* [PATCH net-next v3 2/5] vfs: add function receive_fd_filtered() that makes LSM filtering explicit
From: Jori Koolstra @ 2026-06-29 19:43 UTC (permalink / raw)
To: Christian Brauner, Aleksa Sarai, Kuniyuki Iwashima,
David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman
Cc: netdev, linux-fsdevel, linux-kernel, Jori Koolstra
In-Reply-To: <20260629194327.2270798-1-jkoolstra@xs4all.nl>
To prepare for filtering LSM blocked fds received with SCM_RIGHTS, we
first need to know when a received fd was filtered. Currently,
receive_fd() relays the error returned by security_file_receive(). As
there is no strict convention about what errnos this LSM hook can
return, the caller of receive_fd() has no robust way of knowing whether
an error is returned because the LSM blocked the fd, or because of some
other failure (put_user, FD_PREPARE, etc.)
Fix this by adding receive_fd_filtered() which carries an out-argument
that is set only on LSM error.
Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl>
---
fs/file.c | 48 +++++++++++++++++++++++++++++---------------
include/linux/file.h | 2 ++
2 files changed, 34 insertions(+), 16 deletions(-)
diff --git a/fs/file.c b/fs/file.c
index 628ca07dc4b1..2bc22cc69e84 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -1367,6 +1367,25 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
return err;
}
+static int __receive_fd(struct file *file, int __user *ufd, unsigned int o_flags)
+{
+ int error;
+
+ FD_PREPARE(fdf, o_flags, file);
+ if (fdf.err)
+ return fdf.err;
+ get_file(file);
+
+ if (ufd) {
+ error = put_user(fd_prepare_fd(fdf), ufd);
+ if (error)
+ return error;
+ }
+
+ __receive_sock(fd_prepare_file(fdf));
+ return fd_publish(fdf);
+}
+
/**
* receive_fd() - Install received file into file descriptor table
* @file: struct file that was received from another process
@@ -1384,27 +1403,24 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
*/
int receive_fd(struct file *file, int __user *ufd, unsigned int o_flags)
{
- int error;
-
- error = security_file_receive(file);
+ int error = security_file_receive(file);
if (error)
return error;
+ return __receive_fd(file, ufd, o_flags);
+}
+EXPORT_SYMBOL_GPL(receive_fd);
- FD_PREPARE(fdf, o_flags, file);
- if (fdf.err)
- return fdf.err;
- get_file(file);
-
- if (ufd) {
- error = put_user(fd_prepare_fd(fdf), ufd);
- if (error)
- return error;
+int receive_fd_filtered(struct file *file, int __user *ufd, unsigned int o_flags,
+ bool *filtered)
+{
+ int error = security_file_receive(file);
+ if (error) {
+ *filtered = true;
+ return error;
}
-
- __receive_sock(fd_prepare_file(fdf));
- return fd_publish(fdf);
+ *filtered = false;
+ return __receive_fd(file, ufd, o_flags);
}
-EXPORT_SYMBOL_GPL(receive_fd);
int receive_fd_replace(int new_fd, struct file *file, unsigned int o_flags)
{
diff --git a/include/linux/file.h b/include/linux/file.h
index 27484b444d31..748f08470bb4 100644
--- a/include/linux/file.h
+++ b/include/linux/file.h
@@ -119,6 +119,8 @@ DEFINE_FREE(fput, struct file *, if (!IS_ERR_OR_NULL(_T)) fput(_T))
extern void fd_install(unsigned int fd, struct file *file);
int receive_fd(struct file *file, int __user *ufd, unsigned int o_flags);
+int receive_fd_filtered(struct file *file, int __user *ufd, unsigned int o_flags,
+ bool *filtered);
int receive_fd_replace(int new_fd, struct file *file, unsigned int o_flags);
--
2.54.0
^ permalink raw reply related
* [PATCH net-next v3 1/5] net: scm: move scm_detach_fds() from common path to scm_recv_unix()
From: Jori Koolstra @ 2026-06-29 19:43 UTC (permalink / raw)
To: Christian Brauner, Aleksa Sarai, Kuniyuki Iwashima,
David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman
Cc: netdev, linux-fsdevel, linux-kernel, Jori Koolstra
In-Reply-To: <20260629194327.2270798-1-jkoolstra@xs4all.nl>
scm->fp can only be set when using UNIX sockets, therefore we should
move it out of the common path __scm_recv_common() into
scm_recv_unix().
Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl>
---
net/core/scm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/core/scm.c b/net/core/scm.c
index eec13f50ecaf..a73b1eb30fd2 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -523,9 +523,6 @@ static bool __scm_recv_common(struct sock *sk, struct msghdr *msg,
scm_passec(sk, msg, scm);
- if (scm->fp)
- scm_detach_fds(msg, scm);
-
return true;
}
@@ -545,6 +542,9 @@ void scm_recv_unix(struct socket *sock, struct msghdr *msg,
if (!__scm_recv_common(sock->sk, msg, scm, flags))
return;
+ if (scm->fp)
+ scm_detach_fds(msg, scm);
+
if (sock->sk->sk_scm_pidfd)
scm_pidfd_recv(msg, scm);
--
2.54.0
^ permalink raw reply related
* [PATCH net-next v3 0/5] af_unix: useful handling of LSM denials on SCM_RIGHTS
From: Jori Koolstra @ 2026-06-29 19:43 UTC (permalink / raw)
To: Christian Brauner, Aleksa Sarai, Kuniyuki Iwashima,
David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman
Cc: netdev, linux-fsdevel, linux-kernel, Jori Koolstra
Right now if some LSM such as Smack denies an AF_UNIX socket peer to
receive an SCM_RIGHTS fd, the SCM_RIGHTS fd array will be cut short at
that point, and MSG_CTRUNC is set on return of recvmsg(2). This is
highly problematic behaviour, because it leaves the receiver
wondering what happened. As per man page MSG_CTRUNC is supposed to
indicate that the control buffer was sized too short, but suddenly
a permission error might result in the exact same flag being set.
Moreover, the receiver has no chance to determine how many fds got
originally sent and how many were suppressed.[1]
Add a SO_RIGHTS_NOTRUNC option to UNIX sockets to enable more useful
handling of LSM denials when receiving SCM_RIGHTS messages: instead of
truncating the message at the first blocked fd, keep every fd slot
and store the LSM errno in the blocked slot.
[1]: https://github.com/uapi-group/kernel-features#useful-handling-of-lsm-denials-on-scm_rights
Changes:
v3:
- Separated net and vfs changes.
- Use kselftest_harness.h and system() to call the test script.
v2: https://lore.kernel.org/netdev/20260616143020.3458085-2-jkoolstra@xs4all.nl/
- Reimplemented as a UNIX socket option instead of a per recvmsg(2) flag.
v1: https://lore.kernel.org/netdev/20260428175125.2705296-1-jkoolstra@xs4all.nl/
Jori Koolstra (5):
net: scm: move scm_detach_fds() from common path to scm_recv_unix()
vfs: add function receive_fd_filtered() that makes LSM filtering
explicit
net: af_unix: useful handling of LSM denials on SCM_RIGHTS
net: af_unix: replace copy_from_sockptr() with
copy_safe_from_sockptr()
selftest: Add tests for useful handling of LSM denials on SCM_RIGHTS
fs/file.c | 48 +++--
include/linux/file.h | 2 +
include/net/af_unix.h | 1 +
include/net/scm.h | 15 +-
include/uapi/asm-generic/socket.h | 3 +
net/compat.c | 4 +-
net/core/scm.c | 18 +-
net/unix/af_unix.c | 18 +-
.../testing/selftests/net/af_unix/.gitignore | 3 +
tools/testing/selftests/net/af_unix/Makefile | 4 +
.../selftests/net/af_unix/scm_rights_denial.c | 20 ++
.../selftests/net/af_unix/scm_rights_denial.h | 38 ++++
.../net/af_unix/scm_rights_denial.sh | 174 ++++++++++++++++
.../net/af_unix/scm_rights_denial_receiver.c | 195 ++++++++++++++++++
.../net/af_unix/scm_rights_denial_sender.c | 126 +++++++++++
15 files changed, 636 insertions(+), 33 deletions(-)
create mode 100644 tools/testing/selftests/net/af_unix/scm_rights_denial.c
create mode 100644 tools/testing/selftests/net/af_unix/scm_rights_denial.h
create mode 100755 tools/testing/selftests/net/af_unix/scm_rights_denial.sh
create mode 100644 tools/testing/selftests/net/af_unix/scm_rights_denial_receiver.c
create mode 100644 tools/testing/selftests/net/af_unix/scm_rights_denial_sender.c
--
2.54.0
^ permalink raw reply
* [PATCH net-next v1 2/2] selftests: net: Add kthread preserving test in napi_threaded and busy_poll_test
From: Shuhao Tan @ 2026-06-29 19:20 UTC (permalink / raw)
To: David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Andrew Lunn, Shuah Khan
Cc: Shuhao Tan, Mina Almasry, Samiullah Khawaja, Kuniyuki Iwashima,
netdev, linux-kernel, linux-kselftest
In-Reply-To: <20260629192029.4013794-1-tanshuhao@google.com>
Add a testcase to ensure the kthread stays the same across NIC link
flap.
Add a testcase to ensure the same kthread can poll different napis
across NIC link flap.
Signed-off-by: Shuhao Tan <tanshuhao@google.com>
---
.../selftests/drivers/net/napi_threaded.py | 41 ++++++++++++++++++-
tools/testing/selftests/net/busy_poll_test.sh | 24 +++++++++++
2 files changed, 64 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/drivers/net/napi_threaded.py b/tools/testing/selftests/drivers/net/napi_threaded.py
index f4be72b2145a..20110fb6942e 100755
--- a/tools/testing/selftests/drivers/net/napi_threaded.py
+++ b/tools/testing/selftests/drivers/net/napi_threaded.py
@@ -127,6 +127,44 @@ def change_num_queues(cfg, nl) -> None:
_assert_napi_threaded_enabled(nl, napi0_id)
_assert_napi_threaded_enabled(nl, napi1_id)
+def nic_link_flap(cfg, nl) -> None:
+ """
+ Test that if threaded is enabled, and NIC goes through
+ a reset, the kthread stays unchanged across the link flap.
+ """
+ napis = nl.napi_get({'ifindex': cfg.ifindex}, dump=True)
+ ksft_ge(len(napis), 2)
+
+ napi0_id = napis[0]['id']
+ napi1_id = napis[1]['id']
+
+ _setup_deferred_cleanup(cfg)
+
+ # set threaded
+ _set_threaded_state(cfg, 1)
+ napis = nl.napi_get({'ifindex': cfg.ifindex}, dump=True)
+
+ # check napi threaded is set for both napis
+ _assert_napi_threaded_enabled(nl, napi0_id)
+ _assert_napi_threaded_enabled(nl, napi1_id)
+
+ pid0 = napis[0].get('pid')
+ pid1 = napis[1].get('pid')
+
+ cmd(f"ip link set {cfg.ifname} down")
+ cmd(f"ip link set {cfg.ifname} up")
+
+ # re-acquire napi info
+ napis = nl.napi_get({'ifindex': cfg.ifindex}, dump=True)
+ ksft_ge(len(napis), 2)
+
+ # check napi threaded is set for both napis
+ _assert_napi_threaded_enabled(nl, napi0_id)
+ _assert_napi_threaded_enabled(nl, napi1_id)
+
+ # check the kthread remains the same
+ ksft_eq(napis[0].get('pid'), pid0)
+ ksft_eq(napis[1].get('pid'), pid1)
def main() -> None:
""" Ksft boiler plate main """
@@ -134,7 +172,8 @@ def main() -> None:
with NetDrvEnv(__file__, queue_count=2) as cfg:
ksft_run([napi_init,
change_num_queues,
- enable_dev_threaded_disable_napi_threaded],
+ enable_dev_threaded_disable_napi_threaded,
+ nic_link_flap],
args=(cfg, NetdevFamily()))
ksft_exit()
diff --git a/tools/testing/selftests/net/busy_poll_test.sh b/tools/testing/selftests/net/busy_poll_test.sh
index 5ec1c85c1623..897ce6700601 100755
--- a/tools/testing/selftests/net/busy_poll_test.sh
+++ b/tools/testing/selftests/net/busy_poll_test.sh
@@ -124,6 +124,23 @@ test_busypoll_with_napi_threaded()
return $?
}
+test_busypoll_with_napi_threaded_link_flap()
+{
+ # Only enable napi threaded poll. Set suspend timeout and prefer busy
+ # poll to 0. Run again after a link flap.
+ test_busypoll 0 ${NAPI_THREADED_MODE_BUSY_POLL} 0 || return $?
+
+ ip netns exec nssv ip link set dev $NSIM_SV_NAME down
+ ip netns exec nscl ip link set dev $NSIM_CL_NAME down
+
+ ip netns exec nssv ip link set dev $NSIM_SV_NAME up
+ ip netns exec nscl ip link set dev $NSIM_CL_NAME up
+
+ test_busypoll 0 ${NAPI_THREADED_MODE_BUSY_POLL} 0
+
+ return $?
+}
+
###
### Code start
###
@@ -176,6 +193,13 @@ if [ $? -ne 0 ]; then
exit 1
fi
+test_busypoll_with_napi_threaded_link_flap
+if [ $? -ne 0 ]; then
+ echo "test_busypoll_with_napi_threaded_link_flap failed"
+ cleanup_ns
+ exit 1
+fi
+
echo "$NSIM_SV_FD:$NSIM_SV_IFIDX" > $NSIM_DEV_SYS_UNLINK
echo $NSIM_CL_ID > $NSIM_DEV_SYS_DEL
--
2.55.0.rc0.799.gd6f94ed593-goog
^ permalink raw reply related
* [PATCH net-next v1 1/2] net: Save kthread of threaded NAPI in napi_config and restore it when trying to create a new kthread.
From: Shuhao Tan @ 2026-06-29 19:20 UTC (permalink / raw)
To: David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Andrew Lunn, Shuah Khan
Cc: Shuhao Tan, Mina Almasry, Samiullah Khawaja, Kuniyuki Iwashima,
netdev, linux-kernel, linux-kselftest
In-Reply-To: <20260629192029.4013794-1-tanshuhao@google.com>
Add a napi_thread_ctx struct that has a back pointer to napi_struct.
Make the NAPI kthread to use the thread_ctx as data pointer so that
it can poll on different NAPIs thoughout its lifetime.
Mirror the thread and thread_ctx in napi_config all the time.
Park the thread on napi_del instead of stopping if napi_config is
available.
Restore the thread and context when trying to create a new NAPI
kthread.
Signed-off-by: Shuhao Tan <tanshuhao@google.com>
---
include/linux/netdevice.h | 12 +++++
net/core/dev.c | 106 +++++++++++++++++++++++++++++++-------
2 files changed, 99 insertions(+), 19 deletions(-)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 9981d637f8b5..05e430f10aba 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -63,6 +63,7 @@ struct dsa_port;
struct ip_tunnel_parm_kern;
struct macsec_context;
struct macsec_ops;
+struct napi_struct;
struct netdev_config;
struct netdev_name_node;
struct sd_flow_limit;
@@ -363,6 +364,10 @@ struct gro_node {
u32 cached_napi_id;
};
+struct napi_thread_ctx {
+ struct napi_struct *napi;
+};
+
/*
* Structure for per-NAPI config
*/
@@ -371,6 +376,12 @@ struct napi_config {
u64 irq_suspend_timeout;
u32 defer_hard_irqs;
cpumask_t affinity_mask;
+ /* thread and thread_ctx mirrors fields of napi_struct when napi_struct
+ * is alive. When the napi_struct gets destroyed, napi_config holds the
+ * sole reference to the now parked kthread.
+ */
+ struct task_struct *thread;
+ struct napi_thread_ctx *thread_ctx;
u8 threaded;
unsigned int napi_id;
};
@@ -404,6 +415,7 @@ struct napi_struct {
struct hrtimer timer;
/* all fields past this point are write-protected by netdev_lock */
struct task_struct *thread;
+ struct napi_thread_ctx *thread_ctx;
unsigned long gro_flush_timeout;
unsigned long irq_suspend_timeout;
u32 defer_hard_irqs;
diff --git a/net/core/dev.c b/net/core/dev.c
index 4b3d5cfdf6e0..c81992c929d9 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1647,20 +1647,45 @@ static int napi_threaded_poll(void *data);
static int napi_kthread_create(struct napi_struct *n)
{
+ struct napi_thread_ctx *thread_ctx = NULL;
int err = 0;
+ if (n->config && n->config->thread) {
+ n->thread_ctx = n->config->thread_ctx;
+ n->thread = n->config->thread;
+ WRITE_ONCE(n->thread_ctx->napi, n);
+ kthread_unpark(n->thread);
+ return 0;
+ }
+
+ thread_ctx = kvzalloc_obj(*thread_ctx);
+ if (!thread_ctx)
+ return -ENOMEM;
+
/* Create and wake up the kthread once to put it in
* TASK_INTERRUPTIBLE mode to avoid the blocked task
* warning and work with loadavg.
*/
- n->thread = kthread_run(napi_threaded_poll, n, "napi/%s-%d",
+ thread_ctx->napi = n;
+ n->thread = kthread_run(napi_threaded_poll, thread_ctx, "napi/%s-%d",
n->dev->name, n->napi_id);
if (IS_ERR(n->thread)) {
err = PTR_ERR(n->thread);
pr_err("kthread_run failed with err %d\n", err);
n->thread = NULL;
+ goto free_thread_ctx;
+ }
+ n->thread_ctx = thread_ctx;
+ if (n->config) {
+ n->config->thread = n->thread;
+ n->config->thread_ctx = thread_ctx;
}
+ return 0;
+
+free_thread_ctx:
+ kvfree(thread_ctx);
+
return err;
}
@@ -7183,7 +7208,13 @@ static void napi_stop_kthread(struct napi_struct *napi)
}
kthread_stop(napi->thread);
+ kvfree(napi->thread_ctx);
napi->thread = NULL;
+ napi->thread_ctx = NULL;
+ if (napi->config) {
+ napi->config->thread = NULL;
+ napi->config->thread_ctx = NULL;
+ }
}
static void napi_set_threaded_state(struct napi_struct *napi,
@@ -7199,13 +7230,11 @@ static void napi_set_threaded_state(struct napi_struct *napi,
int napi_set_threaded(struct napi_struct *napi,
enum netdev_napi_threaded threaded)
{
- if (threaded) {
- if (!napi->thread) {
- int err = napi_kthread_create(napi);
+ if (threaded && !napi->thread) {
+ int err = napi_kthread_create(napi);
- if (err)
- return err;
- }
+ if (err)
+ return err;
}
if (napi->config)
@@ -7255,8 +7284,15 @@ int netif_set_threaded(struct net_device *dev,
WARN_ON_ONCE(napi_set_threaded(napi, threaded));
/* Override the config for all NAPIs even if currently not listed */
- for (i = 0; i < dev->num_napi_configs; i++)
+ for (i = 0; i < dev->num_napi_configs; i++) {
dev->napi_config[i].threaded = threaded;
+ if (!threaded && dev->napi_config[i].thread) {
+ kthread_stop(dev->napi_config[i].thread);
+ kvfree(dev->napi_config[i].thread_ctx);
+ dev->napi_config[i].thread = NULL;
+ dev->napi_config[i].thread_ctx = NULL;
+ }
+ }
return err;
}
@@ -7501,6 +7537,8 @@ static void napi_save_config(struct napi_struct *n)
n->config->defer_hard_irqs = n->defer_hard_irqs;
n->config->gro_flush_timeout = n->gro_flush_timeout;
n->config->irq_suspend_timeout = n->irq_suspend_timeout;
+ n->config->thread = n->thread;
+ n->config->thread_ctx = n->thread_ctx;
napi_hash_del(n);
}
@@ -7695,6 +7733,21 @@ void __netif_napi_del_locked(struct napi_struct *napi)
if (test_and_clear_bit(NAPI_STATE_HAS_NOTIFIER, &napi->state))
irq_set_affinity_notifier(napi->irq, NULL);
+ if (napi->thread) {
+ if (napi->config) {
+ kthread_park(napi->thread);
+ /* napi->config holds the only reference to the thread
+ * from now on.
+ */
+ napi->thread_ctx->napi = NULL;
+ } else {
+ kthread_stop(napi->thread);
+ kvfree(napi->thread_ctx);
+ }
+ napi->thread = NULL;
+ napi->thread_ctx = NULL;
+ }
+
if (napi->config) {
napi->index = -1;
napi->config = NULL;
@@ -7704,11 +7757,6 @@ void __netif_napi_del_locked(struct napi_struct *napi)
napi_free_frags(napi);
gro_cleanup(&napi->gro);
-
- if (napi->thread) {
- kthread_stop(napi->thread);
- napi->thread = NULL;
- }
}
EXPORT_SYMBOL(__netif_napi_del_locked);
@@ -7804,11 +7852,18 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll)
return work;
}
-static int napi_thread_wait(struct napi_struct *napi)
+static struct napi_struct *napi_thread_wait(struct napi_thread_ctx *thread_ctx)
{
+ struct napi_struct *napi = READ_ONCE(thread_ctx->napi);
set_current_state(TASK_INTERRUPTIBLE);
while (!kthread_should_stop()) {
+ if (kthread_should_park()) {
+ kthread_parkme();
+ napi = READ_ONCE(thread_ctx->napi);
+ /* Might be awakened for stopping */
+ continue;
+ }
/* Testing SCHED_THREADED bit here to make sure the current
* kthread owns this napi and could poll on this napi.
* Testing SCHED bit is not enough because SCHED bit might be
@@ -7817,7 +7872,7 @@ static int napi_thread_wait(struct napi_struct *napi)
if (test_bit(NAPI_STATE_SCHED_THREADED, &napi->state)) {
WARN_ON(!list_empty(&napi->poll_list));
__set_current_state(TASK_RUNNING);
- return 0;
+ return napi;
}
schedule();
@@ -7825,7 +7880,7 @@ static int napi_thread_wait(struct napi_struct *napi)
}
__set_current_state(TASK_RUNNING);
- return -1;
+ return NULL;
}
static void napi_threaded_poll_loop(struct napi_struct *napi,
@@ -7882,13 +7937,18 @@ static void napi_threaded_poll_loop(struct napi_struct *napi,
static int napi_threaded_poll(void *data)
{
- struct napi_struct *napi = data;
+ struct napi_thread_ctx *thread_ctx = data;
unsigned long last_qs = jiffies;
+ struct napi_struct *napi;
bool want_busy_poll;
bool in_busy_poll;
unsigned long val;
- while (!napi_thread_wait(napi)) {
+ while (1) {
+ napi = napi_thread_wait(thread_ctx);
+ if (!napi)
+ break;
+
val = READ_ONCE(napi->state);
want_busy_poll = val & NAPIF_STATE_THREADED_BUSY_POLL;
@@ -12128,11 +12188,11 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
goto free_all;
dev->cfg_pending = dev->cfg;
- dev->num_napi_configs = maxqs;
napi_config_sz = array_size(maxqs, sizeof(*dev->napi_config));
dev->napi_config = kvzalloc(napi_config_sz, GFP_KERNEL_ACCOUNT);
if (!dev->napi_config)
goto free_all;
+ dev->num_napi_configs = maxqs;
strscpy(dev->name, name);
dev->name_assign_type = name_assign_type;
@@ -12160,6 +12220,8 @@ EXPORT_SYMBOL(alloc_netdev_mqs);
static void netdev_napi_exit(struct net_device *dev)
{
+ unsigned int i;
+
if (!list_empty(&dev->napi_list)) {
struct napi_struct *p, *n;
@@ -12171,6 +12233,12 @@ static void netdev_napi_exit(struct net_device *dev)
synchronize_net();
}
+ for (i = 0; i < dev->num_napi_configs; i++) {
+ if (dev->napi_config[i].thread) {
+ kthread_stop(dev->napi_config[i].thread);
+ kvfree(dev->napi_config[i].thread_ctx);
+ }
+ }
kvfree(dev->napi_config);
}
--
2.55.0.rc0.799.gd6f94ed593-goog
^ permalink raw reply related
* [PATCH net-next v1 0/2] Reuse threaded NAPI kthread across napi_del()/napi_add().
From: Shuhao Tan @ 2026-06-29 19:20 UTC (permalink / raw)
To: David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Andrew Lunn, Shuah Khan
Cc: Shuhao Tan, Mina Almasry, Samiullah Khawaja, Kuniyuki Iwashima,
netdev, linux-kernel, linux-kselftest
Currently the lifetime of the kthread of a threaded NAPI is tied to
the napi_struct. netif_napi_del() stops the kthread when it destroys
the NAPI struct.
This patch series reuses the same kthread (thus preserving all of its
attributes) across napi_del/napi_add. The kthread is parked between
napi_del and napi_add. This series now ties the lifetime of the
kthread to net_device instead of napi_struct.
The usual workflow for threaded NAPI will be "enable threaded" ->
"configure the kthread". Driver reset (that can be caused by a NIC
configuration change or link flap) often destroys the configuration
and causes a usability issue. This series aims to improve on this.
There is a downside of this approach: If a device reduces number of
queues while its NAPIs are threaded. The kthread associated with
removed queues will not be stopped. Since the mapping between the
index passed to napi_add_config() and NAPI is an implementation
detail of individual drivers, it is not straightfoward to perform
a garbage collection and stop kthreads that are no longer associated
with a queue. The kthread still shows up in /proc, but should not
consume CPU cycles since it is now parked.
There was a discussion
https://lore.kernel.org/CAAywjhR0TPKZ-xzqjSP709OVmZWUisDNv2CVc_VxgOrXRtop+g@mail.gmail.com/
around what to do with the kthread between napi_disable/napi_enable.
It seems that there was an intention to keep user configuration for
the kthread across NIC configuration change. This patch series extends
the effort to cover more NIC configuration changes. Roughly tracing
through the call hierarchy of napi_del reveals that at least the
following drivers will not preserve the user configurations:
- idpf: idpf_set_channels(), idpf_set_ringparam()
- mlx4: mlx4_en_set_ringparam(), mlx4_en_set_rxfh(),
mlx4_en_setchannels()
- bnx2: bnx2_set_ringparam(), bnx2_set_channels(), bnx2_change_mtu()
- gve: gve_set_channels(), gve_set_ringparam()
- ena2: ena_set_ringparam(), ena_set_channels()
- fbnic: fbnic_set_ringparam()
- (non exhaustive)
These drivers destroy and recreate queues during configuration
changes. If a NAPI was threaded before destruction, during the
creation, a new kthread will be spawned for the NAPI.
Some drivers do not have this problem, e.g. netdevsim. But these
drivers and the drivers mentioned above will still lose kthread
during link flap (ndo_stop/ndo_open).
Because the kthreads before and after these configuration changes are
different, all the attributes associated with the kthread are lost.
These include CPU mask, priority, scheduler policy, etc.. If the
threaded state is preserved for a NAPI, it makes sense to want to
preserve the attributes of the thread as well.
---
Changes since RFC v1: https://lore.kernel.org/netdev/20260612173644.380972-1-tanshuhao@google.com/
- Refactor to get rid of RCU usage
- Treat napi_config as a mirror during the lifetime of napi
Link: https://lore.kernel.org/netdev/20260612173644.380972-1-tanshuhao@google.com/
Link: https://lore.kernel.org/CAAywjhR0TPKZ-xzqjSP709OVmZWUisDNv2CVc_VxgOrXRtop+g@mail.gmail.com/
Shuhao Tan (2):
net: Save kthread of threaded NAPI in napi_config and restore it when
trying to create a new kthread.
selftests: net: Add kthread preserving test in napi_threaded and
busy_poll_test
include/linux/netdevice.h | 12 ++
net/core/dev.c | 106 ++++++++++++++----
.../selftests/drivers/net/napi_threaded.py | 41 ++++++-
tools/testing/selftests/net/busy_poll_test.sh | 24 ++++
4 files changed, 163 insertions(+), 20 deletions(-)
--
2.55.0.rc0.799.gd6f94ed593-goog
^ permalink raw reply
* [PATCH v3 net-next] selftests/xsk: Preserve UMEM view in BIDIRECTIONAL test
From: Maciej Fijalkowski @ 2026-06-29 19:12 UTC (permalink / raw)
To: netdev
Cc: bpf, magnus.karlsson, stfomichev, kuba, pabeni, horms,
tushar.vyavahare, kerneljasonxing, Maciej Fijalkowski
The UMEM state refactor made __send_pkts() use xsk->umem for Tx
address generation. At the same time, the shared-UMEM Tx setup copies the
Rx UMEM state into a Tx-local state object and resets base_addr and
next_buffer before configuring the Tx socket.
Passing that Tx-local object to xsk_configure() makes xsk->umem point to
the zero-based Tx allocator state. This breaks the BIDIRECTIONAL test once
the roles are switched: the same socket is then used for Rx validation, but
received descriptors from the other logical UMEM half are checked against
base_addr == 0. With the new UMEM bounds check, a valid address such as
base_addr + XDP_PACKET_HEADROOM is rejected as being outside the UMEM
window.
Keep xsk->umem as the shared/Rx UMEM view used for socket configuration
and Rx validation. Use the ifobject-local UMEM copy only for Tx descriptor
address generation, preserving the BIDIRECTIONAL test's intent of using
the proper logical UMEM half after the direction switch.
Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>
Reviewed-by: Tushar Vyavahare <tushar.vyavahare@intel.com>
Tested-by: Tushar Vyavahare <tushar.vyavahare@intel.com>
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
---
v3:
- target net-next
- remove fixes tag
- rebase
- add Jason's tag
v2:
- fix SoB line
- rebase
- add tags from Tushar
---
tools/testing/selftests/bpf/prog_tests/test_xsk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/test_xsk.c b/tools/testing/selftests/bpf/prog_tests/test_xsk.c
index 6eb9096d084c..477aedbb01ba 100644
--- a/tools/testing/selftests/bpf/prog_tests/test_xsk.c
+++ b/tools/testing/selftests/bpf/prog_tests/test_xsk.c
@@ -1164,8 +1164,8 @@ static int __send_pkts(struct ifobject *ifobject, struct xsk_socket_info *xsk,
bool test_timeout)
{
u32 i, idx = 0, valid_pkts = 0, valid_frags = 0, buffer_len;
+ struct xsk_umem_info *umem = ifobject->xsk_arr[0].umem_real;
struct pkt_stream *pkt_stream = xsk->pkt_stream;
- struct xsk_umem_info *umem = xsk->umem;
bool use_poll = ifobject->use_poll;
struct pollfd fds = { };
int ret;
@@ -1514,7 +1514,7 @@ static int thread_common_ops_tx(struct test_spec *test, struct ifobject *ifobjec
umem_tx->base_addr = 0;
umem_tx->next_buffer = 0;
- ret = xsk_configure(test, ifobject, umem_tx, true);
+ ret = xsk_configure(test, ifobject, umem_rx, true);
if (ret)
return ret;
ifobject->xsk = &ifobject->xsk_arr[0];
--
2.43.0
^ permalink raw reply related
* Re: [PATCH net 5/7] xsk: reclaim invalid multi-buffer Tx descs in ZC path
From: Maciej Fijalkowski @ 2026-06-29 19:06 UTC (permalink / raw)
To: netdev
Cc: bpf, magnus.karlsson, stfomichev, kuba, pabeni, horms,
kerneljasonxing, bjorn
In-Reply-To: <20260623133240.1048434-6-maciej.fijalkowski@intel.com>
On Tue, Jun 23, 2026 at 03:32:38PM +0200, Maciej Fijalkowski wrote:
> Currently, the zero-copy Tx batching path stops when it encounters an
> invalid descriptor. For multi-buffer packets this can leave descriptors
> consumed from the Tx ring without returning their buffers to userspace
> through the completion ring.
>
> Handle invalid multi-buffer packets as a packet-sized unit. Keep
> descriptors that are valid for transmission separate from descriptors
> that are consumed only because they belong to an invalid multi-buffer
> packet. The former are returned to the driver as Tx work, while the
> latter are written to the CQ address area so they can be reclaimed by
> userspace.
>
> The batched path can retain drain state when the producer has not yet
> supplied the end of an invalid packet. Do not allow a second Tx socket to
> join the pool while such state exists. Gate the batched data path while a
> same-pool bind waits for pre-existing readers, then either add the new
> socket or fail the bind with -EAGAIN. This guarantees that drain state is
> handled only by the singular batched path and avoids teaching the shared
> UMEM fallback path about multi-buffer packet draining.
Well I think this approach is broken unfortunately. Second socket still
can submit too big packet or invalid descriptor within multi-buffer
packet. Then fallback path would not handle it correctly.
Seems we need to teach it how to play with these corner cases.
>
> The reclaim-only descriptors must not be submitted to the completion
> ring immediately when they follow real Tx descriptors in the same batch.
> Drivers may complete only part of the Tx work returned by
> xsk_tx_peek_release_desc_batch(), and publishing the reclaim descriptors
> too early would also publish earlier real Tx descriptors that the driver
> has not completed yet.
>
> Track the number of driver-visible Tx descriptors that precede pending
> reclaim descriptors. xsk_tx_completed() first advances through the real
> Tx completions and submits the reclaim descriptors only after all earlier
> Tx descriptors in the CQ address order have been completed. If a batch
> contains only reclaim descriptors, complete them immediately because
> there is no driver-visible Tx work in front of them.
>
> This preserves CQ ordering while ensuring that every descriptor consumed
> as part of an invalid multi-buffer packet is eventually returned to
> userspace.
>
> Fixes: cf24f5a5feea ("xsk: add support for AF_XDP multi-buffer on Tx path")
> Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
> ---
> include/net/xsk_buff_pool.h | 6 ++++
> net/xdp/xsk.c | 62 +++++++++++++++++++++++++++++++---
> net/xdp/xsk_buff_pool.c | 66 +++++++++++++++++++++++++++++++++++++
> net/xdp/xsk_queue.h | 66 +++++++++++++++++++++++++++----------
> 4 files changed, 177 insertions(+), 23 deletions(-)
>
> diff --git a/include/net/xsk_buff_pool.h b/include/net/xsk_buff_pool.h
> index ccb3b350001f..4e5abacfcbb7 100644
> --- a/include/net/xsk_buff_pool.h
> +++ b/include/net/xsk_buff_pool.h
> @@ -78,9 +78,12 @@ struct xsk_buff_pool {
> u32 chunk_size;
> u32 chunk_shift;
> u32 frame_len;
> + u32 reclaim_descs;
> + u32 tx_zc_pending_descs;
> u32 xdp_zc_max_segs;
> u8 tx_metadata_len; /* inherited from umem */
> u8 cached_need_wakeup;
> + bool tx_share_pending;
> bool uses_need_wakeup;
> bool unaligned;
> bool tx_sw_csum;
> @@ -113,6 +116,9 @@ void xp_get_pool(struct xsk_buff_pool *pool);
> bool xp_put_pool(struct xsk_buff_pool *pool);
> void xp_clear_dev(struct xsk_buff_pool *pool);
> void xp_add_xsk(struct xsk_buff_pool *pool, struct xdp_sock *xs);
> +int xp_prepare_xsk_tx_share(struct xsk_buff_pool *pool, struct xdp_sock *xs,
> + bool *pending);
> +void xp_finish_xsk_tx_share(struct xsk_buff_pool *pool);
> void xp_del_xsk(struct xsk_buff_pool *pool, struct xdp_sock *xs);
>
> /* AF_XDP, and XDP core. */
> diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
> index 43791647cf18..2dda854c6590 100644
> --- a/net/xdp/xsk.c
> +++ b/net/xdp/xsk.c
> @@ -499,6 +499,18 @@ void __xsk_map_flush(struct list_head *flush_list)
>
> void xsk_tx_completed(struct xsk_buff_pool *pool, u32 nb_entries)
> {
> + if (unlikely(pool->reclaim_descs)) {
> + if (nb_entries < pool->tx_zc_pending_descs) {
> + pool->tx_zc_pending_descs -= nb_entries;
> + xskq_prod_submit_n(pool->cq, nb_entries);
> + return;
> + }
> +
> + pool->tx_zc_pending_descs = 0;
> + nb_entries += pool->reclaim_descs;
> + pool->reclaim_descs = 0;
> + }
> +
> xskq_prod_submit_n(pool->cq, nb_entries);
> }
> EXPORT_SYMBOL(xsk_tx_completed);
> @@ -576,9 +588,20 @@ static u32 xsk_tx_peek_release_fallback(struct xsk_buff_pool *pool, u32 max_entr
>
> u32 xsk_tx_peek_release_desc_batch(struct xsk_buff_pool *pool, u32 nb_pkts)
> {
> + struct xsk_tx_batch batch = {};
> struct xdp_sock *xs;
> + u32 cq_cached_prod;
>
> rcu_read_lock();
> +
> + /* Pairs with the release stores in xp_prepare_xsk_tx_share() and
> + * xp_finish_xsk_tx_share(). If bind is converting a singular Tx pool
> + * to shared, do not enter the singular batched path.
> + */
> + if (smp_load_acquire(&pool->tx_share_pending))
> + goto out;
> + if (unlikely(pool->reclaim_descs))
> + goto out;
> if (!list_is_singular(&pool->xsk_tx_list)) {
> /* Fallback to the non-batched version */
> rcu_read_unlock();
> @@ -586,10 +609,8 @@ u32 xsk_tx_peek_release_desc_batch(struct xsk_buff_pool *pool, u32 nb_pkts)
> }
>
> xs = list_first_or_null_rcu(&pool->xsk_tx_list, struct xdp_sock, tx_list);
> - if (!xs) {
> - nb_pkts = 0;
> + if (!xs)
> goto out;
> - }
>
> nb_pkts = xskq_cons_nb_entries(xs->tx, nb_pkts);
>
> @@ -603,19 +624,38 @@ u32 xsk_tx_peek_release_desc_batch(struct xsk_buff_pool *pool, u32 nb_pkts)
> if (!nb_pkts)
> goto out;
>
> - nb_pkts = xskq_cons_read_desc_batch(xs->tx, pool, nb_pkts);
> + batch = xskq_cons_read_desc_batch(xs, pool, nb_pkts);
> + nb_pkts = xsk_tx_batch_cq_descs(&batch);
> if (!nb_pkts) {
> xs->tx->queue_empty_descs++;
> goto out;
> }
>
> __xskq_cons_release(xs->tx);
> + cq_cached_prod = pool->cq->cached_prod;
> +
> xskq_prod_write_addr_batch(pool->cq, pool->tx_descs, nb_pkts);
> +
> + if (unlikely(batch.reclaim_descs)) {
> + u32 cq_pending_descs;
> +
> + /* CQ is positional. Descriptors already written but not
> + * submitted must complete before any reclaim-only descriptors
> + * appended below.
> + */
> + cq_pending_descs = cq_cached_prod - xskq_get_prod(pool->cq);
> +
> + pool->tx_zc_pending_descs = batch.tx_descs + cq_pending_descs;
> + pool->reclaim_descs = batch.reclaim_descs;
> + if (unlikely(!pool->tx_zc_pending_descs))
> + xsk_tx_completed(pool, 0);
> + }
> +
> xs->sk.sk_write_space(&xs->sk);
>
> out:
> rcu_read_unlock();
> - return nb_pkts;
> + return batch.tx_descs;
> }
> EXPORT_SYMBOL(xsk_tx_peek_release_desc_batch);
>
> @@ -1442,6 +1482,7 @@ static int xsk_bind(struct socket *sock, struct sockaddr_unsized *addr, int addr
> struct sockaddr_xdp *sxdp = (struct sockaddr_xdp *)addr;
> struct sock *sk = sock->sk;
> struct xdp_sock *xs = xdp_sk(sk);
> + bool tx_share_pending = false;
> struct net_device *dev;
> int bound_dev_if;
> u32 flags, qid;
> @@ -1549,6 +1590,13 @@ static int xsk_bind(struct socket *sock, struct sockaddr_unsized *addr, int addr
> goto out_unlock;
> }
>
> + err = xp_prepare_xsk_tx_share(umem_xs->pool, xs,
> + &tx_share_pending);
> + if (err) {
> + sockfd_put(sock);
> + goto out_unlock;
> + }
> +
> xp_get_pool(umem_xs->pool);
> xs->pool = umem_xs->pool;
>
> @@ -1559,6 +1607,8 @@ static int xsk_bind(struct socket *sock, struct sockaddr_unsized *addr, int addr
> if (xs->tx && !xs->pool->tx_descs) {
> err = xp_alloc_tx_descs(xs->pool, xs);
> if (err) {
> + if (tx_share_pending)
> + xp_finish_xsk_tx_share(xs->pool);
> xp_put_pool(xs->pool);
> xs->pool = NULL;
> sockfd_put(sock);
> @@ -1598,6 +1648,8 @@ static int xsk_bind(struct socket *sock, struct sockaddr_unsized *addr, int addr
> xs->sg = !!(xs->umem->flags & XDP_UMEM_SG_FLAG);
> xs->queue_id = qid;
> xp_add_xsk(xs->pool, xs);
> + if (tx_share_pending)
> + xp_finish_xsk_tx_share(xs->pool);
>
> if (qid < dev->real_num_rx_queues) {
> struct netdev_rx_queue *rxq;
> diff --git a/net/xdp/xsk_buff_pool.c b/net/xdp/xsk_buff_pool.c
> index 1f28a9641571..6fa732a843a9 100644
> --- a/net/xdp/xsk_buff_pool.c
> +++ b/net/xdp/xsk_buff_pool.c
> @@ -22,6 +22,72 @@ void xp_add_xsk(struct xsk_buff_pool *pool, struct xdp_sock *xs)
> spin_unlock(&pool->xsk_tx_list_lock);
> }
>
> +int xp_prepare_xsk_tx_share(struct xsk_buff_pool *pool, struct xdp_sock *xs,
> + bool *pending)
> +{
> + struct xdp_sock *tmp;
> + int err = 0;
> +
> + *pending = false;
> + if (!xs->tx)
> + return 0;
> +
> + spin_lock(&pool->xsk_tx_list_lock);
> + if (!list_is_singular(&pool->xsk_tx_list)) {
> + spin_unlock(&pool->xsk_tx_list_lock);
> + return 0;
> + }
> +
> + if (pool->tx_share_pending) {
> + spin_unlock(&pool->xsk_tx_list_lock);
> + return -EAGAIN;
> + }
> +
> + /* Pairs with the acquire load in xsk_tx_peek_release_desc_batch().
> + * Stop new singular batched Tx readers before synchronize_net()
> + * waits for readers that may already have observed a singular list.
> + */
> + smp_store_release(&pool->tx_share_pending, true);
> + *pending = true;
> + spin_unlock(&pool->xsk_tx_list_lock);
> +
> + /* A batch that observed a singular Tx socket list before the gate was
> + * armed may set drain_cont. Wait for all such readers before checking
> + * whether the pool can safely become shared.
> + */
> + synchronize_net();
> +
> + spin_lock(&pool->xsk_tx_list_lock);
> + list_for_each_entry(tmp, &pool->xsk_tx_list, tx_list) {
> + if (READ_ONCE(tmp->drain_cont)) {
> + err = -EAGAIN;
> + break;
> + }
> + }
> +
> + if (err) {
> + /* Pairs with the acquire load in xsk_tx_peek_release_desc_batch().
> + * No socket was added; clear the gate so Tx can resume.
> + */
> + smp_store_release(&pool->tx_share_pending, false);
> + *pending = false;
> + }
> + spin_unlock(&pool->xsk_tx_list_lock);
> +
> + return err;
> +}
> +
> +void xp_finish_xsk_tx_share(struct xsk_buff_pool *pool)
> +{
> + spin_lock(&pool->xsk_tx_list_lock);
> + /* Pairs with the acquire load in xsk_tx_peek_release_desc_batch().
> + * Publish the preceding xp_add_xsk() list update before allowing Tx
> + * to observe that the share transition has finished.
> + */
> + smp_store_release(&pool->tx_share_pending, false);
> + spin_unlock(&pool->xsk_tx_list_lock);
> +}
> +
> void xp_del_xsk(struct xsk_buff_pool *pool, struct xdp_sock *xs)
> {
> if (!xs->tx)
> diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h
> index 3e3fbb73d23e..99fa62e0d337 100644
> --- a/net/xdp/xsk_queue.h
> +++ b/net/xdp/xsk_queue.h
> @@ -58,6 +58,16 @@ struct parsed_desc {
> u32 valid;
> };
>
> +struct xsk_tx_batch {
> + u32 tx_descs;
> + u32 reclaim_descs;
> +};
> +
> +static inline u32 xsk_tx_batch_cq_descs(const struct xsk_tx_batch *batch)
> +{
> + return batch->tx_descs + batch->reclaim_descs;
> +}
> +
> /* The structure of the shared state of the rings are a simple
> * circular buffer, as outlined in
> * Documentation/core-api/circular-buffers.rst. For the Rx and
> @@ -263,17 +273,19 @@ static inline void parse_desc(struct xsk_queue *q, struct xsk_buff_pool *pool,
> parsed->mb = xp_mb_desc(desc);
> }
>
> -static inline
> -u32 xskq_cons_read_desc_batch(struct xsk_queue *q, struct xsk_buff_pool *pool,
> - u32 max)
> +static inline struct xsk_tx_batch
> +xskq_cons_read_desc_batch(struct xdp_sock *xs, struct xsk_buff_pool *pool,
> + u32 max)
> {
> - u32 cached_cons = q->cached_cons, nb_entries = 0;
> struct xdp_desc *descs = pool->tx_descs;
> - u32 total_descs = 0, nr_frags = 0;
> + bool drain = READ_ONCE(xs->drain_cont);
> + u32 cached_cons, nb_entries = 0;
> + struct xsk_tx_batch batch = {};
> + struct xsk_queue *q = xs->tx;
> + u32 nr_frags = 0;
> +
> + cached_cons = q->cached_cons;
>
> - /* track first entry, if stumble upon *any* invalid descriptor, rewind
> - * current packet that consists of frags and stop the processing
> - */
> while (cached_cons != q->cached_prod && nb_entries < max) {
> struct xdp_rxtx_ring *ring = (struct xdp_rxtx_ring *)q->ring;
> u32 idx = cached_cons & q->ring_mask;
> @@ -282,26 +294,44 @@ u32 xskq_cons_read_desc_batch(struct xsk_queue *q, struct xsk_buff_pool *pool,
> descs[nb_entries] = ring->desc[idx];
> cached_cons++;
> parse_desc(q, pool, &descs[nb_entries], &parsed);
> - if (unlikely(!parsed.valid))
> - break;
> + if (unlikely(!parsed.valid)) {
> + if (!drain && !nr_frags && !parsed.mb)
> + break;
> +
> + drain = true;
> + }
> +
> + nr_frags++;
> + nb_entries++;
>
> if (likely(!parsed.mb)) {
> - total_descs += (nr_frags + 1);
> - nr_frags = 0;
> - } else {
> - nr_frags++;
> - if (nr_frags == pool->xdp_zc_max_segs) {
> + if (unlikely(drain)) {
> + batch.reclaim_descs = nr_frags;
> + WRITE_ONCE(xs->drain_cont, false);
> nr_frags = 0;
> break;
> }
> +
> + batch.tx_descs += nr_frags;
> + nr_frags = 0;
> + continue;
> }
> - nb_entries++;
> +
> + if (nr_frags == pool->xdp_zc_max_segs)
> + drain = true;
> }
>
> - cached_cons -= nr_frags;
> + if (nr_frags) {
> + if (drain) {
> + batch.reclaim_descs = nr_frags;
> + WRITE_ONCE(xs->drain_cont, true);
> + } else {
> + cached_cons -= nr_frags;
> + }
> + }
> /* Release valid plus any invalid entries */
> xskq_cons_release_n(q, cached_cons - q->cached_cons);
> - return total_descs;
> + return batch;
> }
>
> /* Functions for consumers */
> --
> 2.43.0
>
^ permalink raw reply
* Re: [PATCH] net: neighbour: add neigh_parms_lookup_dev() helper
From: Kuniyuki Iwashima @ 2026-06-29 18:59 UTC (permalink / raw)
To: Paritosh Potukuchi
Cc: netdev, linux-kernel, Paritosh Potukuchi, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Simon Horman,
Ido Schimmel, Petr Machata
In-Reply-To: <CAMfiSeZYLF0sa+hga-fiAyqPK1kLKwxJ1HfgbNMOwhuNvZTcbQ@mail.gmail.com>
On Mon, Jun 29, 2026 at 11:35 AM Paritosh Potukuchi
<paritoshpotukuchi@gmail.com> wrote:
>
> > Please post a series of patches with the neigh_parms_lookup_dev()
> users.
> Sure. I'll post a series of patches, with the neigh_parms_lookup_dev() users.
Please wait 24h before the next submission.
https://docs.kernel.org/7.1/process/maintainer-netdev.html#tl-dr
>
> On Mon, 29 Jun 2026 at 23:53, Kuniyuki Iwashima <kuniyu@google.com> wrote:
>>
>> On Mon, Jun 29, 2026 at 8:58 AM Paritosh Potukuchi
>> <paritoshpotukuchi@gmail.com> wrote:
>> >
>> > Provide a helper to lookup neigh_parms associated
>> > with a given (neigh_table, net_device) pair.
>> >
>> > The existing lookup_neigh_parms() helper is internal to the
>> > neighbour subsystem and cannot be used by other subsystems.
>> > Some stacked/virtual devices like bond require access to the
>> > underlying device's neigh_parms.
>> >
>> > neigh_parms_lookup_dev() is designed to be a wrapper around
>> > lookup_neigh_parms(). The function provides controlled access
>> > to per device neigh_parms.
>>
>> Please post a series of patches with the neigh_parms_lookup_dev()
>> users.
>>
>>
>> >
>> > The caller is expected to hold rcu_read_lock().
>> >
>> > This does not break any existing functionality.
>> >
>> > Signed-off-by: Paritosh Potukuchi <paritosh.potukuchi@amd.com>
>> > ---
>> > include/net/neighbour.h | 2 ++
>> > net/core/neighbour.c | 8 ++++++++
>> > 2 files changed, 10 insertions(+)
>> >
>> > diff --git a/include/net/neighbour.h b/include/net/neighbour.h
>> > index 8860cc2175fc..1b3b06eda886 100644
>> > --- a/include/net/neighbour.h
>> > +++ b/include/net/neighbour.h
>> > @@ -438,6 +438,8 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
>> > proc_handler *proc_handler);
>> > void neigh_sysctl_unregister(struct neigh_parms *p);
>> >
>> > +struct neigh_parms *neigh_parms_lookup_dev(struct neigh_table *tbl, struct net_device *dev);
>> > +
>> > static inline void __neigh_parms_put(struct neigh_parms *parms)
>> > {
>> > refcount_dec(&parms->refcnt);
>> > diff --git a/net/core/neighbour.c b/net/core/neighbour.c
>> > index 1349c0eedb64..6d32c2668af3 100644
>> > --- a/net/core/neighbour.c
>> > +++ b/net/core/neighbour.c
>> > @@ -1757,6 +1757,14 @@ static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl,
>> > return NULL;
>> > }
>> >
>> > +/* Caller must hold rcu_read_lock()*/
>> > +
>> > +struct neigh_parms *neigh_parms_lookup_dev(struct neigh_table *tbl, struct net_device *dev)
>> > +{
>> > + return lookup_neigh_parms(tbl, dev_net(dev), dev->ifindex);
>> > +}
>> > +EXPORT_SYMBOL(neigh_parms_lookup_dev);
>> > +
>> > struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
>> > struct neigh_table *tbl)
>> > {
>> > --
>> > 2.43.0
>> >
^ permalink raw reply
* Re: [PATCH net v5 2/2] Revert "net: phy: sfp: probe for RollBall I2C-to-MDIO bridge in mdio-i2c"
From: Petr Wozniak @ 2026-06-29 18:55 UTC (permalink / raw)
To: maxime.chevallier, linux, andrew, hkallweit1
Cc: kuba, davem, edumazet, pabeni, netdev, linux-kernel, linux-phy,
bjorn, olek2, kabel
In-Reply-To: <1bdf0dd4-4f34-406e-ae97-f2ec5b540906@bootlin.com>
Hi Maxime,
Thanks a lot for testing and reviewing, much appreciated.
No worries about the original probe approach not panning out; restoring the
working RollBall detection is what matters here. If I ever get my hands on
genuine RollBall hardware, I'll revisit the per-module timing idea.
Thanks,
Petr
^ permalink raw reply
* [PATCH net-next v4 15/15] bnxt_en: Add kTLS retransmission support
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
If TCP retransmits a TLS packet that requires encryption by the NIC, the
TCP sequence number will go backwards and the hardware will require some
assistance from the driver. The driver needs to retrieve the TLS record
that covers the byte sequence of the retransmitted packet. If the
retransmitted packet does not include the tag, the hardware can simply
encrypt the packet using the informtaion in the TLS record.
The driver provides the TLS record information for the retransmitted
packet in the presync TX BD. The presync TX BD introduced in the last
patch is treated very much like a TX push BD with inline data. The only
exception is that no SKB will be stored for the presync TX BD.
Retransmission that includes the TLS tag will be handled in future
patches.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v3:
Unwind the TX ring properly if the TLS packet cannot be sent.
Improve the OOO TLS counters.
Fix endianness of the record sequence number.
Check valid return address from skb_frag_address_safe().
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-16-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 14 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 4 +
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 4 +
.../net/ethernet/broadcom/bnxt/bnxt_ktls.c | 152 +++++++++++++++++-
.../net/ethernet/broadcom/bnxt/bnxt_ktls.h | 2 +
5 files changed, 167 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index ad6c8644e09c..baca7ee318fb 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -482,9 +482,9 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
unsigned int length, pad = 0;
u32 len, free_size, vlan_tag_flags, cfa_action, flags;
struct bnxt_ktls_offload_ctx_tx *kctx_tx = NULL;
+ u16 prod, start_prod, last_frag, txts_prod;
struct bnxt_ptp_cfg *ptp = bp->ptp_cfg;
struct pci_dev *pdev = bp->pdev;
- u16 prod, last_frag, txts_prod;
struct bnxt_tx_ring_info *txr;
struct bnxt_sw_tx_bd *tx_buf;
__le32 lflags = 0;
@@ -500,7 +500,6 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
txq = netdev_get_tx_queue(dev, i);
txr = &bp->tx_ring[bp->tx_ring_map[i]];
- prod = txr->tx_prod;
#if (MAX_SKB_FRAGS > TX_MAX_FRAGS)
if (skb_shinfo(skb)->nr_frags > TX_MAX_FRAGS) {
@@ -529,12 +528,14 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
return NETDEV_TX_BUSY;
}
+ start_prod = txr->tx_prod;
skb = bnxt_ktls_xmit(bp, txr, skb, &lflags, &kid, &kctx_tx);
if (unlikely(!skb)) {
dev_core_stats_tx_dropped_inc(dev);
return NETDEV_TX_OK;
}
+ prod = txr->tx_prod;
length = skb->len;
len = skb_headlen(skb);
last_frag = skb_shinfo(skb)->nr_frags;
@@ -817,9 +818,16 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
/* set SKB to err so PTP worker will clean up */
ptp->txts_req[txts_prod].tx_skb = ERR_PTR(-EIO);
}
+ txr->tx_buf_ring[RING_TX(bp, txr->tx_prod)].skb = NULL;
+ /* Unwind any kTLS presync BDs */
+ if (unlikely(txr->tx_prod != start_prod)) {
+ tx_buf = &txr->tx_buf_ring[RING_TX(bp, start_prod)];
+ tx_buf->is_push = 0;
+ tx_buf->inline_data_bds = 0;
+ WRITE_ONCE(txr->tx_prod, start_prod);
+ }
if (txr->kick_pending)
bnxt_txr_db_kick(bp, txr, txr->tx_prod);
- txr->tx_buf_ring[RING_TX(bp, txr->tx_prod)].skb = NULL;
dev_core_stats_tx_dropped_inc(dev);
return NETDEV_TX_OK;
}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 1a34e334bc18..19ffbb2cc6b1 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1192,6 +1192,10 @@ struct bnxt_cmn_sw_stats {
enum bnxt_ktls_data_counters {
BNXT_KTLS_TX_PKTS = 0,
BNXT_KTLS_TX_BYTES,
+ BNXT_KTLS_TX_OOO_PKTS,
+ BNXT_KTLS_TX_OOO_FALLBACK_NO_SYNC,
+ BNXT_KTLS_TX_OOO_FALLBACK_NO_SPACE,
+ BNXT_KTLS_TX_OOO_FALLBACK_NO_HDR,
BNXT_KTLS_MAX_DATA_COUNTERS,
};
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index 47c02baa723b..96083caa834c 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -359,6 +359,10 @@ static const char *const bnxt_ring_drv_stats_arr[] = {
static const char *const bnxt_ktls_data_stats[] = {
[BNXT_KTLS_TX_PKTS] = "tx_tls_encrypted_packets",
[BNXT_KTLS_TX_BYTES] = "tx_tls_encrypted_bytes",
+ [BNXT_KTLS_TX_OOO_PKTS] = "tx_tls_ooo_packets",
+ [BNXT_KTLS_TX_OOO_FALLBACK_NO_SYNC] = "tx_tls_ooo_fallback_no_sync",
+ [BNXT_KTLS_TX_OOO_FALLBACK_NO_SPACE] = "tx_tls_ooo_fallback_no_space",
+ [BNXT_KTLS_TX_OOO_FALLBACK_NO_HDR] = "tx_tls_ooo_fallback_no_hdr",
};
/* kTLS control plane counter strings indexed by enum bnxt_ktls_ctrl_counters */
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
index 5683624ac19f..b47075f2b379 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
@@ -339,7 +339,8 @@ int bnxt_ktls_init(struct bnxt *bp)
return 0;
}
-static void bnxt_ktls_inc_tx_stats(struct bnxt_tx_ring_info *txr, u32 bytes)
+static void bnxt_ktls_inc_tx_stats(struct bnxt_tx_ring_info *txr, u32 bytes,
+ bool ooo)
{
struct bnxt_tls_sw_stats *ring_stats = txr->tls_stats;
@@ -347,6 +348,128 @@ static void bnxt_ktls_inc_tx_stats(struct bnxt_tx_ring_info *txr, u32 bytes)
return;
ring_stats->counters[BNXT_KTLS_TX_PKTS]++;
ring_stats->counters[BNXT_KTLS_TX_BYTES] += bytes;
+ if (ooo)
+ ring_stats->counters[BNXT_KTLS_TX_OOO_PKTS]++;
+}
+
+static void bnxt_ktls_pre_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ u32 kid, struct crypto_prefix_cmd *pre_cmd)
+{
+ struct bnxt_sw_tx_bd *tx_buf;
+ struct tx_bd_presync *psbd;
+ u32 bd_space, space;
+ u8 *pcmd;
+ u16 prod;
+
+ prod = txr->tx_prod;
+ tx_buf = &txr->tx_buf_ring[RING_TX(bp, prod)];
+
+ psbd = (void *)&txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ psbd->tx_bd_len_flags_type = CRYPTO_PRESYNC_BD_CMD;
+ psbd->tx_bd_kid = cpu_to_le32(BNXT_KID_HW(kid));
+ psbd->tx_bd_opaque =
+ SET_TX_OPAQUE(bp, txr, prod, CRYPTO_PREFIX_CMD_BDS + 1);
+
+ prod = NEXT_TX(prod);
+ pcmd = (void *)&txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ bd_space = TX_DESC_CNT - TX_IDX(prod);
+ space = bd_space * sizeof(struct tx_bd);
+ if (space >= CRYPTO_PREFIX_CMD_SIZE) {
+ memcpy(pcmd, pre_cmd, CRYPTO_PREFIX_CMD_SIZE);
+ prod += CRYPTO_PREFIX_CMD_BDS;
+ } else {
+ memcpy(pcmd, pre_cmd, space);
+ prod += bd_space;
+ pcmd = (void *)&txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ memcpy(pcmd, (u8 *)pre_cmd + space,
+ CRYPTO_PREFIX_CMD_SIZE - space);
+ prod += CRYPTO_PREFIX_CMD_BDS - bd_space;
+ }
+ txr->tx_prod = prod;
+ tx_buf->is_push = 1;
+ /* Minus 1 since the header psbd is a single entry short BD */
+ tx_buf->inline_data_bds = CRYPTO_PREFIX_CMD_BDS - 1;
+}
+
+static int bnxt_ktls_tx_ooo(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ struct sk_buff *skb, u32 payload_len, u32 seq,
+ struct tls_context *tls_ctx)
+{
+ struct bnxt_tls_sw_stats *ring_stats = txr->tls_stats;
+ struct tls_offload_context_tx *tx_tls_ctx;
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx;
+ u32 hdr_tcp_seq, end_seq, total_bds;
+ struct crypto_prefix_cmd pcmd = {};
+ struct tls_record_info *record;
+ unsigned long flags;
+ bool fwd = false;
+ __le64 le_rec_sn;
+ u64 rec_sn;
+ u8 *hdr;
+ int rc;
+
+ tx_tls_ctx = tls_offload_ctx_tx(tls_ctx);
+ kctx_tx = bnxt_get_ktls_ctx_tx(tls_ctx);
+ end_seq = seq + skb->len - skb_tcp_all_headers(skb);
+ if (unlikely(after(seq, kctx_tx->tcp_seq_no) ||
+ after(end_seq, kctx_tx->tcp_seq_no))) {
+ fwd = true;
+ pcmd.flags = CRYPTO_PREFIX_CMD_FLAGS_UPDATE_IN_ORDER_VAR_LE;
+ }
+
+ spin_lock_irqsave(&tx_tls_ctx->lock, flags);
+ record = tls_get_record(tx_tls_ctx, seq, &rec_sn);
+ if (!record || !record->num_frags) {
+ rc = -EPROTO;
+ ring_stats->counters[BNXT_KTLS_TX_OOO_FALLBACK_NO_SYNC]++;
+ goto unlock_exit;
+ }
+ hdr_tcp_seq = tls_record_start_seq(record);
+ hdr = skb_frag_address_safe(&record->frags[0]);
+
+ total_bds = CRYPTO_PRESYNC_BDS + skb_shinfo(skb)->nr_frags + 2;
+ if (bnxt_tx_avail(bp, txr) < total_bds) {
+ rc = -ENOSPC;
+ ring_stats->counters[BNXT_KTLS_TX_OOO_FALLBACK_NO_SPACE]++;
+ goto unlock_exit;
+ }
+
+ if (before(record->end_seq - tls_ctx->prot_info.tag_size,
+ seq + payload_len)) {
+ /* retransmission includes tag bytes */
+ rc = -EOPNOTSUPP;
+ goto unlock_exit;
+ }
+ pcmd.header_tcp_seq_num = cpu_to_le32(hdr_tcp_seq);
+ pcmd.start_tcp_seq_num = cpu_to_le32(seq);
+ pcmd.end_tcp_seq_num = cpu_to_le32(seq + payload_len - 1);
+ if (tls_ctx->prot_info.version == TLS_1_2_VERSION) {
+ u32 nonce_bytes = tls_ctx->prot_info.iv_size;
+ u32 retrans_off = seq - hdr_tcp_seq;
+
+ if (!hdr) {
+ rc = -ENOBUFS;
+ ring_stats->counters[BNXT_KTLS_TX_OOO_FALLBACK_NO_HDR]++;
+ goto unlock_exit;
+ }
+ if (retrans_off > 5 && retrans_off < 5 + nonce_bytes)
+ nonce_bytes = retrans_off - 5;
+ memcpy(pcmd.explicit_nonce, hdr + 5, nonce_bytes);
+ }
+ le_rec_sn = cpu_to_le64(rec_sn);
+ memcpy(&pcmd.record_seq_num[0], &le_rec_sn, sizeof(le_rec_sn));
+
+ rc = 0;
+ bnxt_ktls_pre_xmit(bp, txr, kctx_tx->kid, &pcmd);
+
+ if (fwd) {
+ kctx_tx->next_tcp_seq_no = end_seq;
+ kctx_tx->pending_fwd = 1;
+ }
+
+unlock_exit:
+ spin_unlock_irqrestore(&tx_tls_ctx->lock, flags);
+ return rc;
}
struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
@@ -357,6 +480,7 @@ struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
struct bnxt_ktls_offload_ctx_tx *kctx_tx;
struct tls_context *tls_ctx;
u32 seq, payload_len;
+ int rc;
if (!IS_ENABLED(CONFIG_TLS_DEVICE) || !ktls ||
!tls_is_skb_tx_device_offloaded(skb))
@@ -375,14 +499,25 @@ struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
*/
kctx_tx->next_tcp_seq_no = seq + payload_len;
kctx_tx->pending_bytes = payload_len;
+ kctx_tx->pending_ooo = 0;
+ kctx_tx->pending_fwd = 1;
*kid = BNXT_KID_HW(kctx_tx->kid);
*kctx_tx_p = kctx_tx;
*lflags |= cpu_to_le32(TX_BD_FLAGS_CRYPTO_EN |
BNXT_TX_KID_LO(*kid));
} else {
- skb = tls_encrypt_skb(skb);
- if (!skb)
- return NULL;
+ kctx_tx->pending_fwd = 0;
+ rc = bnxt_ktls_tx_ooo(bp, txr, skb, payload_len, seq, tls_ctx);
+ if (rc)
+ return tls_encrypt_skb(skb);
+
+ kctx_tx->pending_bytes = payload_len;
+ kctx_tx->pending_ooo = 1;
+ *kid = BNXT_KID_HW(kctx_tx->kid);
+ *kctx_tx_p = kctx_tx;
+ *lflags |= cpu_to_le32(TX_BD_FLAGS_CRYPTO_EN |
+ BNXT_TX_KID_LO(*kid));
+ return skb;
}
return skb;
}
@@ -392,8 +527,13 @@ void bnxt_ktls_xmit_commit(struct bnxt_tx_ring_info *txr,
{
if (!kctx_tx)
return;
- kctx_tx->tcp_seq_no = kctx_tx->next_tcp_seq_no;
- bnxt_ktls_inc_tx_stats(txr, kctx_tx->pending_bytes);
+ if (kctx_tx->pending_fwd)
+ kctx_tx->tcp_seq_no = kctx_tx->next_tcp_seq_no;
+ bnxt_ktls_inc_tx_stats(txr, kctx_tx->pending_bytes,
+ kctx_tx->pending_ooo);
+ kctx_tx->pending_bytes = 0;
+ kctx_tx->pending_fwd = 0;
+ kctx_tx->pending_ooo = 0;
}
int bnxt_ktls_alloc_tx_ring_stats(struct bnxt *bp, struct bnxt_tx_ring_info *txr)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
index 1c935e0d413d..40b94bbf5a38 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
@@ -43,6 +43,8 @@ struct bnxt_ktls_offload_ctx_tx {
u32 next_tcp_seq_no;/* staged tcp seq no */
u32 kid;
u32 pending_bytes; /* staged payload bytes */
+ u32 pending_fwd:1;
+ u32 pending_ooo:1;
};
struct bnxt_ktls_tx_driver_state {
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 14/15] bnxt_en: Add support for inline transmit BDs
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Newer chips (P5_PLUS) support inline transmit BDs that contain extra
data. One such use case is to transmit out-of-sequence kTLS packets
with encryption enabled. To account for these inline BDs during TX
completion, we add the inline_data_bds field to struct bnxt_sw_tx_bd
(tx_buf). tx_buf->is_push will always be set when sending these
inline BDs as the operation is similar to push packets. tx_buf->skb
will always be NULL as there is no associated SKB.
The next patch will make use of this feature.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 ++++++++++++---
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 +
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 62c1eea01647..ad6c8644e09c 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -848,7 +848,7 @@ static bool __bnxt_tx_int(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
head_buf = tx_buf;
skb = tx_buf->skb;
- if (unlikely(!skb)) {
+ if (unlikely(!skb && !tx_buf->is_push)) {
bnxt_sched_reset_txr(bp, txr, cons);
return rc;
}
@@ -860,13 +860,22 @@ static bool __bnxt_tx_int(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
}
cons = NEXT_TX(cons);
- tx_pkts++;
- tx_bytes += skb->len;
+ if (skb) {
+ tx_pkts++;
+ tx_bytes += skb->len;
+ }
tx_buf->skb = NULL;
tx_buf->is_ts_pkt = 0;
if (tx_buf->is_push) {
tx_buf->is_push = 0;
+ cons += tx_buf->inline_data_bds;
+ tx_buf->inline_data_bds = 0;
+ if (!skb) {
+ /* presync BD */
+ cons = NEXT_TX(cons);
+ continue;
+ }
goto next_tx_int;
}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index a726940a7014..1a34e334bc18 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -917,6 +917,7 @@ struct bnxt_sw_tx_bd {
u8 is_push;
u8 is_sw_gso;
u8 action;
+ u8 inline_data_bds;
unsigned short nr_frags;
union {
u16 rx_prod;
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 13/15] bnxt_en: Implement kTLS TX normal path
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Offload TLS encryption of TX packets to the hardware if the TCP sequence
number is the expected one. Fall back to software encryption otherwise.
Implement all the TLS TX logic to check the TCP sequence number and set
up the BD in the new function bnxt_ktls_xmit(). The stored TCP sequence
number is only updated when BD is in the ring and guaranteed to be
transmitted.
Basic kTLS statistics reporting for ethtool -S is also added. Because
there can be multiple TX rings (if there are MQPRIO TCs) sharing the
same bnxt_cp_ring_info containing the bnxt_sw_stats, we need to store
the kTLS software TX stats in bnxt_tx_ring_info instead.
The next patches will add support for the exception path with
out-of-order TCP sequence number.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v3:
Use per TX ring TLS stats structures.
Defer tcp sequence and stats update until the BD is on the ring.
Increment the drop counter if kTLS drops the packet.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-14-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 23 ++++-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 41 +++++++-
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 1 +
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 46 +++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c | 2 +-
.../net/ethernet/broadcom/bnxt/bnxt_ktls.c | 93 +++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_ktls.h | 61 ++++++++++++
7 files changed, 259 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index f175907d7994..62c1eea01647 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -481,6 +481,7 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
dma_addr_t mapping;
unsigned int length, pad = 0;
u32 len, free_size, vlan_tag_flags, cfa_action, flags;
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx = NULL;
struct bnxt_ptp_cfg *ptp = bp->ptp_cfg;
struct pci_dev *pdev = bp->pdev;
u16 prod, last_frag, txts_prod;
@@ -488,6 +489,7 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
struct bnxt_sw_tx_bd *tx_buf;
__le32 lflags = 0;
skb_frag_t *frag;
+ u32 kid = 0;
i = skb_get_queue_mapping(skb);
if (unlikely(i >= bp->tx_nr_rings)) {
@@ -527,6 +529,12 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
return NETDEV_TX_BUSY;
}
+ skb = bnxt_ktls_xmit(bp, txr, skb, &lflags, &kid, &kctx_tx);
+ if (unlikely(!skb)) {
+ dev_core_stats_tx_dropped_inc(dev);
+ return NETDEV_TX_OK;
+ }
+
length = skb->len;
len = skb_headlen(skb);
last_frag = skb_shinfo(skb)->nr_frags;
@@ -675,7 +683,7 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
prod = NEXT_TX(prod);
txbd1 = bnxt_init_ext_bd(bp, txr, prod, lflags, vlan_tag_flags,
- cfa_action);
+ cfa_action, kid);
if (skb_is_gso(skb)) {
bool udp_gso = !!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4);
@@ -696,9 +704,10 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
txbd1->tx_bd_hsize_lflags |= cpu_to_le32(TX_BD_FLAGS_LSO |
TX_BD_FLAGS_T_IPID |
- (hdr_len << (TX_BD_HSIZE_SHIFT - 1)));
+ ((hdr_len >> 1) << TX_BD_HSIZE_SHIFT));
length = skb_shinfo(skb)->gso_size;
- txbd1->tx_bd_mss = cpu_to_le32(length);
+ txbd1->tx_bd_kid_mss = cpu_to_le32(BNXT_TX_KID_HI(kid) |
+ (length & TX_BD_MSS));
length += hdr_len;
} else if (skb->ip_summed == CHECKSUM_PARTIAL) {
txbd1->tx_bd_hsize_lflags |=
@@ -751,6 +760,9 @@ static netdev_tx_t bnxt_start_xmit(struct sk_buff *skb, struct net_device *dev)
prod = NEXT_TX(prod);
WRITE_ONCE(txr->tx_prod, prod);
+ /* Commit the kTLS state now that the BD is in the ring. */
+ bnxt_ktls_xmit_commit(txr, kctx_tx);
+
if (!netdev_xmit_more() || netif_xmit_stopped(txq)) {
bnxt_txr_db_kick(bp, txr, prod);
} else {
@@ -4085,6 +4097,8 @@ static void bnxt_free_tx_rings(struct bnxt *bp)
bnxt_free_tx_inline_buf(txr, pdev);
+ bnxt_ktls_free_tx_ring_stats(txr);
+
ring = &txr->tx_ring_struct;
bnxt_free_ring(bp, &ring->ring_mem);
@@ -4160,6 +4174,9 @@ static int bnxt_alloc_tx_rings(struct bnxt *bp)
qidx = bp->tc_to_qidx[j];
ring->queue_id = bp->q_info[qidx].queue_id;
spin_lock_init(&txr->tx_lock);
+ rc = bnxt_ktls_alloc_tx_ring_stats(bp, txr);
+ if (rc)
+ return rc;
if (i < bp->tx_nr_rings_xdp)
continue;
if (BNXT_RING_TO_TC_OFF(bp, i) == (bp->tx_nr_rings_per_tc - 1))
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index ef22ee7264a7..a726940a7014 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -101,10 +101,18 @@ struct tx_bd_ext {
#define TX_BD_FLAGS_LSO (1 << 5)
#define TX_BD_FLAGS_IPID_FMT (1 << 6)
#define TX_BD_FLAGS_T_IPID (1 << 7)
+ #define TX_BD_FLAGS_CRYPTO_EN (1 << 15)
#define TX_BD_HSIZE (0xff << 16)
#define TX_BD_HSIZE_SHIFT 16
-
- __le32 tx_bd_mss;
+ #define TX_BD_KID_LO (0x7f << 25)
+ #define TX_BD_KID_LO_MASK 0x7f
+ #define TX_BD_KID_LO_SHIFT 25
+
+ __le32 tx_bd_kid_mss;
+ #define TX_BD_MSS 0x7fff
+ #define TX_BD_KID_HI (0x1ffff << 15)
+ #define TX_BD_KID_HI_MASK 0xffff80
+ #define TX_BD_KID_HI_SHIFT 8
__le32 tx_bd_cfa_action;
#define TX_BD_CFA_ACTION (0xffff << 16)
#define TX_BD_CFA_ACTION_SHIFT 16
@@ -122,6 +130,16 @@ struct tx_bd_ext {
};
#define BNXT_TX_PTP_IS_SET(lflags) ((lflags) & cpu_to_le32(TX_BD_FLAGS_STAMP))
+#define BNXT_TX_KID_LO(kid) (((kid) & TX_BD_KID_LO_MASK) << TX_BD_KID_LO_SHIFT)
+#define BNXT_TX_KID_HI(kid) (((kid) & TX_BD_KID_HI_MASK) << TX_BD_KID_HI_SHIFT)
+
+struct tx_bd_presync {
+ __le32 tx_bd_len_flags_type;
+ #define TX_BD_TYPE_PRESYNC_TX_BD (0x09 << 0)
+ u32 tx_bd_opaque;
+ __le32 tx_bd_kid;
+ u32 tx_bd_unused;
+};
struct rx_bd {
__le32 rx_bd_len_flags_type;
@@ -1025,6 +1043,9 @@ struct bnxt_tx_ring_info {
struct bnxt_ring_struct tx_ring_struct;
/* Synchronize simultaneous xdp_xmit on same ring or for MPC ring */
spinlock_t tx_lock;
+
+ /* Per-TX-ring kTLS counters; allocated only when kTLS is enabled. */
+ struct bnxt_tls_sw_stats *tls_stats;
};
#define BNXT_LEGACY_COAL_CMPL_PARAMS \
@@ -1166,6 +1187,18 @@ struct bnxt_cmn_sw_stats {
u64 missed_irqs;
};
+/* Data plane kTLS counters */
+enum bnxt_ktls_data_counters {
+ BNXT_KTLS_TX_PKTS = 0,
+ BNXT_KTLS_TX_BYTES,
+
+ BNXT_KTLS_MAX_DATA_COUNTERS,
+};
+
+struct bnxt_tls_sw_stats {
+ u64 counters[BNXT_KTLS_MAX_DATA_COUNTERS];
+};
+
struct bnxt_sw_stats {
struct bnxt_rx_sw_stats rx;
struct bnxt_tx_sw_stats tx;
@@ -2884,14 +2917,14 @@ static inline u32 bnxt_tx_avail(struct bnxt *bp,
static inline struct tx_bd_ext *
bnxt_init_ext_bd(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
u16 prod, __le32 lflags, u32 vlan_tag_flags,
- u32 cfa_action)
+ u32 cfa_action, u32 kid)
{
struct tx_bd_ext *txbd1;
txbd1 = (struct tx_bd_ext *)
&txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
txbd1->tx_bd_hsize_lflags = lflags;
- txbd1->tx_bd_mss = 0;
+ txbd1->tx_bd_kid_mss = cpu_to_le32(BNXT_TX_KID_HI(kid));
txbd1->tx_bd_cfa_meta = cpu_to_le32(vlan_tag_flags);
txbd1->tx_bd_cfa_action =
cpu_to_le32(cfa_action << TX_BD_CFA_ACTION_SHIFT);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index 18a85fc8c7a4..920dda0d2086 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -569,6 +569,7 @@ int bnxt_crypto_init(struct bnxt *bp)
if (rc)
return rc;
+ bnxt_ktls_init(bp);
return 0;
}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index a498dc1fe0d4..47c02baa723b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -38,6 +38,7 @@
#include "bnxt_fw_hdr.h" /* Firmware hdr constant and structure defs */
#include "bnxt_coredump.h"
#include "bnxt_mpc.h"
+#include "bnxt_ktls.h"
#define BNXT_NVM_ERR_MSG(dev, extack, msg) \
do { \
@@ -354,6 +355,26 @@ static const char *const bnxt_ring_drv_stats_arr[] = {
"total_missed_irqs",
};
+/* kTLS data plane counter strings indexed by enum bnxt_ktls_data_counters */
+static const char *const bnxt_ktls_data_stats[] = {
+ [BNXT_KTLS_TX_PKTS] = "tx_tls_encrypted_packets",
+ [BNXT_KTLS_TX_BYTES] = "tx_tls_encrypted_bytes",
+};
+
+/* kTLS control plane counter strings indexed by enum bnxt_ktls_ctrl_counters */
+static const char *const bnxt_ktls_ctrl_stats[] = {
+ [BNXT_KTLS_TX_ADD] = "tx_tls_ctx",
+ [BNXT_KTLS_TX_DEL] = "tx_tls_del",
+ [BNXT_KTLS_ERR_NO_MEM] = "tls_err_no_mem",
+ [BNXT_KTLS_ERR_NO_CAP] = "tls_err_no_cap",
+ [BNXT_KTLS_ERR_KEY_CTX_ALLOC] = "tls_err_key_ctx_alloc",
+ [BNXT_KTLS_ERR_CRYPTO_CMD] = "tls_err_crypto_cmd",
+ [BNXT_KTLS_ERR_DEVICE_BUSY] = "tls_err_device_busy",
+ [BNXT_KTLS_ERR_INVALID_CIPHER] = "tls_err_invalid_cipher",
+ [BNXT_KTLS_ERR_STATE_NOT_OPEN] = "tls_err_state_not_open",
+ [BNXT_KTLS_ERR_RETRY_EXCEEDED] = "tls_err_retry_exceeded",
+};
+
#define NUM_RING_RX_SW_STATS ARRAY_SIZE(bnxt_rx_sw_stats_str)
#define NUM_RING_CMN_SW_STATS ARRAY_SIZE(bnxt_cmn_sw_stats_str)
#define NUM_RING_RX_HW_STATS ARRAY_SIZE(bnxt_ring_rx_stats_str)
@@ -536,12 +557,21 @@ static int bnxt_get_num_ring_stats(struct bnxt *bp)
cmn * bp->cp_nr_rings;
}
+static int bnxt_get_num_ktls_stats(struct bnxt *bp)
+{
+ if (!bp->ktls_info)
+ return 0;
+ return ARRAY_SIZE(bnxt_ktls_ctrl_stats) +
+ ARRAY_SIZE(bnxt_ktls_data_stats);
+}
+
static int bnxt_get_num_stats(struct bnxt *bp)
{
int num_stats = bnxt_get_num_ring_stats(bp);
int len;
num_stats += BNXT_NUM_RING_DRV_STATS;
+ num_stats += bnxt_get_num_ktls_stats(bp);
if (bp->flags & BNXT_FLAG_PORT_STATS)
num_stats += BNXT_NUM_PORT_STATS;
@@ -654,6 +684,16 @@ static void bnxt_get_ethtool_stats(struct net_device *dev,
for (i = 0; i < BNXT_NUM_RING_DRV_STATS; i++, j++, curr++, prev++)
buf[j] = *curr + *prev;
+ if (bp->ktls_info) {
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+ struct bnxt_tls_sw_stats tls_stats = {};
+
+ bnxt_get_ring_tls_stats(bp, &tls_stats);
+ for (i = 0; i < ARRAY_SIZE(bnxt_ktls_data_stats); i++, j++)
+ buf[j] = tls_stats.counters[i];
+ for (i = 0; i < ARRAY_SIZE(bnxt_ktls_ctrl_stats); i++, j++)
+ buf[j] = atomic64_read(&ktls->counters[i]);
+ }
if (bp->flags & BNXT_FLAG_PORT_STATS) {
u64 *port_stats = bp->port_stats.sw_stats;
@@ -764,6 +804,12 @@ static void bnxt_get_strings(struct net_device *dev, u32 stringset, u8 *buf)
for (i = 0; i < BNXT_NUM_RING_DRV_STATS; i++)
ethtool_puts(&buf, bnxt_ring_drv_stats_arr[i]);
+ if (bp->ktls_info) {
+ for (i = 0; i < ARRAY_SIZE(bnxt_ktls_data_stats); i++)
+ ethtool_puts(&buf, bnxt_ktls_data_stats[i]);
+ for (i = 0; i < ARRAY_SIZE(bnxt_ktls_ctrl_stats); i++)
+ ethtool_puts(&buf, bnxt_ktls_ctrl_stats[i]);
+ }
if (bp->flags & BNXT_FLAG_PORT_STATS)
for (i = 0; i < BNXT_NUM_PORT_STATS; i++) {
str = bnxt_port_stats_arr[i].string;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c
index f317f60414e8..b4c37a6c9f0f 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_gso.c
@@ -168,7 +168,7 @@ netdev_tx_t bnxt_sw_udp_gso_xmit(struct bnxt *bp,
prod = NEXT_TX(prod);
bnxt_init_ext_bd(bp, txr, prod, csum,
- vlan_tag_flags, cfa_action);
+ vlan_tag_flags, cfa_action, 0);
/* set dma_unmap_len on the LAST BD touching each
* region. Since completions are in-order, the last segment
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
index 65a6c9f325e2..5683624ac19f 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-only
/* Copyright (c) 2026 Broadcom Inc. */
+#include <linux/tcp.h>
#include <net/tls.h>
#include <linux/bnxt/hsi.h>
@@ -337,3 +338,95 @@ int bnxt_ktls_init(struct bnxt *bp)
dev->features |= NETIF_F_HW_TLS_TX;
return 0;
}
+
+static void bnxt_ktls_inc_tx_stats(struct bnxt_tx_ring_info *txr, u32 bytes)
+{
+ struct bnxt_tls_sw_stats *ring_stats = txr->tls_stats;
+
+ if (!ring_stats)
+ return;
+ ring_stats->counters[BNXT_KTLS_TX_PKTS]++;
+ ring_stats->counters[BNXT_KTLS_TX_BYTES] += bytes;
+}
+
+struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ struct sk_buff *skb, __le32 *lflags, u32 *kid,
+ struct bnxt_ktls_offload_ctx_tx **kctx_tx_p)
+{
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx;
+ struct tls_context *tls_ctx;
+ u32 seq, payload_len;
+
+ if (!IS_ENABLED(CONFIG_TLS_DEVICE) || !ktls ||
+ !tls_is_skb_tx_device_offloaded(skb))
+ return skb;
+
+ seq = ntohl(tcp_hdr(skb)->seq);
+ tls_ctx = tls_get_ctx(skb->sk);
+ kctx_tx = bnxt_get_ktls_ctx_tx(tls_ctx);
+ payload_len = skb->len - skb_tcp_all_headers(skb);
+ if (!payload_len)
+ return skb;
+ if (kctx_tx->tcp_seq_no == seq) {
+ /* Stage the advance only. tcp_seq_no and the counters are
+ * committed by bnxt_ktls_xmit_commit() once the BD reaches the
+ * ring.
+ */
+ kctx_tx->next_tcp_seq_no = seq + payload_len;
+ kctx_tx->pending_bytes = payload_len;
+ *kid = BNXT_KID_HW(kctx_tx->kid);
+ *kctx_tx_p = kctx_tx;
+ *lflags |= cpu_to_le32(TX_BD_FLAGS_CRYPTO_EN |
+ BNXT_TX_KID_LO(*kid));
+ } else {
+ skb = tls_encrypt_skb(skb);
+ if (!skb)
+ return NULL;
+ }
+ return skb;
+}
+
+void bnxt_ktls_xmit_commit(struct bnxt_tx_ring_info *txr,
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx)
+{
+ if (!kctx_tx)
+ return;
+ kctx_tx->tcp_seq_no = kctx_tx->next_tcp_seq_no;
+ bnxt_ktls_inc_tx_stats(txr, kctx_tx->pending_bytes);
+}
+
+int bnxt_ktls_alloc_tx_ring_stats(struct bnxt *bp, struct bnxt_tx_ring_info *txr)
+{
+ struct bnxt_tls_sw_stats *ring_stats;
+
+ if (!bp->ktls_info)
+ return 0;
+ ring_stats = kzalloc_obj(*ring_stats);
+ if (!ring_stats)
+ return -ENOMEM;
+ txr->tls_stats = ring_stats;
+ return 0;
+}
+
+void bnxt_ktls_free_tx_ring_stats(struct bnxt_tx_ring_info *txr)
+{
+ kfree(txr->tls_stats);
+ txr->tls_stats = NULL;
+}
+
+void bnxt_get_ring_tls_stats(struct bnxt *bp, struct bnxt_tls_sw_stats *stats)
+{
+ struct bnxt_tls_sw_stats *ring_stats;
+ int i, j;
+
+ if (!bp->ktls_info || !bp->tx_ring)
+ return;
+ for (i = 0; i < bp->tx_nr_rings; i++) {
+ ring_stats = bp->tx_ring[i].tls_stats;
+ if (!ring_stats)
+ continue;
+ for (j = 0; j < BNXT_KTLS_MAX_DATA_COUNTERS; j++)
+ stats->counters[j] += ring_stats->counters[j];
+ }
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
index 5a4f39f15e80..1c935e0d413d 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
@@ -4,6 +4,7 @@
#ifndef BNXT_KTLS_H
#define BNXT_KTLS_H
+#include <linux/u64_stats_sync.h>
#include <linux/wait.h>
/* Control plane counters */
@@ -78,6 +79,28 @@ struct ce_add_cmd {
u8 addl_iv[8];
};
+struct crypto_prefix_cmd {
+ __le32 flags;
+ #define CRYPTO_PREFIX_CMD_FLAGS_UPDATE_IN_ORDER_VAR 0x1UL
+ #define CRYPTO_PREFIX_CMD_FLAGS_FULL_REPLAY_RETRAN 0x2UL
+ __le32 header_tcp_seq_num;
+ __le32 start_tcp_seq_num;
+ __le32 end_tcp_seq_num;
+ u8 explicit_nonce[8];
+ u8 record_seq_num[8];
+};
+
+#define CRYPTO_PREFIX_CMD_FLAGS_UPDATE_IN_ORDER_VAR_LE \
+ cpu_to_le32(CRYPTO_PREFIX_CMD_FLAGS_UPDATE_IN_ORDER_VAR)
+
+#define CRYPTO_PREFIX_CMD_SIZE ((u32)sizeof(struct crypto_prefix_cmd))
+#define CRYPTO_PREFIX_CMD_BDS (CRYPTO_PREFIX_CMD_SIZE / sizeof(struct tx_bd))
+#define CRYPTO_PRESYNC_BDS (CRYPTO_PREFIX_CMD_BDS + 1)
+
+#define CRYPTO_PRESYNC_BD_CMD \
+ (cpu_to_le32((CRYPTO_PREFIX_CMD_SIZE << TX_BD_LEN_SHIFT) | \
+ TX_BD_CNT(CRYPTO_PRESYNC_BDS) | TX_BD_TYPE_PRESYNC_TX_BD))
+
static inline bool bnxt_ktls_busy(struct bnxt *bp)
{
return bp->ktls_info && atomic_read(&bp->ktls_info->pending) > 0;
@@ -94,6 +117,15 @@ static inline void bnxt_ktls_wake(struct bnxt *bp)
int bnxt_alloc_ktls_info(struct bnxt *bp);
void bnxt_free_ktls_info(struct bnxt *bp);
int bnxt_ktls_init(struct bnxt *bp);
+struct sk_buff *bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ struct sk_buff *skb, __le32 *lflags, u32 *kid,
+ struct bnxt_ktls_offload_ctx_tx **kctx_tx_p);
+void bnxt_ktls_xmit_commit(struct bnxt_tx_ring_info *txr,
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx);
+int bnxt_ktls_alloc_tx_ring_stats(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr);
+void bnxt_ktls_free_tx_ring_stats(struct bnxt_tx_ring_info *txr);
+void bnxt_get_ring_tls_stats(struct bnxt *bp, struct bnxt_tls_sw_stats *stats);
#else
static inline int bnxt_alloc_ktls_info(struct bnxt *bp)
{
@@ -108,5 +140,34 @@ static inline int bnxt_ktls_init(struct bnxt *bp)
{
return -EOPNOTSUPP;
}
+
+static inline struct sk_buff *
+bnxt_ktls_xmit(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ struct sk_buff *skb, __le32 *lflags, u32 *kid,
+ struct bnxt_ktls_offload_ctx_tx **kctx_tx_p)
+{
+ return skb;
+}
+
+static inline void
+bnxt_ktls_xmit_commit(struct bnxt_tx_ring_info *txr,
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx)
+{
+}
+
+static inline int bnxt_ktls_alloc_tx_ring_stats(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr)
+{
+ return 0;
+}
+
+static inline void bnxt_ktls_free_tx_ring_stats(struct bnxt_tx_ring_info *txr)
+{
+}
+
+static inline void bnxt_get_ring_tls_stats(struct bnxt *bp,
+ struct bnxt_tls_sw_stats *stats)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_KTLS_H */
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 12/15] bnxt_en: Support kTLS TX offload by implementing .tls_dev_add/del()
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Add basic infrastructure to allocate and free kTLS context IDs (KIDs)
to support kTLS TX offload. To offload a connection in .tls_dev_add(),
the first step is to allocate a KID. After that the kTLS offload
command is sent to the HW via MPC using the function
bnxt_xmit_crypto_cmd() introduced in the last patch.
In .tls_dev_del(), we send the delete command to the HW using the
same bnxt_xmit_crypto_cmd(). After that we free the KID, making it
available for new offload. There is extra logic to handle ifdown,
FW reset, and device reconfiguration while deleting the connection.
bnxt_ktls_init() assigns bnxt_ktls_ops to the netdev and sets up
the TLS TX offload feature. bnxt_ktls_init() will be called in
the next patch.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v4:
Fix uninitialized kctx_tx variable warning.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-13-michael.chan@broadcom.com/
Use wait_event() in bnxt_ktls_dev_del() in case the device is in transient
reconfig state instead of poll wait.
Call bnxt_crypto_del_all() after BNXT_STATE_OPEN is cleared as documented.
Use memzero_explicit() to clear sensitive TLS parameters.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-13-michael.chan@broadcom.com/
Fix unused variable warning
Fix error recovery issues
v1:
https://lore.kernel.org/netdev/20260504235836.3019499-13-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/Makefile | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 16 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 +
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 81 ++++-
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 11 +
.../net/ethernet/broadcom/bnxt/bnxt_ktls.c | 339 ++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_ktls.h | 112 ++++++
7 files changed, 559 insertions(+), 3 deletions(-)
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
diff --git a/drivers/net/ethernet/broadcom/bnxt/Makefile b/drivers/net/ethernet/broadcom/bnxt/Makefile
index 3acdb81fa958..88e68248aad4 100644
--- a/drivers/net/ethernet/broadcom/bnxt/Makefile
+++ b/drivers/net/ethernet/broadcom/bnxt/Makefile
@@ -5,4 +5,4 @@ bnxt_en-y := bnxt.o bnxt_hwrm.o bnxt_sriov.o bnxt_ethtool.o bnxt_dcb.o bnxt_ulp.
bnxt_en-$(CONFIG_BNXT_FLOWER_OFFLOAD) += bnxt_tc.o
bnxt_en-$(CONFIG_DEBUG_FS) += bnxt_debugfs.o
bnxt_en-$(CONFIG_BNXT_HWMON) += bnxt_hwmon.o
-bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o bnxt_crypto.o
+bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o bnxt_crypto.o bnxt_ktls.o
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index ff58287a1b12..f175907d7994 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -78,6 +78,7 @@
#include <net/tso.h>
#include "bnxt_mpc.h"
#include "bnxt_crypto.h"
+#include "bnxt_ktls.h"
#define BNXT_TX_TIMEOUT (5 * HZ)
#define BNXT_DEF_MSG_ENABLE (NETIF_MSG_DRV | NETIF_MSG_HW | \
@@ -13326,6 +13327,7 @@ static int __bnxt_open_nic(struct bnxt *bp, bool irq_re_init, bool link_re_init)
static_branch_disable(&bnxt_xdp_locking_key);
}
set_bit(BNXT_STATE_OPEN, &bp->state);
+ bnxt_ktls_wake(bp);
bnxt_enable_int(bp);
/* Enable TX queues */
bnxt_tx_enable(bp);
@@ -13467,7 +13469,8 @@ static int bnxt_open(struct net_device *dev)
static bool bnxt_drv_busy(struct bnxt *bp)
{
return (test_bit(BNXT_STATE_IN_SP_TASK, &bp->state) ||
- test_bit(BNXT_STATE_READ_STATS, &bp->state));
+ test_bit(BNXT_STATE_READ_STATS, &bp->state) ||
+ bnxt_ktls_busy(bp));
}
static void bnxt_get_ring_stats(struct bnxt *bp,
@@ -13485,9 +13488,20 @@ static void __bnxt_close_nic(struct bnxt *bp, bool irq_re_init,
clear_bit(BNXT_STATE_OPEN, &bp->state);
smp_mb__after_atomic();
+ /* Wake any kTLS delete waiting on a reconfig so it re-evaluates and
+ * either keeps waiting for the reopen or aborts (ifdown / FW reset).
+ */
+ bnxt_ktls_wake(bp);
while (bnxt_drv_busy(bp))
msleep(20);
+ /* Delete all crypto connections and KIDs only on ifdown and FW reset,
+ * not ethtool config changes.
+ */
+ if (!netif_running(bp->dev) ||
+ test_bit(BNXT_STATE_IN_FW_RESET, &bp->state))
+ bnxt_crypto_del_all(bp);
+
if (BNXT_SUPPORTS_MULTI_RSS_CTX(bp))
bnxt_clear_rss_ctxs(bp);
/* Flush rings and disable interrupts */
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 813a3f8e75ca..ef22ee7264a7 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2475,6 +2475,7 @@ struct bnxt {
struct bnxt_mpc_info *mpc_info;
struct bnxt_crypto_info *crypto_info;
+ struct bnxt_tls_info *ktls_info;
unsigned int current_interval;
#define BNXT_TIMER_INTERVAL HZ
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index e1cbd4c18d4a..18a85fc8c7a4 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -11,6 +11,7 @@
#include "bnxt.h"
#include "bnxt_hwrm.h"
#include "bnxt_mpc.h"
+#include "bnxt_ktls.h"
#include "bnxt_crypto.h"
static u32 bnxt_get_max_crypto_key_ctx(struct bnxt *bp, int key_type)
@@ -80,13 +81,90 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
kctx->max_ctx = bnxt_get_max_crypto_key_ctx(bp, i);
}
crypto->max_key_ctxs_alloc = max_keys;
- bp->fw_cap |= BNXT_FW_CAP_KTLS;
+ if (!bp->ktls_info)
+ bnxt_alloc_ktls_info(bp);
+ if (bp->ktls_info)
+ bp->fw_cap |= BNXT_FW_CAP_KTLS;
return;
alloc_err:
kfree(crypto);
}
+int bnxt_crypto_del(struct bnxt *bp, u8 type, u8 kind, u32 kid)
+{
+ struct bnxt_tx_ring_info *txr;
+ struct ce_delete_cmd cmd = {};
+ u32 data;
+
+ if (test_bit(BNXT_STATE_IN_FW_RESET, &bp->state) &&
+ test_bit(BNXT_STATE_FW_FATAL_COND, &bp->state))
+ return 0;
+
+ txr = bnxt_select_mpc_ring(bp, type);
+ if (!txr)
+ return -ENODEV;
+ if (kind == BNXT_CTX_KIND_CK_TX)
+ data = CE_DELETE_CMD_CTX_KIND_CK_TX;
+ else if (kind == BNXT_CTX_KIND_CK_RX)
+ data = CE_DELETE_CMD_CTX_KIND_CK_RX;
+ else
+ return -EINVAL;
+
+ data |= CE_DELETE_CMD_OPCODE_DEL |
+ (BNXT_KID_HW(kid) << CE_DELETE_CMD_KID_SFT);
+
+ cmd.ctx_kind_kid_opcode = cpu_to_le32(data);
+ return bnxt_xmit_crypto_cmd(bp, txr, &cmd, sizeof(cmd),
+ BNXT_MPC_TMO_MSECS);
+}
+
+static void bnxt_crypto_del_all_kids(struct bnxt *bp, struct bnxt_kid_info *kid)
+{
+ int i, rc;
+
+ for (i = 0; i < kid->count; i++) {
+ if (!test_bit(i, kid->ids)) {
+ rc = bnxt_crypto_del(bp, kid->type, kid->kind,
+ kid->start_id + i);
+ if (!rc)
+ set_bit(i, kid->ids);
+ }
+ }
+}
+
+/**
+ * bnxt_crypto_del_all - Delete all crypto connections
+ * @bp: pointer to bnxt device
+ *
+ * Delete all crypto connections and free all KIDs for re-use during
+ * shutdown. Increment the epoch counter to invalidate any outstanding
+ * key references.
+ *
+ * This function assumes serialization (called during shutdown) and does
+ * not use locking.
+ *
+ * Context: Process context during shutdown/reset
+ */
+void bnxt_crypto_del_all(struct bnxt *bp)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_kid_info *kid;
+ struct bnxt_kctx *kctx;
+ int i;
+
+ if (!crypto)
+ return;
+
+ /* Shutting down, no need to protect the lists. */
+ for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
+ kctx = &crypto->kctx[i];
+ list_for_each_entry(kid, &kctx->list, list)
+ bnxt_crypto_del_all_kids(bp, kid);
+ kctx->epoch = BNXT_NEXT_EPOCH(kctx->epoch);
+ }
+}
+
/**
* bnxt_clear_crypto - Clear all crypto key contexts
* @bp: pointer to bnxt device
@@ -137,6 +215,7 @@ void bnxt_free_crypto_info(struct bnxt *bp)
{
struct bnxt_crypto_info *crypto = bp->crypto_info;
+ bnxt_free_ktls_info(bp);
if (!crypto)
return;
bnxt_clear_crypto(bp);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
index 6ac23716fc45..a4571369fd23 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -147,6 +147,8 @@ struct bnxt_crypto_cmd_ctx {
#ifdef CONFIG_BNXT_TLS
void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp);
+int bnxt_crypto_del(struct bnxt *bp, u8 type, u8 kind, u32 kid);
+void bnxt_crypto_del_all(struct bnxt *bp);
void bnxt_clear_crypto(struct bnxt *bp);
void bnxt_free_crypto_info(struct bnxt *bp);
void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
@@ -166,6 +168,15 @@ static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
{
}
+static inline int bnxt_crypto_del(struct bnxt *bp, u8 type, u8 kind, u32 kid)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline void bnxt_crypto_del_all(struct bnxt *bp)
+{
+}
+
static inline void bnxt_clear_crypto(struct bnxt *bp)
{
}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
new file mode 100644
index 000000000000..65a6c9f325e2
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.c
@@ -0,0 +1,339 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#include <net/tls.h>
+#include <linux/bnxt/hsi.h>
+
+#include "bnxt.h"
+#include "bnxt_mpc.h"
+#include "bnxt_crypto.h"
+#include "bnxt_ktls.h"
+
+/**
+ * bnxt_alloc_ktls_info - Allocate and initialize kTLS offload context
+ * @bp: pointer to bnxt device
+ *
+ * Allocates the main kTLS crypto info structure
+ *
+ * This function is called during device initialization when firmware
+ * reports kTLS offload capability. If allocation fails, kTLS offload
+ * will not be available but the device will still function.
+ *
+ * Context: Process context
+ *
+ * Return: zero on success, negative error code otherwise:
+ * ENOMEM: out of memory
+ */
+int bnxt_alloc_ktls_info(struct bnxt *bp)
+{
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+
+ if (BNXT_VF(bp))
+ return -EOPNOTSUPP;
+ if (ktls)
+ return 0;
+
+ ktls = kzalloc_obj(*ktls);
+ if (!ktls) {
+ netdev_warn(bp->dev, "Unable to allocate kTLS info\n");
+ return -ENOMEM;
+ }
+ ktls->counters = kzalloc_objs(*ktls->counters,
+ BNXT_KTLS_MAX_CTRL_COUNTERS);
+ if (!ktls->counters)
+ goto ktls_err;
+
+ init_waitqueue_head(&ktls->open_wq);
+ bp->ktls_info = ktls;
+ return 0;
+
+ktls_err:
+ kfree(ktls->counters);
+ kfree(ktls);
+ return -ENOMEM;
+}
+
+/**
+ * bnxt_free_ktls_info - Free kTLS crypto offload resources
+ * @bp: pointer to bnxt device
+ *
+ * Frees all resources associated with kTLS crypto offload
+ *
+ * Context: Process context during device shutdown/removal
+ */
+void bnxt_free_ktls_info(struct bnxt *bp)
+{
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+
+ if (!ktls)
+ return;
+ kfree(ktls->counters);
+ kfree(ktls);
+ bp->ktls_info = NULL;
+}
+
+/* Copy in reverse byte order */
+static void bnxt_copy_tls_mp_data(u8 *dst, u8 *src, int bytes)
+{
+ int i;
+
+ for (i = 0; i < bytes; i++)
+ dst[bytes - i - 1] = src[i];
+}
+
+static int bnxt_crypto_add(struct bnxt *bp, enum tls_offload_ctx_dir direction,
+ struct tls_crypto_info *crypto_info, u32 tcp_seq_no,
+ u32 kid)
+{
+ struct bnxt_tx_ring_info *txr;
+ struct ce_add_cmd cmd = {0};
+ u32 data;
+ int rc;
+
+ if (direction == TLS_OFFLOAD_CTX_DIR_TX) {
+ txr = bnxt_select_mpc_ring(bp, BNXT_MPC_TCE_TYPE);
+ cmd.ctx_kind = CE_ADD_CMD_CTX_KIND_CK_TX;
+ } else {
+ return -EOPNOTSUPP;
+ }
+ if (!txr)
+ return -ENODEV;
+
+ data = CE_ADD_CMD_OPCODE_ADD | (BNXT_KID_HW(kid) << CE_ADD_CMD_KID_SFT);
+ switch (crypto_info->cipher_type) {
+ case TLS_CIPHER_AES_GCM_128: {
+ struct tls12_crypto_info_aes_gcm_128 *aes;
+
+ aes = (void *)crypto_info;
+ data |= CE_ADD_CMD_ALGORITHM_AES_GCM_128;
+ if (crypto_info->version == TLS_1_3_VERSION)
+ data |= CE_ADD_CMD_VERSION_TLS1_3;
+ memcpy(&cmd.session_key, aes->key, sizeof(aes->key));
+ memcpy(&cmd.salt, aes->salt, sizeof(aes->salt));
+ memcpy(&cmd.addl_iv, aes->iv, sizeof(aes->iv));
+ bnxt_copy_tls_mp_data(cmd.record_seq_num, aes->rec_seq,
+ sizeof(aes->rec_seq));
+ break;
+ }
+ case TLS_CIPHER_AES_GCM_256: {
+ struct tls12_crypto_info_aes_gcm_256 *aes;
+
+ aes = (void *)crypto_info;
+ data |= CE_ADD_CMD_ALGORITHM_AES_GCM_256;
+ if (crypto_info->version == TLS_1_3_VERSION)
+ data |= CE_ADD_CMD_VERSION_TLS1_3;
+ memcpy(&cmd.session_key, aes->key, sizeof(aes->key));
+ memcpy(&cmd.salt, aes->salt, sizeof(aes->salt));
+ memcpy(&cmd.addl_iv, aes->iv, sizeof(aes->iv));
+ bnxt_copy_tls_mp_data(cmd.record_seq_num, aes->rec_seq,
+ sizeof(aes->rec_seq));
+ break;
+ }
+ default:
+ return -EOPNOTSUPP;
+ }
+ cmd.ver_algo_kid_opcode = cpu_to_le32(data);
+ cmd.pkt_tcp_seq_num = cpu_to_le32(tcp_seq_no);
+ cmd.tls_header_tcp_seq_num = cmd.pkt_tcp_seq_num;
+ rc = bnxt_xmit_crypto_cmd(bp, txr, &cmd, sizeof(cmd),
+ BNXT_MPC_TMO_MSECS);
+ memzero_explicit(&cmd, sizeof(cmd));
+ return rc;
+}
+
+static bool bnxt_ktls_cipher_supported(struct bnxt *bp,
+ struct tls_crypto_info *crypto_info)
+{
+ u16 type = crypto_info->cipher_type;
+ u16 version = crypto_info->version;
+
+ if ((type == TLS_CIPHER_AES_GCM_128 ||
+ type == TLS_CIPHER_AES_GCM_256) &&
+ (version == TLS_1_2_VERSION ||
+ version == TLS_1_3_VERSION))
+ return true;
+ return false;
+}
+
+static void bnxt_set_ktls_ctx_tx(struct tls_context *tls_ctx,
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx)
+{
+ struct bnxt_ktls_tx_driver_state *tx =
+ __tls_driver_ctx(tls_ctx, TLS_OFFLOAD_CTX_DIR_TX);
+
+ tx->ctx_tx = kctx_tx;
+}
+
+static struct bnxt_ktls_offload_ctx_tx *
+bnxt_get_ktls_ctx_tx(struct tls_context *tls_ctx)
+{
+ struct bnxt_ktls_tx_driver_state *tx =
+ __tls_driver_ctx(tls_ctx, TLS_OFFLOAD_CTX_DIR_TX);
+
+ return tx->ctx_tx;
+}
+
+static int bnxt_ktls_dev_add(struct net_device *dev, struct sock *sk,
+ enum tls_offload_ctx_dir direction,
+ struct tls_crypto_info *crypto_info,
+ u32 start_offload_tcp_sn)
+{
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx;
+ struct bnxt *bp = netdev_priv(dev);
+ struct bnxt_crypto_info *crypto;
+ struct tls_context *tls_ctx;
+ struct bnxt_tls_info *ktls;
+ struct bnxt_kctx *kctx;
+ u32 kid;
+ int rc;
+
+ BUILD_BUG_ON(sizeof(struct bnxt_ktls_tx_driver_state) >
+ TLS_DRIVER_STATE_SIZE_TX);
+
+ ktls = bp->ktls_info;
+ if (direction == TLS_OFFLOAD_CTX_DIR_RX)
+ return -EOPNOTSUPP;
+
+ if (!BNXT_SUPPORTS_KTLS(bp)) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_NO_CAP]);
+ return -EOPNOTSUPP;
+ }
+ atomic_inc(&ktls->pending);
+ /* Make sure bnxt_close_nic() sees pending before we check the
+ * BNXT_STATE_OPEN flag.
+ */
+ smp_mb__after_atomic();
+ if (!test_bit(BNXT_STATE_OPEN, &bp->state)) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_STATE_NOT_OPEN]);
+ rc = -ENODEV;
+ goto exit;
+ }
+
+ if (!bnxt_ktls_cipher_supported(bp, crypto_info)) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_INVALID_CIPHER]);
+ rc = -EOPNOTSUPP;
+ goto exit;
+ }
+
+ kctx_tx = kzalloc_obj(*kctx_tx);
+ if (!kctx_tx) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_NO_MEM]);
+ rc = -ENOMEM;
+ goto exit;
+ }
+ tls_ctx = tls_get_ctx(sk);
+ crypto = bp->crypto_info;
+ kctx = &crypto->kctx[BNXT_TX_CRYPTO_KEY_TYPE];
+ rc = bnxt_key_ctx_alloc_one(bp, kctx, BNXT_CTX_KIND_CK_TX, &kid);
+ if (rc) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_KEY_CTX_ALLOC]);
+ goto free_ctx;
+ }
+ rc = bnxt_crypto_add(bp, direction, crypto_info, start_offload_tcp_sn,
+ kid);
+ if (rc) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_CRYPTO_CMD]);
+ goto free_kctx;
+ }
+ kctx_tx->kid = kid;
+ kctx_tx->tcp_seq_no = start_offload_tcp_sn;
+ bnxt_set_ktls_ctx_tx(tls_ctx, kctx_tx);
+ atomic64_inc(&ktls->counters[BNXT_KTLS_TX_ADD]);
+ goto exit;
+
+free_kctx:
+ bnxt_free_one_kctx(kctx, kid);
+free_ctx:
+ kfree(kctx_tx);
+exit:
+ atomic_dec(&ktls->pending);
+ return rc;
+}
+
+#define KTLS_RETRY_MAX 100
+#define KTLS_WAIT_TMO_MS 100
+
+static void bnxt_ktls_dev_del(struct net_device *dev,
+ struct tls_context *tls_ctx,
+ enum tls_offload_ctx_dir direction)
+{
+ struct bnxt_ktls_offload_ctx_tx *kctx_tx;
+ struct bnxt *bp = netdev_priv(dev);
+ struct bnxt_crypto_info *crypto;
+ struct bnxt_tls_info *ktls;
+ struct bnxt_kctx *kctx;
+ int retry_cnt = 0;
+ u8 kind;
+ u32 kid;
+
+ ktls = bp->ktls_info;
+ kctx_tx = bnxt_get_ktls_ctx_tx(tls_ctx);
+retry:
+ if (!test_bit(BNXT_STATE_OPEN, &bp->state)) {
+ /* During ifdown or FW reset, all connections will be torn
+ * down by bnxt_crypto_del_all() / FUNC_RESET, so nothing to
+ * do here. Only a reconfiguration is transient and
+ * __bnxt_open_nic() will set BNXT_STATE_OPEN again and wake us.
+ */
+ if (!netif_running(dev) ||
+ test_bit(BNXT_STATE_IN_FW_RESET, &bp->state))
+ goto free;
+ /* Bound the wait so a wedged reconfig can't block the kTLS
+ * destruct work indefinitely.
+ */
+ if (retry_cnt++ > KTLS_RETRY_MAX) {
+ atomic64_inc(&ktls->counters[BNXT_KTLS_ERR_RETRY_EXCEEDED]);
+ netdev_warn(dev, "%s timed out waiting for device, state %lx\n",
+ __func__, bp->state);
+ goto free;
+ }
+ wait_event_timeout(ktls->open_wq,
+ test_bit(BNXT_STATE_OPEN, &bp->state) ||
+ !netif_running(dev) ||
+ test_bit(BNXT_STATE_IN_FW_RESET, &bp->state),
+ msecs_to_jiffies(KTLS_WAIT_TMO_MS));
+ goto retry;
+ }
+ atomic_inc(&ktls->pending);
+ /* Make sure bnxt_close_nic() sees pending before we check the
+ * BNXT_STATE_OPEN flag.
+ */
+ smp_mb__after_atomic();
+ if (!test_bit(BNXT_STATE_OPEN, &bp->state)) {
+ atomic_dec(&ktls->pending);
+ goto retry;
+ }
+
+ crypto = bp->crypto_info;
+ kid = kctx_tx->kid;
+ kctx = &crypto->kctx[BNXT_TX_CRYPTO_KEY_TYPE];
+ kind = BNXT_CTX_KIND_CK_TX;
+ atomic64_inc(&ktls->counters[BNXT_KTLS_TX_DEL]);
+ if (bnxt_kid_valid(kctx, kid) &&
+ !bnxt_crypto_del(bp, kctx->type, kind, kid))
+ bnxt_free_one_kctx(kctx, kid);
+
+ atomic_dec(&ktls->pending);
+free:
+ bnxt_set_ktls_ctx_tx(tls_ctx, NULL);
+ kfree(kctx_tx);
+}
+
+static const struct tlsdev_ops bnxt_ktls_ops = {
+ .tls_dev_add = bnxt_ktls_dev_add,
+ .tls_dev_del = bnxt_ktls_dev_del,
+};
+
+int bnxt_ktls_init(struct bnxt *bp)
+{
+ struct bnxt_tls_info *ktls = bp->ktls_info;
+ struct net_device *dev = bp->dev;
+
+ if (!ktls)
+ return 0;
+
+ dev->tlsdev_ops = &bnxt_ktls_ops;
+ dev->hw_features |= NETIF_F_HW_TLS_TX;
+ dev->features |= NETIF_F_HW_TLS_TX;
+ return 0;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
new file mode 100644
index 000000000000..5a4f39f15e80
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ktls.h
@@ -0,0 +1,112 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#ifndef BNXT_KTLS_H
+#define BNXT_KTLS_H
+
+#include <linux/wait.h>
+
+/* Control plane counters */
+enum bnxt_ktls_ctrl_counters {
+ BNXT_KTLS_TX_ADD = 0,
+ BNXT_KTLS_TX_DEL,
+
+ /* Error counters for debugging */
+ BNXT_KTLS_ERR_NO_MEM, /* Memory allocation failure */
+ BNXT_KTLS_ERR_NO_CAP, /* Capability lost after FW reset */
+ BNXT_KTLS_ERR_KEY_CTX_ALLOC, /* Key context alloc failure */
+ BNXT_KTLS_ERR_CRYPTO_CMD, /* Crypto command failure */
+ BNXT_KTLS_ERR_DEVICE_BUSY, /* Device not ready */
+ BNXT_KTLS_ERR_INVALID_CIPHER, /* Unsupported cipher */
+ BNXT_KTLS_ERR_STATE_NOT_OPEN, /* Device not open */
+ BNXT_KTLS_ERR_RETRY_EXCEEDED, /* Retry limit exceeded */
+
+ BNXT_KTLS_MAX_CTRL_COUNTERS,
+};
+
+struct bnxt_tls_info {
+ atomic_t pending;
+
+ /* Woken from __bnxt_open_nic()/__bnxt_close_nic() when
+ * BNXT_STATE_OPEN changes, so a kTLS delete can wait out a ring
+ * reconfiguration instead of polling the state bit.
+ */
+ wait_queue_head_t open_wq;
+
+ /* Atomic counters for control path */
+ atomic64_t *counters;
+};
+
+struct bnxt_ktls_offload_ctx_tx {
+ u32 tcp_seq_no; /* tcp seq no in sync with HW */
+ u32 next_tcp_seq_no;/* staged tcp seq no */
+ u32 kid;
+ u32 pending_bytes; /* staged payload bytes */
+};
+
+struct bnxt_ktls_tx_driver_state {
+ struct bnxt_ktls_offload_ctx_tx *ctx_tx;
+};
+
+struct ce_add_cmd {
+ __le32 ver_algo_kid_opcode;
+ #define CE_ADD_CMD_OPCODE_MASK 0xfUL
+ #define CE_ADD_CMD_OPCODE_SFT 0
+ #define CE_ADD_CMD_OPCODE_ADD 0x1UL
+ #define CE_ADD_CMD_KID_MASK 0xfffff0UL
+ #define CE_ADD_CMD_KID_SFT 4
+ #define CE_ADD_CMD_ALGORITHM_MASK 0xf000000UL
+ #define CE_ADD_CMD_ALGORITHM_SFT 24
+ #define CE_ADD_CMD_ALGORITHM_AES_GCM_128 0x1000000UL
+ #define CE_ADD_CMD_ALGORITHM_AES_GCM_256 0x2000000UL
+ #define CE_ADD_CMD_VERSION_MASK 0xf0000000UL
+ #define CE_ADD_CMD_VERSION_SFT 28
+ #define CE_ADD_CMD_VERSION_TLS1_2 (0x0UL << 28)
+ #define CE_ADD_CMD_VERSION_TLS1_3 (0x1UL << 28)
+ u8 ctx_kind;
+ #define CE_ADD_CMD_CTX_KIND_MASK 0x1fUL
+ #define CE_ADD_CMD_CTX_KIND_SFT 0
+ #define CE_ADD_CMD_CTX_KIND_CK_TX 0x11UL
+ #define CE_ADD_CMD_CTX_KIND_CK_RX 0x12UL
+ u8 unused0[3];
+ u8 salt[4];
+ u8 unused1[4];
+ __le32 pkt_tcp_seq_num;
+ __le32 tls_header_tcp_seq_num;
+ u8 record_seq_num[8];
+ u8 session_key[32];
+ u8 addl_iv[8];
+};
+
+static inline bool bnxt_ktls_busy(struct bnxt *bp)
+{
+ return bp->ktls_info && atomic_read(&bp->ktls_info->pending) > 0;
+}
+
+/* Wake any kTLS control op waiting for a BNXT_STATE_OPEN transition. */
+static inline void bnxt_ktls_wake(struct bnxt *bp)
+{
+ if (bp->ktls_info)
+ wake_up_all(&bp->ktls_info->open_wq);
+}
+
+#ifdef CONFIG_BNXT_TLS
+int bnxt_alloc_ktls_info(struct bnxt *bp);
+void bnxt_free_ktls_info(struct bnxt *bp);
+int bnxt_ktls_init(struct bnxt *bp);
+#else
+static inline int bnxt_alloc_ktls_info(struct bnxt *bp)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline void bnxt_free_ktls_info(struct bnxt *bp)
+{
+}
+
+static inline int bnxt_ktls_init(struct bnxt *bp)
+{
+ return -EOPNOTSUPP;
+}
+#endif /* CONFIG_BNXT_TLS */
+#endif /* BNXT_KTLS_H */
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 11/15] bnxt_en: Add crypto MPC transmit/completion infrastructure
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Add infrastructure to support sending crypto commands using the
midpath channels (MPCs). bnxt_xmit_crypto_cmd() is used to send a
crypto command and sleep with timeout until the completion is received.
If it times out, we recover by resetting the MPC. The next patch will
use this infrastructure to offload kTLS connections.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v4:
Clear MPC entries in bnxt_mpc_ring_reset() if device is going down.
Only clear MPC handle in bnxt_mpc_cmp() if the ring is in normal state to
ensure proper ref counting during reset.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-12-michael.chan@broadcom.com/
Multiple improvements for the MPC timeout logic, including the use of
refcount to terminate the timeout instead of the arbitrary 200msec poll
wait, add synchronize_net().
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-12-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 138 +++++++++++++-
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 95 ++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 170 +++++++++++++++++-
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 9 +
6 files changed, 414 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 63b23bb93727..ff58287a1b12 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7720,7 +7720,7 @@ void bnxt_hwrm_cp_ring_free(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
ring->fw_ring_id = INVALID_HW_RING_ID;
}
-static void bnxt_clear_one_cp_ring(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
+void bnxt_clear_one_cp_ring(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
{
struct bnxt_ring_struct *ring = &cpr->cp_ring_struct;
int i, size = ring->ring_mem.page_size;
@@ -14424,7 +14424,7 @@ static int bnxt_hwrm_rx_ring_reset(struct bnxt *bp, int ring_nr)
return hwrm_req_send_silent(bp, req);
}
-static void bnxt_reset_task(struct bnxt *bp, bool silent)
+void bnxt_reset_task(struct bnxt *bp, bool silent)
{
if (!silent)
bnxt_dbg_dump_states(bp);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 1258fa11c381..813a3f8e75ca 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -3025,6 +3025,7 @@ int bnxt_hwrm_tx_ring_alloc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
void bnxt_hwrm_tx_ring_free(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
bool close_path);
void bnxt_hwrm_cp_ring_free(struct bnxt *bp, struct bnxt_cp_ring_info *cpr);
+void bnxt_clear_one_cp_ring(struct bnxt *bp, struct bnxt_cp_ring_info *cpr);
int bnxt_total_tx_rings(struct bnxt *bp);
int __bnxt_hwrm_get_tx_rings(struct bnxt *bp, u16 fid, int *tx_rings);
int bnxt_nq_rings_in_use(struct bnxt *bp);
@@ -3071,6 +3072,7 @@ void bnxt_sync_ring_stats(struct bnxt *bp);
bool bnxt_rfs_capable(struct bnxt *bp, bool new_rss_ctx);
int bnxt_dbg_hwrm_rd_reg(struct bnxt *bp, u32 reg_off, u16 num_words,
u32 *reg_buf);
+void bnxt_reset_task(struct bnxt *bp, bool silent);
void bnxt_fw_exception(struct bnxt *bp);
void bnxt_fw_reset(struct bnxt *bp);
int bnxt_check_rings(struct bnxt *bp, int tx, int rx, bool sh, int tcs,
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index ac843c883d63..e1cbd4c18d4a 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -5,10 +5,12 @@
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/slab.h>
+#include <linux/pci.h>
#include <linux/bnxt/hsi.h>
#include "bnxt.h"
#include "bnxt_hwrm.h"
+#include "bnxt_mpc.h"
#include "bnxt_crypto.h"
static u32 bnxt_get_max_crypto_key_ctx(struct bnxt *bp, int key_type)
@@ -42,6 +44,7 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
u16 max_keys = le16_to_cpu(resp->max_key_ctxs_alloc);
struct bnxt_crypto_info *crypto = bp->crypto_info;
struct bnxt_kctx *kctx;
+ char name[64];
int i;
if (BNXT_VF(bp))
@@ -53,6 +56,15 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
"Unable to allocate crypto info\n");
return;
}
+ snprintf(name, sizeof(name), "bnxt_crypto-%s",
+ dev_name(&bp->pdev->dev));
+ crypto->mpc_cache =
+ kmem_cache_create(name,
+ sizeof(struct bnxt_crypto_cmd_ctx),
+ 0, SLAB_HWCACHE_ALIGN, NULL);
+ if (!crypto->mpc_cache)
+ goto alloc_err;
+
for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
kctx = &crypto->kctx[i];
kctx->type = i;
@@ -69,6 +81,10 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
}
crypto->max_key_ctxs_alloc = max_keys;
bp->fw_cap |= BNXT_FW_CAP_KTLS;
+ return;
+
+alloc_err:
+ kfree(crypto);
}
/**
@@ -119,8 +135,13 @@ void bnxt_clear_crypto(struct bnxt *bp)
*/
void bnxt_free_crypto_info(struct bnxt *bp)
{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+
+ if (!crypto)
+ return;
bnxt_clear_crypto(bp);
- kfree(bp->crypto_info);
+ kmem_cache_destroy(crypto->mpc_cache);
+ kfree(crypto);
bp->crypto_info = NULL;
bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
}
@@ -366,6 +387,82 @@ int bnxt_key_ctx_alloc_one(struct bnxt *bp, struct bnxt_kctx *kctx, u8 kind,
return -EAGAIN;
}
+#define BNXT_XMIT_CRYPTO_RETRY_MAX 10
+#define BNXT_XMIT_CRYPTO_MIN_TMO 100
+#define BNXT_XMIT_CRYPTO_MAX_TMO 150
+
+int bnxt_xmit_crypto_cmd(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ void *cmd, unsigned int len, unsigned int tmo)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_crypto_cmd_ctx *ctx = NULL;
+ unsigned long tmo_left, handle = 0;
+ int rc, retry = 0;
+
+ if (tmo) {
+ u32 kid = CE_CMD_KID(cmd);
+
+ ctx = kmem_cache_alloc(crypto->mpc_cache, GFP_KERNEL);
+ if (!ctx)
+ return -ENOMEM;
+ init_completion(&ctx->cmp);
+ handle = (unsigned long)ctx;
+ ctx->kid = kid;
+ ctx->client = txr->tx_ring_struct.mpc_chnl_type;
+ ctx->status = 0;
+ /* One reference for this caller, one for the handle stored in
+ * the TX buf ring. The latter is dropped by
+ * bnxt_crypto_mpc_cmp() when the command is completed normally
+ * or after timeout.
+ */
+ refcount_set(&ctx->refcnt, 2);
+ retry = BNXT_XMIT_CRYPTO_RETRY_MAX;
+ might_sleep();
+ }
+ do {
+ spin_lock_bh(&txr->tx_lock);
+ rc = bnxt_start_xmit_mpc(bp, txr, cmd, len, handle);
+ spin_unlock_bh(&txr->tx_lock);
+ if (rc == -EBUSY && tmo && retry)
+ usleep_range(BNXT_XMIT_CRYPTO_MIN_TMO,
+ BNXT_XMIT_CRYPTO_MAX_TMO);
+ else
+ break;
+ } while (retry--);
+ if (rc || !tmo) {
+ /* The completion will never arrive, drop one reference */
+ if (ctx)
+ refcount_dec(&ctx->refcnt);
+ goto xmit_done;
+ }
+
+ tmo_left = wait_for_completion_timeout(&ctx->cmp, msecs_to_jiffies(tmo));
+ if (!tmo_left) {
+ netdev_warn(bp->dev, "crypto MP cmd %08x timed out\n",
+ *((u32 *)cmd));
+ bnxt_mpc_timeout(bp, txr);
+ rc = -ETIMEDOUT;
+ goto xmit_done;
+ }
+ if (ctx->status == BNXT_CMD_CTX_COMPLETED &&
+ CE_CMPL_STATUS(&ctx->ce_cmp) == CE_CMPL_STATUS_OK)
+ rc = 0;
+ else
+ rc = -EIO;
+xmit_done:
+ if (rc) {
+ u8 status = ctx ? ctx->status : 0;
+
+ netdev_warn(bp->dev,
+ "MPC transmit failed, ring idx %d, op 0x%x, kid 0x%x, status 0x%x\n",
+ txr->bnapi->index, CE_CMD_OP(cmd), CE_CMD_KID(cmd),
+ status);
+ }
+ if (ctx && refcount_dec_and_test(&ctx->refcnt))
+ kmem_cache_free(crypto->mpc_cache, ctx);
+ return rc;
+}
+
int bnxt_crypto_init(struct bnxt *bp)
{
struct bnxt_crypto_info *crypto = bp->crypto_info;
@@ -395,3 +492,42 @@ int bnxt_crypto_init(struct bnxt *bp)
return 0;
}
+
+void bnxt_crypto_mpc_cmp(struct bnxt *bp, u32 client, unsigned long handle,
+ struct bnxt_cmpl_entry cmpl[], u32 entries)
+{
+ struct bnxt_crypto_cmd_ctx *ctx;
+ struct ce_cmpl *cmp = NULL;
+ u32 len, kid;
+
+ if (likely(cmpl))
+ cmp = cmpl[0].cmpl;
+ if (!handle || entries != 1) {
+ if (entries != 1 && cmpl) {
+ netdev_warn(bp->dev, "Invalid entries %d with handle %lx cmpl %08x in %s()\n",
+ entries, handle, *(u32 *)cmp, __func__);
+ }
+ if (!handle)
+ return;
+ }
+ ctx = (void *)handle;
+ ctx->status = BNXT_CMD_CTX_COMPLETED;
+ if (unlikely(!cmpl)) {
+ ctx->status |= BNXT_CMD_CTX_RESET;
+ goto cmp_done;
+ }
+ kid = CE_CMPL_KID(cmp);
+ if (ctx->kid != kid || ctx->client != client || entries != 1) {
+ netdev_warn(bp->dev,
+ "Invalid CE cmpl 0x%08x with entries %d for client %d with status 0x%x, expected kid 0x%x and client %d\n",
+ *(u32 *)cmp, entries, client, ctx->status, ctx->kid,
+ ctx->client);
+ ctx->status |= BNXT_CMD_CTX_ERROR;
+ }
+ len = min_t(u32, cmpl[0].len, sizeof(ctx->ce_cmp));
+ memcpy(&ctx->ce_cmp, cmpl[0].cmpl, len);
+cmp_done:
+ complete(&ctx->cmp);
+ if (refcount_dec_and_test(&ctx->refcnt))
+ kmem_cache_free(bp->crypto_info->mpc_cache, ctx);
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
index 0e632499b401..6ac23716fc45 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -4,6 +4,8 @@
#ifndef BNXT_CRYPTO_H
#define BNXT_CRYPTO_H
+#include <linux/refcount.h>
+
#define BNXT_MAX_TX_CRYPTO_KEYS 204800
#define BNXT_MAX_RX_CRYPTO_KEYS 204800
@@ -60,6 +62,80 @@ struct bnxt_crypto_info {
u16 max_key_ctxs_alloc;
struct bnxt_kctx kctx[BNXT_MAX_CRYPTO_KEY_TYPE];
+
+ struct kmem_cache *mpc_cache;
+};
+
+struct ce_delete_cmd {
+ __le32 ctx_kind_kid_opcode;
+ #define CE_DELETE_CMD_OPCODE_MASK 0xfUL
+ #define CE_DELETE_CMD_OPCODE_SFT 0
+ #define CE_DELETE_CMD_OPCODE_DEL 0x2UL
+ #define CE_DELETE_CMD_KID_MASK 0xfffff0UL
+ #define CE_DELETE_CMD_KID_SFT 4
+ #define CE_DELETE_CMD_CTX_KIND_MASK 0x1f000000UL
+ #define CE_DELETE_CMD_CTX_KIND_SFT 24
+ #define CE_DELETE_CMD_CTX_KIND_CK_TX (0x11UL << 24)
+ #define CE_DELETE_CMD_CTX_KIND_CK_RX (0x12UL << 24)
+};
+
+#define CE_CMD_OP_MASK 0x00000fU
+#define CE_CMD_KID_MASK 0xfffff0U
+#define CE_CMD_KID_SFT 4
+
+#define CE_CMD_OP(cmd_p) \
+ (le32_to_cpu(*(__le32 *)(cmd_p)) & CE_CMD_OP_MASK)
+
+#define CE_CMD_KID(cmd_p) \
+ ((le32_to_cpu(*(__le32 *)(cmd_p)) & CE_CMD_KID_MASK) >> CE_CMD_KID_SFT)
+
+struct ce_cmpl {
+ __le16 client_subtype_type;
+ #define CE_CMPL_TYPE_MASK 0x3fUL
+ #define CE_CMPL_TYPE_SFT 0
+ #define CE_CMPL_TYPE_MID_PATH_SHORT 0x1eUL
+ #define CE_CMPL_SUBTYPE_MASK 0xf00UL
+ #define CE_CMPL_SUBTYPE_SFT 8
+ #define CE_CMPL_SUBTYPE_SOLICITED (0x0UL << 8)
+ #define CE_CMPL_SUBTYPE_ERR (0x1UL << 8)
+ #define CE_CMPL_SUBTYPE_RESYNC (0x2UL << 8)
+ #define CE_CMPL_MP_CLIENT_MASK 0xf000UL
+ #define CE_CMPL_MP_CLIENT_SFT 12
+ #define CE_CMPL_MP_CLIENT_TCE (0x0UL << 12)
+ #define CE_CMPL_MP_CLIENT_RCE (0x1UL << 12)
+ __le16 status;
+ #define CE_CMPL_STATUS_MASK 0xfUL
+ #define CE_CMPL_STATUS_SFT 0
+ #define CE_CMPL_STATUS_OK 0x0UL
+ #define CE_CMPL_STATUS_CTX_LD_ERR 0x1UL
+ #define CE_CMPL_STATUS_FID_CHK_ERR 0x2UL
+ #define CE_CMPL_STATUS_CTX_VER_ERR 0x3UL
+ #define CE_CMPL_STATUS_DST_ID_ERR 0x4UL
+ #define CE_CMPL_STATUS_MP_CMD_ERR 0x5UL
+ u32 opaque;
+ __le32 v;
+ #define CE_CMPL_V 0x1UL
+ __le32 kid;
+ #define CE_CMPL_KID_MASK 0xfffffUL
+ #define CE_CMPL_KID_SFT 0
+};
+
+#define CE_CMPL_STATUS(ce_cmpl) \
+ (le16_to_cpu((ce_cmpl)->status) & CE_CMPL_STATUS_MASK)
+
+#define CE_CMPL_KID(ce_cmpl) \
+ (le32_to_cpu((ce_cmpl)->kid) & CE_CMPL_KID_MASK)
+
+struct bnxt_crypto_cmd_ctx {
+ struct completion cmp;
+ struct ce_cmpl ce_cmp;
+ refcount_t refcnt;
+ u32 kid;
+ u16 client;
+ u8 status;
+#define BNXT_CMD_CTX_COMPLETED 0x1
+#define BNXT_CMD_CTX_ERROR 0x2
+#define BNXT_CMD_CTX_RESET 0x4
};
#define BNXT_TCK(crypto) ((crypto)->kctx[BNXT_TX_CRYPTO_KEY_TYPE])
@@ -79,7 +155,11 @@ bool bnxt_kid_valid(struct bnxt_kctx *kctx, u32 id);
void bnxt_free_one_kctx(struct bnxt_kctx *kctx, u32 id);
int bnxt_key_ctx_alloc_one(struct bnxt *bp, struct bnxt_kctx *kctx, u8 kind,
u32 *id);
+int bnxt_xmit_crypto_cmd(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ void *cmd, unsigned int len, unsigned int tmo);
int bnxt_crypto_init(struct bnxt *bp);
+void bnxt_crypto_mpc_cmp(struct bnxt *bp, u32 client, unsigned long handle,
+ struct bnxt_cmpl_entry cmpl[], u32 entries);
#else
static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp)
@@ -115,9 +195,24 @@ static inline int bnxt_key_ctx_alloc_one(struct bnxt *bp,
return -EOPNOTSUPP;
}
+static inline int bnxt_xmit_crypto_cmd(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr,
+ void *cmd, unsigned int len,
+ unsigned int tmo)
+{
+ return -EOPNOTSUPP;
+}
+
static inline int bnxt_crypto_init(struct bnxt *bp)
{
return 0;
}
+
+static inline void bnxt_crypto_mpc_cmp(struct bnxt *bp, u32 client,
+ unsigned long handle,
+ struct bnxt_cmpl_entry cmpl[],
+ u32 entries)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_CRYPTO_H */
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index 30f4b3bf181b..d66265b43bed 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -9,6 +9,7 @@
#include "bnxt.h"
#include "bnxt_mpc.h"
+#include "bnxt_crypto.h"
void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -488,6 +489,168 @@ int bnxt_start_xmit_mpc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
return 0;
}
+/* Returns true if the ring is successfully marked as closing. */
+static bool bnxt_disable_mpc_ring(struct bnxt_mpc_info *mpc, int mpc_ring)
+{
+ struct bnxt_tx_ring_info *txr;
+ bool disabled = false;
+ int i;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc_ring >= mpc->mpc_ring_count[i])
+ continue;
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ spin_lock_bh(&txr->tx_lock);
+ if (!READ_ONCE(txr->dev_state)) {
+ disabled = true;
+ WRITE_ONCE(txr->dev_state, BNXT_DEV_STATE_CLOSING);
+ }
+ spin_unlock_bh(&txr->tx_lock);
+ if (!disabled)
+ break;
+ }
+ /* Make sure napi polls see @dev_state change */
+ if (disabled)
+ synchronize_net();
+ return disabled;
+}
+
+static void bnxt_enable_mpc_ring(struct bnxt_mpc_info *mpc, int mpc_ring)
+{
+ struct bnxt_tx_ring_info *txr;
+ int i;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc_ring >= mpc->mpc_ring_count[i])
+ continue;
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ WRITE_ONCE(txr->dev_state, 0);
+ }
+}
+
+static void bnxt_clear_one_mpc_entries(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr)
+{
+ struct bnxt_sw_mpc_tx_bd *tx_buf;
+ unsigned long handle;
+ int i, max_idx;
+ u32 client;
+
+ max_idx = bp->tx_nr_pages * TX_DESC_CNT;
+
+ for (i = 0; i < max_idx; i++) {
+ tx_buf = &txr->tx_mpc_buf_ring[i];
+ handle = tx_buf->handle;
+ if (handle) {
+ client = txr->tx_ring_struct.mpc_chnl_type;
+ bnxt_crypto_mpc_cmp(bp, client, handle, NULL, 0);
+ tx_buf->handle = 0;
+ }
+ }
+}
+
+static void bnxt_mpc_ring_stop(struct bnxt *bp, struct bnxt_mpc_info *mpc,
+ int mpc_ring)
+{
+ struct bnxt_tx_ring_info *txr;
+ struct bnxt_cp_ring_info *cpr;
+ int i;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc->mpc_ring_count[i] > mpc_ring) {
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ bnxt_hwrm_tx_ring_free(bp, txr, true);
+ }
+ }
+ /* CP rings must be freed at the end to guarantee that the HWRM_DONE
+ * responses for HWRM_RING_FREE can still be seen on the CP rings.
+ */
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc->mpc_ring_count[i] > mpc_ring) {
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ cpr = txr->tx_cpr;
+ if (cpr) {
+ bnxt_hwrm_cp_ring_free(bp, cpr);
+ bnxt_clear_one_cp_ring(bp, cpr);
+ }
+ bnxt_clear_one_mpc_entries(bp, txr);
+ }
+ }
+}
+
+static int bnxt_mpc_ring_start(struct bnxt *bp, struct bnxt_mpc_info *mpc,
+ int mpc_ring)
+{
+ struct bnxt_tx_ring_info *txr;
+ int i, rc;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc->mpc_ring_count[i] > mpc_ring) {
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ txr->tx_prod = 0;
+ txr->tx_cons = 0;
+ txr->tx_hw_cons = 0;
+ rc = bnxt_hwrm_one_mpc_ring_alloc(bp, txr);
+ if (rc)
+ return rc;
+ }
+ }
+ return 0;
+}
+
+static int bnxt_mpc_ring_reset(struct bnxt *bp, int mpc_ring)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ struct bnxt_tx_ring_info *txr;
+ int i, rc;
+
+ if (!mpc)
+ return 0;
+ if (mpc_ring >= mpc->mpc_cp_rings)
+ return -EINVAL;
+
+ if (!bnxt_disable_mpc_ring(mpc, mpc_ring))
+ return 0;
+
+ /* If device is going down, the MPC rings will be freed anyway so just
+ * clear the MPC entries.
+ */
+ if (!test_bit(BNXT_STATE_OPEN, &bp->state)) {
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ if (mpc->mpc_ring_count[i] > mpc_ring) {
+ txr = &mpc->mpc_rings[i][mpc_ring];
+ bnxt_clear_one_mpc_entries(bp, txr);
+ }
+ }
+ bnxt_enable_mpc_ring(mpc, mpc_ring);
+ return 0;
+ }
+ netdev_warn(bp->dev, "Resetting MPC ring %d\n", mpc_ring);
+ netdev_lock(bp->dev);
+ bnxt_mpc_ring_stop(bp, mpc, mpc_ring);
+
+ rc = bnxt_mpc_ring_start(bp, mpc, mpc_ring);
+ if (rc) {
+ netdev_err(bp->dev, "Error starting MPC ring %d, rc: %d, resetting device\n",
+ mpc_ring, rc);
+ bnxt_mpc_ring_stop(bp, mpc, mpc_ring);
+ bnxt_reset_task(bp, true);
+ netdev_unlock(bp->dev);
+ /* Return here as bnxt_reset_task() will clear everything */
+ return rc;
+ }
+ netdev_unlock(bp->dev);
+ bnxt_enable_mpc_ring(mpc, mpc_ring);
+ return 0;
+}
+
+int bnxt_mpc_timeout(struct bnxt *bp, struct bnxt_tx_ring_info *txr)
+{
+ if (txr->tx_ring_struct.queue_id == BNXT_MPC_QUEUE_ID)
+ return bnxt_mpc_ring_reset(bp, txr->txq_index);
+ return -EINVAL;
+}
+
static bool bnxt_mpc_unsolicit(struct mpc_cmp *mpcmp)
{
u32 client = MPC_CMP_CLIENT_TYPE(mpcmp);
@@ -504,6 +667,7 @@ int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons)
u16 cons = RING_CMP(*raw_cons);
struct mpc_cmp *mpcmp, *mpcmp1;
u32 tmp_raw_cons = *raw_cons;
+ unsigned long handle = 0;
u32 client, cmpl_num;
u8 type;
@@ -552,11 +716,15 @@ int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons)
goto cmp_done;
}
mpc_buf = &txr->tx_mpc_buf_ring[RING_TX(bp, tx_cons)];
- mpc_buf->handle = 0;
+ if (!READ_ONCE(txr->dev_state)) {
+ handle = mpc_buf->handle;
+ mpc_buf->handle = 0;
+ }
tx_cons += mpc_buf->inline_bds;
WRITE_ONCE(txr->tx_cons, tx_cons);
txr->tx_hw_cons = RING_TX(bp, tx_cons);
}
+ bnxt_crypto_mpc_cmp(bp, client, handle, cmpl_entry_arr, cmpl_num);
cmp_done:
*raw_cons = tmp_raw_cons;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index aa7f2666f0ca..b9a9fc771665 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -22,6 +22,8 @@ enum bnxt_mpc_type {
#define BNXT_DFLT_MPC_TCE BNXT_MAX_MPC
#define BNXT_DFLT_MPC_RCE BNXT_MAX_MPC
+#define BNXT_MPC_TMO_MSECS 1000
+
struct bnxt_mpc_info {
u8 mpc_chnls_cap;
u8 mpc_cp_rings;
@@ -106,6 +108,7 @@ void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path);
struct bnxt_tx_ring_info *bnxt_select_mpc_ring(struct bnxt *bp, int ring_type);
int bnxt_start_xmit_mpc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
void *data, unsigned int len, unsigned long handle);
+int bnxt_mpc_timeout(struct bnxt *bp, struct bnxt_tx_ring_info *txr);
int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
@@ -192,6 +195,12 @@ static inline int bnxt_start_xmit_mpc(struct bnxt *bp,
return -EOPNOTSUPP;
}
+static inline int bnxt_mpc_timeout(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr)
+{
+ return -EOPNOTSUPP;
+}
+
static inline int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
u32 *raw_cons)
{
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 10/15] bnxt_en: Add MPC transmit and completion functions
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Add transmit, ring selection, and completion functions for midpath rings.
These will be used to send control data to the crypto engines.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v3:
Use WRITE_ONCE() for TX prod/cons.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-11-michael.chan@broadcom.com/
Fix unused variable warnings
v1:
https://lore.kernel.org/netdev/20260504235836.3019499-11-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 +
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 157 ++++++++++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 65 ++++++++
4 files changed, 227 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 2eff4bf2ab43..63b23bb93727 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -3115,6 +3115,9 @@ static int __bnxt_poll_work(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
rx_pkts++;
else if (rc == -EBUSY) /* partial completion */
break;
+ } else if (cmp_type == CMP_TYPE_MPC_CMP) {
+ if (bnxt_mpc_cmp(bp, cpr, &raw_cons))
+ break;
} else if (unlikely(cmp_type == CMPL_BASE_TYPE_HWRM_DONE ||
cmp_type == CMPL_BASE_TYPE_HWRM_FWD_REQ ||
cmp_type == CMPL_BASE_TYPE_HWRM_ASYNC_EVENT)) {
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 1a334885c982..1258fa11c381 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -47,6 +47,7 @@ struct tx_bd {
__le32 tx_bd_len_flags_type;
#define TX_BD_TYPE (0x3f << 0)
#define TX_BD_TYPE_SHORT_TX_BD (0x00 << 0)
+ #define TX_BD_TYPE_MPC_TX_BD (0x08 << 0)
#define TX_BD_TYPE_LONG_TX_BD (0x10 << 0)
#define TX_BD_FLAGS_PACKET_END (1 << 6)
#define TX_BD_FLAGS_NO_CMPL (1 << 7)
@@ -160,6 +161,7 @@ struct tx_cmp {
#define CMP_TYPE_RX_TPA_AGG_CMP 22
#define CMP_TYPE_RX_L2_V3_CMP 23
#define CMP_TYPE_RX_L2_TPA_START_V3_CMP 25
+ #define CMP_TYPE_MPC_CMP 30
#define CMP_TYPE_STATUS_CMP 32
#define CMP_TYPE_REMOTE_DRIVER_REQ 34
#define CMP_TYPE_REMOTE_DRIVER_RESP 36
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index cd104b7ff1d7..30f4b3bf181b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -405,3 +405,160 @@ void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path)
}
}
}
+
+struct bnxt_tx_ring_info *bnxt_select_mpc_ring(struct bnxt *bp, int ring_type)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int n;
+
+ if (!mpc || ring_type >= BNXT_MPC_TYPE_MAX ||
+ !mpc->mpc_ring_count[ring_type])
+ return NULL;
+
+ n = raw_smp_processor_id() % mpc->mpc_ring_count[ring_type];
+ return &mpc->mpc_rings[ring_type][n];
+}
+
+/**
+ * bnxt_start_xmit_mpc - Transmit message on an MPC ring
+ * @bp: pointer to bnxt device
+ * @txr: MPC TX ring structure pointer
+ * @data: MPC message pointer
+ * @len: MPC message length
+ * @handle: Non-zero handle passed back for the completion
+ *
+ * This function is called to transmit an MPC message on an MPC TX ring.
+ * The caller must hold txr->tx_lock. When successful, the HW will return
+ * a completion and bnxt_crypto_mpc_cmp() will be called with the handle
+ * passed back.
+ *
+ * Return: zero on success, negative error code otherwise:
+ * ENODEV: MPC TX ring is shutting down.
+ * EBUSY: MPC TX ring is full
+ */
+int bnxt_start_xmit_mpc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ void *data, unsigned int len, unsigned long handle)
+{
+ u32 bds, total_bds, bd_space, free_size;
+ struct bnxt_sw_mpc_tx_bd *tx_buf;
+ struct tx_bd *txbd;
+ u16 prod;
+
+ if (READ_ONCE(txr->dev_state) == BNXT_DEV_STATE_CLOSING)
+ return -ENODEV;
+
+ bds = DIV_ROUND_UP(len, sizeof(*txbd));
+ total_bds = bds + 1;
+ free_size = bnxt_tx_avail(bp, txr);
+ if (free_size < total_bds)
+ return -EBUSY;
+
+ prod = txr->tx_prod;
+ txbd = &txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ tx_buf = &txr->tx_mpc_buf_ring[RING_TX(bp, prod)];
+ tx_buf->handle = handle;
+ tx_buf->inline_bds = total_bds;
+
+ txbd->tx_bd_len_flags_type =
+ cpu_to_le32((len << TX_BD_LEN_SHIFT) | TX_BD_TYPE_MPC_TX_BD |
+ TX_BD_CNT(total_bds));
+ txbd->tx_bd_opaque = SET_TX_OPAQUE(bp, txr, prod, total_bds);
+
+ prod = NEXT_TX(prod);
+ txbd = &txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ bd_space = TX_DESC_CNT - TX_IDX(prod);
+ if (bd_space < bds) {
+ unsigned int len0 = bd_space * sizeof(*txbd);
+
+ memcpy(txbd, data, len0);
+ prod += bd_space;
+ txbd = &txr->tx_desc_ring[TX_RING(bp, prod)][TX_IDX(prod)];
+ bds -= bd_space;
+ len -= len0;
+ data += len0;
+ }
+ memcpy(txbd, data, len);
+ prod += bds;
+ WRITE_ONCE(txr->tx_prod, prod);
+
+ /* Sync BD data before updating doorbell */
+ wmb();
+ bnxt_db_write(bp, &txr->tx_db, prod);
+
+ return 0;
+}
+
+static bool bnxt_mpc_unsolicit(struct mpc_cmp *mpcmp)
+{
+ u32 client = MPC_CMP_CLIENT_TYPE(mpcmp);
+
+ if (client != MPC_CMP_CLIENT_TCE && client != MPC_CMP_CLIENT_RCE)
+ return false;
+ return MPC_CMP_UNSOLICIT_SUBTYPE(mpcmp);
+}
+
+int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons)
+{
+ struct bnxt_cmpl_entry cmpl_entry_arr[2];
+ struct bnxt_napi *bnapi = cpr->bnapi;
+ u16 cons = RING_CMP(*raw_cons);
+ struct mpc_cmp *mpcmp, *mpcmp1;
+ u32 tmp_raw_cons = *raw_cons;
+ u32 client, cmpl_num;
+ u8 type;
+
+ mpcmp = (struct mpc_cmp *)
+ &cpr->cp_desc_ring[CP_RING(cons)][CP_IDX(cons)];
+ type = MPC_CMP_CMP_TYPE(mpcmp);
+ cmpl_entry_arr[0].cmpl = mpcmp;
+ cmpl_entry_arr[0].len = sizeof(*mpcmp);
+ cmpl_num = 1;
+ if (type == MPC_CMP_TYPE_MID_PATH_LONG) {
+ tmp_raw_cons = NEXT_RAW_CMP(tmp_raw_cons);
+ cons = RING_CMP(tmp_raw_cons);
+ mpcmp1 = (struct mpc_cmp *)
+ &cpr->cp_desc_ring[CP_RING(cons)][CP_IDX(cons)];
+
+ if (!MPC_CMP_VALID(bp, mpcmp1, tmp_raw_cons))
+ return -EBUSY;
+ /* The valid test of the entry must be done first before
+ * reading any further.
+ */
+ dma_rmb();
+ if (mpcmp1 == mpcmp + 1) {
+ cmpl_entry_arr[cmpl_num - 1].len += sizeof(*mpcmp1);
+ } else {
+ cmpl_entry_arr[cmpl_num].cmpl = mpcmp1;
+ cmpl_entry_arr[cmpl_num].len = sizeof(*mpcmp1);
+ cmpl_num++;
+ }
+ }
+ client = MPC_CMP_CLIENT_TYPE(mpcmp) >> MPC_CMP_CLIENT_SFT;
+ if (client >= BNXT_MPC_TYPE_MAX)
+ goto cmp_done;
+
+ if (!bnxt_mpc_unsolicit(mpcmp)) {
+ struct bnxt_sw_mpc_tx_bd *mpc_buf;
+ struct bnxt_tx_ring_info *txr;
+ u16 tx_cons;
+ u32 opaque;
+
+ opaque = mpcmp->mpc_cmp_opaque;
+ txr = bnapi->tx_mpc_ring[client];
+ tx_cons = txr->tx_cons;
+ if (TX_OPAQUE_RING(opaque) != txr->tx_napi_idx) {
+ netdev_warn(bp->dev, "Wrong opaque %x, expected ring %x, cons idx %x\n",
+ opaque, txr->tx_napi_idx, txr->tx_cons);
+ goto cmp_done;
+ }
+ mpc_buf = &txr->tx_mpc_buf_ring[RING_TX(bp, tx_cons)];
+ mpc_buf->handle = 0;
+ tx_cons += mpc_buf->inline_bds;
+ WRITE_ONCE(txr->tx_cons, tx_cons);
+ txr->tx_hw_cons = RING_TX(bp, tx_cons);
+ }
+
+cmp_done:
+ *raw_cons = tmp_raw_cons;
+ return 0;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index cdc03a074963..aa7f2666f0ca 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -30,11 +30,53 @@ struct bnxt_mpc_info {
};
struct bnxt_sw_mpc_tx_bd {
+ u8 inline_bds;
unsigned long handle;
};
#define SW_MPC_TXBD_RING_SIZE (sizeof(struct bnxt_sw_mpc_tx_bd) * TX_DESC_CNT)
+struct bnxt_cmpl_entry {
+ void *cmpl;
+ u32 len;
+};
+
+struct mpc_cmp {
+ __le32 mpc_cmp_client_subtype_type;
+ #define MPC_CMP_TYPE (0x3f << 0)
+ #define MPC_CMP_TYPE_MID_PATH_SHORT 0x1e
+ #define MPC_CMP_TYPE_MID_PATH_LONG 0x1f
+ #define MPC_CMP_SUBTYPE 0xf00
+ #define MPC_CMP_SUBTYPE_SFT 8
+ #define MPC_CMP_SUBTYPE_SOLICITED (0x0 << 8)
+ #define MPC_CMP_SUBTYPE_ERR (0x1 << 8)
+ #define MPC_CMP_SUBTYPE_RESYNC (0x2 << 8)
+ #define MPC_CMP_CLIENT (0xf << 12)
+ #define MPC_CMP_CLIENT_SFT 12
+ #define MPC_CMP_CLIENT_TCE (0x0 << 12)
+ #define MPC_CMP_CLIENT_RCE (0x1 << 12)
+ #define MPC_CMP_CLIENT_TE_CFA (0x2 << 12)
+ #define MPC_CMP_CLIENT_RE_CFA (0x3 << 12)
+ u32 mpc_cmp_opaque;
+ __le32 mpc_cmp_v;
+ #define MPC_CMP_V (1 << 0)
+ __le32 mpc_cmp_filler;
+};
+
+#define MPC_CMP_CMP_TYPE(mpcmp) \
+ (le32_to_cpu((mpcmp)->mpc_cmp_client_subtype_type) & MPC_CMP_TYPE)
+
+#define MPC_CMP_CLIENT_TYPE(mpcmp) \
+ (le32_to_cpu((mpcmp)->mpc_cmp_client_subtype_type) & MPC_CMP_CLIENT)
+
+#define MPC_CMP_UNSOLICIT_SUBTYPE(mpcmp) \
+ ((le32_to_cpu((mpcmp)->mpc_cmp_client_subtype_type) & \
+ MPC_CMP_SUBTYPE) != MPC_CMP_SUBTYPE_SOLICITED)
+
+#define MPC_CMP_VALID(bp, mpcmp, raw_cons) \
+ (!!((mpcmp)->mpc_cmp_v & cpu_to_le32(MPC_CMP_V)) == \
+ !((raw_cons) & (bp)->cp_bit))
+
#define BNXT_MPC_CRYPTO_CAP \
(FUNC_QCAPS_RESP_MPC_CHNLS_CAP_TCE | FUNC_QCAPS_RESP_MPC_CHNLS_CAP_RCE)
@@ -61,6 +103,10 @@ void bnxt_free_mpc_rings(struct bnxt *bp);
void bnxt_init_mpc_rings(struct bnxt *bp);
int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp);
void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path);
+struct bnxt_tx_ring_info *bnxt_select_mpc_ring(struct bnxt *bp, int ring_type);
+int bnxt_start_xmit_mpc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ void *data, unsigned int len, unsigned long handle);
+int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr, u32 *raw_cons);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -132,5 +178,24 @@ static inline int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp)
static inline void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path)
{
}
+
+static inline struct bnxt_tx_ring_info *bnxt_select_mpc_ring(struct bnxt *bp,
+ int ring_type)
+{
+ return NULL;
+}
+
+static inline int bnxt_start_xmit_mpc(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr, void *data,
+ unsigned int len, unsigned long handle)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline int bnxt_mpc_cmp(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
+ u32 *raw_cons)
+{
+ return 0;
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 09/15] bnxt_en: Add infrastructure for crypto key context IDs
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Each kTLS connection requires a crypto key context ID (KID). These KIDs
are allocated from the firmware in batches. Add data structure to store
these IDs. The bnxt_kid_info structure stores a batch of IDs and it can be
linked as we allocate more batches. There is a bitmap in the structure
to keep track of which ones are in use. Add APIs to allocate and free
these KIDs.
