tx {
u32 next_tcp_seq_no;/* staged tcp seq no */
u32 kid;
u32 pending_bytes; /* staged payload bytes */
+ bool pending_fwd;
+ bool pending_ooo;
};
struct bnxt_ktls_tx_driver_state {
--
2.51.0
^ permalink raw reply related [flat|nested] 16+ messages in thread
end of thread, other threads:[~2026-07-10 4:25 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-10 4:23 [PATCH net-next v5 00/15] bnxt_en: Add kTLS TX offload support Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 01/15] bnxt_en: Add Midpath channel information Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 02/15] bnxt_en: Account for the MPC TX and CP rings Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 03/15] bnxt_en: Set default MPC ring count Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 04/15] bnxt_en: Rename xdp_tx_lock to tx_lock Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 05/15] bnxt_en: Allocate and free MPC software structures Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 06/15] bnxt_en: Allocate and free MPC channels from firmware Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 07/15] bnxt_en: Allocate crypto structure and backing store Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 08/15] bnxt_en: Reserve crypto RX and TX key contexts on a PF Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 09/15] bnxt_en: Add infrastructure for crypto key context IDs Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 10/15] bnxt_en: Add MPC transmit and completion functions Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 11/15] bnxt_en: Add crypto MPC transmit/completion infrastructure Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 12/15] bnxt_en: Support kTLS TX offload by implementing .tls_dev_add/del() Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 13/15] bnxt_en: Implement kTLS TX normal path Michael Chan
2026-07-10 4:23 ` [PATCH net-next v5 14/15] bnxt_en: Add support for inline transmit BDs Michael Chan
2026-07-10 4:24 ` [PATCH net-next v5 15/15] bnxt_en: Add kTLS retransmission support Michael Chan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox