Re: [PATCH v13 net-next 01/12] tls: support for Inline tls record
On 3/27/2018 11:53 PM, Stefano Brivio wrote: > On Tue, 27 Mar 2018 23:06:30 +0530 > Atul Guptawrote: > >> +static struct tls_context *create_ctx(struct sock *sk) >> +{ >> +struct inet_connection_sock *icsk = inet_csk(sk); >> +struct tls_context *ctx; >> + >> +/* allocate tls context */ >> +ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); >> +if (!ctx) >> +return NULL; >> + >> +icsk->icsk_ulp_data = ctx; >> +return ctx; >> +} >> >> [...] >> >> static int tls_init(struct sock *sk) >> { >> int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4; >> -struct inet_connection_sock *icsk = inet_csk(sk); >> struct tls_context *ctx; >> int rc = 0; >> >> +if (tls_hw_prot(sk)) >> +goto out; >> + >> /* The TLS ulp is currently supported only for TCP sockets >> * in ESTABLISHED state. >> * Supporting sockets in LISTEN state will require us >> @@ -530,12 +624,11 @@ static int tls_init(struct sock *sk) >> return -ENOTSUPP; >> >> /* allocate tls context */ >> -ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); >> +ctx = create_ctx(sk); >> if (!ctx) { >> rc = -ENOMEM; >> goto out; >> } >> -icsk->icsk_ulp_data = ctx; > Why are you changing this? since create_ctx is called at two place it is assigned in allocating function than duplicate the assignment. > > This is now equivalent to the original implementation, except that you > are "hiding" the assignment of icsk->icsk_ulp_data into a function named > "create_ctx". > > Please also note that you are duplicating the "allocate tls context" > comment. will remove this comment. >
Re: [PATCH v13 net-next 08/12] crypto : chtls - CPL handler definition
On 3/27/2018 11:12 PM, Stefano Brivio wrote: > On Tue, 27 Mar 2018 23:06:37 +0530 > Atul Guptawrote: > >> Exchange messages with hardware to program the TLS session >> CPL handlers for messages received from chip. >> >> Signed-off-by: Atul Gupta >> Signed-off-by: Michael Werner >> Reviewed-by: Sabrina Dubroca >> Reviewed-by: Stefano Brivio > No, I haven't. Stefano, I was not clear on protocol for reviewed-by tag, I want to acknowledge the feedback you have provided to code so far. Will remove this. Thanks Atul >
Re: [SPAMMY (6.9)]Re: [PATCH v13 net-next 02/12] ethtool: enable Inline TLS in HW
On 3/28/2018 2:14 AM, Sabrina Dubroca wrote: > 2018-03-27, 23:06:31 +0530, Atul Gupta wrote: >> Ethtool option enables TLS record offload on HW, user >> configures the feature for netdev capable of Inline TLS. >> This allows user to define custom sk_prot for Inline TLS sock >> >> Signed-off-by: Atul Gupta>> Reviewed-by: Sabrina Dubroca > uh, what? I definitely didn't give my "Reviewed-by" for any of these > patches. Please never do that again. Sabrina, I was not clear on protocol. I perhaps want to acknowledge the valuable feedback you have provided. Will remove this. Thanks >
[PATCH v15 9/9] ntb: ntb_hw_switchtec: Cleanup 64bit IO defines to use the common header
Clean up the ifdefs which conditionally defined the io{read|write}64 functions in favour of the new common io-64-nonatomic-lo-hi header. Per a nit from Andy Shevchenko, the include list is also made alphabetical. Signed-off-by: Logan GunthorpeReviewed-by: Andy Shevchenko Cc: Jon Mason --- drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 36 -- 1 file changed, 4 insertions(+), 32 deletions(-) diff --git a/drivers/ntb/hw/mscc/ntb_hw_switchtec.c b/drivers/ntb/hw/mscc/ntb_hw_switchtec.c index f624ae27eabe..f403da24b833 100644 --- a/drivers/ntb/hw/mscc/ntb_hw_switchtec.c +++ b/drivers/ntb/hw/mscc/ntb_hw_switchtec.c @@ -13,12 +13,13 @@ * */ -#include -#include +#include +#include #include #include -#include +#include #include +#include MODULE_DESCRIPTION("Microsemi Switchtec(tm) NTB Driver"); MODULE_VERSION("0.1"); @@ -35,35 +36,6 @@ module_param(use_lut_mws, bool, 0644); MODULE_PARM_DESC(use_lut_mws, "Enable the use of the LUT based memory windows"); -#ifndef ioread64 -#ifdef readq -#define ioread64 readq -#else -#define ioread64 _ioread64 -static inline u64 _ioread64(void __iomem *mmio) -{ - u64 low, high; - - low = ioread32(mmio); - high = ioread32(mmio + sizeof(u32)); - return low | (high << 32); -} -#endif -#endif - -#ifndef iowrite64 -#ifdef writeq -#define iowrite64 writeq -#else -#define iowrite64 _iowrite64 -static inline void _iowrite64(u64 val, void __iomem *mmio) -{ - iowrite32(val, mmio); - iowrite32(val >> 32, mmio + sizeof(u32)); -} -#endif -#endif - #define SWITCHTEC_NTB_MAGIC 0x45CC0001 #define MAX_MWS 128 -- 2.11.0
[PATCH v15 2/9] parisc: iomap: introduce io{read|write}64
Add support for io{read|write}64() functions in parisc architecture. These are pretty straightforward copies of similar functions which make use of readq and writeq. Also, indicate that the lo_hi and hi_lo variants of these functions are not provided by this architecture. Signed-off-by: Logan GunthorpeReviewed-by: Andy Shevchenko Cc: "James E.J. Bottomley" Cc: Helge Deller Cc: Greg Kroah-Hartman Cc: Philippe Ombredanne Cc: Kate Stewart Cc: Thomas Gleixner --- arch/parisc/include/asm/io.h | 9 +++ arch/parisc/lib/iomap.c | 64 2 files changed, 73 insertions(+) diff --git a/arch/parisc/include/asm/io.h b/arch/parisc/include/asm/io.h index 27c62baa9c4e..34c133066d3c 100644 --- a/arch/parisc/include/asm/io.h +++ b/arch/parisc/include/asm/io.h @@ -311,6 +311,15 @@ extern void outsl (unsigned long port, const void *src, unsigned long count); * value for either 32 or 64 bit mode */ #define F_EXTEND(x) ((unsigned long)((x) | (0xULL))) +#define ioread64 ioread64 +#define ioread64be ioread64be +#define iowrite64 iowrite64 +#define iowrite64be iowrite64be +extern u64 ioread64(void __iomem *addr); +extern u64 ioread64be(void __iomem *addr); +extern void iowrite64(u64 val, void __iomem *addr); +extern void iowrite64be(u64 val, void __iomem *addr); + #include /* diff --git a/arch/parisc/lib/iomap.c b/arch/parisc/lib/iomap.c index 4b19e6e64fb7..0195aec657e2 100644 --- a/arch/parisc/lib/iomap.c +++ b/arch/parisc/lib/iomap.c @@ -48,11 +48,15 @@ struct iomap_ops { unsigned int (*read16be)(void __iomem *); unsigned int (*read32)(void __iomem *); unsigned int (*read32be)(void __iomem *); + u64 (*read64)(void __iomem *); + u64 (*read64be)(void __iomem *); void (*write8)(u8, void __iomem *); void (*write16)(u16, void __iomem *); void (*write16be)(u16, void __iomem *); void (*write32)(u32, void __iomem *); void (*write32be)(u32, void __iomem *); + void (*write64)(u64, void __iomem *); + void (*write64be)(u64, void __iomem *); void (*read8r)(void __iomem *, void *, unsigned long); void (*read16r)(void __iomem *, void *, unsigned long); void (*read32r)(void __iomem *, void *, unsigned long); @@ -171,6 +175,16 @@ static unsigned int iomem_read32be(void __iomem *addr) return __raw_readl(addr); } +static u64 iomem_read64(void __iomem *addr) +{ + return readq(addr); +} + +static u64 iomem_read64be(void __iomem *addr) +{ + return __raw_readq(addr); +} + static void iomem_write8(u8 datum, void __iomem *addr) { writeb(datum, addr); @@ -196,6 +210,16 @@ static void iomem_write32be(u32 datum, void __iomem *addr) __raw_writel(datum, addr); } +static void iomem_write64(u64 datum, void __iomem *addr) +{ + writel(datum, addr); +} + +static void iomem_write64be(u64 datum, void __iomem *addr) +{ + __raw_writel(datum, addr); +} + static void iomem_read8r(void __iomem *addr, void *dst, unsigned long count) { while (count--) { @@ -250,11 +274,15 @@ static const struct iomap_ops iomem_ops = { .read16be = iomem_read16be, .read32 = iomem_read32, .read32be = iomem_read32be, + .read64 = iomem_read64, + .read64be = iomem_read64be, .write8 = iomem_write8, .write16 = iomem_write16, .write16be = iomem_write16be, .write32 = iomem_write32, .write32be = iomem_write32be, + .write64 = iomem_write64, + .write64be = iomem_write64be, .read8r = iomem_read8r, .read16r = iomem_read16r, .read32r = iomem_read32r, @@ -304,6 +332,20 @@ unsigned int ioread32be(void __iomem *addr) return *((u32 *)addr); } +u64 ioread64(void __iomem *addr) +{ + if (unlikely(INDIRECT_ADDR(addr))) + return iomap_ops[ADDR_TO_REGION(addr)]->read64(addr); + return le64_to_cpup((u64 *)addr); +} + +u64 ioread64be(void __iomem *addr) +{ + if (unlikely(INDIRECT_ADDR(addr))) + return iomap_ops[ADDR_TO_REGION(addr)]->read64be(addr); + return *((u64 *)addr); +} + void iowrite8(u8 datum, void __iomem *addr) { if (unlikely(INDIRECT_ADDR(addr))) { @@ -349,6 +391,24 @@ void iowrite32be(u32 datum, void __iomem *addr) } } +void iowrite64(u64 datum, void __iomem *addr) +{ + if (unlikely(INDIRECT_ADDR(addr))) { + iomap_ops[ADDR_TO_REGION(addr)]->write64(datum, addr); + } else { + *((u64 *)addr) = cpu_to_le64(datum); + } +} + +void iowrite64be(u64 datum, void __iomem *addr) +{ + if (unlikely(INDIRECT_ADDR(addr))) { + iomap_ops[ADDR_TO_REGION(addr)]->write64be(datum, addr); + } else { +
[PATCH v15 0/9] Add io{read|write}64 to io-64-atomic headers
This is v14 of my cleanup series to push a number of instances of people defining their own io{read|write}64 functions into common headers seing they don't exist in non-64bit systems. This series adds inline functions to the io-64-nonatomic headers and then cleans up the drivers that defined their own copies. This cleanup was originally requested by Greg after he reviewed my Switchtec NTB code. And I hope someone can pick it up or at least give feedback on it soon as it's been around relatively unchanged for a few cycles now and I'm getting a bit tired of resubmitting it with little to no interest. Thanks, Logan -- Changes since v14: - Rebased onto v4.16-rc7 - Replace the first two patches so that instead of correcting the endianness annotations we change to using writeX() and readX() with swabX() calls. This makes the big-endian functions more symmetric with the little-endian versions (with respect to barriers that are not included in the raw functions). As a side effect, it also fixes the kbuild warnings that the first two patches tried to address. Changes since v13: - Changed the subject of patch 0001 to correct a nit pointed out by Luc Changes since v12: - Rebased onto v4.16-rc6 - Split patch 0001 into two and reworked the commit log as requested by Luc Van Oostenryck Changes since v11: - Rebased onto v4.16-rc5 - Added a patch (0001) to fix some old and new sparse warnings that the kbuild robot warned about this cycle. The latest version of sparse was required to reproduce these. - Added a patch (0002) to add io{read|write}64 to parisc which the kbuild robot also found errors for this cycle Changes since v10: - Rebased onto v4.16-rc4, this droped the drm/tilcdc patch which was picked up by that tree and is already in 4.16. Changes since v9: - Rebased onto v4.15-rc6 - Fixed a couple of issues in the new version of the CAAM patch as pointed out by Horia Changes since v8: - Rebased onto v4.15-rc2, as a result rewrote patch 7 seeing someone did some similar cleanup in that area. - Added a patch to clean up the Switchtec NTB driver which landed in v4.15-rc1 Changes since v7: - Fix minor nits from Andy Shevchenko - Rebased onto v4.14-rc1 Changes since v6: ** none ** Changes since v5: - Added a fix to the tilcdc driver to ensure it doesn't use the non-atomic operation. (This includes adding io{read|write}64[be]_is_nonatomic defines). Changes since v4: - Add functions so the powerpc implementation of iomap.c compiles. (As noticed by Horia) Changes since v3: - I noticed powerpc didn't use the appropriate functions seeing readq/writeq were not defined when iomap.h was included. Thus I've included a patch to adjust this - Fixed some mistakes with a couple of the defines in io-64-nonatomic* headers - Fixed a typo noticed by Horia. (earlier versions were drastically different) -- Logan Gunthorpe (9): iomap: Use non-raw io functions for io{read|write}XXbe parisc: iomap: introduce io{read|write}64 powerpc: io.h: move iomap.h include so that it can use readq/writeq defs powerpc: iomap.c: introduce io{read|write}64_{lo_hi|hi_lo} iomap: introduce io{read|write}64_{lo_hi|hi_lo} io-64-nonatomic: add io{read|write}64[be]{_lo_hi|_hi_lo} macros ntb: ntb_hw_intel: use io-64-nonatomic instead of in-driver hacks crypto: caam: cleanup CONFIG_64BIT ifdefs when using io{read|write}64 ntb: ntb_hw_switchtec: Cleanup 64bit IO defines to use the common header arch/parisc/include/asm/io.h | 9 +++ arch/parisc/lib/iomap.c| 64 +++ arch/powerpc/include/asm/io.h | 6 +- arch/powerpc/kernel/iomap.c| 40 ++ drivers/crypto/caam/regs.h | 30 +-- drivers/ntb/hw/intel/ntb_hw_intel.c| 30 +-- drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 36 + include/asm-generic/iomap.h| 26 -- include/linux/io-64-nonatomic-hi-lo.h | 64 +++ include/linux/io-64-nonatomic-lo-hi.h | 64 +++ lib/iomap.c| 140 - 11 files changed, 409 insertions(+), 100 deletions(-) -- 2.11.0
[PATCH v15 7/9] ntb: ntb_hw_intel: use io-64-nonatomic instead of in-driver hacks
Now that ioread64 and iowrite64 are available in io-64-nonatomic, we can remove the hack at the top of ntb_hw_intel.c and replace it with an include. Signed-off-by: Logan GunthorpeReviewed-by: Andy Shevchenko Acked-by: Dave Jiang Acked-by: Allen Hubbe Acked-by: Jon Mason --- drivers/ntb/hw/intel/ntb_hw_intel.c | 30 +- 1 file changed, 1 insertion(+), 29 deletions(-) diff --git a/drivers/ntb/hw/intel/ntb_hw_intel.c b/drivers/ntb/hw/intel/ntb_hw_intel.c index 156b45cd4a19..5cf40ab21366 100644 --- a/drivers/ntb/hw/intel/ntb_hw_intel.c +++ b/drivers/ntb/hw/intel/ntb_hw_intel.c @@ -59,6 +59,7 @@ #include #include #include +#include #include "ntb_hw_intel.h" @@ -149,35 +150,6 @@ MODULE_PARM_DESC(xeon_b2b_dsd_bar5_addr32, static inline enum ntb_topo xeon_ppd_topo(struct intel_ntb_dev *ndev, u8 ppd); static int xeon_init_isr(struct intel_ntb_dev *ndev); -#ifndef ioread64 -#ifdef readq -#define ioread64 readq -#else -#define ioread64 _ioread64 -static inline u64 _ioread64(void __iomem *mmio) -{ - u64 low, high; - - low = ioread32(mmio); - high = ioread32(mmio + sizeof(u32)); - return low | (high << 32); -} -#endif -#endif - -#ifndef iowrite64 -#ifdef writeq -#define iowrite64 writeq -#else -#define iowrite64 _iowrite64 -static inline void _iowrite64(u64 val, void __iomem *mmio) -{ - iowrite32(val, mmio); - iowrite32(val >> 32, mmio + sizeof(u32)); -} -#endif -#endif - static inline int pdev_is_xeon(struct pci_dev *pdev) { switch (pdev->device) { -- 2.11.0
[PATCH v15 1/9] iomap: Use non-raw io functions for io{read|write}XXbe
Fix an asymmetry in the io{read|write}XXbe functions in that the big-endian variants make use of the raw io accessors while the little-endian variants use the regular accessors. Some architectures implement barriers to order against both spinlocks and DMA accesses and for these case, the big-endian variant of the API would not be protected. Thus, change the mmio_be macros to use the appropriate swab() function wrapping the regular accessor. This is similar to what was done for PIO. When this code was originally written, barriers in the IO accessors were not common and the accessors simply wrapped the raw functions in a conversion to CPU endianness. Since then, barriers have been added in some architectures and are now missing in the big endian variant of the API. This also manages to silence a few sparse warnings that check for using the correct endian types which the original code did not annotate correctly. Signed-off-by: Logan GunthorpeCc: Thomas Gleixner Cc: Kate Stewart Cc: Philippe Ombredanne Cc: Greg Kroah-Hartman Cc: Arnd Bergmann Link: http://lkml.kernel.org/r/cak8p3a25zqdxyay3ivv+jmsszs7f6ssgc+hdbkgs54zfvix...@mail.gmail.com --- lib/iomap.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/iomap.c b/lib/iomap.c index 541d926da95e..2c293b22569f 100644 --- a/lib/iomap.c +++ b/lib/iomap.c @@ -65,8 +65,8 @@ static void bad_io_access(unsigned long port, const char *access) #endif #ifndef mmio_read16be -#define mmio_read16be(addr) be16_to_cpu(__raw_readw(addr)) -#define mmio_read32be(addr) be32_to_cpu(__raw_readl(addr)) +#define mmio_read16be(addr) swab16(readw(addr)) +#define mmio_read32be(addr) swab32(readl(addr)) #endif unsigned int ioread8(void __iomem *addr) @@ -106,8 +106,8 @@ EXPORT_SYMBOL(ioread32be); #endif #ifndef mmio_write16be -#define mmio_write16be(val,port) __raw_writew(be16_to_cpu(val),port) -#define mmio_write32be(val,port) __raw_writel(be32_to_cpu(val),port) +#define mmio_write16be(val,port) writew(swab16(val),port) +#define mmio_write32be(val,port) writel(swab32(val),port) #endif void iowrite8(u8 val, void __iomem *addr) -- 2.11.0
[PATCH v15 6/9] io-64-nonatomic: add io{read|write}64[be]{_lo_hi|_hi_lo} macros
This patch adds generic io{read|write}64[be]{_lo_hi|_hi_lo} macros if they are not already defined by the architecture. (As they are provided by the generic iomap library). The patch also points io{read|write}64[be] to the variant specified by the header name. This is because new drivers are encouraged to use ioreadXX, et al instead of readX[1], et al -- and mixing ioreadXX with readq is pretty ugly. [1] LDD3: section 9.4.2 Signed-off-by: Logan GunthorpeReviewed-by: Andy Shevchenko Cc: Christoph Hellwig Cc: Arnd Bergmann Cc: Alan Cox Cc: Greg Kroah-Hartman --- include/linux/io-64-nonatomic-hi-lo.h | 64 +++ include/linux/io-64-nonatomic-lo-hi.h | 64 +++ 2 files changed, 128 insertions(+) diff --git a/include/linux/io-64-nonatomic-hi-lo.h b/include/linux/io-64-nonatomic-hi-lo.h index 862d786a904f..ae21b72cce85 100644 --- a/include/linux/io-64-nonatomic-hi-lo.h +++ b/include/linux/io-64-nonatomic-hi-lo.h @@ -55,4 +55,68 @@ static inline void hi_lo_writeq_relaxed(__u64 val, volatile void __iomem *addr) #define writeq_relaxed hi_lo_writeq_relaxed #endif +#ifndef ioread64_hi_lo +#define ioread64_hi_lo ioread64_hi_lo +static inline u64 ioread64_hi_lo(void __iomem *addr) +{ + u32 low, high; + + high = ioread32(addr + sizeof(u32)); + low = ioread32(addr); + + return low + ((u64)high << 32); +} +#endif + +#ifndef iowrite64_hi_lo +#define iowrite64_hi_lo iowrite64_hi_lo +static inline void iowrite64_hi_lo(u64 val, void __iomem *addr) +{ + iowrite32(val >> 32, addr + sizeof(u32)); + iowrite32(val, addr); +} +#endif + +#ifndef ioread64be_hi_lo +#define ioread64be_hi_lo ioread64be_hi_lo +static inline u64 ioread64be_hi_lo(void __iomem *addr) +{ + u32 low, high; + + high = ioread32be(addr); + low = ioread32be(addr + sizeof(u32)); + + return low + ((u64)high << 32); +} +#endif + +#ifndef iowrite64be_hi_lo +#define iowrite64be_hi_lo iowrite64be_hi_lo +static inline void iowrite64be_hi_lo(u64 val, void __iomem *addr) +{ + iowrite32be(val >> 32, addr); + iowrite32be(val, addr + sizeof(u32)); +} +#endif + +#ifndef ioread64 +#define ioread64_is_nonatomic +#define ioread64 ioread64_hi_lo +#endif + +#ifndef iowrite64 +#define iowrite64_is_nonatomic +#define iowrite64 iowrite64_hi_lo +#endif + +#ifndef ioread64be +#define ioread64be_is_nonatomic +#define ioread64be ioread64be_hi_lo +#endif + +#ifndef iowrite64be +#define iowrite64be_is_nonatomic +#define iowrite64be iowrite64be_hi_lo +#endif + #endif /* _LINUX_IO_64_NONATOMIC_HI_LO_H_ */ diff --git a/include/linux/io-64-nonatomic-lo-hi.h b/include/linux/io-64-nonatomic-lo-hi.h index d042e7bb5adb..faaa842dbdb9 100644 --- a/include/linux/io-64-nonatomic-lo-hi.h +++ b/include/linux/io-64-nonatomic-lo-hi.h @@ -55,4 +55,68 @@ static inline void lo_hi_writeq_relaxed(__u64 val, volatile void __iomem *addr) #define writeq_relaxed lo_hi_writeq_relaxed #endif +#ifndef ioread64_lo_hi +#define ioread64_lo_hi ioread64_lo_hi +static inline u64 ioread64_lo_hi(void __iomem *addr) +{ + u32 low, high; + + low = ioread32(addr); + high = ioread32(addr + sizeof(u32)); + + return low + ((u64)high << 32); +} +#endif + +#ifndef iowrite64_lo_hi +#define iowrite64_lo_hi iowrite64_lo_hi +static inline void iowrite64_lo_hi(u64 val, void __iomem *addr) +{ + iowrite32(val, addr); + iowrite32(val >> 32, addr + sizeof(u32)); +} +#endif + +#ifndef ioread64be_lo_hi +#define ioread64be_lo_hi ioread64be_lo_hi +static inline u64 ioread64be_lo_hi(void __iomem *addr) +{ + u32 low, high; + + low = ioread32be(addr + sizeof(u32)); + high = ioread32be(addr); + + return low + ((u64)high << 32); +} +#endif + +#ifndef iowrite64be_lo_hi +#define iowrite64be_lo_hi iowrite64be_lo_hi +static inline void iowrite64be_lo_hi(u64 val, void __iomem *addr) +{ + iowrite32be(val, addr + sizeof(u32)); + iowrite32be(val >> 32, addr); +} +#endif + +#ifndef ioread64 +#define ioread64_is_nonatomic +#define ioread64 ioread64_lo_hi +#endif + +#ifndef iowrite64 +#define iowrite64_is_nonatomic +#define iowrite64 iowrite64_lo_hi +#endif + +#ifndef ioread64be +#define ioread64be_is_nonatomic +#define ioread64be ioread64be_lo_hi +#endif + +#ifndef iowrite64be +#define iowrite64be_is_nonatomic +#define iowrite64be iowrite64be_lo_hi +#endif + #endif /* _LINUX_IO_64_NONATOMIC_LO_HI_H_ */ -- 2.11.0
[PATCH v15 8/9] crypto: caam: cleanup CONFIG_64BIT ifdefs when using io{read|write}64
Clean up the extra ifdefs which defined the wr_reg64 and rd_reg64 functions in non-64bit cases in favour of the new common io-64-nonatomic-lo-hi header. To be consistent with CAAM engine HW spec: in case of 64-bit registers, irrespective of device endianness, the lower address should be read from / written to first, followed by the upper address. Indeed the I/O accessors in CAAM driver currently don't follow the spec, however this is a good opportunity to fix the code. Signed-off-by: Logan GunthorpeReviewed-by: Horia Geantă Reviewed-by: Andy Shevchenko Cc: Dan Douglass Cc: Herbert Xu Cc: "David S. Miller" --- drivers/crypto/caam/regs.h | 30 +++--- 1 file changed, 3 insertions(+), 27 deletions(-) diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h index fee363865d88..f887b371040f 100644 --- a/drivers/crypto/caam/regs.h +++ b/drivers/crypto/caam/regs.h @@ -10,7 +10,7 @@ #include #include -#include +#include /* * Architecture-specific register access methods @@ -136,10 +136,9 @@ static inline void clrsetbits_32(void __iomem *reg, u32 clear, u32 set) *base + 0x : least-significant 32 bits *base + 0x0004 : most-significant 32 bits */ -#ifdef CONFIG_64BIT static inline void wr_reg64(void __iomem *reg, u64 data) { - if (caam_little_end) + if (!caam_imx && caam_little_end) iowrite64(data, reg); else iowrite64be(data, reg); @@ -147,35 +146,12 @@ static inline void wr_reg64(void __iomem *reg, u64 data) static inline u64 rd_reg64(void __iomem *reg) { - if (caam_little_end) + if (!caam_imx && caam_little_end) return ioread64(reg); else return ioread64be(reg); } -#else /* CONFIG_64BIT */ -static inline void wr_reg64(void __iomem *reg, u64 data) -{ - if (!caam_imx && caam_little_end) { - wr_reg32((u32 __iomem *)(reg) + 1, data >> 32); - wr_reg32((u32 __iomem *)(reg), data); - } else { - wr_reg32((u32 __iomem *)(reg), data >> 32); - wr_reg32((u32 __iomem *)(reg) + 1, data); - } -} - -static inline u64 rd_reg64(void __iomem *reg) -{ - if (!caam_imx && caam_little_end) - return ((u64)rd_reg32((u32 __iomem *)(reg) + 1) << 32 | - (u64)rd_reg32((u32 __iomem *)(reg))); - - return ((u64)rd_reg32((u32 __iomem *)(reg)) << 32 | - (u64)rd_reg32((u32 __iomem *)(reg) + 1)); -} -#endif /* CONFIG_64BIT */ - static inline u64 cpu_to_caam_dma64(dma_addr_t value) { if (caam_imx) -- 2.11.0
[PATCH v15 3/9] powerpc: io.h: move iomap.h include so that it can use readq/writeq defs
Subsequent patches in this series makes use of the readq and writeq defines in iomap.h. However, as is, they get missed on the powerpc platform seeing the include comes before the define. This patch moves the include down to fix this. Signed-off-by: Logan GunthorpeAcked-by: Michael Ellerman Reviewed-by: Andy Shevchenko Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Nicholas Piggin Cc: Suresh Warrier Cc: "Oliver O'Halloran" --- arch/powerpc/include/asm/io.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/io.h b/arch/powerpc/include/asm/io.h index 422f99cf9924..af074923d598 100644 --- a/arch/powerpc/include/asm/io.h +++ b/arch/powerpc/include/asm/io.h @@ -33,8 +33,6 @@ extern struct pci_dev *isa_bridge_pcidev; #include #include -#include - #ifdef CONFIG_PPC64 #include #endif @@ -663,6 +661,8 @@ static inline void name at \ #define writel_relaxed(v, addr)writel(v, addr) #define writeq_relaxed(v, addr)writeq(v, addr) +#include + #ifdef CONFIG_PPC32 #define mmiowb() #else -- 2.11.0
[PATCH v15 5/9] iomap: introduce io{read|write}64_{lo_hi|hi_lo}
In order to provide non-atomic functions for io{read|write}64 that will use readq and writeq when appropriate. We define a number of variants of these functions in the generic iomap that will do non-atomic operations on pio but atomic operations on mmio. These functions are only defined if readq and writeq are defined. If they are not, then the wrappers that always use non-atomic operations from include/linux/io-64-nonatomic*.h will be used. Signed-off-by: Logan GunthorpeReviewed-by: Andy Shevchenko Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Arnd Bergmann Cc: Suresh Warrier Cc: Nicholas Piggin --- arch/powerpc/include/asm/io.h | 2 + include/asm-generic/iomap.h | 26 +++-- lib/iomap.c | 132 ++ 3 files changed, 154 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/include/asm/io.h b/arch/powerpc/include/asm/io.h index af074923d598..4cc420cfaa78 100644 --- a/arch/powerpc/include/asm/io.h +++ b/arch/powerpc/include/asm/io.h @@ -788,8 +788,10 @@ extern void __iounmap_at(void *ea, unsigned long size); #define mmio_read16be(addr)readw_be(addr) #define mmio_read32be(addr)readl_be(addr) +#define mmio_read64be(addr)readq_be(addr) #define mmio_write16be(val, addr) writew_be(val, addr) #define mmio_write32be(val, addr) writel_be(val, addr) +#define mmio_write64be(val, addr) writeq_be(val, addr) #define mmio_insb(addr, dst, count)readsb(addr, dst, count) #define mmio_insw(addr, dst, count)readsw(addr, dst, count) #define mmio_insl(addr, dst, count)readsl(addr, dst, count) diff --git a/include/asm-generic/iomap.h b/include/asm-generic/iomap.h index 5b63b94ef6b5..5a4af0199b32 100644 --- a/include/asm-generic/iomap.h +++ b/include/asm-generic/iomap.h @@ -31,9 +31,16 @@ extern unsigned int ioread16(void __iomem *); extern unsigned int ioread16be(void __iomem *); extern unsigned int ioread32(void __iomem *); extern unsigned int ioread32be(void __iomem *); -#ifdef CONFIG_64BIT -extern u64 ioread64(void __iomem *); -extern u64 ioread64be(void __iomem *); + +#ifdef readq +#define ioread64_lo_hi ioread64_lo_hi +#define ioread64_hi_lo ioread64_hi_lo +#define ioread64be_lo_hi ioread64be_lo_hi +#define ioread64be_hi_lo ioread64be_hi_lo +extern u64 ioread64_lo_hi(void __iomem *addr); +extern u64 ioread64_hi_lo(void __iomem *addr); +extern u64 ioread64be_lo_hi(void __iomem *addr); +extern u64 ioread64be_hi_lo(void __iomem *addr); #endif extern void iowrite8(u8, void __iomem *); @@ -41,9 +48,16 @@ extern void iowrite16(u16, void __iomem *); extern void iowrite16be(u16, void __iomem *); extern void iowrite32(u32, void __iomem *); extern void iowrite32be(u32, void __iomem *); -#ifdef CONFIG_64BIT -extern void iowrite64(u64, void __iomem *); -extern void iowrite64be(u64, void __iomem *); + +#ifdef writeq +#define iowrite64_lo_hi iowrite64_lo_hi +#define iowrite64_hi_lo iowrite64_hi_lo +#define iowrite64be_lo_hi iowrite64be_lo_hi +#define iowrite64be_hi_lo iowrite64be_hi_lo +extern void iowrite64_lo_hi(u64 val, void __iomem *addr); +extern void iowrite64_hi_lo(u64 val, void __iomem *addr); +extern void iowrite64be_lo_hi(u64 val, void __iomem *addr); +extern void iowrite64be_hi_lo(u64 val, void __iomem *addr); #endif /* diff --git a/lib/iomap.c b/lib/iomap.c index 2c293b22569f..e909ab71e995 100644 --- a/lib/iomap.c +++ b/lib/iomap.c @@ -67,6 +67,7 @@ static void bad_io_access(unsigned long port, const char *access) #ifndef mmio_read16be #define mmio_read16be(addr) swab16(readw(addr)) #define mmio_read32be(addr) swab32(readl(addr)) +#define mmio_read64be(addr) swab64(readq(addr)) #endif unsigned int ioread8(void __iomem *addr) @@ -100,6 +101,80 @@ EXPORT_SYMBOL(ioread16be); EXPORT_SYMBOL(ioread32); EXPORT_SYMBOL(ioread32be); +#ifdef readq +static u64 pio_read64_lo_hi(unsigned long port) +{ + u64 lo, hi; + + lo = inl(port); + hi = inl(port + sizeof(u32)); + + return lo | (hi << 32); +} + +static u64 pio_read64_hi_lo(unsigned long port) +{ + u64 lo, hi; + + hi = inl(port + sizeof(u32)); + lo = inl(port); + + return lo | (hi << 32); +} + +static u64 pio_read64be_lo_hi(unsigned long port) +{ + u64 lo, hi; + + lo = pio_read32be(port + sizeof(u32)); + hi = pio_read32be(port); + + return lo | (hi << 32); +} + +static u64 pio_read64be_hi_lo(unsigned long port) +{ + u64 lo, hi; + + hi = pio_read32be(port); + lo = pio_read32be(port + sizeof(u32)); + + return lo | (hi << 32); +} + +u64 ioread64_lo_hi(void __iomem *addr) +{ + IO_COND(addr, return pio_read64_lo_hi(port), return readq(addr)); + return 0xULL; +} + +u64 ioread64_hi_lo(void __iomem
[PATCH v15 4/9] powerpc: iomap.c: introduce io{read|write}64_{lo_hi|hi_lo}
These functions will be introduced into the generic iomap.c so they can deal with PIO accesses in hi-lo/lo-hi variants. Thus, the powerpc version of iomap.c will need to provide the same functions even though, in this arch, they are identical to the regular io{read|write}64 functions. Signed-off-by: Logan GunthorpeTested-by: Horia Geantă Reviewed-by: Andy Shevchenko Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman --- arch/powerpc/kernel/iomap.c | 40 1 file changed, 40 insertions(+) diff --git a/arch/powerpc/kernel/iomap.c b/arch/powerpc/kernel/iomap.c index aab456ed2a00..5ac84efc6ede 100644 --- a/arch/powerpc/kernel/iomap.c +++ b/arch/powerpc/kernel/iomap.c @@ -45,12 +45,32 @@ u64 ioread64(void __iomem *addr) { return readq(addr); } +u64 ioread64_lo_hi(void __iomem *addr) +{ + return readq(addr); +} +u64 ioread64_hi_lo(void __iomem *addr) +{ + return readq(addr); +} u64 ioread64be(void __iomem *addr) { return readq_be(addr); } +u64 ioread64be_lo_hi(void __iomem *addr) +{ + return readq_be(addr); +} +u64 ioread64be_hi_lo(void __iomem *addr) +{ + return readq_be(addr); +} EXPORT_SYMBOL(ioread64); +EXPORT_SYMBOL(ioread64_lo_hi); +EXPORT_SYMBOL(ioread64_hi_lo); EXPORT_SYMBOL(ioread64be); +EXPORT_SYMBOL(ioread64be_lo_hi); +EXPORT_SYMBOL(ioread64be_hi_lo); #endif /* __powerpc64__ */ void iowrite8(u8 val, void __iomem *addr) @@ -83,12 +103,32 @@ void iowrite64(u64 val, void __iomem *addr) { writeq(val, addr); } +void iowrite64_lo_hi(u64 val, void __iomem *addr) +{ + writeq(val, addr); +} +void iowrite64_hi_lo(u64 val, void __iomem *addr) +{ + writeq(val, addr); +} void iowrite64be(u64 val, void __iomem *addr) { writeq_be(val, addr); } +void iowrite64be_lo_hi(u64 val, void __iomem *addr) +{ + writeq_be(val, addr); +} +void iowrite64be_hi_lo(u64 val, void __iomem *addr) +{ + writeq_be(val, addr); +} EXPORT_SYMBOL(iowrite64); +EXPORT_SYMBOL(iowrite64_lo_hi); +EXPORT_SYMBOL(iowrite64_hi_lo); EXPORT_SYMBOL(iowrite64be); +EXPORT_SYMBOL(iowrite64be_lo_hi); +EXPORT_SYMBOL(iowrite64be_hi_lo); #endif /* __powerpc64__ */ /* -- 2.11.0
My name is Charles Koch Foundation,
My name is Charles Koch Foundation, A philanthropist the CEO and Chairman of the Charles Koch Foundation Charitable Foundation, one of the largest private foundations in the world. I believe strongly in‘giving while living' I had one idea that never changed in my mind - that you should use your wealth to help people and i have decided to secretly give {$1,500,000.00} to randomly selected individuals worldwide. On receipt of this email, you should count yourself as the lucky individual. Your email address was chosen online while searching at random. Kindly get back to me at your earliest convenience, so I know your email address is valid. (charleskoch...@gmail.com) Email me Visit the web page to know more about me: http://www.charleskochfoundation.org/ Regards, Charles Koch.
Re: [PATCH v13 net-next 02/12] ethtool: enable Inline TLS in HW
2018-03-27, 23:06:31 +0530, Atul Gupta wrote: > Ethtool option enables TLS record offload on HW, user > configures the feature for netdev capable of Inline TLS. > This allows user to define custom sk_prot for Inline TLS sock > > Signed-off-by: Atul Gupta> Reviewed-by: Sabrina Dubroca uh, what? I definitely didn't give my "Reviewed-by" for any of these patches. Please never do that again. -- Sabrina
HI
-- Greeting, once again is me Lucy Boston this is twice am contacting you please is very urgent respond to me for more details through my. Email: dr.lucybos...@gmail.com
Re: [PATCH v13 net-next 01/12] tls: support for Inline tls record
On Tue, 27 Mar 2018 23:06:30 +0530 Atul Guptawrote: > +static struct tls_context *create_ctx(struct sock *sk) > +{ > + struct inet_connection_sock *icsk = inet_csk(sk); > + struct tls_context *ctx; > + > + /* allocate tls context */ > + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); > + if (!ctx) > + return NULL; > + > + icsk->icsk_ulp_data = ctx; > + return ctx; > +} > > [...] > > static int tls_init(struct sock *sk) > { > int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4; > - struct inet_connection_sock *icsk = inet_csk(sk); > struct tls_context *ctx; > int rc = 0; > > + if (tls_hw_prot(sk)) > + goto out; > + > /* The TLS ulp is currently supported only for TCP sockets >* in ESTABLISHED state. >* Supporting sockets in LISTEN state will require us > @@ -530,12 +624,11 @@ static int tls_init(struct sock *sk) > return -ENOTSUPP; > > /* allocate tls context */ > - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); > + ctx = create_ctx(sk); > if (!ctx) { > rc = -ENOMEM; > goto out; > } > - icsk->icsk_ulp_data = ctx; Why are you changing this? This is now equivalent to the original implementation, except that you are "hiding" the assignment of icsk->icsk_ulp_data into a function named "create_ctx". Please also note that you are duplicating the "allocate tls context" comment. -- Stefano
Re: [PATCH v13 net-next 07/12] crypto: chtls - Program the TLS session Key
On Tue, 27 Mar 2018 23:06:36 +0530 Atul Guptawrote: > +static void __set_tcb_field(struct sock *sk, struct sk_buff *skb, u16 word, > + u64 mask, u64 val, u8 cookie, int no_reply) > +{ > + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); > + struct cpl_set_tcb_field *req; > + struct ulptx_idata *sc; > + unsigned int wrlen = roundup(sizeof(*req) + sizeof(*sc), 16); Please use reverse christmas tree style for variable declarations. If needed, do the assignments later on. > [...] > > +static int chtls_set_tcb_field(struct sock *sk, u16 word, u64 mask, u64 val) > +{ > + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); > + struct cpl_set_tcb_field *req; > + struct ulptx_idata *sc; > + struct sk_buff *skb; > + int ret; > + unsigned int wrlen = roundup(sizeof(*req) + sizeof(*sc), 16); > + unsigned int credits_needed = DIV_ROUND_UP(wrlen, 16); Same here. > [...] > > +static int get_new_keyid(struct chtls_sock *csk, u32 optname) > +{ > + struct chtls_hws *hws = >tlshws; > + struct net_device *dev = csk->egress_dev; > + struct adapter *adap = netdev2adap(dev); > + struct chtls_dev *cdev = csk->cdev; > + int keyid; Same here. > + > + spin_lock_bh(>kmap.lock); > + keyid = find_first_zero_bit(cdev->kmap.addr, cdev->kmap.size); > + if (keyid < cdev->kmap.size) { > + __set_bit(keyid, cdev->kmap.addr); > + if (optname == TLS_RX) > + hws->rxkey = keyid; > + else > + hws->txkey = keyid; > + atomic_inc(>chcr_stats.tls_key); > + } else { > + keyid = -1; > + } > + spin_unlock_bh(>kmap.lock); > + return keyid; > +} > + > +void free_tls_keyid(struct sock *sk) > +{ > + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); > + struct net_device *dev = csk->egress_dev; > + struct adapter *adap = netdev2adap(dev); > + struct chtls_dev *cdev = csk->cdev; > + struct chtls_hws *hws = >tlshws; Same here. > [...] > > +static int chtls_key_info(struct chtls_sock *csk, > + struct _key_ctx *kctx, > + u32 keylen, u32 optname) > +{ > + unsigned char key[CHCR_KEYCTX_CIPHER_KEY_SIZE_256]; > + struct crypto_cipher *cipher; > + struct tls12_crypto_info_aes_gcm_128 *gcm_ctx = > + (struct tls12_crypto_info_aes_gcm_128 *) > + >tlshws.crypto_info; > + unsigned char ghash_h[AEAD_H_SIZE]; > + int ck_size, key_ctx_size; > + int ret; Same here. > [...] > > +int chtls_setkey(struct chtls_sock *csk, u32 keylen, u32 optname) > +{ > + struct chtls_dev *cdev = csk->cdev; > + struct sock *sk = csk->sk; > + struct tls_key_req *kwr; > + struct _key_ctx *kctx; > + struct sk_buff *skb; > + int wrlen, klen, len; > + int keyid; > + int kaddr; > + int ret = 0; Same here. > [...] -- Stefano
Re: [PATCH v13 net-next 09/12] crypto: chtls - Inline TLS record Tx
On Tue, 27 Mar 2018 23:06:38 +0530 Atul Guptawrote: > +static u8 tcp_state_to_flowc_state(u8 state) > +{ > + u8 ret = FW_FLOWC_MNEM_TCPSTATE_ESTABLISHED; > + > + switch (state) { > + case TCP_ESTABLISHED: > + ret = FW_FLOWC_MNEM_TCPSTATE_ESTABLISHED; > + break; > + case TCP_CLOSE_WAIT: > + ret = FW_FLOWC_MNEM_TCPSTATE_CLOSEWAIT; > + break; > + case TCP_FIN_WAIT1: > + ret = FW_FLOWC_MNEM_TCPSTATE_FINWAIT1; > + break; > + case TCP_CLOSING: > + ret = FW_FLOWC_MNEM_TCPSTATE_CLOSING; > + break; > + case TCP_LAST_ACK: > + ret = FW_FLOWC_MNEM_TCPSTATE_LASTACK; > + break; > + case TCP_FIN_WAIT2: > + ret = FW_FLOWC_MNEM_TCPSTATE_FINWAIT2; > + break; Can't you just return those values right away instead? > [...] > > +static u64 tlstx_seq_number(struct chtls_hws *hws) > +{ > + return hws->tx_seq_no++; > +} The name of this function, as I also had commented earlier, is misleading, because you are also incrementing the sequence number. > [...] > > +static void mark_urg(struct tcp_sock *tp, int flags, > + struct sk_buff *skb) > +{ > + if (unlikely(flags & MSG_OOB)) { > + tp->snd_up = tp->write_seq; > + ULP_SKB_CB(skb)->flags = ULPCB_FLAG_URG | > + ULPCB_FLAG_BARRIER | > + ULPCB_FLAG_NO_APPEND | > + ULPCB_FLAG_NEED_HDR; Is this indentation the result of a previous 'if' clause which is now gone? > [...] > > +/* > + * Returns true if a TCP socket is corked. > + */ > +static int corked(const struct tcp_sock *tp, int flags) > +{ > + return (flags & MSG_MORE) | (tp->nonagle & TCP_NAGLE_CORK); I guess you meant || here. Shouldn't this be a bool? > +} > + > +/* > + * Returns true if a send should try to push new data. > + */ > +static int send_should_push(struct sock *sk, int flags) > +{ > + return should_push(sk) && !corked(tcp_sk(sk), flags); > +} If it returns true, I guess it should be a bool. > [...] -- Stefano
Re: [PATCH v13 net-next 08/12] crypto : chtls - CPL handler definition
On Tue, 27 Mar 2018 23:06:37 +0530 Atul Guptawrote: > Exchange messages with hardware to program the TLS session > CPL handlers for messages received from chip. > > Signed-off-by: Atul Gupta > Signed-off-by: Michael Werner > Reviewed-by: Sabrina Dubroca > Reviewed-by: Stefano Brivio No, I haven't. -- Stefano
Re: [PATCH v13 net-next 09/12] crypto: chtls - Inline TLS record Tx
On Tue, 27 Mar 2018 23:06:38 +0530 Atul Guptawrote: > TLS handler for record transmit. > Create Inline TLS work request and post to FW. > Create Inline TLS record CPLs for hardware > > Signed-off-by: Atul Gupta > Signed-off-by: Michael Werner > Reviewed-by: Stefano Brivio Absolutely not. -- Stefano
Re: [PATCH v13 net-next 07/12] crypto: chtls - Program the TLS session Key
On Tue, 27 Mar 2018 23:06:36 +0530 Atul Guptawrote: > Initialize the space reserved for storing the TLS keys, > get and free the location where key is stored for the TLS > connection. > Program the Tx and Rx key as received from user in > struct tls12_crypto_info_aes_gcm_128 and understood by hardware. > added socket option TLS_RX > > Signed-off-by: Atul Gupta > Reviewed-by: Sabrina Dubroca > Reviewed-by: Stefano Brivio Nope, sorry. -- Stefano
[PATCH v13 net-next 10/12] crypto: chtls - Inline TLS record Rx
handler for record receive. plain text copied to user buffer Signed-off-by: Atul GuptaSigned-off-by: Michael Werner --- drivers/crypto/chelsio/chtls/chtls_io.c | 592 1 file changed, 592 insertions(+) diff --git a/drivers/crypto/chelsio/chtls/chtls_io.c b/drivers/crypto/chelsio/chtls/chtls_io.c index b0e7ee1..e5fcae5 100644 --- a/drivers/crypto/chelsio/chtls/chtls_io.c +++ b/drivers/crypto/chelsio/chtls/chtls_io.c @@ -1226,3 +1226,595 @@ int chtls_sendpage(struct sock *sk, struct page *page, copied = sk_stream_error(sk, flags, err); goto done; } + +static void chtls_select_window(struct sock *sk) +{ + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); + struct tcp_sock *tp = tcp_sk(sk); + unsigned int wnd = tp->rcv_wnd; + + wnd = max_t(unsigned int, wnd, tcp_full_space(sk)); + wnd = max_t(unsigned int, MIN_RCV_WND, wnd); + + if (wnd > MAX_RCV_WND) + wnd = MAX_RCV_WND; + +/* + * Check if we need to grow the receive window in response to an increase in + * the socket's receive buffer size. Some applications increase the buffer + * size dynamically and rely on the window to grow accordingly. + */ + + if (wnd > tp->rcv_wnd) { + tp->rcv_wup -= wnd - tp->rcv_wnd; + tp->rcv_wnd = wnd; + /* Mark the receive window as updated */ + csk_reset_flag(csk, CSK_UPDATE_RCV_WND); + } +} + +/* + * Send RX credits through an RX_DATA_ACK CPL message. We are permitted + * to return without sending the message in case we cannot allocate + * an sk_buff. Returns the number of credits sent. + */ +static u32 send_rx_credits(struct chtls_sock *csk, u32 credits) +{ + struct cpl_rx_data_ack *req; + struct sk_buff *skb; + + skb = alloc_skb(sizeof(*req), GFP_ATOMIC); + if (!skb) + return 0; + __skb_put(skb, sizeof(*req)); + req = (struct cpl_rx_data_ack *)skb->head; + + set_wr_txq(skb, CPL_PRIORITY_ACK, csk->port_id); + INIT_TP_WR(req, csk->tid); + OPCODE_TID(req) = cpu_to_be32(MK_OPCODE_TID(CPL_RX_DATA_ACK, + csk->tid)); + req->credit_dack = cpu_to_be32(RX_CREDITS_V(credits) | + RX_FORCE_ACK_F); + cxgb4_ofld_send(csk->cdev->ports[csk->port_id], skb); + return credits; +} + +#define CREDIT_RETURN_STATE (TCPF_ESTABLISHED | \ +TCPF_FIN_WAIT1 | \ +TCPF_FIN_WAIT2) + +/* + * Called after some received data has been read. It returns RX credits + * to the HW for the amount of data processed. + */ +static void chtls_cleanup_rbuf(struct sock *sk, int copied) +{ + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); + u32 thres = 15 * 1024; + struct tcp_sock *tp; + int must_send; + u32 credits; + + if (!sk_in_state(sk, CREDIT_RETURN_STATE)) + return; + + chtls_select_window(sk); + tp = tcp_sk(sk); + credits = tp->copied_seq - tp->rcv_wup; + if (unlikely(!credits)) + return; + +/* + * For coalescing to work effectively ensure the receive window has + * at least 16KB left. + */ + must_send = credits + 16384 >= tp->rcv_wnd; + + if (must_send || credits >= thres) + tp->rcv_wup += send_rx_credits(csk, credits); +} + +static int chtls_pt_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, + int nonblock, int flags, int *addr_len) +{ + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); + struct net_device *dev = csk->egress_dev; + struct adapter *adap = netdev2adap(dev); + struct chtls_hws *hws = >tlshws; + int copied = 0, buffers_freed = 0; + struct tcp_sock *tp = tcp_sk(sk); + unsigned long avail; + int request; + int target; + long timeo; + + timeo = sock_rcvtimeo(sk, nonblock); + target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); + request = len; + + if (unlikely(csk_flag(sk, CSK_UPDATE_RCV_WND))) + chtls_cleanup_rbuf(sk, copied); + + do { + struct sk_buff *skb; + u32 offset = 0; + + if (unlikely(tp->urg_data && +tp->urg_seq == tp->copied_seq)) { + if (copied) + break; + if (signal_pending(current)) { + copied = timeo ? sock_intr_errno(timeo) : + -EAGAIN; + break; + } + } + skb = skb_peek(>sk_receive_queue); + if (skb) + goto found_ok_skb; + if (csk->wr_credits && +
[PATCH v13 net-next 12/12] crypto: chtls - Makefile Kconfig
Entry for Inline TLS as another driver dependent on cxgb4 and chcr Signed-off-by: Atul Gupta--- drivers/crypto/chelsio/Kconfig| 11 +++ drivers/crypto/chelsio/Makefile | 1 + drivers/crypto/chelsio/chtls/Makefile | 4 3 files changed, 16 insertions(+) create mode 100644 drivers/crypto/chelsio/chtls/Makefile diff --git a/drivers/crypto/chelsio/Kconfig b/drivers/crypto/chelsio/Kconfig index 5ae9f87..930d82d 100644 --- a/drivers/crypto/chelsio/Kconfig +++ b/drivers/crypto/chelsio/Kconfig @@ -29,3 +29,14 @@ config CHELSIO_IPSEC_INLINE default n ---help--- Enable support for IPSec Tx Inline. + +config CRYPTO_DEV_CHELSIO_TLS +tristate "Chelsio Crypto Inline TLS Driver" +depends on CHELSIO_T4 +depends on TLS +select CRYPTO_DEV_CHELSIO +---help--- + Support Chelsio Inline TLS with Chelsio crypto accelerator. + + To compile this driver as a module, choose M here: the module + will be called chtls. diff --git a/drivers/crypto/chelsio/Makefile b/drivers/crypto/chelsio/Makefile index eaecaf1..639e571 100644 --- a/drivers/crypto/chelsio/Makefile +++ b/drivers/crypto/chelsio/Makefile @@ -3,3 +3,4 @@ ccflags-y := -Idrivers/net/ethernet/chelsio/cxgb4 obj-$(CONFIG_CRYPTO_DEV_CHELSIO) += chcr.o chcr-objs := chcr_core.o chcr_algo.o chcr-$(CONFIG_CHELSIO_IPSEC_INLINE) += chcr_ipsec.o +obj-$(CONFIG_CRYPTO_DEV_CHELSIO_TLS) += chtls/ diff --git a/drivers/crypto/chelsio/chtls/Makefile b/drivers/crypto/chelsio/chtls/Makefile new file mode 100644 index 000..df13795 --- /dev/null +++ b/drivers/crypto/chelsio/chtls/Makefile @@ -0,0 +1,4 @@ +ccflags-y := -Idrivers/net/ethernet/chelsio/cxgb4 -Idrivers/crypto/chelsio/ + +obj-$(CONFIG_CRYPTO_DEV_CHELSIO_TLS) += chtls.o +chtls-objs := chtls_main.o chtls_cm.o chtls_io.o chtls_hw.o -- 1.8.3.1
[PATCH v13 net-next 11/12] crypto: chtls - Register chtls with net tls
Register chtls as Inline TLS driver, chtls is ULD to cxgb4. Setsockopt to program (tx/rx) keys on chip. Support AES GCM of key size 128. Support both Inline Rx and Tx. Signed-off-by: Atul GuptaReviewed-by: Casey Leedom Reviewed-by: Michael Werner --- drivers/crypto/chelsio/chtls/chtls_main.c | 564 ++ 1 file changed, 564 insertions(+) create mode 100644 drivers/crypto/chelsio/chtls/chtls_main.c diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c new file mode 100644 index 000..642e864 --- /dev/null +++ b/drivers/crypto/chelsio/chtls/chtls_main.c @@ -0,0 +1,564 @@ +/* + * Copyright (c) 2018 Chelsio Communications, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Written by: Atul Gupta (atul.gu...@chelsio.com) + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "chtls.h" +#include "chtls_cm.h" + +#define DRV_NAME "chtls" + +/* + * chtls device management + * maintains a list of the chtls devices + */ +static LIST_HEAD(cdev_list); +static DEFINE_MUTEX(cdev_mutex); +static DEFINE_MUTEX(cdev_list_lock); + +static DEFINE_MUTEX(notify_mutex); +static RAW_NOTIFIER_HEAD(listen_notify_list); +static struct proto chtls_cpl_prot; +struct request_sock_ops chtls_rsk_ops; +static uint send_page_order = (14 - PAGE_SHIFT < 0) ? 0 : 14 - PAGE_SHIFT; + +static void register_listen_notifier(struct notifier_block *nb) +{ + mutex_lock(_mutex); + raw_notifier_chain_register(_notify_list, nb); + mutex_unlock(_mutex); +} + +static void unregister_listen_notifier(struct notifier_block *nb) +{ + mutex_lock(_mutex); + raw_notifier_chain_unregister(_notify_list, nb); + mutex_unlock(_mutex); +} + +static int listen_notify_handler(struct notifier_block *this, +unsigned long event, void *data) +{ + struct sock *sk = data; + struct chtls_dev *cdev; + int ret = NOTIFY_DONE; + + switch (event) { + case CHTLS_LISTEN_START: + case CHTLS_LISTEN_STOP: + mutex_lock(_list_lock); + list_for_each_entry(cdev, _list, list) { + if (event == CHTLS_LISTEN_START) + ret = chtls_listen_start(cdev, sk); + else + chtls_listen_stop(cdev, sk); + } + mutex_unlock(_list_lock); + break; + } + return ret; +} + +static struct notifier_block listen_notifier = { + .notifier_call = listen_notify_handler +}; + +static int listen_backlog_rcv(struct sock *sk, struct sk_buff *skb) +{ + if (likely(skb_transport_header(skb) != skb_network_header(skb))) + return tcp_v4_do_rcv(sk, skb); + BLOG_SKB_CB(skb)->backlog_rcv(sk, skb); + return 0; +} + +static int chtls_start_listen(struct sock *sk) +{ + int err; + + if (sk->sk_protocol != IPPROTO_TCP) + return -EPROTONOSUPPORT; + + if (sk->sk_family == PF_INET && + LOOPBACK(inet_sk(sk)->inet_rcv_saddr)) + return -EADDRNOTAVAIL; + + sk->sk_backlog_rcv = listen_backlog_rcv; + mutex_lock(_mutex); + err = raw_notifier_call_chain(_notify_list, + CHTLS_LISTEN_START, sk); + mutex_unlock(_mutex); + return err; +} + +static void chtls_stop_listen(struct sock *sk) +{ + if (sk->sk_protocol != IPPROTO_TCP) + return; + + mutex_lock(_mutex); + raw_notifier_call_chain(_notify_list, + CHTLS_LISTEN_STOP, sk); + mutex_unlock(_mutex); +} + +static int chtls_inline_feature(struct tls_device *dev) +{ + struct chtls_dev *cdev = to_chtls_dev(dev); + struct net_device *netdev; + int i; + + for (i = 0; i < cdev->lldi->nports; i++) { + netdev = cdev->ports[i]; + if (netdev->features & NETIF_F_HW_TLS_RECORD) + return 1; + } + return 0; +} + +static int chtls_create_hash(struct tls_device *dev, struct sock *sk) +{ + if (sk->sk_state == TCP_LISTEN) + return chtls_start_listen(sk); + return 0; +} + +static void chtls_destroy_hash(struct tls_device *dev, struct sock *sk) +{ + if (sk->sk_state == TCP_LISTEN) + chtls_stop_listen(sk); +} + +static void chtls_register_dev(struct chtls_dev *cdev) +{ + struct tls_device *tlsdev = >tlsdev; + + strlcpy(tlsdev->name, "chtls", TLS_DEVICE_NAME_MAX); + strlcat(tlsdev->name, cdev->lldi->ports[0]->name, + TLS_DEVICE_NAME_MAX); + tlsdev->feature =
[PATCH v13 net-next 09/12] crypto: chtls - Inline TLS record Tx
TLS handler for record transmit. Create Inline TLS work request and post to FW. Create Inline TLS record CPLs for hardware Signed-off-by: Atul GuptaSigned-off-by: Michael Werner Reviewed-by: Stefano Brivio --- drivers/crypto/chelsio/chtls/chtls_io.c | 1228 +++ 1 file changed, 1228 insertions(+) create mode 100644 drivers/crypto/chelsio/chtls/chtls_io.c diff --git a/drivers/crypto/chelsio/chtls/chtls_io.c b/drivers/crypto/chelsio/chtls/chtls_io.c new file mode 100644 index 000..b0e7ee1 --- /dev/null +++ b/drivers/crypto/chelsio/chtls/chtls_io.c @@ -0,0 +1,1228 @@ +/* + * Copyright (c) 2018 Chelsio Communications, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Written by: Atul Gupta (atul.gu...@chelsio.com) + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "chtls.h" +#include "chtls_cm.h" + +static bool is_tls_rx(struct chtls_sock *csk) +{ + return csk->tlshws.rxkey >= 0; +} + +static bool is_tls_tx(struct chtls_sock *csk) +{ + return csk->tlshws.txkey >= 0; +} + +static int data_sgl_len(const struct sk_buff *skb) +{ + unsigned int cnt; + + cnt = skb_shinfo(skb)->nr_frags; + return sgl_len(cnt) * 8; +} + +static int nos_ivs(struct sock *sk, unsigned int size) +{ + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); + + return DIV_ROUND_UP(size, csk->tlshws.mfs); +} + +static int set_ivs_imm(struct sock *sk, const struct sk_buff *skb) +{ + int ivs_size = nos_ivs(sk, skb->len) * CIPHER_BLOCK_SIZE; + int hlen = TLS_WR_CPL_LEN + data_sgl_len(skb); + + if ((hlen + KEY_ON_MEM_SZ + ivs_size) < + MAX_IMM_OFLD_TX_DATA_WR_LEN) { + ULP_SKB_CB(skb)->ulp.tls.iv = 1; + return 1; + } + ULP_SKB_CB(skb)->ulp.tls.iv = 0; + return 0; +} + +static int max_ivs_size(struct sock *sk, int size) +{ + return nos_ivs(sk, size) * CIPHER_BLOCK_SIZE; +} + +static int ivs_size(struct sock *sk, const struct sk_buff *skb) +{ + return set_ivs_imm(sk, skb) ? (nos_ivs(sk, skb->len) * +CIPHER_BLOCK_SIZE) : 0; +} + +static int flowc_wr_credits(int nparams, int *flowclenp) +{ + int flowclen16, flowclen; + + flowclen = offsetof(struct fw_flowc_wr, mnemval[nparams]); + flowclen16 = DIV_ROUND_UP(flowclen, 16); + flowclen = flowclen16 * 16; + + if (flowclenp) + *flowclenp = flowclen; + + return flowclen16; +} + +static struct sk_buff *create_flowc_wr_skb(struct sock *sk, + struct fw_flowc_wr *flowc, + int flowclen) +{ + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); + struct sk_buff *skb; + + skb = alloc_skb(flowclen, GFP_ATOMIC); + if (!skb) + return NULL; + + memcpy(__skb_put(skb, flowclen), flowc, flowclen); + skb_set_queue_mapping(skb, (csk->txq_idx << 1) | CPL_PRIORITY_DATA); + + return skb; +} + +static int send_flowc_wr(struct sock *sk, struct fw_flowc_wr *flowc, +int flowclen) +{ + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); + struct tcp_sock *tp = tcp_sk(sk); + int flowclen16 = flowclen / 16; + struct sk_buff *skb; + int ret; + + if (csk_flag(sk, CSK_TX_DATA_SENT)) { + skb = create_flowc_wr_skb(sk, flowc, flowclen); + if (!skb) + return -ENOMEM; + + skb_entail(sk, skb, + ULPCB_FLAG_NO_HDR | ULPCB_FLAG_NO_APPEND); + return 0; + } + + ret = cxgb4_immdata_send(csk->egress_dev, +csk->txq_idx, +flowc, flowclen); + if (!ret) + return flowclen16; + skb = create_flowc_wr_skb(sk, flowc, flowclen); + if (!skb) + return -ENOMEM; + send_or_defer(sk, tp, skb, 0); + return flowclen16; +} + +static u8 tcp_state_to_flowc_state(u8 state) +{ + u8 ret = FW_FLOWC_MNEM_TCPSTATE_ESTABLISHED; + + switch (state) { + case TCP_ESTABLISHED: + ret = FW_FLOWC_MNEM_TCPSTATE_ESTABLISHED; + break; + case TCP_CLOSE_WAIT: + ret = FW_FLOWC_MNEM_TCPSTATE_CLOSEWAIT; + break; + case TCP_FIN_WAIT1: + ret = FW_FLOWC_MNEM_TCPSTATE_FINWAIT1; + break; + case TCP_CLOSING: + ret = FW_FLOWC_MNEM_TCPSTATE_CLOSING; + break; + case TCP_LAST_ACK: + ret = FW_FLOWC_MNEM_TCPSTATE_LASTACK; +
[PATCH v13 net-next 07/12] crypto: chtls - Program the TLS session Key
Initialize the space reserved for storing the TLS keys, get and free the location where key is stored for the TLS connection. Program the Tx and Rx key as received from user in struct tls12_crypto_info_aes_gcm_128 and understood by hardware. added socket option TLS_RX Signed-off-by: Atul GuptaReviewed-by: Sabrina Dubroca Reviewed-by: Stefano Brivio --- drivers/crypto/chelsio/chtls/chtls_hw.c | 394 1 file changed, 394 insertions(+) create mode 100644 drivers/crypto/chelsio/chtls/chtls_hw.c diff --git a/drivers/crypto/chelsio/chtls/chtls_hw.c b/drivers/crypto/chelsio/chtls/chtls_hw.c new file mode 100644 index 000..cad7360 --- /dev/null +++ b/drivers/crypto/chelsio/chtls/chtls_hw.c @@ -0,0 +1,394 @@ +/* + * Copyright (c) 2018 Chelsio Communications, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Written by: Atul Gupta (atul.gu...@chelsio.com) + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "chtls.h" +#include "chtls_cm.h" + +static void __set_tcb_field_direct(struct chtls_sock *csk, + struct cpl_set_tcb_field *req, u16 word, + u64 mask, u64 val, u8 cookie, int no_reply) +{ + struct ulptx_idata *sc; + + INIT_TP_WR_CPL(req, CPL_SET_TCB_FIELD, csk->tid); + req->wr.wr_mid |= htonl(FW_WR_FLOWID_V(csk->tid)); + req->reply_ctrl = htons(NO_REPLY_V(no_reply) | + QUEUENO_V(csk->rss_qid)); + req->word_cookie = htons(TCB_WORD_V(word) | TCB_COOKIE_V(cookie)); + req->mask = cpu_to_be64(mask); + req->val = cpu_to_be64(val); + sc = (struct ulptx_idata *)(req + 1); + sc->cmd_more = htonl(ULPTX_CMD_V(ULP_TX_SC_NOOP)); + sc->len = htonl(0); +} + +static void __set_tcb_field(struct sock *sk, struct sk_buff *skb, u16 word, + u64 mask, u64 val, u8 cookie, int no_reply) +{ + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); + struct cpl_set_tcb_field *req; + struct ulptx_idata *sc; + unsigned int wrlen = roundup(sizeof(*req) + sizeof(*sc), 16); + + req = (struct cpl_set_tcb_field *)__skb_put(skb, wrlen); + __set_tcb_field_direct(csk, req, word, mask, val, cookie, no_reply); + set_wr_txq(skb, CPL_PRIORITY_CONTROL, csk->port_id); +} + +/* + * Send control message to HW, message go as immediate data and packet + * is freed immediately. + */ +static int chtls_set_tcb_field(struct sock *sk, u16 word, u64 mask, u64 val) +{ + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); + struct cpl_set_tcb_field *req; + struct ulptx_idata *sc; + struct sk_buff *skb; + int ret; + unsigned int wrlen = roundup(sizeof(*req) + sizeof(*sc), 16); + unsigned int credits_needed = DIV_ROUND_UP(wrlen, 16); + + skb = alloc_skb(wrlen, GFP_ATOMIC); + if (!skb) + return -ENOMEM; + + __set_tcb_field(sk, skb, word, mask, val, 0, 1); + skb_set_queue_mapping(skb, (csk->txq_idx << 1) | CPL_PRIORITY_DATA); + csk->wr_credits -= credits_needed; + csk->wr_unacked += credits_needed; + enqueue_wr(csk, skb); + ret = cxgb4_ofld_send(csk->egress_dev, skb); + if (ret < 0) + kfree_skb(skb); + return ret < 0 ? ret : 0; +} + +/* + * Set one of the t_flags bits in the TCB. + */ +int chtls_set_tcb_tflag(struct sock *sk, unsigned int bit_pos, int val) +{ + return chtls_set_tcb_field(sk, 1, 1ULL << bit_pos, + val << bit_pos); +} + +static int chtls_set_tcb_keyid(struct sock *sk, int keyid) +{ + return chtls_set_tcb_field(sk, 31, 0xULL, keyid); +} + +static int chtls_set_tcb_seqno(struct sock *sk) +{ + return chtls_set_tcb_field(sk, 28, ~0ULL, 0); +} + +static int chtls_set_tcb_quiesce(struct sock *sk, int val) +{ + return chtls_set_tcb_field(sk, 1, (1ULL << TF_RX_QUIESCE_S), + TF_RX_QUIESCE_V(val)); +} + +/* TLS Key bitmap processing */ +int chtls_init_kmap(struct chtls_dev *cdev, struct cxgb4_lld_info *lldi) +{ + unsigned int num_key_ctx, bsize; + int ksize; + + num_key_ctx = (lldi->vr->key.size / TLS_KEY_CONTEXT_SZ); + bsize = BITS_TO_LONGS(num_key_ctx); + + cdev->kmap.size = num_key_ctx; + cdev->kmap.available = bsize; + ksize = sizeof(*cdev->kmap.addr) * bsize; + cdev->kmap.addr = kvzalloc(ksize, GFP_KERNEL); + if (!cdev->kmap.addr) + return -ENOMEM; + + cdev->kmap.start = lldi->vr->key.start; + spin_lock_init(>kmap.lock); + return 0; +} + +static int get_new_keyid(struct
[PATCH v13 net-next 08/12] crypto : chtls - CPL handler definition
Exchange messages with hardware to program the TLS session CPL handlers for messages received from chip. Signed-off-by: Atul GuptaSigned-off-by: Michael Werner Reviewed-by: Sabrina Dubroca Reviewed-by: Stefano Brivio --- drivers/crypto/chelsio/chtls/chtls_cm.c | 2057 +++ net/ipv4/tcp_minisocks.c|1 + 2 files changed, 2058 insertions(+) create mode 100644 drivers/crypto/chelsio/chtls/chtls_cm.c diff --git a/drivers/crypto/chelsio/chtls/chtls_cm.c b/drivers/crypto/chelsio/chtls/chtls_cm.c new file mode 100644 index 000..c460f24 --- /dev/null +++ b/drivers/crypto/chelsio/chtls/chtls_cm.c @@ -0,0 +1,2057 @@ +/* + * Copyright (c) 2018 Chelsio Communications, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Written by: Atul Gupta (atul.gu...@chelsio.com) + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "chtls.h" +#include "chtls_cm.h" + +/* + * State transitions and actions for close. Note that if we are in SYN_SENT + * we remain in that state as we cannot control a connection while it's in + * SYN_SENT; such connections are allowed to establish and are then aborted. + */ +static unsigned char new_state[16] = { + /* current state: new state: action: */ + /* (Invalid) */ TCP_CLOSE, + /* TCP_ESTABLISHED */ TCP_FIN_WAIT1 | TCP_ACTION_FIN, + /* TCP_SYN_SENT*/ TCP_SYN_SENT, + /* TCP_SYN_RECV*/ TCP_FIN_WAIT1 | TCP_ACTION_FIN, + /* TCP_FIN_WAIT1 */ TCP_FIN_WAIT1, + /* TCP_FIN_WAIT2 */ TCP_FIN_WAIT2, + /* TCP_TIME_WAIT */ TCP_CLOSE, + /* TCP_CLOSE */ TCP_CLOSE, + /* TCP_CLOSE_WAIT */ TCP_LAST_ACK | TCP_ACTION_FIN, + /* TCP_LAST_ACK*/ TCP_LAST_ACK, + /* TCP_LISTEN */ TCP_CLOSE, + /* TCP_CLOSING */ TCP_CLOSING, +}; + +static struct chtls_sock *chtls_sock_create(struct chtls_dev *cdev) +{ + struct chtls_sock *csk = kzalloc(sizeof(*csk), GFP_ATOMIC); + + if (!csk) + return NULL; + + csk->txdata_skb_cache = alloc_skb(TXDATA_SKB_LEN, GFP_ATOMIC); + if (!csk->txdata_skb_cache) { + kfree(csk); + return NULL; + } + + kref_init(>kref); + csk->cdev = cdev; + skb_queue_head_init(>txq); + csk->wr_skb_head = NULL; + csk->wr_skb_tail = NULL; + csk->mss = MAX_MSS; + csk->tlshws.ofld = 1; + csk->tlshws.txkey = -1; + csk->tlshws.rxkey = -1; + csk->tlshws.mfs = TLS_MFS; + skb_queue_head_init(>tlshws.sk_recv_queue); + return csk; +} + +static void chtls_sock_release(struct kref *ref) +{ + struct chtls_sock *csk = + container_of(ref, struct chtls_sock, kref); + + kfree(csk); +} + +static struct net_device *chtls_ipv4_netdev(struct chtls_dev *cdev, + struct sock *sk) +{ + struct net_device *ndev = cdev->ports[0]; + + if (likely(!inet_sk(sk)->inet_rcv_saddr)) + return ndev; + + ndev = ip_dev_find(_net, inet_sk(sk)->inet_rcv_saddr); + if (!ndev) + return NULL; + + if (is_vlan_dev(ndev)) + return vlan_dev_real_dev(ndev); + return ndev; +} + +static void assign_rxopt(struct sock *sk, unsigned int opt) +{ + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); + struct tcp_sock *tp = tcp_sk(sk); + const struct chtls_dev *cdev; + + cdev = csk->cdev; + tp->tcp_header_len = sizeof(struct tcphdr); + tp->rx_opt.mss_clamp = cdev->mtus[TCPOPT_MSS_G(opt)] - 40; + tp->mss_cache= tp->rx_opt.mss_clamp; + tp->rx_opt.tstamp_ok = TCPOPT_TSTAMP_G(opt); + tp->rx_opt.snd_wscale= TCPOPT_SACK_G(opt); + tp->rx_opt.wscale_ok = TCPOPT_WSCALE_OK_G(opt); + SND_WSCALE(tp) = TCPOPT_SND_WSCALE_G(opt); + if (!tp->rx_opt.wscale_ok) + tp->rx_opt.rcv_wscale = 0; + if (tp->rx_opt.tstamp_ok) { + tp->tcp_header_len += TCPOLEN_TSTAMP_ALIGNED; + tp->rx_opt.mss_clamp -= TCPOLEN_TSTAMP_ALIGNED; + } else if (csk->opt2 & TSTAMPS_EN_F) { + csk->opt2 &= ~TSTAMPS_EN_F; + csk->mtu_idx = TCPOPT_MSS_G(opt); + } +} + +static void chtls_purge_receive_queue(struct sock *sk) +{ + struct sk_buff *skb; + + while ((skb = __skb_dequeue(>sk_receive_queue)) != NULL) { + skb_dst_set(skb, (void *)NULL); + kfree_skb(skb); + } +} + +static void chtls_purge_write_queue(struct sock *sk)