Once allocated, these KIDs are not freed during run-time. They are
re-used for new connections. FW reset or HWRM_FUNC_RESET will free
all KIDs. Call bnxt_clear_crypto() to clear all KIDs in the driver's
structures during these reset events.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v4:
Fix kernel doc for bnxt_free_one_kctx().
Add BNXT_NEXT_EPOCH() to mask the epoch value.
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-10-michael.chan@broadcom.com/
Use a larger (12-bit) epoch value for the keys.
Improve comments, kerneldoc, and dmesg.
Make sure bnxt_clear_crypto() is called during shutdown with the
BNXT_STATE_OPEN flag cleared.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-10-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 282 ++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 69 +++++
3 files changed, 361 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 38970fbcacc5..2eff4bf2ab43 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -12899,6 +12899,8 @@ static int bnxt_hwrm_if_change(struct bnxt *bp, bool up)
bnxt_ulp_irq_stop(bp);
bnxt_free_ctx_mem(bp, false);
bnxt_dcb_free(bp);
+ if (fw_reset || caps_change)
+ bnxt_clear_crypto(bp);
rc = bnxt_fw_init_one(bp);
if (rc) {
clear_bit(BNXT_STATE_FW_RESET_DET, &bp->state);
@@ -14636,6 +14638,7 @@ static void bnxt_fw_reset_close(struct bnxt *bp)
bnxt_hwrm_func_drv_unrgtr(bp);
if (pci_is_enabled(bp->pdev))
pci_disable_device(bp->pdev);
+ bnxt_clear_crypto(bp);
bnxt_free_ctx_mem(bp, false);
}
@@ -17286,6 +17289,12 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
rc = bnxt_dl_register(bp);
if (rc)
goto init_err_dl;
+ rc = bnxt_crypto_init(bp);
+ if (rc) {
+ bnxt_free_crypto_info(bp);
+ netdev_warn(bp->dev, "Failed to initialize crypto offload, err = %d\n",
+ rc);
+ }
INIT_LIST_HEAD(&bp->usr_fltr_list);
@@ -17512,6 +17521,7 @@ static pci_ers_result_t bnxt_io_error_detected(struct pci_dev *pdev,
if (pci_is_enabled(pdev))
pci_disable_device(pdev);
+ bnxt_clear_crypto(bp);
bnxt_free_ctx_mem(bp, false);
netdev_unlock(netdev);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index b2a96ac725ea..ac843c883d63 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -8,6 +8,7 @@
#include <linux/bnxt/hsi.h>
#include "bnxt.h"
+#include "bnxt_hwrm.h"
#include "bnxt_crypto.h"
static u32 bnxt_get_max_crypto_key_ctx(struct bnxt *bp, int key_type)
@@ -55,6 +56,10 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
kctx = &crypto->kctx[i];
kctx->type = i;
+ INIT_LIST_HEAD(&kctx->list);
+ spin_lock_init(&kctx->lock);
+ atomic_set(&kctx->alloc_pending, 0);
+ init_waitqueue_head(&kctx->alloc_pending_wq);
}
bp->crypto_info = crypto;
}
@@ -66,6 +71,43 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
bp->fw_cap |= BNXT_FW_CAP_KTLS;
}
+/**
+ * bnxt_clear_crypto - Clear all crypto key contexts
+ * @bp: pointer to bnxt device
+ *
+ * Clears all key context allocations during shutdown or firmware reset.
+ * Frees all key info structures and bitmaps, and increments the epoch
+ * counter to invalidate any outstanding key references.
+ *
+ * This function assumes serialization (called during shutdown) and does
+ * not use locking.
+ *
+ * Context: Process context during shutdown/reset
+ */
+void bnxt_clear_crypto(struct bnxt *bp)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_kid_info *kid, *tmp;
+ struct bnxt_kctx *kctx;
+ int i;
+
+ if (!crypto)
+ return;
+
+ /* Only called when shutting down or FW reset with BNXT_STATE_OPEN
+ * cleared, so no concurrent access. No protection needed.
+ */
+ for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
+ kctx = &crypto->kctx[i];
+ list_for_each_entry_safe(kid, tmp, &kctx->list, list) {
+ list_del(&kid->list);
+ kfree(kid);
+ }
+ kctx->total_alloc = 0;
+ kctx->epoch = BNXT_NEXT_EPOCH(kctx->epoch);
+ }
+}
+
/**
* bnxt_free_crypto_info - Free crypto offload resources
* @bp: pointer to bnxt device
@@ -77,6 +119,7 @@ void bnxt_alloc_crypto_info(struct bnxt *bp,
*/
void bnxt_free_crypto_info(struct bnxt *bp)
{
+ bnxt_clear_crypto(bp);
kfree(bp->crypto_info);
bp->crypto_info = NULL;
bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
@@ -113,3 +156,242 @@ void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
if (rx)
req->enables |= cpu_to_le32(FUNC_CFG_REQ_ENABLES_KTLS_RX_KEY_CTXS);
}
+
+static int bnxt_key_ctx_store(struct bnxt_kctx *kctx, __le32 *key_buf, u32 num,
+ bool contig, u8 kind, u32 *id)
+{
+ struct bnxt_kid_info *kid;
+ u32 i;
+
+ for (i = 0; i < num; ) {
+ kid = kzalloc_obj(*kid);
+ /* If we cannot store the IDs, they will be lost and only
+ * reclaimed by the FW during reset/reinit.
+ */
+ if (!kid)
+ return -ENOMEM;
+ kid->start_id = le32_to_cpu(key_buf[i]);
+ kid->type = kctx->type;
+ kid->kind = kind;
+ if (contig)
+ kid->count = num;
+ else
+ kid->count = 1;
+ bitmap_set(kid->ids, 0, kid->count);
+ if (id && !i) {
+ clear_bit(0, kid->ids);
+ *id = BNXT_SET_KID(kctx, kid->start_id);
+ }
+ spin_lock(&kctx->lock);
+ list_add_tail_rcu(&kid->list, &kctx->list);
+ WRITE_ONCE(kctx->total_alloc,
+ READ_ONCE(kctx->total_alloc) + kid->count);
+ spin_unlock(&kctx->lock);
+ i += kid->count;
+ }
+ return 0;
+}
+
+/* Note that the driver does not free the key contexts. They are freed
+ * by the FW during FLR and HWRM_FUNC_RESET.
+ */
+static int bnxt_hwrm_key_ctx_alloc(struct bnxt *bp, struct bnxt_kctx *kctx,
+ u8 kind, u32 num, u32 *id)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct hwrm_func_key_ctx_alloc_output *resp;
+ struct hwrm_func_key_ctx_alloc_input *req;
+ dma_addr_t mapping;
+ int pending_count;
+ __le32 *key_buf;
+ u32 num_alloc;
+ bool contig;
+ int rc;
+
+ num = min3(num, crypto->max_key_ctxs_alloc, (u32)BNXT_KID_BATCH_SIZE);
+ rc = hwrm_req_init(bp, req, HWRM_FUNC_KEY_CTX_ALLOC);
+ if (rc)
+ return rc;
+
+ key_buf = hwrm_req_dma_slice(bp, req, num * 4, &mapping);
+ if (!key_buf) {
+ rc = -ENOMEM;
+ goto key_alloc_exit;
+ }
+ req->dma_bufr_size_bytes = cpu_to_le32(num * 4);
+ req->host_dma_addr = cpu_to_le64(mapping);
+ resp = hwrm_req_hold(bp, req);
+
+ req->key_ctx_type = kctx->type;
+ req->num_key_ctxs = cpu_to_le16(num);
+
+ pending_count = atomic_inc_return(&kctx->alloc_pending);
+ rc = hwrm_req_send(bp, req);
+ atomic_dec(&kctx->alloc_pending);
+ if (rc)
+ goto key_alloc_exit_wake;
+
+ num_alloc = le16_to_cpu(resp->num_key_ctxs_allocated);
+ if (num_alloc > num) {
+ netdev_warn(bp->dev,
+ "FW allocated more type %d keys (%d) than requested (%d)\n",
+ kctx->type, num_alloc, num);
+ } else if (!num_alloc) {
+ netdev_warn(bp->dev,
+ "FW allocated 0 type %d keys\n", kctx->type);
+ rc = -ENOENT;
+ goto key_alloc_exit_wake;
+ } else {
+ num = num_alloc;
+ }
+ contig = resp->flags &
+ FUNC_KEY_CTX_ALLOC_RESP_FLAGS_KEY_CTXS_CONTIGUOUS;
+ rc = bnxt_key_ctx_store(kctx, key_buf, num, contig, kind, id);
+
+key_alloc_exit_wake:
+ if (pending_count >= BNXT_KCTX_ALLOC_PENDING_MAX)
+ wake_up_all(&kctx->alloc_pending_wq);
+key_alloc_exit:
+ hwrm_req_drop(bp, req);
+ return rc;
+}
+
+bool bnxt_kid_valid(struct bnxt_kctx *kctx, u32 id)
+{
+ struct bnxt_kid_info *kid;
+ bool valid = false;
+ u32 epoch;
+
+ epoch = BNXT_KID_EPOCH(id);
+ if (epoch != kctx->epoch)
+ return false;
+
+ id = BNXT_KID_HW(id);
+ rcu_read_lock();
+ list_for_each_entry_rcu(kid, &kctx->list, list) {
+ if (id >= kid->start_id && id < kid->start_id + kid->count) {
+ if (!test_bit(id - kid->start_id, kid->ids)) {
+ valid = true;
+ break;
+ }
+ }
+ }
+ rcu_read_unlock();
+ return valid;
+}
+
+static int bnxt_alloc_one_kctx(struct bnxt_kctx *kctx, u8 kind, u32 *id)
+{
+ struct bnxt_kid_info *kid;
+ int rc = -ENOMEM;
+
+ rcu_read_lock();
+ list_for_each_entry_rcu(kid, &kctx->list, list) {
+ u32 idx = 0;
+
+ if (kid->kind != kind)
+ continue;
+ do {
+ idx = find_next_bit(kid->ids, kid->count, idx);
+ if (idx >= kid->count)
+ break;
+ if (test_and_clear_bit(idx, kid->ids)) {
+ *id = BNXT_SET_KID(kctx, kid->start_id + idx);
+ rc = 0;
+ goto alloc_done;
+ }
+ } while (1);
+ }
+
+alloc_done:
+ rcu_read_unlock();
+ return rc;
+}
+
+/**
+ * bnxt_free_one_kctx - Free a key context for later re-use
+ * @kctx: pointer to bnxt_kctx key context structure
+ * @id: Key context ID
+ *
+ * This function is called to free a key context ID when the offload
+ * using the ID has successfully terminated or aborted. If the offload
+ * cannot be terminated, the caller should not call this function to free
+ * the ID. The ID will only be recycled by the FW during reset/reinit.
+ */
+void bnxt_free_one_kctx(struct bnxt_kctx *kctx, u32 id)
+{
+ struct bnxt_kid_info *kid;
+
+ id = BNXT_KID_HW(id);
+ rcu_read_lock();
+ list_for_each_entry_rcu(kid, &kctx->list, list) {
+ if (id >= kid->start_id && id < kid->start_id + kid->count) {
+ set_bit(id - kid->start_id, kid->ids);
+ break;
+ }
+ }
+ rcu_read_unlock();
+}
+
+#define BNXT_KCTX_ALLOC_RETRY_MAX 3
+
+int bnxt_key_ctx_alloc_one(struct bnxt *bp, struct bnxt_kctx *kctx, u8 kind,
+ u32 *id)
+{
+ int rc, retry = 0;
+
+ while (retry++ < BNXT_KCTX_ALLOC_RETRY_MAX) {
+ rc = bnxt_alloc_one_kctx(kctx, kind, id);
+ if (!rc)
+ return 0;
+
+ /* When approaching the max, multiple threads may proceed
+ * and exceed the max. Some may fail the serialized HWRM call
+ * later when the max is exceeded.
+ */
+ if ((READ_ONCE(kctx->total_alloc) + BNXT_KID_BATCH_SIZE) >
+ kctx->max_ctx)
+ return -ENOSPC;
+
+ if (!BNXT_KCTX_ALLOC_OK(kctx)) {
+ wait_event(kctx->alloc_pending_wq,
+ BNXT_KCTX_ALLOC_OK(kctx));
+ continue;
+ }
+ rc = bnxt_hwrm_key_ctx_alloc(bp, kctx, kind,
+ BNXT_KID_BATCH_SIZE, id);
+ if (!rc)
+ return 0;
+ }
+ return -EAGAIN;
+}
+
+int bnxt_crypto_init(struct bnxt *bp)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ struct bnxt_hw_crypto_resc *crypto_resc;
+ int rc;
+
+ if (!crypto || !BNXT_SUPPORTS_KTLS(bp))
+ return 0;
+
+ crypto_resc = &hw_resc->crypto_resc;
+ BNXT_TCK(crypto).max_ctx = crypto_resc->resv_tx_key_ctxs;
+ BNXT_RCK(crypto).max_ctx = crypto_resc->resv_rx_key_ctxs;
+
+ if (!BNXT_TCK(crypto).max_ctx || !BNXT_RCK(crypto).max_ctx)
+ return -ENODEV;
+
+ rc = bnxt_hwrm_key_ctx_alloc(bp, &BNXT_TCK(crypto), BNXT_CTX_KIND_CK_TX,
+ BNXT_KID_BATCH_SIZE, NULL);
+ if (rc)
+ return rc;
+
+ rc = bnxt_hwrm_key_ctx_alloc(bp, &BNXT_RCK(crypto), BNXT_CTX_KIND_CK_RX,
+ BNXT_KID_BATCH_SIZE, NULL);
+ if (rc)
+ return rc;
+
+ return 0;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
index e090491006db..0e632499b401 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -16,11 +16,46 @@ enum bnxt_crypto_type {
BNXT_MAX_CRYPTO_KEY_TYPE,
};
+#define BNXT_KID_BATCH_SIZE 128
+
+struct bnxt_kid_info {
+ struct list_head list;
+ u8 type;
+ u8 kind;
+ u32 start_id;
+ u32 count;
+ DECLARE_BITMAP(ids, BNXT_KID_BATCH_SIZE);
+};
+
struct bnxt_kctx {
+ struct list_head list;
+ /* to serialize update to the linked list and total_alloc */
+ spinlock_t lock;
u8 type;
+ u16 epoch;
+ u32 total_alloc;
u32 max_ctx;
+ atomic_t alloc_pending;
+#define BNXT_KCTX_ALLOC_PENDING_MAX 8
+ wait_queue_head_t alloc_pending_wq;
};
+#define BNXT_KID_HW_MASK 0x000fffff
+#define BNXT_KID_HW(kid) ((kid) & BNXT_KID_HW_MASK)
+#define BNXT_KID_EPOCH_MASK 0xfff00000
+#define BNXT_KID_EPOCH_SHIFT 20
+#define BNXT_KID_EPOCH(kid) (((kid) & BNXT_KID_EPOCH_MASK) >> \
+ BNXT_KID_EPOCH_SHIFT)
+
+#define BNXT_NEXT_EPOCH(epoch) \
+ (((epoch) + 1) & (BNXT_KID_EPOCH_MASK >> BNXT_KID_EPOCH_SHIFT))
+
+#define BNXT_SET_KID(kctx, kid) \
+ ((kid) | ((u32)(kctx)->epoch << BNXT_KID_EPOCH_SHIFT))
+
+#define BNXT_KCTX_ALLOC_OK(kctx) \
+ (atomic_read(&((kctx)->alloc_pending)) < BNXT_KCTX_ALLOC_PENDING_MAX)
+
struct bnxt_crypto_info {
u16 max_key_ctxs_alloc;
@@ -30,18 +65,31 @@ struct bnxt_crypto_info {
#define BNXT_TCK(crypto) ((crypto)->kctx[BNXT_TX_CRYPTO_KEY_TYPE])
#define BNXT_RCK(crypto) ((crypto)->kctx[BNXT_RX_CRYPTO_KEY_TYPE])
+#define BNXT_CTX_KIND_CK_TX 0x11
+#define BNXT_CTX_KIND_CK_RX 0x12
+
#ifdef CONFIG_BNXT_TLS
void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp);
+void bnxt_clear_crypto(struct bnxt *bp);
void bnxt_free_crypto_info(struct bnxt *bp);
void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
struct hwrm_func_cfg_input *req);
+bool bnxt_kid_valid(struct bnxt_kctx *kctx, u32 id);
+void bnxt_free_one_kctx(struct bnxt_kctx *kctx, u32 id);
+int bnxt_key_ctx_alloc_one(struct bnxt *bp, struct bnxt_kctx *kctx, u8 kind,
+ u32 *id);
+int bnxt_crypto_init(struct bnxt *bp);
#else
static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp)
{
}
+static inline void bnxt_clear_crypto(struct bnxt *bp)
+{
+}
+
static inline void bnxt_free_crypto_info(struct bnxt *bp)
{
}
@@ -50,5 +98,26 @@ static inline void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
struct hwrm_func_cfg_input *req)
{
}
+
+static inline bool bnxt_kid_valid(struct bnxt_kctx *kctx, u32 id)
+{
+ return false;
+}
+
+static inline void bnxt_free_one_kctx(struct bnxt_kctx *kctx, u32 id)
+{
+}
+
+static inline int bnxt_key_ctx_alloc_one(struct bnxt *bp,
+ struct bnxt_kctx *kctx, u8 kind,
+ u32 *id)
+{
+ return -EOPNOTSUPP;
+}
+
+static inline int bnxt_crypto_init(struct bnxt *bp)
+{
+ return 0;
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_CRYPTO_H */
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 08/15] bnxt_en: Reserve crypto RX and TX key contexts on a PF
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
If kTLS crypto offload is supported, reserve RX and TX key contexts.
These keys will later be allocated during run-time to support offloading
TX and RX kTLS connections.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v3:
Add missing ASSETS_TEST flag when checking reserved crypto keys.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-9-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 22 +++++++++++--
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 11 +++++++
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 32 +++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 7 ++++
4 files changed, 70 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index d1b546301742..38970fbcacc5 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7791,6 +7791,7 @@ static int bnxt_trim_rings(struct bnxt *bp, int *rx, int *tx, int max,
static int bnxt_hwrm_get_rings(struct bnxt *bp)
{
struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ struct bnxt_hw_crypto_resc *crypto_resc;
struct hwrm_func_qcfg_output *resp;
struct hwrm_func_qcfg_input *req;
int rc;
@@ -7851,6 +7852,10 @@ static int bnxt_hwrm_get_rings(struct bnxt *bp)
}
hw_resc->resv_cp_rings = cp;
hw_resc->resv_stat_ctxs = stats;
+
+ crypto_resc = &hw_resc->crypto_resc;
+ crypto_resc->resv_tx_key_ctxs = le32_to_cpu(resp->num_ktls_tx_key_ctxs);
+ crypto_resc->resv_rx_key_ctxs = le32_to_cpu(resp->num_ktls_rx_key_ctxs);
}
get_rings_exit:
hwrm_req_drop(bp, req);
@@ -7921,8 +7926,9 @@ __bnxt_hwrm_reserve_pf_rings(struct bnxt *bp, struct bnxt_hw_rings *hwr)
}
req->num_stat_ctxs = cpu_to_le16(hwr->stat);
req->num_vnics = cpu_to_le16(hwr->vnic);
+ bnxt_hwrm_reserve_pf_key_ctxs(bp, req);
}
- req->enables = cpu_to_le32(enables);
+ req->enables |= cpu_to_le32(enables);
return req;
}
@@ -8324,7 +8330,7 @@ static int bnxt_hwrm_check_vf_rings(struct bnxt *bp, struct bnxt_hw_rings *hwr)
static int bnxt_hwrm_check_pf_rings(struct bnxt *bp, struct bnxt_hw_rings *hwr)
{
struct hwrm_func_cfg_input *req;
- u32 flags;
+ u32 flags, flags2 = 0;
req = __bnxt_hwrm_reserve_pf_rings(bp, hwr);
flags = FUNC_CFG_REQ_FLAGS_TX_ASSETS_TEST;
@@ -8338,9 +8344,14 @@ static int bnxt_hwrm_check_pf_rings(struct bnxt *bp, struct bnxt_hw_rings *hwr)
FUNC_CFG_REQ_FLAGS_NQ_ASSETS_TEST;
else
flags |= FUNC_CFG_REQ_FLAGS_RING_GRP_ASSETS_TEST;
+ if (req->enables &
+ cpu_to_le32(FUNC_CFG_REQ_ENABLES_KTLS_TX_KEY_CTXS |
+ FUNC_CFG_REQ_ENABLES_KTLS_RX_KEY_CTXS))
+ flags2 |= FUNC_CFG_REQ_FLAGS2_KTLS_KEY_CTX_ASSETS_TEST;
}
req->flags = cpu_to_le32(flags);
+ req->flags2 = cpu_to_le32(flags2);
return hwrm_req_send_silent(bp, req);
}
@@ -9754,6 +9765,7 @@ int bnxt_hwrm_func_resc_qcaps(struct bnxt *bp, bool all)
struct hwrm_func_resource_qcaps_output *resp;
struct hwrm_func_resource_qcaps_input *req;
struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ struct bnxt_hw_crypto_resc *crypto_resc;
int rc;
rc = hwrm_req_init(bp, req, HWRM_FUNC_RESOURCE_QCAPS);
@@ -9791,6 +9803,12 @@ int bnxt_hwrm_func_resc_qcaps(struct bnxt *bp, bool all)
hw_resc->max_vnics * BNXT_LARGE_RSS_TO_VNIC_RATIO)
bp->rss_cap |= BNXT_RSS_CAP_LARGE_RSS_CTX;
+ crypto_resc = &hw_resc->crypto_resc;
+ crypto_resc->min_tx_key_ctxs = le32_to_cpu(resp->min_ktls_tx_key_ctxs);
+ crypto_resc->max_tx_key_ctxs = le32_to_cpu(resp->max_ktls_tx_key_ctxs);
+ crypto_resc->min_rx_key_ctxs = le32_to_cpu(resp->min_ktls_rx_key_ctxs);
+ crypto_resc->max_rx_key_ctxs = le32_to_cpu(resp->max_ktls_rx_key_ctxs);
+
if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS) {
u16 max_msix = le16_to_cpu(resp->max_msix);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 501f8379427a..1a334885c982 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1363,6 +1363,15 @@ struct bnxt_hw_rings {
int rss_ctx;
};
+struct bnxt_hw_crypto_resc {
+ u32 min_tx_key_ctxs;
+ u32 max_tx_key_ctxs;
+ u32 resv_tx_key_ctxs;
+ u32 min_rx_key_ctxs;
+ u32 max_rx_key_ctxs;
+ u32 resv_rx_key_ctxs;
+};
+
struct bnxt_hw_resc {
u16 min_rsscos_ctxs;
u16 max_rsscos_ctxs;
@@ -1397,6 +1406,8 @@ struct bnxt_hw_resc {
u32 max_tx_wm_flows;
u32 max_rx_em_flows;
u32 max_rx_wm_flows;
+
+ struct bnxt_hw_crypto_resc crypto_resc;
};
#define BNXT_LARGE_RSS_TO_VNIC_RATIO 7
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
index 5bc31ee8d7fd..b2a96ac725ea 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -81,3 +81,35 @@ void bnxt_free_crypto_info(struct bnxt *bp)
bp->crypto_info = NULL;
bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
}
+
+/**
+ * bnxt_hwrm_reserve_pf_key_ctxs - Reserve key contexts with firmware
+ * @bp: pointer to bnxt device
+ * @req: pointer to HWRM function config request
+ *
+ * Populates the firmware request with key context reservation parameters
+ * for crypto offload based on current max settings and capabilities.
+ *
+ * Context: Process context during device configuration
+ */
+void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
+ struct hwrm_func_cfg_input *req)
+{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ struct bnxt_hw_crypto_resc *crypto_resc;
+ u32 tx, rx;
+
+ if (!crypto || !BNXT_SUPPORTS_KTLS(bp))
+ return;
+
+ crypto_resc = &hw_resc->crypto_resc;
+ tx = min(BNXT_TCK(crypto).max_ctx, crypto_resc->max_tx_key_ctxs);
+ rx = min(BNXT_RCK(crypto).max_ctx, crypto_resc->max_rx_key_ctxs);
+ req->num_ktls_tx_key_ctxs = cpu_to_le32(tx);
+ req->num_ktls_rx_key_ctxs = cpu_to_le32(rx);
+ if (tx)
+ req->enables |= cpu_to_le32(FUNC_CFG_REQ_ENABLES_KTLS_TX_KEY_CTXS);
+ if (rx)
+ req->enables |= cpu_to_le32(FUNC_CFG_REQ_ENABLES_KTLS_RX_KEY_CTXS);
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
index 629388fe1e6d..e090491006db 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -34,6 +34,8 @@ struct bnxt_crypto_info {
void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp);
void bnxt_free_crypto_info(struct bnxt *bp);
+void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
+ struct hwrm_func_cfg_input *req);
#else
static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
struct hwrm_func_qcaps_output *resp)
@@ -43,5 +45,10 @@ static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
static inline void bnxt_free_crypto_info(struct bnxt *bp)
{
}
+
+static inline void bnxt_hwrm_reserve_pf_key_ctxs(struct bnxt *bp,
+ struct hwrm_func_cfg_input *req)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_CRYPTO_H */
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 07/15] bnxt_en: Allocate crypto structure and backing store
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
If the chip and firmware support crypto (TLS) offload, allocate a
bp->crypto_info software structure and backing store to support the RX
and TX contexts. Each offloaded TLS connection requires a backing
store context for each direction.
bp->crypto_info will stay persistent even if kTLS is no longer
supported after a FW reset. This makes it easier to avoid NULL
dereference of bp->crypto_info during FW reset and kTLS offload
race conditions.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v4:
Clear BNXT_FW_CAP_KTLS in bnxt_free_cryto_info()
v3:
https://lore.kernel.org/netdev/20260614072407.2761092-8-michael.chan@broadcom.com/
bp->crypto_info and bp->ktls_info now stay persistent for the driver's
lifetime. max keys are refreshed after re-init.
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-8-michael.chan@broadcom.
com/
---
drivers/net/ethernet/broadcom/bnxt/Makefile | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 21 +++++
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 4 +
.../net/ethernet/broadcom/bnxt/bnxt_crypto.c | 83 +++++++++++++++++++
.../net/ethernet/broadcom/bnxt/bnxt_crypto.h | 47 +++++++++++
include/linux/bnxt/hsi.h | 37 +++++++++
6 files changed, 193 insertions(+), 1 deletion(-)
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
diff --git a/drivers/net/ethernet/broadcom/bnxt/Makefile b/drivers/net/ethernet/broadcom/bnxt/Makefile
index 0506574c007a..3acdb81fa958 100644
--- a/drivers/net/ethernet/broadcom/bnxt/Makefile
+++ b/drivers/net/ethernet/broadcom/bnxt/Makefile
@@ -5,4 +5,4 @@ bnxt_en-y := bnxt.o bnxt_hwrm.o bnxt_sriov.o bnxt_ethtool.o bnxt_dcb.o bnxt_ulp.
bnxt_en-$(CONFIG_BNXT_FLOWER_OFFLOAD) += bnxt_tc.o
bnxt_en-$(CONFIG_DEBUG_FS) += bnxt_debugfs.o
bnxt_en-$(CONFIG_BNXT_HWMON) += bnxt_hwmon.o
-bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o
+bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o bnxt_crypto.o
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 67a8b2729cc3..d1b546301742 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -77,6 +77,7 @@
#include "bnxt_gso.h"
#include <net/tso.h>
#include "bnxt_mpc.h"
+#include "bnxt_crypto.h"
#define BNXT_TX_TIMEOUT (5 * HZ)
#define BNXT_DEF_MSG_ENABLE (NETIF_MSG_DRV | NETIF_MSG_HW | \
@@ -9376,6 +9377,7 @@ static int bnxt_hwrm_func_backing_store_cfg_v2(struct bnxt *bp,
static int bnxt_backing_store_cfg_v2(struct bnxt *bp)
{
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
struct bnxt_mpc_info *mpc = bp->mpc_info;
struct bnxt_ctx_mem_info *ctx = bp->ctx;
struct bnxt_ctx_mem_type *ctxm;
@@ -9383,6 +9385,19 @@ static int bnxt_backing_store_cfg_v2(struct bnxt *bp)
int rc = 0;
u16 type;
+ if (BNXT_SUPPORTS_KTLS(bp)) {
+ ctxm = &ctx->ctx_arr[BNXT_CTX_TCK];
+ rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm,
+ BNXT_TCK(crypto).max_ctx, 1);
+ if (rc)
+ return rc;
+ ctxm = &ctx->ctx_arr[BNXT_CTX_RCK];
+ rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm,
+ BNXT_RCK(crypto).max_ctx, 1);
+ if (rc)
+ return rc;
+ last_type = BNXT_CTX_RCK;
+ }
if (mpc && mpc->mpc_chnls_cap) {
ctxm = &ctx->ctx_arr[BNXT_CTX_MTQM];
rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm, ctxm->max_entries, 1);
@@ -9925,6 +9940,10 @@ static int __bnxt_hwrm_func_qcaps(struct bnxt *bp)
bp->fw_cap |= BNXT_FW_CAP_BACKING_STORE_V2;
if (flags_ext & FUNC_QCAPS_RESP_FLAGS_EXT_TX_COAL_CMPL_CAP)
bp->flags |= BNXT_FLAG_TX_COAL_CMPL;
+ if (flags_ext & FUNC_QCAPS_RESP_FLAGS_EXT_KTLS_SUPPORTED)
+ bnxt_alloc_crypto_info(bp, resp);
+ else
+ bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
flags_ext2 = le32_to_cpu(resp->flags_ext2);
if (flags_ext2 & FUNC_QCAPS_RESP_FLAGS_EXT2_RX_ALL_PKTS_TIMESTAMPS_SUPPORTED)
@@ -16611,6 +16630,7 @@ static void bnxt_remove_one(struct pci_dev *pdev)
bp->ptp_cfg = NULL;
kfree(bp->fw_health);
bp->fw_health = NULL;
+ bnxt_free_crypto_info(bp);
bnxt_free_mpc_info(bp);
bnxt_cleanup_pci(bp);
bnxt_free_ctx_mem(bp, true);
@@ -17290,6 +17310,7 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
bnxt_ethtool_free(bp);
kfree(bp->fw_health);
bp->fw_health = NULL;
+ bnxt_free_crypto_info(bp);
bnxt_free_mpc_info(bp);
bnxt_cleanup_pci(bp);
bnxt_free_ctx_mem(bp, true);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index e7e2657d58b9..501f8379427a 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2461,6 +2461,7 @@ struct bnxt {
u8 tph_mode;
struct bnxt_mpc_info *mpc_info;
+ struct bnxt_crypto_info *crypto_info;
unsigned int current_interval;
#define BNXT_TIMER_INTERVAL HZ
@@ -2548,6 +2549,7 @@ struct bnxt {
#define BNXT_FW_CAP_NPAR_1_2 BIT_ULL(42)
#define BNXT_FW_CAP_MIRROR_ON_ROCE BIT_ULL(43)
#define BNXT_FW_CAP_PTP_PTM BIT_ULL(44)
+ #define BNXT_FW_CAP_KTLS BIT_ULL(45)
u32 fw_dbg_cap;
@@ -2573,6 +2575,8 @@ struct bnxt {
((bp)->fw_cap & BNXT_FW_CAP_SW_MAX_RESOURCE_LIMITS)
#define BNXT_MIRROR_ON_ROCE_CAP(bp) \
((bp)->fw_cap & BNXT_FW_CAP_MIRROR_ON_ROCE)
+#define BNXT_SUPPORTS_KTLS(bp) \
+ ((bp)->fw_cap & BNXT_FW_CAP_KTLS)
u32 hwrm_spec_code;
u16 hwrm_cmd_seq;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
new file mode 100644
index 000000000000..5bc31ee8d7fd
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.c
@@ -0,0 +1,83 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#include <linux/stddef.h>
+#include <linux/types.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/bnxt/hsi.h>
+
+#include "bnxt.h"
+#include "bnxt_crypto.h"
+
+static u32 bnxt_get_max_crypto_key_ctx(struct bnxt *bp, int key_type)
+{
+ u32 fw_maj = BNXT_FW_MAJ(bp);
+
+ if (key_type == BNXT_TX_CRYPTO_KEY_TYPE)
+ return (fw_maj < 233) ? BNXT_MAX_TX_CRYPTO_KEYS_PRE_233FW :
+ BNXT_MAX_TX_CRYPTO_KEYS;
+
+ return (fw_maj < 233) ? BNXT_MAX_RX_CRYPTO_KEYS_PRE_233FW :
+ BNXT_MAX_RX_CRYPTO_KEYS;
+}
+
+/**
+ * bnxt_alloc_crypto_info - Allocate and initialize crypto offload context
+ * @bp: pointer to bnxt device
+ * @resp: pointer to firmware capability response
+ *
+ * Allocates the main crypto info structure
+ *
+ * This function is called during device initialization when firmware
+ * reports crypto offload capability. If allocation fails, crypto offload
+ * will not be available but the device will still function.
+ *
+ * Context: Process context
+ */
+void bnxt_alloc_crypto_info(struct bnxt *bp,
+ struct hwrm_func_qcaps_output *resp)
+{
+ u16 max_keys = le16_to_cpu(resp->max_key_ctxs_alloc);
+ struct bnxt_crypto_info *crypto = bp->crypto_info;
+ struct bnxt_kctx *kctx;
+ int i;
+
+ if (BNXT_VF(bp))
+ return;
+ if (!crypto) {
+ crypto = kzalloc_obj(*crypto);
+ if (!crypto) {
+ netdev_warn(bp->dev,
+ "Unable to allocate crypto info\n");
+ return;
+ }
+ for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
+ kctx = &crypto->kctx[i];
+ kctx->type = i;
+ }
+ bp->crypto_info = crypto;
+ }
+ for (i = 0; i < BNXT_MAX_CRYPTO_KEY_TYPE; i++) {
+ kctx = &crypto->kctx[i];
+ kctx->max_ctx = bnxt_get_max_crypto_key_ctx(bp, i);
+ }
+ crypto->max_key_ctxs_alloc = max_keys;
+ bp->fw_cap |= BNXT_FW_CAP_KTLS;
+}
+
+/**
+ * bnxt_free_crypto_info - Free crypto offload resources
+ * @bp: pointer to bnxt device
+ *
+ * Frees all resources associated with crypto offload. Call this function
+ * only when it is idle with nothing in-flight.
+ *
+ * Context: Process context during device shutdown/removal
+ */
+void bnxt_free_crypto_info(struct bnxt *bp)
+{
+ kfree(bp->crypto_info);
+ bp->crypto_info = NULL;
+ bp->fw_cap &= ~BNXT_FW_CAP_KTLS;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
new file mode 100644
index 000000000000..629388fe1e6d
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_crypto.h
@@ -0,0 +1,47 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#ifndef BNXT_CRYPTO_H
+#define BNXT_CRYPTO_H
+
+#define BNXT_MAX_TX_CRYPTO_KEYS 204800
+#define BNXT_MAX_RX_CRYPTO_KEYS 204800
+
+#define BNXT_MAX_TX_CRYPTO_KEYS_PRE_233FW 65535
+#define BNXT_MAX_RX_CRYPTO_KEYS_PRE_233FW 65535
+
+enum bnxt_crypto_type {
+ BNXT_TX_CRYPTO_KEY_TYPE = FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_TX,
+ BNXT_RX_CRYPTO_KEY_TYPE = FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_RX,
+ BNXT_MAX_CRYPTO_KEY_TYPE,
+};
+
+struct bnxt_kctx {
+ u8 type;
+ u32 max_ctx;
+};
+
+struct bnxt_crypto_info {
+ u16 max_key_ctxs_alloc;
+
+ struct bnxt_kctx kctx[BNXT_MAX_CRYPTO_KEY_TYPE];
+};
+
+#define BNXT_TCK(crypto) ((crypto)->kctx[BNXT_TX_CRYPTO_KEY_TYPE])
+#define BNXT_RCK(crypto) ((crypto)->kctx[BNXT_RX_CRYPTO_KEY_TYPE])
+
+#ifdef CONFIG_BNXT_TLS
+void bnxt_alloc_crypto_info(struct bnxt *bp,
+ struct hwrm_func_qcaps_output *resp);
+void bnxt_free_crypto_info(struct bnxt *bp);
+#else
+static inline void bnxt_alloc_crypto_info(struct bnxt *bp,
+ struct hwrm_func_qcaps_output *resp)
+{
+}
+
+static inline void bnxt_free_crypto_info(struct bnxt *bp)
+{
+}
+#endif /* CONFIG_BNXT_TLS */
+#endif /* BNXT_CRYPTO_H */
diff --git a/include/linux/bnxt/hsi.h b/include/linux/bnxt/hsi.h
index 74a6bf278d88..03444b81beb0 100644
--- a/include/linux/bnxt/hsi.h
+++ b/include/linux/bnxt/hsi.h
@@ -3837,6 +3837,43 @@ struct hwrm_func_ptp_ext_qcfg_output {
u8 valid;
};
+/* hwrm_func_key_ctx_alloc_input (size:384b/48B) */
+struct hwrm_func_key_ctx_alloc_input {
+ __le16 req_type;
+ __le16 cmpl_ring;
+ __le16 seq_id;
+ __le16 target_id;
+ __le64 resp_addr;
+ __le16 fid;
+ __le16 num_key_ctxs;
+ __le32 dma_bufr_size_bytes;
+ u8 key_ctx_type;
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_TX 0x0UL
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_RX 0x1UL
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_QUIC_TX 0x2UL
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_QUIC_RX 0x3UL
+ #define FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_LAST FUNC_KEY_CTX_ALLOC_REQ_KEY_CTX_TYPE_QUIC_RX
+ u8 unused_0[7];
+ __le64 host_dma_addr;
+ __le32 partition_start_xid;
+ u8 unused_1[4];
+};
+
+/* hwrm_func_key_ctx_alloc_output (size:192b/24B) */
+struct hwrm_func_key_ctx_alloc_output {
+ __le16 error_code;
+ __le16 req_type;
+ __le16 seq_id;
+ __le16 resp_len;
+ __le16 num_key_ctxs_allocated;
+ u8 flags;
+ #define FUNC_KEY_CTX_ALLOC_RESP_FLAGS_KEY_CTXS_CONTIGUOUS 0x1UL
+ u8 unused_0;
+ __le32 partition_start_xid;
+ u8 unused_1[7];
+ u8 valid;
+};
+
/* hwrm_func_backing_store_cfg_v2_input (size:512b/64B) */
struct hwrm_func_backing_store_cfg_v2_input {
__le16 req_type;
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 06/15] bnxt_en: Allocate and free MPC channels from firmware
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Allocate and free the reserved MPC TX rings and completion rings from
firmware. MPC backing store memory also needs to be configured in
order to successfully allocate the MPC TX rings.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 30 ++++--
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 6 ++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 92 +++++++++++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 16 ++++
4 files changed, 135 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 228fe7aa4907..67a8b2729cc3 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7479,8 +7479,7 @@ static int bnxt_hwrm_rx_agg_ring_alloc(struct bnxt *bp,
return 0;
}
-static int bnxt_hwrm_cp_ring_alloc_p5(struct bnxt *bp,
- struct bnxt_cp_ring_info *cpr)
+int bnxt_hwrm_cp_ring_alloc_p5(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
{
const u32 type = HWRM_RING_ALLOC_CMPL;
struct bnxt_napi *bnapi = cpr->bnapi;
@@ -7498,8 +7497,8 @@ static int bnxt_hwrm_cp_ring_alloc_p5(struct bnxt *bp,
return 0;
}
-static int bnxt_hwrm_tx_ring_alloc(struct bnxt *bp,
- struct bnxt_tx_ring_info *txr, u32 tx_idx)
+int bnxt_hwrm_tx_ring_alloc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ u32 tx_idx)
{
struct bnxt_ring_struct *ring = &txr->tx_ring_struct;
const u32 type = HWRM_RING_ALLOC_TX;
@@ -7584,6 +7583,9 @@ static int bnxt_hwrm_ring_alloc(struct bnxt *bp)
goto err_out;
}
}
+
+ rc = bnxt_hwrm_mpc_ring_alloc(bp);
+
err_out:
return rc;
}
@@ -7641,9 +7643,8 @@ static int hwrm_ring_free_send_msg(struct bnxt *bp,
return 0;
}
-static void bnxt_hwrm_tx_ring_free(struct bnxt *bp,
- struct bnxt_tx_ring_info *txr,
- bool close_path)
+void bnxt_hwrm_tx_ring_free(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ bool close_path)
{
struct bnxt_ring_struct *ring = &txr->tx_ring_struct;
u32 cmpl_ring_id;
@@ -7702,8 +7703,7 @@ static void bnxt_hwrm_rx_agg_ring_free(struct bnxt *bp,
bp->grp_info[grp_idx].agg_fw_ring_id = INVALID_HW_RING_ID;
}
-static void bnxt_hwrm_cp_ring_free(struct bnxt *bp,
- struct bnxt_cp_ring_info *cpr)
+void bnxt_hwrm_cp_ring_free(struct bnxt *bp, struct bnxt_cp_ring_info *cpr)
{
struct bnxt_ring_struct *ring;
@@ -7737,6 +7737,8 @@ static void bnxt_hwrm_ring_free(struct bnxt *bp, bool close_path)
if (!bp->bnapi)
return;
+ bnxt_hwrm_mpc_ring_free(bp, close_path);
+
for (i = 0; i < bp->tx_nr_rings; i++)
bnxt_hwrm_tx_ring_free(bp, &bp->tx_ring[i], close_path);
@@ -9374,12 +9376,21 @@ static int bnxt_hwrm_func_backing_store_cfg_v2(struct bnxt *bp,
static int bnxt_backing_store_cfg_v2(struct bnxt *bp)
{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
struct bnxt_ctx_mem_info *ctx = bp->ctx;
struct bnxt_ctx_mem_type *ctxm;
u16 last_type = BNXT_CTX_INV;
int rc = 0;
u16 type;
+ if (mpc && mpc->mpc_chnls_cap) {
+ ctxm = &ctx->ctx_arr[BNXT_CTX_MTQM];
+ rc = bnxt_setup_ctxm_pg_tbls(bp, ctxm, ctxm->max_entries, 1);
+ if (rc)
+ return rc;
+ last_type = BNXT_CTX_MTQM;
+ }
+
for (type = BNXT_CTX_SRT; type <= BNXT_CTX_QPC; type++) {
ctxm = &ctx->ctx_arr[type];
if (!bnxt_bs_trace_avail(bp, type))
@@ -11369,6 +11380,7 @@ static int bnxt_init_nic(struct bnxt *bp, bool irq_re_init)
bnxt_init_cp_rings(bp);
bnxt_init_rx_rings(bp);
bnxt_init_tx_rings(bp);
+ bnxt_init_mpc_rings(bp);
bnxt_init_ring_grps(bp, irq_re_init);
bnxt_init_vnics(bp);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 5119977f661b..e7e2657d58b9 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -3002,6 +3002,12 @@ int bnxt_hwrm_vnic_cfg(struct bnxt *bp, struct bnxt_vnic_info *vnic);
int bnxt_hwrm_vnic_alloc(struct bnxt *bp, struct bnxt_vnic_info *vnic,
unsigned int start_rx_ring_idx,
unsigned int nr_rings);
+int bnxt_hwrm_cp_ring_alloc_p5(struct bnxt *bp, struct bnxt_cp_ring_info *cpr);
+int bnxt_hwrm_tx_ring_alloc(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ u32 tx_idx);
+void bnxt_hwrm_tx_ring_free(struct bnxt *bp, struct bnxt_tx_ring_info *txr,
+ bool close_path);
+void bnxt_hwrm_cp_ring_free(struct bnxt *bp, struct bnxt_cp_ring_info *cpr);
int bnxt_total_tx_rings(struct bnxt *bp);
int __bnxt_hwrm_get_tx_rings(struct bnxt *bp, u16 fid, int *tx_rings);
int bnxt_nq_rings_in_use(struct bnxt *bp);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index 7bf686459170..cd104b7ff1d7 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -313,3 +313,95 @@ void bnxt_free_mpc_rings(struct bnxt *bp)
}
}
}
+
+void bnxt_init_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+ struct bnxt_ring_struct *ring = &txr->tx_ring_struct;
+
+ txr->tx_prod = 0;
+ txr->tx_cons = 0;
+ txr->tx_hw_cons = 0;
+ ring->fw_ring_id = INVALID_HW_RING_ID;
+ }
+ }
+}
+
+static int bnxt_hwrm_one_mpc_ring_alloc(struct bnxt *bp,
+ struct bnxt_tx_ring_info *txr)
+{
+ struct bnxt_cp_ring_info *cpr = txr->tx_cpr;
+ struct bnxt_ring_struct *ring;
+ int rc;
+
+ ring = &cpr->cp_ring_struct;
+ if (ring->fw_ring_id == INVALID_HW_RING_ID) {
+ rc = bnxt_hwrm_cp_ring_alloc_p5(bp, cpr);
+ if (rc)
+ return rc;
+ }
+ /* tx_idx not used on P5_PLUS, so set it to 0 */
+ return bnxt_hwrm_tx_ring_alloc(bp, txr, 0);
+}
+
+int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j, rc = 0;
+
+ if (!mpc)
+ return 0;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+
+ rc = bnxt_hwrm_one_mpc_ring_alloc(bp, txr);
+ if (rc)
+ goto mpc_ring_alloc_exit;
+ }
+ }
+mpc_ring_alloc_exit:
+ if (rc)
+ bnxt_hwrm_mpc_ring_free(bp, false);
+ return rc;
+}
+
+void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ struct bnxt_cp_ring_info *cpr;
+ int i, j;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ for (j = 0; j < mpc->mpc_ring_count[i]; j++)
+ bnxt_hwrm_tx_ring_free(bp, &mpc->mpc_rings[i][j],
+ close_path);
+ }
+ /* CP rings must be freed at the end to guarantee that the HWRM_DONE
+ * responses for HWRM_RING_FREE can still be seen on the CP rings.
+ */
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ for (j = 0; j < mpc->mpc_ring_count[i]; j++) {
+ cpr = mpc->mpc_rings[i][j].tx_cpr;
+ if (cpr && cpr->cp_ring_struct.fw_ring_id !=
+ INVALID_HW_RING_ID)
+ bnxt_hwrm_cp_ring_free(bp, cpr);
+ }
+ }
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index b54daf4ddd2f..cdc03a074963 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -58,6 +58,9 @@ int bnxt_alloc_mpcs(struct bnxt *bp);
void bnxt_free_mpcs(struct bnxt *bp);
int bnxt_alloc_mpc_rings(struct bnxt *bp);
void bnxt_free_mpc_rings(struct bnxt *bp);
+void bnxt_init_mpc_rings(struct bnxt *bp);
+int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp);
+void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -116,5 +119,18 @@ static inline int bnxt_alloc_mpc_rings(struct bnxt *bp)
static inline void bnxt_free_mpc_rings(struct bnxt *bp)
{
}
+
+static inline void bnxt_init_mpc_rings(struct bnxt *bp)
+{
+}
+
+static inline int bnxt_hwrm_mpc_ring_alloc(struct bnxt *bp)
+{
+ return 0;
+}
+
+static inline void bnxt_hwrm_mpc_ring_free(struct bnxt *bp, bool close_path)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 05/15] bnxt_en: Allocate and free MPC software structures
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Each MPC consists of a special TX ring and a completion ring. Use
existing structs bnxt_tx_ring_info and bnxt_cp_ring_info as control
structures. The 2 MPC channels to TCE and RCE that share the MSIX
will use a shared completion ring.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 35 ++-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 12 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 205 ++++++++++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 46 ++++
4 files changed, 291 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 6146d24a6397..228fe7aa4907 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -3685,7 +3685,7 @@ static size_t __bnxt_copy_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem,
return total_len;
}
-static void bnxt_free_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
+void bnxt_free_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
{
struct pci_dev *pdev = bp->pdev;
int i;
@@ -3718,7 +3718,7 @@ static void bnxt_free_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
}
}
-static int bnxt_alloc_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
+int bnxt_alloc_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem)
{
struct pci_dev *pdev = bp->pdev;
u64 valid_bit = 0;
@@ -4325,6 +4325,8 @@ static int bnxt_alloc_cp_rings(struct bnxt *bp)
(!sh && i >= bp->rx_nr_rings)) {
cp_count += tcs;
tx = 1;
+ if (bnxt_napi_has_mpc(bp, i))
+ cp_count++;
}
cpr->cp_ring_arr = kzalloc_objs(*cpr, cp_count);
@@ -4346,6 +4348,11 @@ static int bnxt_alloc_cp_rings(struct bnxt *bp)
} else {
int n, tc = k - rx;
+ /* MPC rings are at the highest k indices */
+ if (tc >= tcs) {
+ bnxt_set_mpc_cp_ring(bp, i, cpr2);
+ continue;
+ }
n = BNXT_TC_TO_RING_BASE(bp, tc) + j;
bp->tx_ring[n].tx_cpr = cpr2;
cpr2->cp_ring_type = BNXT_NQ_HDL_TYPE_TX;
@@ -4478,6 +4485,7 @@ static void bnxt_init_ring_struct(struct bnxt *bp)
rmem->vmem = (void **)&txr->tx_buf_ring;
}
}
+ bnxt_init_mpc_ring_struct(bp);
}
static void bnxt_init_rxbd_pages(struct bnxt_ring_struct *ring, u32 type)
@@ -5554,6 +5562,7 @@ static void bnxt_init_l2_fltr_tbl(struct bnxt *bp)
static void bnxt_free_mem(struct bnxt *bp, bool irq_re_init)
{
bnxt_free_vnic_attributes(bp);
+ bnxt_free_mpc_rings(bp);
bnxt_free_tx_rings(bp);
bnxt_free_rx_rings(bp);
bnxt_free_cp_rings(bp);
@@ -5567,6 +5576,7 @@ static void bnxt_free_mem(struct bnxt *bp, bool irq_re_init)
bnxt_free_port_stats(bp);
bnxt_free_ring_grps(bp);
bnxt_free_vnics(bp);
+ bnxt_free_mpcs(bp);
kfree(bp->tx_ring_map);
bp->tx_ring_map = NULL;
kfree(bp->tx_ring);
@@ -5676,6 +5686,10 @@ static int bnxt_alloc_mem(struct bnxt *bp, bool irq_re_init)
txr->tx_cpr = &bnapi2->cp_ring;
}
+ rc = bnxt_alloc_mpcs(bp);
+ if (rc)
+ goto alloc_mem_err;
+
rc = bnxt_alloc_stats(bp);
if (rc)
goto alloc_mem_err;
@@ -5704,6 +5718,10 @@ static int bnxt_alloc_mem(struct bnxt *bp, bool irq_re_init)
if (rc)
goto alloc_mem_err;
+ rc = bnxt_alloc_mpc_rings(bp);
+ if (rc)
+ goto alloc_mem_err;
+
rc = bnxt_alloc_cp_rings(bp);
if (rc)
goto alloc_mem_err;
@@ -7258,10 +7276,15 @@ static int hwrm_ring_alloc_send_msg(struct bnxt *bp,
req->cmpl_ring_id = cpu_to_le16(bnxt_cp_ring_for_tx(bp, txr));
req->length = cpu_to_le32(bp->tx_ring_mask + 1);
req->stat_ctx_id = cpu_to_le32(grp_info->fw_stats_ctx);
- req->queue_id = cpu_to_le16(ring->queue_id);
- if (bp->flags & BNXT_FLAG_TX_COAL_CMPL)
- req->cmpl_coal_cnt =
- RING_ALLOC_REQ_CMPL_COAL_CNT_COAL_64;
+ if (ring->queue_id == BNXT_MPC_QUEUE_ID) {
+ req->mpc_chnls_type = ring->mpc_chnl_type;
+ req->enables |= cpu_to_le32(RING_ALLOC_REQ_ENABLES_MPC_CHNLS_TYPE);
+ } else {
+ req->queue_id = cpu_to_le16(ring->queue_id);
+ if (bp->flags & BNXT_FLAG_TX_COAL_CMPL)
+ req->cmpl_coal_cnt =
+ RING_ALLOC_REQ_CMPL_COAL_CNT_COAL_64;
+ }
if ((bp->fw_cap & BNXT_FW_CAP_TX_TS_CMP) && bp->ptp_cfg)
flags |= RING_ALLOC_REQ_FLAGS_TX_PKT_TS_CMPL_ENABLE;
req->flags = cpu_to_le16(flags);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index f851ce0c4a18..5119977f661b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -686,6 +686,7 @@ struct nqe_cn {
#define BNXT_NQ_HDL_TYPE_SHIFT 24
#define BNXT_NQ_HDL_TYPE_RX 0x00
#define BNXT_NQ_HDL_TYPE_TX 0x01
+#define BNXT_NQ_HDL_TYPE_MP 0x02
#define BNXT_NQ_HDL_IDX(hdl) ((hdl) & BNXT_NQ_HDL_IDX_MASK)
#define BNXT_NQ_HDL_TYPE(hdl) (((hdl) & BNXT_NQ_HDL_TYPE_MASK) >> \
@@ -951,6 +952,8 @@ struct bnxt_ring_struct {
};
u32 handle;
u8 queue_id;
+#define BNXT_MPC_QUEUE_ID 0xff
+ u8 mpc_chnl_type;
};
struct tx_push_bd {
@@ -991,12 +994,16 @@ struct bnxt_tx_ring_info {
u16 tx_cons;
u16 tx_hw_cons;
u16 txq_index;
+ /* index for tx_ring[] or tx_mpc_ring[] in struct bnxt_napi */
u8 tx_napi_idx;
u8 kick_pending;
struct bnxt_db_info tx_db;
struct tx_bd *tx_desc_ring[MAX_TX_PAGES];
- struct bnxt_sw_tx_bd *tx_buf_ring;
+ union {
+ struct bnxt_sw_tx_bd *tx_buf_ring;
+ struct bnxt_sw_mpc_tx_bd *tx_mpc_buf_ring;
+ };
dma_addr_t tx_desc_mapping[MAX_TX_PAGES];
@@ -1242,6 +1249,7 @@ struct bnxt_napi {
struct bnxt_cp_ring_info cp_ring;
struct bnxt_rx_ring_info *rx_ring;
struct bnxt_tx_ring_info *tx_ring[BNXT_MAX_TXR_PER_NAPI];
+ struct bnxt_tx_ring_info **tx_mpc_ring;
void (*tx_int)(struct bnxt *, struct bnxt_napi *,
int budget);
@@ -2964,6 +2972,8 @@ int bnxt_alloc_rx_data(struct bnxt *bp, struct bnxt_rx_ring_info *rxr,
void bnxt_reuse_rx_data(struct bnxt_rx_ring_info *rxr, u16 cons, void *data);
u32 bnxt_fw_health_readl(struct bnxt *bp, int reg_idx);
bool bnxt_bs_trace_avail(struct bnxt *bp, u16 type);
+void bnxt_free_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem);
+int bnxt_alloc_ring(struct bnxt *bp, struct bnxt_ring_mem_info *rmem);
void bnxt_set_tpa_flags(struct bnxt *bp);
void bnxt_set_ring_params(struct bnxt *);
void bnxt_set_rx_skb_mode(struct bnxt *bp, bool page_mode);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index 183f1a3726c7..7bf686459170 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -22,6 +22,8 @@ void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
void bnxt_free_mpc_info(struct bnxt *bp)
{
+ bnxt_free_mpc_rings(bp);
+ bnxt_free_mpcs(bp);
kfree(bp->mpc_info);
bp->mpc_info = NULL;
}
@@ -47,6 +49,55 @@ int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
return mpc->mpc_cp_rings;
}
+bool bnxt_napi_has_mpc(struct bnxt *bp, int i)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ struct bnxt_napi *bnapi = bp->bnapi[i];
+ struct bnxt_tx_ring_info *txr;
+
+ if (!mpc)
+ return false;
+
+ txr = bnapi->tx_ring[0];
+ if (txr && !(bnapi->flags & BNXT_NAPI_FLAG_XDP))
+ return txr->txq_index < mpc->mpc_cp_rings;
+ return false;
+}
+
+void bnxt_set_mpc_cp_ring(struct bnxt *bp, int bnapi_idx,
+ struct bnxt_cp_ring_info *cpr)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ struct bnxt_napi *bnapi;
+ bool found = false;
+ int i, j;
+
+ if (!mpc)
+ return;
+ bnapi = bp->bnapi[bnapi_idx];
+ /* Check both TCE and RCE MPCs for the matching NAPI */
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+
+ /* Only 1 ring with index j will use this NAPI */
+ if (txr->bnapi == bnapi) {
+ txr->tx_cpr = cpr;
+ txr->tx_napi_idx = i;
+ bnapi->tx_mpc_ring[i] = txr;
+ found = true;
+ break;
+ }
+ }
+ }
+ if (!found)
+ netdev_warn_once(bp->dev, "No MPC match for napi index %d\n",
+ bnapi_idx);
+ cpr->cp_ring_type = BNXT_NQ_HDL_TYPE_MP;
+}
+
void bnxt_trim_mpc_rings(struct bnxt *bp)
{
struct bnxt_mpc_info *mpc = bp->mpc_info;
@@ -108,3 +159,157 @@ void bnxt_set_dflt_mpc_rings(struct bnxt *bp)
for (i = 0; i < BNXT_MPC_TYPE_MAX; i++)
mpc->mpc_ring_count[i] = 0;
}
+
+void bnxt_init_mpc_ring_struct(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j;
+
+ if (!BNXT_MPC_CRYPTO_CAPABLE(bp))
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ if (!mpc->mpc_rings[i])
+ continue;
+ for (j = 0; j < num; j++) {
+ struct bnxt_ring_mem_info *rmem;
+ struct bnxt_ring_struct *ring;
+ struct bnxt_tx_ring_info *txr;
+
+ txr = &mpc->mpc_rings[i][j];
+
+ txr->tx_ring_struct.ring_mem.flags =
+ BNXT_RMEM_RING_PTE_FLAG;
+ txr->bnapi = bp->tx_ring[bp->tx_ring_map[j]].bnapi;
+ txr->txq_index = j;
+
+ ring = &txr->tx_ring_struct;
+ rmem = &ring->ring_mem;
+ rmem->nr_pages = bp->tx_nr_pages;
+ rmem->page_size = HW_TXBD_RING_SIZE;
+ rmem->pg_arr = (void **)txr->tx_desc_ring;
+ rmem->dma_arr = txr->tx_desc_mapping;
+ rmem->vmem_size = SW_MPC_TXBD_RING_SIZE *
+ bp->tx_nr_pages;
+ rmem->vmem = (void **)&txr->tx_mpc_buf_ring;
+ }
+ }
+}
+
+int bnxt_alloc_mpcs(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, rc = 0;
+
+ if (!BNXT_MPC_CRYPTO_CAPABLE(bp))
+ return 0;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+ struct bnxt_tx_ring_info *txr;
+
+ if (!num)
+ continue;
+ txr = kzalloc_objs(*txr, num);
+ if (!txr) {
+ rc = -ENOMEM;
+ goto alloc_mpcs_exit;
+ }
+ mpc->mpc_rings[i] = txr;
+ }
+
+ for (i = 0; i < bp->cp_nr_rings; i++) {
+ struct bnxt_napi *bnapi = bp->bnapi[i];
+
+ if (!bnxt_napi_has_mpc(bp, i))
+ continue;
+ bnapi->tx_mpc_ring = kzalloc_objs(*bnapi->tx_mpc_ring,
+ BNXT_MPC_TYPE_MAX);
+ if (!bnapi->tx_mpc_ring) {
+ rc = -ENOMEM;
+ goto alloc_mpcs_exit;
+ }
+ }
+alloc_mpcs_exit:
+ if (rc)
+ bnxt_free_mpcs(bp);
+ return rc;
+}
+
+void bnxt_free_mpcs(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ kfree(mpc->mpc_rings[i]);
+ mpc->mpc_rings[i] = NULL;
+ }
+ if (!bp->bnapi)
+ return;
+ for (i = 0; i < bp->cp_nr_rings; i++) {
+ struct bnxt_napi *bnapi = bp->bnapi[i];
+
+ kfree(bnapi->tx_mpc_ring);
+ bnapi->tx_mpc_ring = NULL;
+ }
+}
+
+int bnxt_alloc_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j, rc = 0;
+
+ if (!mpc)
+ return 0;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+ struct bnxt_ring_struct *ring;
+
+ ring = &txr->tx_ring_struct;
+ rc = bnxt_alloc_ring(bp, &ring->ring_mem);
+ if (rc)
+ goto alloc_mpc_rings_exit;
+ ring->queue_id = BNXT_MPC_QUEUE_ID;
+ ring->mpc_chnl_type = i;
+ /* for stats context */
+ ring->grp_idx = txr->bnapi->index;
+ spin_lock_init(&txr->tx_lock);
+ }
+ }
+alloc_mpc_rings_exit:
+ if (rc)
+ bnxt_free_mpc_rings(bp);
+ return rc;
+}
+
+void bnxt_free_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, j;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ int num = mpc->mpc_ring_count[i];
+
+ if (!mpc->mpc_rings[i])
+ continue;
+ for (j = 0; j < num; j++) {
+ struct bnxt_tx_ring_info *txr = &mpc->mpc_rings[i][j];
+ struct bnxt_ring_struct *ring = &txr->tx_ring_struct;
+
+ bnxt_free_ring(bp, &ring->ring_mem);
+ }
+ }
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index 4ff8cad75a23..b54daf4ddd2f 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -29,6 +29,12 @@ struct bnxt_mpc_info {
struct bnxt_tx_ring_info *mpc_rings[BNXT_MPC_TYPE_MAX];
};
+struct bnxt_sw_mpc_tx_bd {
+ unsigned long handle;
+};
+
+#define SW_MPC_TXBD_RING_SIZE (sizeof(struct bnxt_sw_mpc_tx_bd) * TX_DESC_CNT)
+
#define BNXT_MPC_CRYPTO_CAP \
(FUNC_QCAPS_RESP_MPC_CHNLS_CAP_TCE | FUNC_QCAPS_RESP_MPC_CHNLS_CAP_RCE)
@@ -42,8 +48,16 @@ void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap);
void bnxt_free_mpc_info(struct bnxt *bp);
int bnxt_mpc_tx_rings_in_use(struct bnxt *bp);
int bnxt_mpc_cp_rings_in_use(struct bnxt *bp);
+bool bnxt_napi_has_mpc(struct bnxt *bp, int i);
+void bnxt_set_mpc_cp_ring(struct bnxt *bp, int bnapi_idx,
+ struct bnxt_cp_ring_info *cpr);
void bnxt_trim_mpc_rings(struct bnxt *bp);
void bnxt_set_dflt_mpc_rings(struct bnxt *bp);
+void bnxt_init_mpc_ring_struct(struct bnxt *bp);
+int bnxt_alloc_mpcs(struct bnxt *bp);
+void bnxt_free_mpcs(struct bnxt *bp);
+int bnxt_alloc_mpc_rings(struct bnxt *bp);
+void bnxt_free_mpc_rings(struct bnxt *bp);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -63,6 +77,16 @@ static inline int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
return 0;
}
+static inline bool bnxt_napi_has_mpc(struct bnxt *bp, int i)
+{
+ return false;
+}
+
+static inline void bnxt_set_mpc_cp_ring(struct bnxt *bp, int bnapi_idx,
+ struct bnxt_cp_ring_info *cpr)
+{
+}
+
static inline void bnxt_trim_mpc_rings(struct bnxt *bp)
{
}
@@ -70,5 +94,27 @@ static inline void bnxt_trim_mpc_rings(struct bnxt *bp)
static inline void bnxt_set_dflt_mpc_rings(struct bnxt *bp)
{
}
+
+static inline void bnxt_init_mpc_ring_struct(struct bnxt *bp)
+{
+}
+
+static inline int bnxt_alloc_mpcs(struct bnxt *bp)
+{
+ return 0;
+}
+
+static inline void bnxt_free_mpcs(struct bnxt *bp)
+{
+}
+
+static inline int bnxt_alloc_mpc_rings(struct bnxt *bp)
+{
+ return 0;
+}
+
+static inline void bnxt_free_mpc_rings(struct bnxt *bp)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 04/15] bnxt_en: Rename xdp_tx_lock to tx_lock
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Kalesh AP
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
xdp_tx_lock in struct bnxt_tx_ring_info is used to serialize
XDP_REDIRECT on the same TX ring. MPCs will also need this lock
for a similar purpose to serialize sending multiple messages on
the same MPC, so rename it to tx_lock.