[PATCH v13 net-next 04/12] cxgb4: LLD driver changes to support TLS
Read the Inline TLS capability from firmware. Determine the area reserved for storing the keys Dump the Inline TLS tx and rx records count. Signed-off-by: Atul GuptaReviewed-by: Michael Werner Reviewed-by: Casey Leedom --- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 32 ++-- drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h | 7 ++ drivers/net/ethernet/chelsio/cxgb4/sge.c| 105 ++-- 3 files changed, 129 insertions(+), 15 deletions(-) diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c index 57d38f8..8fd52c6 100644 --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c @@ -4548,18 +4548,32 @@ static int adap_init0(struct adapter *adap) adap->num_ofld_uld += 2; } if (caps_cmd.cryptocaps) { - /* Should query params here...TODO */ - params[0] = FW_PARAM_PFVF(NCRYPTO_LOOKASIDE); - ret = t4_query_params(adap, adap->mbox, adap->pf, 0, 2, - params, val); - if (ret < 0) { - if (ret != -EINVAL) + if (ntohs(caps_cmd.cryptocaps) & + FW_CAPS_CONFIG_CRYPTO_LOOKASIDE) { + params[0] = FW_PARAM_PFVF(NCRYPTO_LOOKASIDE); + ret = t4_query_params(adap, adap->mbox, adap->pf, 0, + 2, params, val); + if (ret < 0) { + if (ret != -EINVAL) + goto bye; + } else { + adap->vres.ncrypto_fc = val[0]; + } + adap->num_ofld_uld += 1; + } + if (ntohs(caps_cmd.cryptocaps) & + FW_CAPS_CONFIG_TLS_INLINE) { + params[0] = FW_PARAM_PFVF(TLS_START); + params[1] = FW_PARAM_PFVF(TLS_END); + ret = t4_query_params(adap, adap->mbox, adap->pf, 0, + 2, params, val); + if (ret < 0) goto bye; - } else { - adap->vres.ncrypto_fc = val[0]; + adap->vres.key.start = val[0]; + adap->vres.key.size = val[1] - val[0] + 1; + adap->num_uld += 1; } adap->params.crypto = ntohs(caps_cmd.cryptocaps); - adap->num_uld += 1; } #undef FW_PARAM_PFVF #undef FW_PARAM_DEV diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h index b0ca06e..de9ad31 100644 --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h @@ -237,6 +237,7 @@ enum cxgb4_uld { CXGB4_ULD_ISCSI, CXGB4_ULD_ISCSIT, CXGB4_ULD_CRYPTO, + CXGB4_ULD_TLS, CXGB4_ULD_MAX }; @@ -289,6 +290,7 @@ struct cxgb4_virt_res { /* virtualized HW resources */ struct cxgb4_range qp; struct cxgb4_range cq; struct cxgb4_range ocq; + struct cxgb4_range key; unsigned int ncrypto_fc; }; @@ -300,6 +302,9 @@ struct chcr_stats_debug { atomic_t error; atomic_t fallback; atomic_t ipsec_cnt; + atomic_t tls_pdu_tx; + atomic_t tls_pdu_rx; + atomic_t tls_key; }; #define OCQ_WIN_OFFSET(pdev, vres) \ @@ -382,6 +387,8 @@ struct cxgb4_uld_info { int cxgb4_register_uld(enum cxgb4_uld type, const struct cxgb4_uld_info *p); int cxgb4_unregister_uld(enum cxgb4_uld type); int cxgb4_ofld_send(struct net_device *dev, struct sk_buff *skb); +int cxgb4_immdata_send(struct net_device *dev, unsigned int idx, + const void *src, unsigned int len); int cxgb4_crypto_send(struct net_device *dev, struct sk_buff *skb); unsigned int cxgb4_dbfifo_count(const struct net_device *dev, int lpfifo); unsigned int cxgb4_port_chan(const struct net_device *dev); diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c index 6e310a0..d0274ab 100644 --- a/drivers/net/ethernet/chelsio/cxgb4/sge.c +++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c @@ -1019,8 +1019,8 @@ inline void cxgb4_ring_tx_db(struct adapter *adap, struct sge_txq *q, int n) void cxgb4_inline_tx_skb(const struct sk_buff *skb, const struct sge_txq *q, void *pos) { - u64 *p; int left = (void *)q->stat - pos; + u64 *p; if (likely(skb->len <= left)) { if (likely(!skb->data_len)) @@ -1735,15 +1735,13 @@ static void txq_stop_maperr(struct sge_uld_txq *q) /** * ofldtxq_stop - stop an offload Tx queue that
[PATCH v13 net-next 02/12] ethtool: enable Inline TLS in HW
Ethtool option enables TLS record offload on HW, user configures the feature for netdev capable of Inline TLS. This allows user to define custom sk_prot for Inline TLS sock Signed-off-by: Atul GuptaReviewed-by: Sabrina Dubroca --- include/linux/netdev_features.h | 2 ++ net/core/ethtool.c | 1 + 2 files changed, 3 insertions(+) diff --git a/include/linux/netdev_features.h b/include/linux/netdev_features.h index db84c51..35b79f4 100644 --- a/include/linux/netdev_features.h +++ b/include/linux/netdev_features.h @@ -79,6 +79,7 @@ enum { NETIF_F_RX_UDP_TUNNEL_PORT_BIT, /* Offload of RX port for UDP tunnels */ NETIF_F_GRO_HW_BIT, /* Hardware Generic receive offload */ + NETIF_F_HW_TLS_RECORD_BIT, /* Offload TLS record */ /* * Add your fresh new feature above and remember to update @@ -145,6 +146,7 @@ enum { #define NETIF_F_HW_ESP __NETIF_F(HW_ESP) #define NETIF_F_HW_ESP_TX_CSUM __NETIF_F(HW_ESP_TX_CSUM) #defineNETIF_F_RX_UDP_TUNNEL_PORT __NETIF_F(RX_UDP_TUNNEL_PORT) +#define NETIF_F_HW_TLS_RECORD __NETIF_F(HW_TLS_RECORD) #define for_each_netdev_feature(mask_addr, bit)\ for_each_set_bit(bit, (unsigned long *)mask_addr, NETDEV_FEATURE_COUNT) diff --git a/net/core/ethtool.c b/net/core/ethtool.c index bb6e498..eabd35a 100644 --- a/net/core/ethtool.c +++ b/net/core/ethtool.c @@ -107,6 +107,7 @@ int ethtool_op_get_ts_info(struct net_device *dev, struct ethtool_ts_info *info) [NETIF_F_HW_ESP_BIT] = "esp-hw-offload", [NETIF_F_HW_ESP_TX_CSUM_BIT] = "esp-tx-csum-hw-offload", [NETIF_F_RX_UDP_TUNNEL_PORT_BIT] = "rx-udp_tunnel-port-offload", + [NETIF_F_HW_TLS_RECORD_BIT] = "tls-hw-record", }; static const char -- 1.8.3.1
[PATCH v13 net-next 05/12] crypto: chcr - Inline TLS Key Macros
Define macro for programming the TLS Key context Signed-off-by: Atul Gupta--- drivers/crypto/chelsio/chcr_algo.h | 42 + drivers/crypto/chelsio/chcr_core.h | 55 +- 2 files changed, 96 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/chelsio/chcr_algo.h b/drivers/crypto/chelsio/chcr_algo.h index d1673a5..f263cd4 100644 --- a/drivers/crypto/chelsio/chcr_algo.h +++ b/drivers/crypto/chelsio/chcr_algo.h @@ -86,6 +86,39 @@ KEY_CONTEXT_OPAD_PRESENT_M) #define KEY_CONTEXT_OPAD_PRESENT_F KEY_CONTEXT_OPAD_PRESENT_V(1U) +#define TLS_KEYCTX_RXFLIT_CNT_S 24 +#define TLS_KEYCTX_RXFLIT_CNT_V(x) ((x) << TLS_KEYCTX_RXFLIT_CNT_S) + +#define TLS_KEYCTX_RXPROT_VER_S 20 +#define TLS_KEYCTX_RXPROT_VER_M 0xf +#define TLS_KEYCTX_RXPROT_VER_V(x) ((x) << TLS_KEYCTX_RXPROT_VER_S) + +#define TLS_KEYCTX_RXCIPH_MODE_S 16 +#define TLS_KEYCTX_RXCIPH_MODE_M 0xf +#define TLS_KEYCTX_RXCIPH_MODE_V(x) ((x) << TLS_KEYCTX_RXCIPH_MODE_S) + +#define TLS_KEYCTX_RXAUTH_MODE_S 12 +#define TLS_KEYCTX_RXAUTH_MODE_M 0xf +#define TLS_KEYCTX_RXAUTH_MODE_V(x) ((x) << TLS_KEYCTX_RXAUTH_MODE_S) + +#define TLS_KEYCTX_RXCIAU_CTRL_S 11 +#define TLS_KEYCTX_RXCIAU_CTRL_V(x) ((x) << TLS_KEYCTX_RXCIAU_CTRL_S) + +#define TLS_KEYCTX_RX_SEQCTR_S 9 +#define TLS_KEYCTX_RX_SEQCTR_M 0x3 +#define TLS_KEYCTX_RX_SEQCTR_V(x) ((x) << TLS_KEYCTX_RX_SEQCTR_S) + +#define TLS_KEYCTX_RX_VALID_S 8 +#define TLS_KEYCTX_RX_VALID_V(x) ((x) << TLS_KEYCTX_RX_VALID_S) + +#define TLS_KEYCTX_RXCK_SIZE_S 3 +#define TLS_KEYCTX_RXCK_SIZE_M 0x7 +#define TLS_KEYCTX_RXCK_SIZE_V(x) ((x) << TLS_KEYCTX_RXCK_SIZE_S) + +#define TLS_KEYCTX_RXMK_SIZE_S 0 +#define TLS_KEYCTX_RXMK_SIZE_M 0x7 +#define TLS_KEYCTX_RXMK_SIZE_V(x) ((x) << TLS_KEYCTX_RXMK_SIZE_S) + #define CHCR_HASH_MAX_DIGEST_SIZE 64 #define CHCR_MAX_SHA_DIGEST_SIZE 64 @@ -176,6 +209,15 @@ KEY_CONTEXT_SALT_PRESENT_V(1) | \ KEY_CONTEXT_CTX_LEN_V((ctx_len))) +#define FILL_KEY_CRX_HDR(ck_size, mk_size, d_ck, opad, ctx_len) \ + htonl(TLS_KEYCTX_RXMK_SIZE_V(mk_size) | \ + TLS_KEYCTX_RXCK_SIZE_V(ck_size) | \ + TLS_KEYCTX_RX_VALID_V(1) | \ + TLS_KEYCTX_RX_SEQCTR_V(3) | \ + TLS_KEYCTX_RXAUTH_MODE_V(4) | \ + TLS_KEYCTX_RXCIPH_MODE_V(2) | \ + TLS_KEYCTX_RXFLIT_CNT_V((ctx_len))) + #define FILL_WR_OP_CCTX_SIZE \ htonl( \ FW_CRYPTO_LOOKASIDE_WR_OPCODE_V( \ diff --git a/drivers/crypto/chelsio/chcr_core.h b/drivers/crypto/chelsio/chcr_core.h index 3c29ee0..77056a9 100644 --- a/drivers/crypto/chelsio/chcr_core.h +++ b/drivers/crypto/chelsio/chcr_core.h @@ -65,10 +65,58 @@ struct _key_ctx { __be32 ctx_hdr; u8 salt[MAX_SALT]; - __be64 reserverd; + __be64 iv_to_auth; unsigned char key[0]; }; +#define KEYCTX_TX_WR_IV_S 55 +#define KEYCTX_TX_WR_IV_M 0x1ffULL +#define KEYCTX_TX_WR_IV_V(x) ((x) << KEYCTX_TX_WR_IV_S) +#define KEYCTX_TX_WR_IV_G(x) \ + (((x) >> KEYCTX_TX_WR_IV_S) & KEYCTX_TX_WR_IV_M) + +#define KEYCTX_TX_WR_AAD_S 47 +#define KEYCTX_TX_WR_AAD_M 0xffULL +#define KEYCTX_TX_WR_AAD_V(x) ((x) << KEYCTX_TX_WR_AAD_S) +#define KEYCTX_TX_WR_AAD_G(x) (((x) >> KEYCTX_TX_WR_AAD_S) & \ + KEYCTX_TX_WR_AAD_M) + +#define KEYCTX_TX_WR_AADST_S 39 +#define KEYCTX_TX_WR_AADST_M 0xffULL +#define KEYCTX_TX_WR_AADST_V(x) ((x) << KEYCTX_TX_WR_AADST_S) +#define KEYCTX_TX_WR_AADST_G(x) \ + (((x) >> KEYCTX_TX_WR_AADST_S) & KEYCTX_TX_WR_AADST_M) + +#define KEYCTX_TX_WR_CIPHER_S 30 +#define KEYCTX_TX_WR_CIPHER_M 0x1ffULL +#define KEYCTX_TX_WR_CIPHER_V(x) ((x) << KEYCTX_TX_WR_CIPHER_S) +#define KEYCTX_TX_WR_CIPHER_G(x) \ + (((x) >> KEYCTX_TX_WR_CIPHER_S) & KEYCTX_TX_WR_CIPHER_M) + +#define KEYCTX_TX_WR_CIPHERST_S 23 +#define KEYCTX_TX_WR_CIPHERST_M 0x7f +#define KEYCTX_TX_WR_CIPHERST_V(x) ((x) << KEYCTX_TX_WR_CIPHERST_S) +#define KEYCTX_TX_WR_CIPHERST_G(x) \ + (((x) >> KEYCTX_TX_WR_CIPHERST_S) & KEYCTX_TX_WR_CIPHERST_M) + +#define KEYCTX_TX_WR_AUTH_S 14 +#define KEYCTX_TX_WR_AUTH_M 0x1ff +#define KEYCTX_TX_WR_AUTH_V(x) ((x) << KEYCTX_TX_WR_AUTH_S) +#define KEYCTX_TX_WR_AUTH_G(x) \ + (((x) >> KEYCTX_TX_WR_AUTH_S) & KEYCTX_TX_WR_AUTH_M) + +#define KEYCTX_TX_WR_AUTHST_S 7 +#define KEYCTX_TX_WR_AUTHST_M 0x7f +#define KEYCTX_TX_WR_AUTHST_V(x) ((x) << KEYCTX_TX_WR_AUTHST_S) +#define KEYCTX_TX_WR_AUTHST_G(x) \ + (((x) >> KEYCTX_TX_WR_AUTHST_S) & KEYCTX_TX_WR_AUTHST_M) + +#define KEYCTX_TX_WR_AUTHIN_S 0 +#define KEYCTX_TX_WR_AUTHIN_M 0x7f +#define KEYCTX_TX_WR_AUTHIN_V(x) ((x) << KEYCTX_TX_WR_AUTHIN_S) +#define KEYCTX_TX_WR_AUTHIN_G(x) \ + (((x) >> KEYCTX_TX_WR_AUTHIN_S) & KEYCTX_TX_WR_AUTHIN_M) + struct chcr_wr { struct fw_crypto_lookaside_wr wreq; struct ulp_txpkt ulptx; @@ -90,6 +138,11 @@ struct uld_ctx {
[PATCH v13 net-next 06/12] crypto: chtls - structure and macro for Inline TLS
Define Inline TLS state, connection management info. Supporting macros definition. Signed-off-by: Atul GuptaReviewed-by: Sabrina Dubroca Reviewed-by: Michael Werner --- drivers/crypto/chelsio/chtls/chtls.h| 483 drivers/crypto/chelsio/chtls/chtls_cm.h | 203 ++ 2 files changed, 686 insertions(+) create mode 100644 drivers/crypto/chelsio/chtls/chtls.h create mode 100644 drivers/crypto/chelsio/chtls/chtls_cm.h diff --git a/drivers/crypto/chelsio/chtls/chtls.h b/drivers/crypto/chelsio/chtls/chtls.h new file mode 100644 index 000..50576f1 --- /dev/null +++ b/drivers/crypto/chelsio/chtls/chtls.h @@ -0,0 +1,483 @@ +/* + * Copyright (c) 2018 Chelsio Communications, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#ifndef __CHTLS_H__ +#define __CHTLS_H__ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "t4fw_api.h" +#include "t4_msg.h" +#include "cxgb4.h" +#include "cxgb4_uld.h" +#include "l2t.h" +#include "chcr_algo.h" +#include "chcr_core.h" +#include "chcr_crypto.h" + +#define MAX_IVS_PAGE 256 +#define TLS_KEY_CONTEXT_SZ 64 +#define CIPHER_BLOCK_SIZE 16 +#define GCM_TAG_SIZE 16 +#define KEY_ON_MEM_SZ 16 +#define AEAD_EXPLICIT_DATA_SIZE8 +#define TLS_HEADER_LENGTH 5 +#define SCMD_CIPH_MODE_AES_GCM 2 +/* Any MFS size should work and come from openssl */ +#define TLS_MFS16384 + +#define RSS_HDR sizeof(struct rss_header) +#define TLS_WR_CPL_LEN \ + (sizeof(struct fw_tlstx_data_wr) + sizeof(struct cpl_tx_tls_sfo)) + +enum { + CHTLS_KEY_CONTEXT_DSGL, + CHTLS_KEY_CONTEXT_IMM, + CHTLS_KEY_CONTEXT_DDR, +}; + +enum { + CHTLS_LISTEN_START, + CHTLS_LISTEN_STOP, +}; + +/* Flags for return value of CPL message handlers */ +enum { + CPL_RET_BUF_DONE =1, /* buffer processing done */ + CPL_RET_BAD_MSG = 2, /* bad CPL message */ + CPL_RET_UNKNOWN_TID = 4/* unexpected unknown TID */ +}; + +#define TLS_RCV_ST_READ_HEADER 0xF0 +#define TLS_RCV_ST_READ_BODY 0xF1 +#define TLS_RCV_ST_READ_DONE 0xF2 +#define TLS_RCV_ST_READ_NB 0xF3 + +#define LISTEN_INFO_HASH_SIZE 32 +#define RSPQ_HASH_BITS 5 +struct listen_info { + struct listen_info *next; /* Link to next entry */ + struct sock *sk; /* The listening socket */ + unsigned int stid; /* The server TID */ +}; + +enum { + T4_LISTEN_START_PENDING, + T4_LISTEN_STARTED +}; + +enum csk_flags { + CSK_CALLBACKS_CHKD, /* socket callbacks have been sanitized */ + CSK_ABORT_REQ_RCVD, /* received one ABORT_REQ_RSS message */ + CSK_TX_MORE_DATA, /* sending ULP data; don't set SHOVE bit */ + CSK_TX_WAIT_IDLE, /* suspend Tx until in-flight data is ACKed */ + CSK_ABORT_SHUTDOWN, /* shouldn't send more abort requests */ + CSK_ABORT_RPL_PENDING, /* expecting an abort reply */ + CSK_CLOSE_CON_REQUESTED,/* we've sent a close_conn_req */ + CSK_TX_DATA_SENT, /* sent a TX_DATA WR on this connection */ + CSK_TX_FAILOVER,/* Tx traffic failing over */ + CSK_UPDATE_RCV_WND, /* Need to update rcv window */ + CSK_RST_ABORTED,/* outgoing RST was aborted */ + CSK_TLS_HANDSHK,/* TLS Handshake */ + CSK_CONN_INLINE,/* Connection on HW */ +}; + +struct listen_ctx { + struct sock *lsk; + struct chtls_dev *cdev; + struct sk_buff_head synq; + u32 state; +}; + +struct key_map { + unsigned long *addr; + unsigned int start; + unsigned int available; + unsigned int size; + spinlock_t lock; /* lock for key id request from map */ +} __packed; + +struct tls_scmd { + u32 seqno_numivs; + u32 ivgen_hdrlen; +}; + +struct chtls_dev { + struct tls_device tlsdev; + struct list_head list; + struct cxgb4_lld_info *lldi; + struct pci_dev *pdev; + struct listen_info *listen_hash_tab[LISTEN_INFO_HASH_SIZE]; + spinlock_t listen_lock; /* lock for listen list */ + struct net_device **ports; + struct tid_info *tids; + unsigned int pfvf; + const unsigned short *mtus; + + struct idr hwtid_idr; + struct idr stid_idr; + + spinlock_t idr_lock cacheline_aligned_in_smp; + + struct net_device *egr_dev[NCHAN * 2]; + struct sk_buff *rspq_skb_cache[1 << RSPQ_HASH_BITS]; + struct sk_buff *askb; + + struct sk_buff_head deferq; +
[PATCH v13 net-next 03/12] cxgb4: Inline TLS FW Interface
Key area size in hw-config file. CPL struct for TLS request and response. Work request for Inline TLS. Signed-off-by: Atul GuptaReviewed-by: Casey Leedom --- drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 122 ++- drivers/net/ethernet/chelsio/cxgb4/t4_regs.h | 2 + drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h | 165 +- 3 files changed, 283 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/chelsio/cxgb4/t4_msg.h b/drivers/net/ethernet/chelsio/cxgb4/t4_msg.h index 5e8f5ca..fe2029e9 100644 --- a/drivers/net/ethernet/chelsio/cxgb4/t4_msg.h +++ b/drivers/net/ethernet/chelsio/cxgb4/t4_msg.h @@ -82,13 +82,15 @@ enum { CPL_RX_ISCSI_CMP = 0x45, CPL_TRACE_PKT_T5 = 0x48, CPL_RX_ISCSI_DDP = 0x49, + CPL_RX_TLS_CMP= 0x4E, CPL_RDMA_READ_REQ = 0x60, CPL_PASS_OPEN_REQ6= 0x81, CPL_ACT_OPEN_REQ6 = 0x83, - CPL_TX_TLS_PDU =0x88, + CPL_TX_TLS_PDU= 0x88, + CPL_TX_TLS_SFO= 0x89, CPL_TX_SEC_PDU= 0x8A, CPL_TX_TLS_ACK= 0x8B, @@ -98,6 +100,7 @@ enum { CPL_RX_MPS_PKT= 0xAF, CPL_TRACE_PKT = 0xB0, + CPL_TLS_DATA = 0xB1, CPL_ISCSI_DATA= 0xB2, CPL_FW4_MSG = 0xC0, @@ -155,6 +158,7 @@ enum { ULP_MODE_RDMA = 4, ULP_MODE_TCPDDP= 5, ULP_MODE_FCOE = 6, + ULP_MODE_TLS = 8, }; enum { @@ -1445,6 +1449,14 @@ struct cpl_tx_data { #define T6_TX_FORCE_V(x) ((x) << T6_TX_FORCE_S) #define T6_TX_FORCE_F T6_TX_FORCE_V(1U) +#define TX_SHOVE_S14 +#define TX_SHOVE_V(x) ((x) << TX_SHOVE_S) + +#define TX_ULP_MODE_S10 +#define TX_ULP_MODE_M0x7 +#define TX_ULP_MODE_V(x) ((x) << TX_ULP_MODE_S) +#define TX_ULP_MODE_G(x) (((x) >> TX_ULP_MODE_S) & TX_ULP_MODE_M) + enum { ULP_TX_MEM_READ = 2, ULP_TX_MEM_WRITE = 3, @@ -1455,12 +1467,21 @@ enum { ULP_TX_SC_NOOP = 0x80, ULP_TX_SC_IMM = 0x81, ULP_TX_SC_DSGL = 0x82, - ULP_TX_SC_ISGL = 0x83 + ULP_TX_SC_ISGL = 0x83, + ULP_TX_SC_MEMRD = 0x86 }; #define ULPTX_CMD_S24 #define ULPTX_CMD_V(x) ((x) << ULPTX_CMD_S) +#define ULPTX_LEN16_S0 +#define ULPTX_LEN16_M0xFF +#define ULPTX_LEN16_V(x) ((x) << ULPTX_LEN16_S) + +#define ULP_TX_SC_MORE_S 23 +#define ULP_TX_SC_MORE_V(x) ((x) << ULP_TX_SC_MORE_S) +#define ULP_TX_SC_MORE_F ULP_TX_SC_MORE_V(1U) + struct ulptx_sge_pair { __be32 len[2]; __be64 addr[2]; @@ -2183,4 +2204,101 @@ struct cpl_srq_table_rpl { #define SRQT_IDX_V(x) ((x) << SRQT_IDX_S) #define SRQT_IDX_G(x) (((x) >> SRQT_IDX_S) & SRQT_IDX_M) +struct cpl_tx_tls_sfo { + __be32 op_to_seg_len; + __be32 pld_len; + __be32 type_protover; + __be32 r1_lo; + __be32 seqno_numivs; + __be32 ivgen_hdrlen; + __be64 scmd1; +}; + +/* cpl_tx_tls_sfo macros */ +#define CPL_TX_TLS_SFO_OPCODE_S 24 +#define CPL_TX_TLS_SFO_OPCODE_V(x) ((x) << CPL_TX_TLS_SFO_OPCODE_S) + +#define CPL_TX_TLS_SFO_DATA_TYPE_S 20 +#define CPL_TX_TLS_SFO_DATA_TYPE_V(x) ((x) << CPL_TX_TLS_SFO_DATA_TYPE_S) + +#define CPL_TX_TLS_SFO_CPL_LEN_S16 +#define CPL_TX_TLS_SFO_CPL_LEN_V(x) ((x) << CPL_TX_TLS_SFO_CPL_LEN_S) + +#define CPL_TX_TLS_SFO_SEG_LEN_S0 +#define CPL_TX_TLS_SFO_SEG_LEN_M0x +#define CPL_TX_TLS_SFO_SEG_LEN_V(x) ((x) << CPL_TX_TLS_SFO_SEG_LEN_S) +#define CPL_TX_TLS_SFO_SEG_LEN_G(x) \ + (((x) >> CPL_TX_TLS_SFO_SEG_LEN_S) & CPL_TX_TLS_SFO_SEG_LEN_M) + +#define CPL_TX_TLS_SFO_TYPE_S 24 +#define CPL_TX_TLS_SFO_TYPE_M 0xff +#define CPL_TX_TLS_SFO_TYPE_V(x)((x) << CPL_TX_TLS_SFO_TYPE_S) +#define CPL_TX_TLS_SFO_TYPE_G(x)\ + (((x) >> CPL_TX_TLS_SFO_TYPE_S) & CPL_TX_TLS_SFO_TYPE_M) + +#define CPL_TX_TLS_SFO_PROTOVER_S 8 +#define CPL_TX_TLS_SFO_PROTOVER_M 0x +#define CPL_TX_TLS_SFO_PROTOVER_V(x)((x) << CPL_TX_TLS_SFO_PROTOVER_S) +#define CPL_TX_TLS_SFO_PROTOVER_G(x)\ + (((x) >> CPL_TX_TLS_SFO_PROTOVER_S) & CPL_TX_TLS_SFO_PROTOVER_M) + +struct cpl_tls_data { + struct rss_header rsshdr; + union opcode_tid ot; + __be32 length_pkd; + __be32 seq; + __be32 r1; +}; + +#define CPL_TLS_DATA_OPCODE_S 24 +#define CPL_TLS_DATA_OPCODE_M 0xff +#define CPL_TLS_DATA_OPCODE_V(x)((x) << CPL_TLS_DATA_OPCODE_S) +#define CPL_TLS_DATA_OPCODE_G(x)\ + (((x) >> CPL_TLS_DATA_OPCODE_S) & CPL_TLS_DATA_OPCODE_M) + +#define CPL_TLS_DATA_TID_S 0 +#define CPL_TLS_DATA_TID_M 0xff +#define CPL_TLS_DATA_TID_V(x) ((x) << CPL_TLS_DATA_TID_S) +#define CPL_TLS_DATA_TID_G(x) \ + (((x) >> CPL_TLS_DATA_TID_S) & CPL_TLS_DATA_TID_M) + +#define
[PATCH v13 net-next 01/12] tls: support for Inline tls record
Facility to register Inline TLS drivers to net/tls. Setup TLS_HW_RECORD prot to listen on offload device. Cases handled - Inline TLS device exists, setup prot for TLS_HW_RECORD - Atleast one Inline TLS exists, sets TLS_HW_RECORD. - If non-inline device establish connection, move to TLS_SW_TX Signed-off-by: Atul GuptaReviewed-by: Dave Watson Reviewed-by: Steve Wise --- include/net/tls.h | 32 ++- net/tls/tls_main.c | 115 +++-- 2 files changed, 143 insertions(+), 4 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 437a746..3da8e13 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -56,6 +56,32 @@ #define TLS_RECORD_TYPE_DATA 0x17 #define TLS_AAD_SPACE_SIZE 13 +#define TLS_DEVICE_NAME_MAX32 + +/* + * This structure defines the routines for Inline TLS driver. + * The following routines are optional and filled with a + * null pointer if not defined. + * + * @name: Its the name of registered Inline tls device + * @dev_list: Inline tls device list + * int (*feature)(struct tls_device *device); + * Called to return Inline TLS driver capability + * + * int (*hash)(struct tls_device *device, struct sock *sk); + * This function sets Inline driver for listen and program + * device specific functioanlity as required + * + * void (*unhash)(struct tls_device *device, struct sock *sk); + * This function cleans listen state set by Inline TLS driver + */ +struct tls_device { + char name[TLS_DEVICE_NAME_MAX]; + struct list_head dev_list; + int (*feature)(struct tls_device *device); + int (*hash)(struct tls_device *device, struct sock *sk); + void (*unhash)(struct tls_device *device, struct sock *sk); +}; struct tls_sw_context { struct crypto_aead *aead_send; @@ -114,7 +140,7 @@ struct tls_context { void *priv_ctx; - u8 conf:2; + u8 conf:3; struct cipher_context tx; struct cipher_context rx; @@ -135,6 +161,8 @@ struct tls_context { int (*getsockopt)(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen); + int (*hash)(struct sock *sk); + void (*unhash)(struct sock *sk); }; int wait_on_pending_writer(struct sock *sk, long *timeo); @@ -283,5 +311,7 @@ static inline struct tls_offload_context *tls_offload_ctx( int tls_proccess_cmsg(struct sock *sk, struct msghdr *msg, unsigned char *record_type); +void tls_register_device(struct tls_device *device); +void tls_unregister_device(struct tls_device *device); #endif /* _TLS_OFFLOAD_H */ diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 6f5c114..0b5a496 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -38,6 +38,7 @@ #include #include #include +#include #include @@ -56,11 +57,14 @@ enum { TLS_SW_TX, TLS_SW_RX, TLS_SW_RXTX, + TLS_HW_RECORD, TLS_NUM_CONFIG, }; static struct proto *saved_tcpv6_prot; static DEFINE_MUTEX(tcpv6_prot_mutex); +static LIST_HEAD(device_list); +static DEFINE_MUTEX(device_mutex); static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG]; static struct proto_ops tls_sw_proto_ops; @@ -241,8 +245,12 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) lock_sock(sk); sk_proto_close = ctx->sk_proto_close; + if (ctx->conf == TLS_HW_RECORD) + goto skip_tx_cleanup; + if (ctx->conf == TLS_BASE) { kfree(ctx); + ctx = NULL; goto skip_tx_cleanup; } @@ -276,6 +284,11 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) skip_tx_cleanup: release_sock(sk); sk_proto_close(sk, timeout); + /* free ctx for TLS_HW_RECORD, used by tcp_set_state +* for sk->sk_prot->unhash [tls_hw_unhash] +*/ + if (ctx && ctx->conf == TLS_HW_RECORD) + kfree(ctx); } static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval, @@ -493,6 +506,80 @@ static int tls_setsockopt(struct sock *sk, int level, int optname, return do_tls_setsockopt(sk, optname, optval, optlen); } +static struct tls_context *create_ctx(struct sock *sk) +{ + struct inet_connection_sock *icsk = inet_csk(sk); + struct tls_context *ctx; + + /* allocate tls context */ + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); + if (!ctx) + return NULL; + + icsk->icsk_ulp_data = ctx; + return ctx; +} + +static int tls_hw_prot(struct sock *sk) +{ + struct tls_context *ctx; + struct tls_device *dev; + int rc = 0; + + mutex_lock(_mutex); + list_for_each_entry(dev, _list, dev_list) { + if (dev->feature && dev->feature(dev)) { +
[PATCH v13 net-next 00/12] Chelsio Inline TLS
"Thank you, Stefano, Sabrina, Dave W. and everyone for reviewing the series." "Dave, this should apply clean on net-next tree and I think it is ready to merge". Series for Chelsio Inline TLS driver (chtls) Use tls ULP infrastructure to register chtls as Inline TLS driver. Chtls use TCP Sockets to Tx/Rx TLS records. TCP sk_proto APIs are enhanced to offload TLS record. T6 adapter provides the following features: -TLS record offload, TLS header, encrypt, digest and transmit -TLS record receive and decrypt -TLS keys store -TCP/IP engine -TLS engine -GCM crypto engine [support CBC also] TLS provides security at the transport layer. It uses TCP to provide reliable end-to-end transport of application data. It relies on TCP for any retransmission. TLS session comprises of three parts: a. TCP/IP connection b. TLS handshake c. Record layer processing TLS handshake state machine is executed in host (refer standard implementation eg. OpenSSL). Setsockopt [SOL_TCP, TCP_ULP] initialize TCP proto-ops for Chelsio inline tls support. setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")); Tx and Rx Keys are decided during handshake and programmed on the chip after CCS is exchanged. struct tls12_crypto_info_aes_gcm_128 crypto_info setsockopt(sock, SOL_TLS, TLS_TX, _info, sizeof(crypto_info)) Finish is the first encrypted/decrypted message tx/rx inline. On the Tx path TLS engine receive plain text from openssl, insert IV, fetches the tx key, create cipher text records and generate MAC. TLS header is added to cipher text and forward to TCP/IP engine for transport layer processing and transmission on wire. TX PATH: Apps--openssl--chtls---TLS engine---encrypt/auth---TCP/IP engine---wire On the Rx side, data received is PDU aligned at record boundaries. TLS processes only the complete record. If rx key is programmed on CCS receive, data is decrypted and plain text is posted to host. RX PATH: Wire--cipher-text--TCP/IP engine [PDU align]---TLS engine--- decrypt/auth---plain-text--chtls--openssl--application v13: handle clean ctx free for HW_RECORD in tls_sk_proto_close -removed SOCK_INLINE [chtls.h], using csk_conn_inline instead in send_abort_rpl,chtls_send_abort_rpl,chtls_sendmsg,chtls_sendpage -removed sk_no_receive [chtls_io.c] replaced with sk_shutdown & RCV_SHUTDOWN in chtls_pt_recvmsg, peekmsg and chtls_recvmsg -cleaned chtls_expansion_size [Stefano Brivio] - u8 conf:3 in tls_sw_context to add TLS_HW_RECORD -removed is_tls_skb, using tls_skb_inline [Stefano Brivio] -reverse christmas tree formatting in chtls_io.c, chtls_cm.c [Stefano Brivio] -fixed build warning reported by kbuild robot -retained ctx conf enum in chtls_main vs earlier versions, tls_prots not used in chtls. -cleanup [removed syn_sent, base_prot, added synq] [Michael Werner] - passing struct fw_wr_hdr * to ofldtxq_stop [Casey] - rebased on top of the current net-next v12: patch against net-next -fixed build error [reported by Julia] -replace set_queue with skb_set_queue_mapping [Sabrina] -copyright year correction [chtls] v11: formatting and cleanup, few function rename and error handling [Stefano Brivio] - ctx freed later for TLS_HW_RECORD - split tx and rx in different patch v10: fixed following based on the review comments of Sabrina Dubroca -docs header added for struct tls_device [tls.h] -changed TLS_FULL_HW to TLS_HW_RECORD -similary using tls-hw-record instead of tls-inline for ethtool feature config -added more description to patch sets -replaced kmalloc/vmalloc/kfree with kvzalloc/kvfree -reordered the patch sequence -formatted entire patch for func return values v9: corrected __u8 and similar usage -create_ctx to alloc tls_context -tls_hw_prot before sk !establish check v8: tls_main.c cleanup comment [Dave Watson] v7: func name change, use sk->sk_prot where required v6: modify prot only for FULL_HW -corrected commit message for patch 11 v5: set TLS_FULL_HW for registered inline tls drivers -set TLS_FULL_HW prot for offload connection else move to TLS_SW_TX -Case handled for interface with same IP [Dave Miller] -Removed Specific IP and INADDR_ANY handling [v4] v4: removed chtls ULP type, retained tls ULP -registered chtls with net tls -defined struct tls_device to register the Inline drivers -ethtool interface tls-inline to enable Inline TLS for interface -prot update to support inline TLS v3: fixed the kbuild test issues -made few funtions static -initialized few variables v2: fixed the following based on the review comments of Stephan Mueller, Stefano Brivio and Hannes Frederic -Added more details in cover letter -Fixed indentation and formating issues -Using aes instead of aes-generic -memset key info after programing the key on chip -reordered the patch sequence Atul Gupta (12):
RE: [PATCH] omap-aes - fix crypto cleanup
Hi Tero, > Also, I think this patch should be split up in two, as there are two > issues you are fixing; the bad pointer issue (which I think you only > fixed partially, also the in->sgl has similar problem), and the missing > output IVI. Why is this needed btw, I have never faced the requirement > to update the IVI on the ahash request? Any crypto test cases I have ran > just work fine without this bit. I spotted the in_sgl issue also, the code looks very suspicious and should. be reworked. For the moment the bad kfree from in_sgl has never occurred. I'll recheck and retest. I'll send a separate patch for the IV case Signed-off-by: Francis Le Bourse--- drivers/crypto/omap-aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c index 49bd56f..1e040eb 100644 --- a/drivers/crypto/omap-aes.c +++ b/drivers/crypto/omap-aes.c @@ -498,7 +498,7 @@ static void omap_aes_done_task(unsigned long data) omap_crypto_cleanup(dd->in_sgl, NULL, 0, dd->total_save, FLAGS_IN_DATA_ST_SHIFT, dd->flags); - omap_crypto_cleanup(>out_sgl, dd->orig_out, 0, dd->total_save, + omap_crypto_cleanup(dd->out_sg, dd->orig_out, 0, dd->total_save, FLAGS_OUT_DATA_ST_SHIFT, dd->flags); omap_aes_finish_req(dd, 0);
RE: [PATCH] omap-crypto - fix kernel oops and output buffer update
Hi Tero, > I have a couple of additional comments, but can't add them as the patch > content is an attachment (like, I would not add the WARN_ON.) Overall, > the issue you have found is a legitimate problem, and should be fixed. I have used WARN_ON() to have some very visible output, I agree it is not necessary. This error was possibly a side effect of the >out_sgl aes bug and I haven't seen it since I have fixed the latter. Signed-off-by: Francis Le Bourse--- drivers/crypto/omap-crypto.c | 24 +++--- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/crypto/omap-crypto.c b/drivers/crypto/omap-crypto.c index 2c42e4b..fbf5a00 100644 --- a/drivers/crypto/omap-crypto.c +++ b/drivers/crypto/omap-crypto.c @@ -161,24 +161,24 @@ void omap_crypto_cleanup(struct scatterlist *sg, struct scatterlist *orig, int offset, int len, u8 flags_shift, unsigned long flags) { - void *buf; - int pages; - flags >>= flags_shift; - flags &= OMAP_CRYPTO_COPY_MASK; - if (!flags) - return; + if (flags & OMAP_CRYPTO_DATA_COPIED) { + void *buf; + int pages; - buf = sg_virt(sg); - pages = get_order(len); + if (WARN_ON(!sg_page(sg))) + return; - if (orig && (flags & OMAP_CRYPTO_COPY_MASK)) - scatterwalk_map_and_copy(buf, orig, offset, len, 1); + buf = sg_virt(sg); + pages = get_order(len); - if (flags & OMAP_CRYPTO_DATA_COPIED) + if (orig) + scatterwalk_map_and_copy(buf, orig, offset, len, 1); free_pages((unsigned long)buf, pages); - else if (flags & OMAP_CRYPTO_SG_COPIED) + } + + if (flags & OMAP_CRYPTO_SG_COPIED) kfree(sg); } EXPORT_SYMBOL_GPL(omap_crypto_cleanup);
Re: [RESEND] SHASH_DESC_ON_STACK macro
On Fri, Mar 23, 2018 at 02:09:46PM -0500, Gustavo A. R. Silva wrote: > > Hi Herbert, > > There is an ongoing effort to remove all VLAs from the code base [1] and > while working on that I came across the following macro at > include/crypto/hash.h:154: > > #define SHASH_DESC_ON_STACK(shash, ctx) \ > char __##shash##_desc[sizeof(struct shash_desc) + \ > crypto_shash_descsize(ctx)] CRYPTO_MINALIGN_ATTR; \ > struct shash_desc *shash = (struct shash_desc *)__##shash##_desc > > > Currently, this macro is being used in 46 different places. > > I wonder how big can tfm->descsize can get? descsize is capped at PAGE_SIZE / 8. Cheers, -- Email: Herbert XuHome Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
RE: [dm-devel] [PATCH 2/2] md: dm-verity: allow parallel processing of bio blocks
Hi Milan, I will run veritysetup test on next version of these patches and contact you about verity-compat-test testsuits. Thank you, Yael -Original Message- From: Milan BrozSent: Tuesday, 27 March 2018 11:05 To: Eric Biggers ; Yael Chemla ; Mike Snitzer Cc: Alasdair Kergon ; dm-de...@redhat.com; linux-ker...@vger.kernel.org; ofir.dr...@gmail.com; Yael Chemla ; linux-crypto@vger.kernel.org; gi...@benyossef.com Subject: Re: [dm-devel] [PATCH 2/2] md: dm-verity: allow parallel processing of bio blocks Mike and others, did anyone even try to run veritysetup tests? We have verity-compat-test in our testsuite, is has even basic FEC tests included. We just added userspace verification of FEC RS codes to compare if kernel behaves the same. I tried to apply three last dm-verity patches from your tree to Linus mainline. It does even pass the *first* line of the test script and blocks the kernel forever... (Running on 32bit Intel VM.) *NACK* to the last two dm-verity patches. (The "validate hashes once" is ok, despite I really do not like this approach...) And comments from Eric are very valid as well, I think all this need to be fixed before it can go to mainline. Thanks, Milan On 03/27/2018 08:55 AM, Eric Biggers wrote: > [+Cc linux-crypto] > > Hi Yael, > > On Sun, Mar 25, 2018 at 07:41:30PM +0100, Yael Chemla wrote: >> Allow parallel processing of bio blocks by moving to async. >> completion handling. This allows for better resource utilization of >> both HW and software based hash tfm and therefore better performance >> in many cases, depending on the specific tfm in use. >> >> Tested on ARM32 (zynq board) and ARM64 (Juno board). >> Time of cat command was measured on a filesystem with various file sizes. >> 12% performance improvement when HW based hash was used (ccree driver). >> SW based hash showed less than 1% improvement. >> CPU utilization when HW based hash was used presented 10% less >> context switch, 4% less cycles and 7% less instructions. No >> difference in CPU utilization noticed with SW based hash. >> >> Signed-off-by: Yael Chemla > > Okay, I definitely would like to see dm-verity better support hardware > crypto accelerators, but these patches were painful to read. > > There are lots of smaller bugs, but the high-level problem which you > need to address first is that on every bio you are always allocating > all the extra memory to hold a hash request and scatterlist for every > data block. This will not only hurt performance when the hashing is > done in software (I'm skeptical that your performance numbers are > representative of that case), but it will also fall apart under memory > pressure. We are trying to get low-end Android devices to start using > dm-verity, and such devices often have only 1 GB or even only 512 MB > of RAM, so memory allocations are at increased risk of failing. In > fact I'm pretty sure you didn't do any proper stress testing of these > patches, since the first thing they do for every bio is try to > allocate a physically contiguous array that is nearly as long as the > full bio data itself (n_blocks * sizeof(struct dm_verity_req_data) = > n_blocks * 3264, at least on a 64-bit platform, mostly due to the 'struct > dm_verity_fec_io'), so potentially up to about 1 MB; that's going to fail a > lot even on systems with gigabytes of RAM... > > (You also need to verify that your new code is compatible with the > forward error correction feature, with the "ignore_zero_blocks" > option, and with the new "check_at_most_once" option. From my reading > of the code, all of those seemed broken; the dm_verity_fec_io > structures, for example, weren't even being > initialized...) > > I think you need to take a close look at how dm-crypt handles async > crypto implementations, since it seems to do it properly without > hurting the common case where the crypto happens synchronously. What > it does, is it reserves space in the per-bio data for a single cipher > request. Then, *only* if the cipher implementation actually processes > the request asynchronously (as indicated by -EINPROGRESS being > returned) is a new cipher request allocated dynamically, using a > mempool (not kmalloc, which is prone to fail). Note that unlike your > patches it also properly handles the case where the hardware crypto > queue is full, as indicated by the cipher implementation returning -EBUSY; in > that case, dm-crypt waits to start another request until there is space in > the queue. > > I think it would be possible to adapt dm-crypt's solution to dm-verity. > > Thanks, > > Eric
RE: [dm-devel] [PATCH 2/2] md: dm-verity: allow parallel processing of bio blocks
Hi Eric, Thanks for the detailed feedback, I'll have a look at how dm-crypt avoid dynamic allocation per-bio, and also do forward error correction tests. Yael -Original Message- From: Eric BiggersSent: Tuesday, 27 March 2018 9:55 To: Yael Chemla Cc: Alasdair Kergon ; Mike Snitzer ; dm-de...@redhat.com; linux-ker...@vger.kernel.org; ofir.dr...@gmail.com; Yael Chemla ; linux-crypto@vger.kernel.org; gi...@benyossef.com Subject: Re: [dm-devel] [PATCH 2/2] md: dm-verity: allow parallel processing of bio blocks [+Cc linux-crypto] Hi Yael, On Sun, Mar 25, 2018 at 07:41:30PM +0100, Yael Chemla wrote: > Allow parallel processing of bio blocks by moving to async. > completion handling. This allows for better resource utilization of > both HW and software based hash tfm and therefore better performance > in many cases, depending on the specific tfm in use. > > Tested on ARM32 (zynq board) and ARM64 (Juno board). > Time of cat command was measured on a filesystem with various file sizes. > 12% performance improvement when HW based hash was used (ccree driver). > SW based hash showed less than 1% improvement. > CPU utilization when HW based hash was used presented 10% less > context switch, 4% less cycles and 7% less instructions. No > difference in CPU utilization noticed with SW based hash. > > Signed-off-by: Yael Chemla Okay, I definitely would like to see dm-verity better support hardware crypto accelerators, but these patches were painful to read. There are lots of smaller bugs, but the high-level problem which you need to address first is that on every bio you are always allocating all the extra memory to hold a hash request and scatterlist for every data block. This will not only hurt performance when the hashing is done in software (I'm skeptical that your performance numbers are representative of that case), but it will also fall apart under memory pressure. We are trying to get low-end Android devices to start using dm-verity, and such devices often have only 1 GB or even only 512 MB of RAM, so memory allocations are at increased risk of failing. In fact I'm pretty sure you didn't do any proper stress testing of these patches, since the first thing they do for every bio is try to allocate a physically contiguous array that is nearly as long as the full bio data itself (n_blocks * sizeof(struct dm_verity_req_data) = n_blocks * 3264, at least on a 64-bit platform, mostly due to the 'struct dm_verity_fec_io'), so potentially up to about 1 MB; that's going to fail a lot even on systems with gigabytes of RAM... (You also need to verify that your new code is compatible with the forward error correction feature, with the "ignore_zero_blocks" option, and with the new "check_at_most_once" option. From my reading of the code, all of those seemed broken; the dm_verity_fec_io structures, for example, weren't even being initialized...) I think you need to take a close look at how dm-crypt handles async crypto implementations, since it seems to do it properly without hurting the common case where the crypto happens synchronously. What it does, is it reserves space in the per-bio data for a single cipher request. Then, *only* if the cipher implementation actually processes the request asynchronously (as indicated by -EINPROGRESS being returned) is a new cipher request allocated dynamically, using a mempool (not kmalloc, which is prone to fail). Note that unlike your patches it also properly handles the case where the hardware crypto queue is full, as indicated by the cipher implementation returning -EBUSY; in that case, dm-crypt waits to start another request until there is space in the queue. I think it would be possible to adapt dm-crypt's solution to dm-verity. Thanks, Eric > --- > drivers/md/dm-verity-fec.c| 10 +- > drivers/md/dm-verity-fec.h| 7 +- > drivers/md/dm-verity-target.c | 215 > +++--- > drivers/md/dm-verity.h| 4 +- > 4 files changed, 173 insertions(+), 63 deletions(-) > > diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c > index e13f908..bcea307 100644 > --- a/drivers/md/dm-verity-fec.c > +++ b/drivers/md/dm-verity-fec.c > @@ -203,13 +203,12 @@ static int fec_is_erasure(struct dm_verity *v, struct > dm_verity_io *io, > */ > static int fec_read_bufs(struct dm_verity *v, struct dm_verity_io *io, >u64 rsb, u64 target, unsigned block_offset, > - int *neras) > + int *neras, struct dm_verity_fec_io *fio) > { > bool is_zero; > int i, j, target_index = -1; > struct dm_buffer *buf; > struct dm_bufio_client *bufio; > - struct dm_verity_fec_io *fio = fec_io(io); > u64 block, ileaved; > u8 *bbuf, *rs_block; > u8
Re: [dm-devel] [PATCH 2/2] md: dm-verity: allow parallel processing of bio blocks
Mike and others, did anyone even try to run veritysetup tests? We have verity-compat-test in our testsuite, is has even basic FEC tests included. We just added userspace verification of FEC RS codes to compare if kernel behaves the same. I tried to apply three last dm-verity patches from your tree to Linus mainline. It does even pass the *first* line of the test script and blocks the kernel forever... (Running on 32bit Intel VM.) *NACK* to the last two dm-verity patches. (The "validate hashes once" is ok, despite I really do not like this approach...) And comments from Eric are very valid as well, I think all this need to be fixed before it can go to mainline. Thanks, Milan On 03/27/2018 08:55 AM, Eric Biggers wrote: > [+Cc linux-crypto] > > Hi Yael, > > On Sun, Mar 25, 2018 at 07:41:30PM +0100, Yael Chemla wrote: >> Allow parallel processing of bio blocks by moving to async. completion >> handling. This allows for better resource utilization of both HW and >> software based hash tfm and therefore better performance in many cases, >> depending on the specific tfm in use. >> >> Tested on ARM32 (zynq board) and ARM64 (Juno board). >> Time of cat command was measured on a filesystem with various file sizes. >> 12% performance improvement when HW based hash was used (ccree driver). >> SW based hash showed less than 1% improvement. >> CPU utilization when HW based hash was used presented 10% less context >> switch, 4% less cycles and 7% less instructions. No difference in >> CPU utilization noticed with SW based hash. >> >> Signed-off-by: Yael Chemla> > Okay, I definitely would like to see dm-verity better support hardware crypto > accelerators, but these patches were painful to read. > > There are lots of smaller bugs, but the high-level problem which you need to > address first is that on every bio you are always allocating all the extra > memory to hold a hash request and scatterlist for every data block. This will > not only hurt performance when the hashing is done in software (I'm skeptical > that your performance numbers are representative of that case), but it will > also > fall apart under memory pressure. We are trying to get low-end Android > devices > to start using dm-verity, and such devices often have only 1 GB or even only > 512 > MB of RAM, so memory allocations are at increased risk of failing. In fact > I'm > pretty sure you didn't do any proper stress testing of these patches, since > the > first thing they do for every bio is try to allocate a physically contiguous > array that is nearly as long as the full bio data itself (n_blocks * > sizeof(struct dm_verity_req_data) = n_blocks * 3264, at least on a 64-bit > platform, mostly due to the 'struct dm_verity_fec_io'), so potentially up to > about 1 MB; that's going to fail a lot even on systems with gigabytes of > RAM... > > (You also need to verify that your new code is compatible with the forward > error > correction feature, with the "ignore_zero_blocks" option, and with the new > "check_at_most_once" option. From my reading of the code, all of those seemed > broken; the dm_verity_fec_io structures, for example, weren't even being > initialized...) > > I think you need to take a close look at how dm-crypt handles async crypto > implementations, since it seems to do it properly without hurting the common > case where the crypto happens synchronously. What it does, is it reserves > space > in the per-bio data for a single cipher request. Then, *only* if the cipher > implementation actually processes the request asynchronously (as indicated by > -EINPROGRESS being returned) is a new cipher request allocated dynamically, > using a mempool (not kmalloc, which is prone to fail). Note that unlike your > patches it also properly handles the case where the hardware crypto queue is > full, as indicated by the cipher implementation returning -EBUSY; in that > case, > dm-crypt waits to start another request until there is space in the queue. > > I think it would be possible to adapt dm-crypt's solution to dm-verity. > > Thanks, > > Eric
Re: [dm-devel] [PATCH 2/2] md: dm-verity: allow parallel processing of bio blocks
[+Cc linux-crypto] Hi Yael, On Sun, Mar 25, 2018 at 07:41:30PM +0100, Yael Chemla wrote: > Allow parallel processing of bio blocks by moving to async. completion > handling. This allows for better resource utilization of both HW and > software based hash tfm and therefore better performance in many cases, > depending on the specific tfm in use. > > Tested on ARM32 (zynq board) and ARM64 (Juno board). > Time of cat command was measured on a filesystem with various file sizes. > 12% performance improvement when HW based hash was used (ccree driver). > SW based hash showed less than 1% improvement. > CPU utilization when HW based hash was used presented 10% less context > switch, 4% less cycles and 7% less instructions. No difference in > CPU utilization noticed with SW based hash. > > Signed-off-by: Yael ChemlaOkay, I definitely would like to see dm-verity better support hardware crypto accelerators, but these patches were painful to read. There are lots of smaller bugs, but the high-level problem which you need to address first is that on every bio you are always allocating all the extra memory to hold a hash request and scatterlist for every data block. This will not only hurt performance when the hashing is done in software (I'm skeptical that your performance numbers are representative of that case), but it will also fall apart under memory pressure. We are trying to get low-end Android devices to start using dm-verity, and such devices often have only 1 GB or even only 512 MB of RAM, so memory allocations are at increased risk of failing. In fact I'm pretty sure you didn't do any proper stress testing of these patches, since the first thing they do for every bio is try to allocate a physically contiguous array that is nearly as long as the full bio data itself (n_blocks * sizeof(struct dm_verity_req_data) = n_blocks * 3264, at least on a 64-bit platform, mostly due to the 'struct dm_verity_fec_io'), so potentially up to about 1 MB; that's going to fail a lot even on systems with gigabytes of RAM... (You also need to verify that your new code is compatible with the forward error correction feature, with the "ignore_zero_blocks" option, and with the new "check_at_most_once" option. From my reading of the code, all of those seemed broken; the dm_verity_fec_io structures, for example, weren't even being initialized...) I think you need to take a close look at how dm-crypt handles async crypto implementations, since it seems to do it properly without hurting the common case where the crypto happens synchronously. What it does, is it reserves space in the per-bio data for a single cipher request. Then, *only* if the cipher implementation actually processes the request asynchronously (as indicated by -EINPROGRESS being returned) is a new cipher request allocated dynamically, using a mempool (not kmalloc, which is prone to fail). Note that unlike your patches it also properly handles the case where the hardware crypto queue is full, as indicated by the cipher implementation returning -EBUSY; in that case, dm-crypt waits to start another request until there is space in the queue. I think it would be possible to adapt dm-crypt's solution to dm-verity. Thanks, Eric > --- > drivers/md/dm-verity-fec.c| 10 +- > drivers/md/dm-verity-fec.h| 7 +- > drivers/md/dm-verity-target.c | 215 > +++--- > drivers/md/dm-verity.h| 4 +- > 4 files changed, 173 insertions(+), 63 deletions(-) > > diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c > index e13f908..bcea307 100644 > --- a/drivers/md/dm-verity-fec.c > +++ b/drivers/md/dm-verity-fec.c > @@ -203,13 +203,12 @@ static int fec_is_erasure(struct dm_verity *v, struct > dm_verity_io *io, > */ > static int fec_read_bufs(struct dm_verity *v, struct dm_verity_io *io, >u64 rsb, u64 target, unsigned block_offset, > - int *neras) > + int *neras, struct dm_verity_fec_io *fio) > { > bool is_zero; > int i, j, target_index = -1; > struct dm_buffer *buf; > struct dm_bufio_client *bufio; > - struct dm_verity_fec_io *fio = fec_io(io); > u64 block, ileaved; > u8 *bbuf, *rs_block; > u8 want_digest[v->digest_size]; > @@ -265,7 +264,7 @@ static int fec_read_bufs(struct dm_verity *v, struct > dm_verity_io *io, > > /* locate erasures if the block is on the data device */ > if (bufio == v->fec->data_bufio && > - verity_hash_for_block(v, io, block, want_digest, > + verity_hash_for_block(v, io, block, want_digest, fio, > _zero) == 0) { > /* skip known zero blocks entirely */ > if (is_zero) > @@ -374,7 +373,7 @@ static int fec_decode_rsb(struct dm_verity *v, struct > dm_verity_io *io, >
Re: [PATCH 07/10] kbuild: clean up *-asn1.[ch] patterns from top-level Makefile
+CC linux-crypto@vger.kernel.org No functional change, though. 2018-03-23 22:04 GMT+09:00 Masahiro Yamada: > Clean up these patterns from the top Makefile to omit 'clean-files' > in each Makefile. > > Signed-off-by: Masahiro Yamada > --- > > Makefile| 1 + > crypto/Makefile | 2 -- > crypto/asymmetric_keys/Makefile | 7 --- > net/ipv4/netfilter/Makefile | 1 - > 4 files changed, 1 insertion(+), 10 deletions(-) > > diff --git a/Makefile b/Makefile > index 168432e..054f43a 100644 > --- a/Makefile > +++ b/Makefile > @@ -1614,6 +1614,7 @@ clean: $(clean-dirs) > -o -name '*.su' \ > -o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \ > -o -name '*.lex.c' -o -name '*.tab.[ch]' \ > + -o -name '*-asn1.[ch]' \ > -o -name '*.symtypes' -o -name 'modules.order' \ > -o -name modules.builtin -o -name '.tmp_*.o.*' \ > -o -name .cache.mk \ > diff --git a/crypto/Makefile b/crypto/Makefile > index cdbc03b..4eae4da 100644 > --- a/crypto/Makefile > +++ b/crypto/Makefile > @@ -38,8 +38,6 @@ obj-$(CONFIG_CRYPTO_DH) += dh_generic.o > $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h > $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h > $(obj)/rsa_helper.o: $(obj)/rsapubkey-asn1.h $(obj)/rsaprivkey-asn1.h > -clean-files += rsapubkey-asn1.c rsapubkey-asn1.h > -clean-files += rsaprivkey-asn1.c rsaprivkey-asn1.h > > rsa_generic-y := rsapubkey-asn1.o > rsa_generic-y += rsaprivkey-asn1.o > diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile > index 4719aad..bd8ed09 100644 > --- a/crypto/asymmetric_keys/Makefile > +++ b/crypto/asymmetric_keys/Makefile > @@ -29,9 +29,6 @@ $(obj)/x509_cert_parser.o: \ > $(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h > $(obj)/x509_akid-asn1.o: $(obj)/x509_akid-asn1.c $(obj)/x509_akid-asn1.h > > -clean-files+= x509-asn1.c x509-asn1.h > -clean-files+= x509_akid-asn1.c x509_akid-asn1.h > - > # > # PKCS#7 message handling > # > @@ -45,8 +42,6 @@ pkcs7_message-y := \ > $(obj)/pkcs7_parser.o: $(obj)/pkcs7-asn1.h > $(obj)/pkcs7-asn1.o: $(obj)/pkcs7-asn1.c $(obj)/pkcs7-asn1.h > > -clean-files+= pkcs7-asn1.c pkcs7-asn1.h > - > # > # PKCS#7 parser testing key > # > @@ -66,5 +61,3 @@ verify_signed_pefile-y := \ > > $(obj)/mscode_parser.o: $(obj)/mscode-asn1.h $(obj)/mscode-asn1.h > $(obj)/mscode-asn1.o: $(obj)/mscode-asn1.c $(obj)/mscode-asn1.h > - > -clean-files+= mscode-asn1.c mscode-asn1.h > diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile > index 2dad20e..e5f5638 100644 > --- a/net/ipv4/netfilter/Makefile > +++ b/net/ipv4/netfilter/Makefile > @@ -31,7 +31,6 @@ obj-$(CONFIG_NF_NAT_PPTP) += nf_nat_pptp.o > nf_nat_snmp_basic-y := nf_nat_snmp_basic-asn1.o nf_nat_snmp_basic_main.o > nf_nat_snmp_basic-y : nf_nat_snmp_basic-asn1.h nf_nat_snmp_basic-asn1.c > obj-$(CONFIG_NF_NAT_SNMP_BASIC) += nf_nat_snmp_basic.o > -clean-files := nf_nat_snmp_basic-asn1.c nf_nat_snmp_basic-asn1.h > > obj-$(CONFIG_NF_NAT_MASQUERADE_IPV4) += nf_nat_masquerade_ipv4.o > > -- > 2.7.4 > -- Best Regards Masahiro Yamada
Re: [PATCH 08/10] kbuild: rename *-asn1.[ch] to *.asn.[ch]
+CC linux-crypto@vger.kernel.org No functional change, though. (I fixed up the subject.) 2018-03-23 22:04 GMT+09:00 Masahiro Yamada: > Our convention is to distinguish file types by suffixes with a period > as a separator. > > *-asn1.[ch] is a different pattern from other generated sources such > as *.lex.c, *.tab.[ch], *.dtb.S, etc. More confusing, files with > '-asn1.[ch]' are generated files, but '_asn1.[ch]' are checked-in > files: > net/netfilter/nf_conntrack_h323_asn1.c > include/linux/netfilter/nf_conntrack_h323_asn1.h > include/linux/sunrpc/gss_asn1.h > > Rename generated files to *.asn1.[ch] for consistency. > > Signed-off-by: Masahiro Yamada > --- > > .gitignore | 2 +- > Makefile| 2 +- > crypto/Makefile | 10 +- > crypto/asymmetric_keys/Makefile | 24 > crypto/asymmetric_keys/mscode_parser.c | 2 +- > crypto/asymmetric_keys/pkcs7_parser.c | 2 +- > crypto/asymmetric_keys/x509_cert_parser.c | 4 ++-- > crypto/rsa_helper.c | 4 ++-- > net/ipv4/netfilter/Makefile | 4 ++-- > net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 2 +- > scripts/Makefile.build | 4 ++-- > scripts/asn1_compiler.c | 2 +- > 12 files changed, 31 insertions(+), 31 deletions(-) > > diff --git a/.gitignore b/.gitignore > index a7fef34..1c8189e 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -11,7 +11,7 @@ > # > .* > *.a > -*-asn1.[ch] > +*.asn1.[ch] > *.bin > *.bz2 > *.c.[012]*.* > diff --git a/Makefile b/Makefile > index 054f43a..702f154 100644 > --- a/Makefile > +++ b/Makefile > @@ -1614,7 +1614,7 @@ clean: $(clean-dirs) > -o -name '*.su' \ > -o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \ > -o -name '*.lex.c' -o -name '*.tab.[ch]' \ > - -o -name '*-asn1.[ch]' \ > + -o -name '*.asn1.[ch]' \ > -o -name '*.symtypes' -o -name 'modules.order' \ > -o -name modules.builtin -o -name '.tmp_*.o.*' \ > -o -name .cache.mk \ > diff --git a/crypto/Makefile b/crypto/Makefile > index 4eae4da..9be77d0 100644 > --- a/crypto/Makefile > +++ b/crypto/Makefile > @@ -35,12 +35,12 @@ dh_generic-y := dh.o > dh_generic-y += dh_helper.o > obj-$(CONFIG_CRYPTO_DH) += dh_generic.o > > -$(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h > -$(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h > -$(obj)/rsa_helper.o: $(obj)/rsapubkey-asn1.h $(obj)/rsaprivkey-asn1.h > +$(obj)/rsapubkey.asn1.o: $(obj)/rsapubkey.asn1.c $(obj)/rsapubkey.asn1.h > +$(obj)/rsaprivkey.asn1.o: $(obj)/rsaprivkey.asn1.c $(obj)/rsaprivkey.asn1.h > +$(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h $(obj)/rsaprivkey.asn1.h > > -rsa_generic-y := rsapubkey-asn1.o > -rsa_generic-y += rsaprivkey-asn1.o > +rsa_generic-y := rsapubkey.asn1.o > +rsa_generic-y += rsaprivkey.asn1.o > rsa_generic-y += rsa.o > rsa_generic-y += rsa_helper.o > rsa_generic-y += rsa-pkcs1pad.o > diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile > index bd8ed09..d4b2e1b 100644 > --- a/crypto/asymmetric_keys/Makefile > +++ b/crypto/asymmetric_keys/Makefile > @@ -17,30 +17,30 @@ obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += > public_key.o > # > obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o > x509_key_parser-y := \ > - x509-asn1.o \ > - x509_akid-asn1.o \ > + x509.asn1.o \ > + x509_akid.asn1.o \ > x509_cert_parser.o \ > x509_public_key.o > > $(obj)/x509_cert_parser.o: \ > - $(obj)/x509-asn1.h \ > - $(obj)/x509_akid-asn1.h > + $(obj)/x509.asn1.h \ > + $(obj)/x509_akid.asn1.h > > -$(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h > -$(obj)/x509_akid-asn1.o: $(obj)/x509_akid-asn1.c $(obj)/x509_akid-asn1.h > +$(obj)/x509.asn1.o: $(obj)/x509.asn1.c $(obj)/x509.asn1.h > +$(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h > > # > # PKCS#7 message handling > # > obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o > pkcs7_message-y := \ > - pkcs7-asn1.o \ > + pkcs7.asn1.o \ > pkcs7_parser.o \ > pkcs7_trust.o \ > pkcs7_verify.o > > -$(obj)/pkcs7_parser.o: $(obj)/pkcs7-asn1.h > -$(obj)/pkcs7-asn1.o: $(obj)/pkcs7-asn1.c $(obj)/pkcs7-asn1.h > +$(obj)/pkcs7_parser.o: $(obj)/pkcs7.asn1.h > +$(obj)/pkcs7.asn1.o: $(obj)/pkcs7.asn1.c $(obj)/pkcs7.asn1.h > > # > # PKCS#7 parser testing key > @@ -57,7 +57,7 @@ obj-$(CONFIG_SIGNED_PE_FILE_VERIFICATION) += > verify_signed_pefile.o > verify_signed_pefile-y := \ > verify_pefile.o \ > mscode_parser.o \ > - mscode-asn1.o > + mscode.asn1.o > > -$(obj)/mscode_parser.o: $(obj)/mscode-asn1.h
Re: [PATCH 06/10] .gitignore: move *-asn1.[ch] patterns to the top-level .gitignore
+CC linux-crypto@vger.kernel.org No functional change, though. 2018-03-23 22:04 GMT+09:00 Masahiro Yamada: > These are common patterns where source files are parsed by the > asn1_compiler. > > Signed-off-by: Masahiro Yamada > --- > > .gitignore | 5 + > crypto/.gitignore| 1 - > crypto/asymmetric_keys/.gitignore| 1 - > drivers/crypto/qat/qat_common/.gitignore | 1 - > 4 files changed, 1 insertion(+), 7 deletions(-) > delete mode 100644 crypto/.gitignore > delete mode 100644 crypto/asymmetric_keys/.gitignore > delete mode 100644 drivers/crypto/qat/qat_common/.gitignore > > diff --git a/.gitignore b/.gitignore > index 1e82be1..a7fef34 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -11,6 +11,7 @@ > # > .* > *.a > +*-asn1.[ch] > *.bin > *.bz2 > *.c.[012]*.* > @@ -130,7 +131,3 @@ all.config > > # Kdevelop4 > *.kdev4 > - > -#Automatically generated by ASN.1 compiler > -net/ipv4/netfilter/nf_nat_snmp_basic-asn1.c > -net/ipv4/netfilter/nf_nat_snmp_basic-asn1.h > diff --git a/crypto/.gitignore b/crypto/.gitignore > deleted file mode 100644 > index ee328374..000 > --- a/crypto/.gitignore > +++ /dev/null > @@ -1 +0,0 @@ > -*-asn1.[ch] > diff --git a/crypto/asymmetric_keys/.gitignore > b/crypto/asymmetric_keys/.gitignore > deleted file mode 100644 > index ee328374..000 > --- a/crypto/asymmetric_keys/.gitignore > +++ /dev/null > @@ -1 +0,0 @@ > -*-asn1.[ch] > diff --git a/drivers/crypto/qat/qat_common/.gitignore > b/drivers/crypto/qat/qat_common/.gitignore > deleted file mode 100644 > index ee328374..000 > --- a/drivers/crypto/qat/qat_common/.gitignore > +++ /dev/null > @@ -1 +0,0 @@ > -*-asn1.[ch] > -- > 2.7.4 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Best Regards Masahiro Yamada