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 4 ++--
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 02c234b18a06..6146d24a6397 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -4154,7 +4154,7 @@ static int bnxt_alloc_tx_rings(struct bnxt *bp)
}
qidx = bp->tc_to_qidx[j];
ring->queue_id = bp->q_info[qidx].queue_id;
- spin_lock_init(&txr->xdp_tx_lock);
+ spin_lock_init(&txr->tx_lock);
if (i < bp->tx_nr_rings_xdp)
continue;
if (BNXT_RING_TO_TC_OFF(bp, i) == (bp->tx_nr_rings_per_tc - 1))
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index ea32b8bd6600..f851ce0c4a18 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1014,8 +1014,8 @@ struct bnxt_tx_ring_info {
u32 dev_state;
struct bnxt_ring_struct tx_ring_struct;
- /* Synchronize simultaneous xdp_xmit on same ring */
- spinlock_t xdp_tx_lock;
+ /* Synchronize simultaneous xdp_xmit on same ring or for MPC ring */
+ spinlock_t tx_lock;
};
#define BNXT_LEGACY_COAL_CMPL_PARAMS \
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
index 9e5009be8e98..2a94a77847fe 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
@@ -351,7 +351,7 @@ int bnxt_xdp_xmit(struct net_device *dev, int num_frames,
return -EINVAL;
if (static_branch_unlikely(&bnxt_xdp_locking_key))
- spin_lock(&txr->xdp_tx_lock);
+ spin_lock(&txr->tx_lock);
for (i = 0; i < num_frames; i++) {
struct xdp_frame *xdp = frames[i];
@@ -376,7 +376,7 @@ int bnxt_xdp_xmit(struct net_device *dev, int num_frames,
}
if (static_branch_unlikely(&bnxt_xdp_locking_key))
- spin_unlock(&txr->xdp_tx_lock);
+ spin_unlock(&txr->tx_lock);
return nxmit;
}
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 03/15] bnxt_en: Set default MPC ring count
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
If the firmware supports MPC channels and CONFIG_BNXT_TLS is set, set
the default number of MPC channels. These MPC rings will share MSIX
with the TX rings. The number of MPC channels for each type must not
exceed the ethtool TX channel count. bnxt_set_dflt_mpc_rings() will
determine the count for each MPC channel type and it cannot be directly
controlled by the user.
We also add bnxt_trim_mpc_rings() to make final adjustments in case
the number of reserved TX channels is less than expected.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
v3:
Use proper int type for min_t().
v2:
https://lore.kernel.org/netdev/20260512212105.3488258-4-michael.chan@broadcom.com/
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 7 +++
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 3 +
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 63 +++++++++++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 15 +++++
4 files changed, 88 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 2a737e7d7921..02c234b18a06 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -13196,6 +13196,7 @@ static int __bnxt_open_nic(struct bnxt *bp, bool irq_re_init, bool link_re_init)
return rc;
bnxt_adj_tx_rings(bp);
+ bnxt_trim_mpc_rings(bp);
rc = bnxt_alloc_mem(bp, irq_re_init);
if (rc) {
netdev_err(bp->dev, "bnxt_alloc_mem err: %x\n", rc);
@@ -16743,6 +16744,7 @@ static void bnxt_trim_dflt_sh_rings(struct bnxt *bp)
bp->rx_nr_rings = bp->cp_nr_rings;
bp->tx_nr_rings_per_tc = bp->cp_nr_rings;
bp->tx_nr_rings = bnxt_tx_nr_rings(bp);
+ bnxt_trim_mpc_rings(bp);
}
static void bnxt_adj_dflt_rings(struct bnxt *bp, bool sh)
@@ -16794,6 +16796,8 @@ static int bnxt_set_dflt_rings(struct bnxt *bp, bool sh)
bnxt_set_dflt_ulp_stat_ctxs(bp);
}
+ bnxt_set_dflt_mpc_rings(bp);
+
rc = __bnxt_reserve_rings(bp);
if (rc && rc != -ENODEV)
netdev_warn(bp->dev, "Unable to reserve tx rings\n");
@@ -16808,6 +16812,7 @@ static int bnxt_set_dflt_rings(struct bnxt *bp, bool sh)
if (rc && rc != -ENODEV)
netdev_warn(bp->dev, "2nd rings reservation failed.\n");
bnxt_adj_tx_rings(bp);
+ bnxt_trim_mpc_rings(bp);
}
if (BNXT_CHIP_TYPE_NITRO_A0(bp)) {
bp->rx_nr_rings++;
@@ -16842,6 +16847,7 @@ static int bnxt_init_dflt_ring_mode(struct bnxt *bp)
goto init_dflt_ring_err;
bnxt_adj_tx_rings(bp);
+ bnxt_trim_mpc_rings(bp);
bnxt_set_dflt_rfs(bp);
@@ -17185,6 +17191,7 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
* limited MSIX, so we re-initialize the TX rings per TC.
*/
bp->tx_nr_rings_per_tc = bp->tx_nr_rings;
+ bnxt_trim_mpc_rings(bp);
if (BNXT_PF(bp)) {
if (!bnxt_pf_wq) {
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index 62bc9cae613c..a498dc1fe0d4 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -37,6 +37,7 @@
#include "bnxt_nvm_defs.h" /* NVRAM content constant and structure defs */
#include "bnxt_fw_hdr.h" /* Firmware hdr constant and structure defs */
#include "bnxt_coredump.h"
+#include "bnxt_mpc.h"
#define BNXT_NVM_ERR_MSG(dev, extack, msg) \
do { \
@@ -1051,6 +1052,8 @@ static int bnxt_set_channels(struct net_device *dev,
bnxt_set_cp_rings(bp, sh);
+ bnxt_set_dflt_mpc_rings(bp);
+
/* After changing number of rx channels, update NTUPLE feature. */
netdev_update_features(dev);
if (netif_running(dev)) {
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index 9859a5f86268..183f1a3726c7 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -3,6 +3,7 @@
#include <linux/stddef.h>
#include <linux/types.h>
+#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/bnxt/hsi.h>
@@ -45,3 +46,65 @@ int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
return 0;
return mpc->mpc_cp_rings;
}
+
+void bnxt_trim_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int max = bp->tx_nr_rings_per_tc;
+ u8 max_cp = 0;
+ int i;
+
+ if (!mpc)
+ return;
+
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++) {
+ mpc->mpc_ring_count[i] = min_t(int, mpc->mpc_ring_count[i],
+ max);
+ max_cp = max(max_cp, mpc->mpc_ring_count[i]);
+ }
+ mpc->mpc_cp_rings = max_cp;
+}
+
+void bnxt_set_dflt_mpc_rings(struct bnxt *bp)
+{
+ struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int mpc_tce, mpc_rce, avail, mpc_cp, i;
+
+ if (!BNXT_MPC_CRYPTO_CAPABLE(bp))
+ return;
+
+ avail = hw_resc->max_tx_rings - bp->tx_nr_rings;
+ /* don't use more than 80% */
+ avail = avail * 4 / 5;
+
+ if (avail < (BNXT_MIN_MPC_TCE + BNXT_MIN_MPC_RCE))
+ goto disable_mpc;
+
+ mpc_tce = min_t(int, avail / 2, bp->tx_nr_rings_per_tc);
+ mpc_rce = mpc_tce;
+
+ mpc_tce = min_t(int, mpc_tce, BNXT_DFLT_MPC_TCE);
+ mpc_rce = min_t(int, mpc_rce, BNXT_DFLT_MPC_RCE);
+
+ avail = hw_resc->max_cp_rings - bp->tx_nr_rings -
+ bp->rx_nr_rings;
+
+ if (avail < BNXT_MIN_MPC_TCE || avail < BNXT_MIN_MPC_RCE)
+ goto disable_mpc;
+
+ mpc_tce = min(mpc_tce, avail);
+ mpc_rce = min(mpc_rce, avail);
+
+ mpc_cp = max(mpc_tce, mpc_rce);
+
+ mpc->mpc_ring_count[BNXT_MPC_TCE_TYPE] = mpc_tce;
+ mpc->mpc_ring_count[BNXT_MPC_RCE_TYPE] = mpc_rce;
+ mpc->mpc_cp_rings = mpc_cp;
+ return;
+
+disable_mpc:
+ mpc->mpc_cp_rings = 0;
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++)
+ mpc->mpc_ring_count[i] = 0;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index 7a7d81197ea6..4ff8cad75a23 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -17,6 +17,11 @@ enum bnxt_mpc_type {
#define BNXT_MAX_MPC 8
+#define BNXT_MIN_MPC_TCE 1
+#define BNXT_MIN_MPC_RCE 1
+#define BNXT_DFLT_MPC_TCE BNXT_MAX_MPC
+#define BNXT_DFLT_MPC_RCE BNXT_MAX_MPC
+
struct bnxt_mpc_info {
u8 mpc_chnls_cap;
u8 mpc_cp_rings;
@@ -37,6 +42,8 @@ void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap);
void bnxt_free_mpc_info(struct bnxt *bp);
int bnxt_mpc_tx_rings_in_use(struct bnxt *bp);
int bnxt_mpc_cp_rings_in_use(struct bnxt *bp);
+void bnxt_trim_mpc_rings(struct bnxt *bp);
+void bnxt_set_dflt_mpc_rings(struct bnxt *bp);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -55,5 +62,13 @@ static inline int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
{
return 0;
}
+
+static inline void bnxt_trim_mpc_rings(struct bnxt *bp)
+{
+}
+
+static inline void bnxt_set_dflt_mpc_rings(struct bnxt *bp)
+{
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 02/15] bnxt_en: Account for the MPC TX and CP rings
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde, Kalesh AP
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Modify bnxt_cp_rings_in_use(), bnxt_get_max_func_cp_rings_for_en(),
and _bnxt_get_max_rings() to account for any TX rings and CP rings
used by MPCs. Add a new helper bnxt_total_tx_rings() to include
MPC TX rings. Ring reservations will now include the MPC rings.
Note that legacy FW using older HWRM APIs does not support MPC
rings.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 45 ++++++++++++++-----
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 +
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 21 +++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 12 +++++
.../net/ethernet/broadcom/bnxt/bnxt_sriov.c | 6 +--
5 files changed, 71 insertions(+), 14 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 8faab85d66d1..2a737e7d7921 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7752,6 +7752,11 @@ static void bnxt_hwrm_ring_free(struct bnxt *bp, bool close_path)
}
}
+int bnxt_total_tx_rings(struct bnxt *bp)
+{
+ return bp->tx_nr_rings + bnxt_mpc_tx_rings_in_use(bp);
+}
+
static int __bnxt_trim_rings(struct bnxt *bp, int *rx, int *tx, int max,
bool shared);
static int bnxt_trim_rings(struct bnxt *bp, int *rx, int *tx, int max,
@@ -7792,19 +7797,28 @@ static int bnxt_hwrm_get_rings(struct bnxt *bp)
stats = le16_to_cpu(resp->alloc_stat_ctx);
hw_resc->resv_irqs = cp;
if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS) {
+ int mpc_tx = bnxt_mpc_tx_rings_in_use(bp);
+ int mpc_cp = bnxt_mpc_cp_rings_in_use(bp);
int rx = hw_resc->resv_rx_rings;
int tx = hw_resc->resv_tx_rings;
+ int cp_p5;
+ if (tx <= mpc_tx || cp <= mpc_cp) {
+ rc = -ENOMEM;
+ goto get_rings_exit;
+ }
+ tx -= mpc_tx;
+ cp_p5 = cp - mpc_cp;
if (bp->flags & BNXT_FLAG_AGG_RINGS)
rx >>= 1;
- if (cp < (rx + tx)) {
- rc = __bnxt_trim_rings(bp, &rx, &tx, cp, false);
+ if (cp_p5 < (rx + tx)) {
+ rc = __bnxt_trim_rings(bp, &rx, &tx, cp_p5, false);
if (rc)
goto get_rings_exit;
if (bp->flags & BNXT_FLAG_AGG_RINGS)
rx <<= 1;
hw_resc->resv_rx_rings = rx;
- hw_resc->resv_tx_rings = tx;
+ hw_resc->resv_tx_rings = tx + mpc_tx;
}
hw_resc->resv_irqs = le16_to_cpu(resp->alloc_msix);
hw_resc->resv_hw_ring_grps = rx;
@@ -7996,7 +8010,7 @@ static int bnxt_cp_rings_in_use(struct bnxt *bp)
return bnxt_nq_rings_in_use(bp);
cp = bp->tx_nr_rings + bp->rx_nr_rings;
- return cp;
+ return cp + bnxt_mpc_cp_rings_in_use(bp);
}
static int bnxt_get_func_stat_ctxs(struct bnxt *bp)
@@ -8054,7 +8068,7 @@ static void bnxt_get_total_resources(struct bnxt *bp, struct bnxt_hw_rings *hwr)
hwr->cp_p5 = 0;
if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS)
hwr->cp_p5 = bnxt_cp_rings_in_use(bp);
- hwr->tx = bp->tx_nr_rings;
+ hwr->tx = bnxt_total_tx_rings(bp);
hwr->rx = bp->rx_nr_rings;
hwr->grp = hwr->rx;
hwr->vnic = bnxt_get_total_vnics(bp, hwr->rx);
@@ -8160,8 +8174,10 @@ static int __bnxt_reserve_rings(struct bnxt *bp)
hwr.rx = bp->rx_nr_rings;
if (bp->flags & BNXT_FLAG_SHARED_RINGS)
sh = true;
- if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS)
- hwr.cp_p5 = hwr.rx + hwr.tx;
+ if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS) {
+ hwr.cp_p5 = hwr.rx + hwr.tx + bnxt_mpc_cp_rings_in_use(bp);
+ hwr.tx += bnxt_mpc_tx_rings_in_use(bp);
+ }
hwr.vnic = bnxt_get_total_vnics(bp, hwr.rx);
@@ -8198,6 +8214,9 @@ static int __bnxt_reserve_rings(struct bnxt *bp)
if (bnxt_ulp_registered(edev) && hwr.stat > bnxt_get_ulp_stat_ctxs(bp))
hwr.stat -= bnxt_get_ulp_stat_ctxs(bp);
hwr.cp = min_t(int, hwr.cp, hwr.stat);
+ hwr.tx -= bnxt_mpc_tx_rings_in_use(bp);
+ if (hwr.tx < 0)
+ return -ENOMEM;
rc = bnxt_trim_rings(bp, &rx_rings, &hwr.tx, hwr.cp, sh);
if (bp->flags & BNXT_FLAG_AGG_RINGS)
hwr.rx = rx_rings << 1;
@@ -11517,12 +11536,13 @@ unsigned int bnxt_get_max_func_cp_rings(struct bnxt *bp)
static unsigned int bnxt_get_max_func_cp_rings_for_en(struct bnxt *bp)
{
+ unsigned int mpc_cp = (unsigned int)bnxt_mpc_cp_rings_in_use(bp);
unsigned int cp = bp->hw_resc.max_cp_rings;
if (!(bp->flags & BNXT_FLAG_CHIP_P5_PLUS))
cp -= bnxt_get_ulp_msix_num(bp);
- return cp;
+ return mpc_cp >= cp ? 0 : cp - mpc_cp;
}
static unsigned int bnxt_get_max_func_irqs(struct bnxt *bp)
@@ -14924,8 +14944,10 @@ int bnxt_check_rings(struct bnxt *bp, int tx, int rx, bool sh, int tcs,
hwr.grp = rx;
hwr.rss_ctx = bnxt_get_total_rss_ctxs(bp, &hwr);
}
- if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS)
- hwr.cp_p5 = hwr.tx + rx;
+ if (bp->flags & BNXT_FLAG_CHIP_P5_PLUS) {
+ hwr.cp_p5 = hwr.tx + rx + bnxt_mpc_cp_rings_in_use(bp);
+ hwr.tx += bnxt_mpc_tx_rings_in_use(bp);
+ }
rc = bnxt_hwrm_check_rings(bp, &hwr);
if (!rc && pci_msix_can_alloc_dyn(bp->pdev)) {
if (!bnxt_ulp_registered(bp->edev[BNXT_AUXDEV_RDMA])) {
@@ -16623,7 +16645,8 @@ static void _bnxt_get_max_rings(struct bnxt *bp, int *max_rx, int *max_tx,
struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
int max_ring_grps = 0, max_irq;
- *max_tx = hw_resc->max_tx_rings;
+ *max_tx = max(0, (int)hw_resc->max_tx_rings -
+ bnxt_mpc_tx_rings_in_use(bp));
*max_rx = hw_resc->max_rx_rings;
*max_cp = bnxt_get_max_func_cp_rings_for_en(bp);
max_irq = min_t(int, bnxt_get_max_func_irqs(bp) -
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 77b1748d12d1..ea32b8bd6600 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2992,6 +2992,7 @@ int bnxt_hwrm_vnic_cfg(struct bnxt *bp, struct bnxt_vnic_info *vnic);
int bnxt_hwrm_vnic_alloc(struct bnxt *bp, struct bnxt_vnic_info *vnic,
unsigned int start_rx_ring_idx,
unsigned int nr_rings);
+int bnxt_total_tx_rings(struct bnxt *bp);
int __bnxt_hwrm_get_tx_rings(struct bnxt *bp, u16 fid, int *tx_rings);
int bnxt_nq_rings_in_use(struct bnxt *bp);
int bnxt_hwrm_set_coal(struct bnxt *);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
index 86087e538550..9859a5f86268 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -24,3 +24,24 @@ void bnxt_free_mpc_info(struct bnxt *bp)
kfree(bp->mpc_info);
bp->mpc_info = NULL;
}
+
+int bnxt_mpc_tx_rings_in_use(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+ int i, mpc_tx = 0;
+
+ if (!mpc)
+ return 0;
+ for (i = 0; i < BNXT_MPC_TYPE_MAX; i++)
+ mpc_tx += mpc->mpc_ring_count[i];
+ return mpc_tx;
+}
+
+int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
+{
+ struct bnxt_mpc_info *mpc = bp->mpc_info;
+
+ if (!mpc)
+ return 0;
+ return mpc->mpc_cp_rings;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
index cd3f268a3a29..7a7d81197ea6 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -35,6 +35,8 @@ struct bnxt_mpc_info {
#ifdef CONFIG_BNXT_TLS
void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap);
void bnxt_free_mpc_info(struct bnxt *bp);
+int bnxt_mpc_tx_rings_in_use(struct bnxt *bp);
+int bnxt_mpc_cp_rings_in_use(struct bnxt *bp);
#else
static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
{
@@ -43,5 +45,15 @@ static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
static inline void bnxt_free_mpc_info(struct bnxt *bp)
{
}
+
+static inline int bnxt_mpc_tx_rings_in_use(struct bnxt *bp)
+{
+ return 0;
+}
+
+static inline int bnxt_mpc_cp_rings_in_use(struct bnxt *bp)
+{
+ return 0;
+}
#endif /* CONFIG_BNXT_TLS */
#endif /* BNXT_MPC_H */
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
index edcc002e4ca3..d57059722f5b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
@@ -640,7 +640,7 @@ static int bnxt_hwrm_func_vf_resc_cfg(struct bnxt *bp, int num_vfs, bool reset)
vf_rx_rings = hw_resc->max_rx_rings - bp->rx_nr_rings * 2;
else
vf_rx_rings = hw_resc->max_rx_rings - bp->rx_nr_rings;
- vf_tx_rings = hw_resc->max_tx_rings - bp->tx_nr_rings;
+ vf_tx_rings = hw_resc->max_tx_rings - bnxt_total_tx_rings(bp);
vf_vnics = hw_resc->max_vnics - bp->nr_vnics;
vf_rss = hw_resc->max_rsscos_ctxs - bp->rsscos_nr_ctxs;
@@ -903,8 +903,8 @@ static int bnxt_sriov_enable(struct bnxt *bp, int *num_vfs)
avail_cp < min_rx_rings)
rx_ok = 0;
- if (hw_resc->max_tx_rings - bp->tx_nr_rings >= min_tx_rings &&
- avail_cp >= min_tx_rings)
+ if (hw_resc->max_tx_rings - bnxt_total_tx_rings(bp) >=
+ min_tx_rings && avail_cp >= min_tx_rings)
tx_ok = 1;
if (hw_resc->max_rsscos_ctxs - bp->rsscos_nr_ctxs >=
--
2.51.0
^ permalink raw reply related
* [PATCH net-next v4 01/15] bnxt_en: Add Midpath channel information
From: Michael Chan @ 2026-06-29 18:49 UTC (permalink / raw)
To: davem
Cc: netdev, edumazet, kuba, pabeni, andrew+netdev, pavan.chebbi,
andrew.gospodarek, Ajit Khaparde, Kalesh AP
In-Reply-To: <20260629184921.3496727-1-michael.chan@broadcom.com>
Midpath channels (MPCs) are rings for hardware control paths. These
control paths are used to offload kTLS directly to the hardware
without going through firmware. This patch adds the basic information
structures for these MPCs.
An MPC is basically a TX and completion ring pair with a HW TLS block
as the destination. Two MPC channel types are used to offload
connections to the TX crypto engine (TCE) and the RX crypto
engine (RCE) respectively. In the driver, we re-use the
bnxt_tx_ring_info and bnxt_cp_ring_info control structs for the MPCs.
This patch also adds the CONFIG_BNXT_TLS Kconfig option to conditionally
include the MPC logic. The first few patches in the series add the MPC
support. kTLS support will be added later in the series.
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
drivers/net/ethernet/broadcom/Kconfig | 9 ++++
drivers/net/ethernet/broadcom/bnxt/Makefile | 1 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 ++++
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c | 26 ++++++++++
drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h | 47 +++++++++++++++++++
6 files changed, 93 insertions(+)
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
create mode 100644 drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
diff --git a/drivers/net/ethernet/broadcom/Kconfig b/drivers/net/ethernet/broadcom/Kconfig
index f0bac0dd1439..b33b66f038b8 100644
--- a/drivers/net/ethernet/broadcom/Kconfig
+++ b/drivers/net/ethernet/broadcom/Kconfig
@@ -255,6 +255,15 @@ config BNXT_HWMON
Say Y if you want to expose the thermal sensor data on NetXtreme-C/E
devices, via the hwmon sysfs interface.
+config BNXT_TLS
+ bool "Broadcom NetXtreme-C/E TLS offload support"
+ default y
+ depends on BNXT && TLS_DEVICE
+ depends on TLS=y || BNXT=m
+ help
+ Say Y if you want to enable Transport Layer Security (TLS) hardware
+ encryption and decryption offload on supported NetXtreme-C/E devices.
+
config BNGE
tristate "Broadcom ThorUltra Ethernet device support"
depends on PCI
diff --git a/drivers/net/ethernet/broadcom/bnxt/Makefile b/drivers/net/ethernet/broadcom/bnxt/Makefile
index debef78c8b6d..0506574c007a 100644
--- a/drivers/net/ethernet/broadcom/bnxt/Makefile
+++ b/drivers/net/ethernet/broadcom/bnxt/Makefile
@@ -5,3 +5,4 @@ bnxt_en-y := bnxt.o bnxt_hwrm.o bnxt_sriov.o bnxt_ethtool.o bnxt_dcb.o bnxt_ulp.
bnxt_en-$(CONFIG_BNXT_FLOWER_OFFLOAD) += bnxt_tc.o
bnxt_en-$(CONFIG_DEBUG_FS) += bnxt_debugfs.o
bnxt_en-$(CONFIG_BNXT_HWMON) += bnxt_hwmon.o
+bnxt_en-$(CONFIG_BNXT_TLS) += bnxt_mpc.o
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 7513618793da..8faab85d66d1 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -76,6 +76,7 @@
#include "bnxt_hwmon.h"
#include "bnxt_gso.h"
#include <net/tso.h>
+#include "bnxt_mpc.h"
#define BNXT_TX_TIMEOUT (5 * HZ)
#define BNXT_DEF_MSG_ENABLE (NETIF_MSG_DRV | NETIF_MSG_HW | \
@@ -9943,6 +9944,11 @@ static int __bnxt_hwrm_func_qcaps(struct bnxt *bp)
}
bp->tso_max_segs = le16_to_cpu(resp->max_tso_segs);
+ if (resp->mpc_chnls_cap)
+ bnxt_alloc_mpc_info(bp, resp->mpc_chnls_cap);
+ else
+ bnxt_free_mpc_info(bp);
+
hwrm_func_qcaps_exit:
hwrm_req_drop(bp, req);
return rc;
@@ -16547,6 +16553,7 @@ static void bnxt_remove_one(struct pci_dev *pdev)
bp->ptp_cfg = NULL;
kfree(bp->fw_health);
bp->fw_health = NULL;
+ bnxt_free_mpc_info(bp);
bnxt_cleanup_pci(bp);
bnxt_free_ctx_mem(bp, true);
bnxt_free_crash_dump_mem(bp);
@@ -17218,6 +17225,7 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
bnxt_ethtool_free(bp);
kfree(bp->fw_health);
bp->fw_health = NULL;
+ bnxt_free_mpc_info(bp);
bnxt_cleanup_pci(bp);
bnxt_free_ctx_mem(bp, true);
bnxt_free_crash_dump_mem(bp);
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 6335dfc14c98..77b1748d12d1 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2452,6 +2452,8 @@ struct bnxt {
u8 tph_mode;
+ struct bnxt_mpc_info *mpc_info;
+
unsigned int current_interval;
#define BNXT_TIMER_INTERVAL HZ
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
new file mode 100644
index 000000000000..86087e538550
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.c
@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#include <linux/stddef.h>
+#include <linux/types.h>
+#include <linux/slab.h>
+#include <linux/bnxt/hsi.h>
+
+#include "bnxt.h"
+#include "bnxt_mpc.h"
+
+void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
+{
+ if (!bp->mpc_info)
+ bp->mpc_info = kzalloc_obj(*bp->mpc_info);
+ if (bp->mpc_info)
+ bp->mpc_info->mpc_chnls_cap = mpc_chnls_cap;
+ else
+ netdev_warn(bp->dev, "Unable to allocate MPC info\n");
+}
+
+void bnxt_free_mpc_info(struct bnxt *bp)
+{
+ kfree(bp->mpc_info);
+ bp->mpc_info = NULL;
+}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
new file mode 100644
index 000000000000..cd3f268a3a29
--- /dev/null
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_mpc.h
@@ -0,0 +1,47 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* Copyright (c) 2026 Broadcom Inc. */
+
+#ifndef BNXT_MPC_H
+#define BNXT_MPC_H
+
+/* Mid path channel (MPC) definitions. An MPC is special TX/completion
+ * ring pair to send/receive control plane data to the TCE and RCE
+ * (Transmit/Receive Crypto Engine) HW blocks.
+ */
+
+enum bnxt_mpc_type {
+ BNXT_MPC_TCE_TYPE = RING_ALLOC_REQ_MPC_CHNLS_TYPE_TCE,
+ BNXT_MPC_RCE_TYPE = RING_ALLOC_REQ_MPC_CHNLS_TYPE_RCE,
+ BNXT_MPC_TYPE_MAX,
+};
+
+#define BNXT_MAX_MPC 8
+
+struct bnxt_mpc_info {
+ u8 mpc_chnls_cap;
+ u8 mpc_cp_rings;
+ u8 mpc_ring_count[BNXT_MPC_TYPE_MAX];
+ struct bnxt_tx_ring_info *mpc_rings[BNXT_MPC_TYPE_MAX];
+};
+
+#define BNXT_MPC_CRYPTO_CAP \
+ (FUNC_QCAPS_RESP_MPC_CHNLS_CAP_TCE | FUNC_QCAPS_RESP_MPC_CHNLS_CAP_RCE)
+
+#define BNXT_MPC_CRYPTO_CAPABLE(bp) \
+ ((bp)->mpc_info ? \
+ ((bp)->mpc_info->mpc_chnls_cap & BNXT_MPC_CRYPTO_CAP) == \
+ BNXT_MPC_CRYPTO_CAP : false)
+
+#ifdef CONFIG_BNXT_TLS
+void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap);
+void bnxt_free_mpc_info(struct bnxt *bp);
+#else
+static inline void bnxt_alloc_mpc_info(struct bnxt *bp, u8 mpc_chnls_cap)
+{
+}
+
+static inline void bnxt_free_mpc_info(struct bnxt *bp)
+{
+}
+#endif /* CONFIG_BNXT_TLS */
+#endif /* BNXT_MPC_H */
--
2.51.0
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox