1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* Marvell MACSEC hardware offload driver |
3 | * |
4 | * Copyright (C) 2022 Marvell. |
5 | */ |
6 | |
7 | #include <crypto/skcipher.h> |
8 | #include <linux/rtnetlink.h> |
9 | #include <linux/bitfield.h> |
10 | #include "otx2_common.h" |
11 | |
12 | #define MCS_TCAM0_MAC_DA_MASK GENMASK_ULL(47, 0) |
13 | #define MCS_TCAM0_MAC_SA_MASK GENMASK_ULL(63, 48) |
14 | #define MCS_TCAM1_MAC_SA_MASK GENMASK_ULL(31, 0) |
15 | #define MCS_TCAM1_ETYPE_MASK GENMASK_ULL(47, 32) |
16 | |
17 | #define MCS_SA_MAP_MEM_SA_USE BIT_ULL(9) |
18 | |
19 | #define MCS_RX_SECY_PLCY_RW_MASK GENMASK_ULL(49, 18) |
20 | #define MCS_RX_SECY_PLCY_RP BIT_ULL(17) |
21 | #define MCS_RX_SECY_PLCY_AUTH_ENA BIT_ULL(16) |
22 | #define MCS_RX_SECY_PLCY_CIP GENMASK_ULL(8, 5) |
23 | #define MCS_RX_SECY_PLCY_VAL GENMASK_ULL(2, 1) |
24 | #define MCS_RX_SECY_PLCY_ENA BIT_ULL(0) |
25 | |
26 | #define MCS_TX_SECY_PLCY_MTU GENMASK_ULL(43, 28) |
27 | #define MCS_TX_SECY_PLCY_ST_TCI GENMASK_ULL(27, 22) |
28 | #define MCS_TX_SECY_PLCY_ST_OFFSET GENMASK_ULL(21, 15) |
29 | #define MCS_TX_SECY_PLCY_INS_MODE BIT_ULL(14) |
30 | #define MCS_TX_SECY_PLCY_AUTH_ENA BIT_ULL(13) |
31 | #define MCS_TX_SECY_PLCY_CIP GENMASK_ULL(5, 2) |
32 | #define MCS_TX_SECY_PLCY_PROTECT BIT_ULL(1) |
33 | #define MCS_TX_SECY_PLCY_ENA BIT_ULL(0) |
34 | |
35 | #define MCS_GCM_AES_128 0 |
36 | #define MCS_GCM_AES_256 1 |
37 | #define MCS_GCM_AES_XPN_128 2 |
38 | #define MCS_GCM_AES_XPN_256 3 |
39 | |
40 | #define MCS_TCI_ES 0x40 /* end station */ |
41 | #define MCS_TCI_SC 0x20 /* SCI present */ |
42 | #define MCS_TCI_SCB 0x10 /* epon */ |
43 | #define MCS_TCI_E 0x08 /* encryption */ |
44 | #define MCS_TCI_C 0x04 /* changed text */ |
45 | |
46 | #define CN10K_MAX_HASH_LEN 16 |
47 | #define CN10K_MAX_SAK_LEN 32 |
48 | |
49 | static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, u8 *sak, |
50 | u16 sak_len, u8 *hash) |
51 | { |
52 | u8 data[CN10K_MAX_HASH_LEN] = { 0 }; |
53 | struct skcipher_request *req = NULL; |
54 | struct scatterlist sg_src, sg_dst; |
55 | struct crypto_skcipher *tfm; |
56 | DECLARE_CRYPTO_WAIT(wait); |
57 | int err; |
58 | |
59 | tfm = crypto_alloc_skcipher(alg_name: "ecb(aes)" , type: 0, mask: 0); |
60 | if (IS_ERR(ptr: tfm)) { |
61 | dev_err(pfvf->dev, "failed to allocate transform for ecb-aes\n" ); |
62 | return PTR_ERR(ptr: tfm); |
63 | } |
64 | |
65 | req = skcipher_request_alloc(tfm, GFP_KERNEL); |
66 | if (!req) { |
67 | dev_err(pfvf->dev, "failed to allocate request for skcipher\n" ); |
68 | err = -ENOMEM; |
69 | goto free_tfm; |
70 | } |
71 | |
72 | err = crypto_skcipher_setkey(tfm, key: sak, keylen: sak_len); |
73 | if (err) { |
74 | dev_err(pfvf->dev, "failed to set key for skcipher\n" ); |
75 | goto free_req; |
76 | } |
77 | |
78 | /* build sg list */ |
79 | sg_init_one(&sg_src, data, CN10K_MAX_HASH_LEN); |
80 | sg_init_one(&sg_dst, hash, CN10K_MAX_HASH_LEN); |
81 | |
82 | skcipher_request_set_callback(req, flags: 0, compl: crypto_req_done, data: &wait); |
83 | skcipher_request_set_crypt(req, src: &sg_src, dst: &sg_dst, |
84 | CN10K_MAX_HASH_LEN, NULL); |
85 | |
86 | err = crypto_skcipher_encrypt(req); |
87 | err = crypto_wait_req(err, wait: &wait); |
88 | |
89 | free_req: |
90 | skcipher_request_free(req); |
91 | free_tfm: |
92 | crypto_free_skcipher(tfm); |
93 | return err; |
94 | } |
95 | |
96 | static struct cn10k_mcs_txsc *cn10k_mcs_get_txsc(struct cn10k_mcs_cfg *cfg, |
97 | struct macsec_secy *secy) |
98 | { |
99 | struct cn10k_mcs_txsc *txsc; |
100 | |
101 | list_for_each_entry(txsc, &cfg->txsc_list, entry) { |
102 | if (txsc->sw_secy == secy) |
103 | return txsc; |
104 | } |
105 | |
106 | return NULL; |
107 | } |
108 | |
109 | static struct cn10k_mcs_rxsc *cn10k_mcs_get_rxsc(struct cn10k_mcs_cfg *cfg, |
110 | struct macsec_secy *secy, |
111 | struct macsec_rx_sc *rx_sc) |
112 | { |
113 | struct cn10k_mcs_rxsc *rxsc; |
114 | |
115 | list_for_each_entry(rxsc, &cfg->rxsc_list, entry) { |
116 | if (rxsc->sw_rxsc == rx_sc && rxsc->sw_secy == secy) |
117 | return rxsc; |
118 | } |
119 | |
120 | return NULL; |
121 | } |
122 | |
123 | static const char *rsrc_name(enum mcs_rsrc_type rsrc_type) |
124 | { |
125 | switch (rsrc_type) { |
126 | case MCS_RSRC_TYPE_FLOWID: |
127 | return "FLOW" ; |
128 | case MCS_RSRC_TYPE_SC: |
129 | return "SC" ; |
130 | case MCS_RSRC_TYPE_SECY: |
131 | return "SECY" ; |
132 | case MCS_RSRC_TYPE_SA: |
133 | return "SA" ; |
134 | default: |
135 | return "Unknown" ; |
136 | }; |
137 | |
138 | return "Unknown" ; |
139 | } |
140 | |
141 | static int cn10k_mcs_alloc_rsrc(struct otx2_nic *pfvf, enum mcs_direction dir, |
142 | enum mcs_rsrc_type type, u16 *rsrc_id) |
143 | { |
144 | struct mbox *mbox = &pfvf->mbox; |
145 | struct mcs_alloc_rsrc_req *req; |
146 | struct mcs_alloc_rsrc_rsp *rsp; |
147 | int ret = -ENOMEM; |
148 | |
149 | mutex_lock(&mbox->lock); |
150 | |
151 | req = otx2_mbox_alloc_msg_mcs_alloc_resources(mbox); |
152 | if (!req) |
153 | goto fail; |
154 | |
155 | req->rsrc_type = type; |
156 | req->rsrc_cnt = 1; |
157 | req->dir = dir; |
158 | |
159 | ret = otx2_sync_mbox_msg(mbox); |
160 | if (ret) |
161 | goto fail; |
162 | |
163 | rsp = (struct mcs_alloc_rsrc_rsp *)otx2_mbox_get_rsp(mbox: &pfvf->mbox.mbox, |
164 | devid: 0, msg: &req->hdr); |
165 | if (IS_ERR(ptr: rsp) || req->rsrc_cnt != rsp->rsrc_cnt || |
166 | req->rsrc_type != rsp->rsrc_type || req->dir != rsp->dir) { |
167 | ret = -EINVAL; |
168 | goto fail; |
169 | } |
170 | |
171 | switch (rsp->rsrc_type) { |
172 | case MCS_RSRC_TYPE_FLOWID: |
173 | *rsrc_id = rsp->flow_ids[0]; |
174 | break; |
175 | case MCS_RSRC_TYPE_SC: |
176 | *rsrc_id = rsp->sc_ids[0]; |
177 | break; |
178 | case MCS_RSRC_TYPE_SECY: |
179 | *rsrc_id = rsp->secy_ids[0]; |
180 | break; |
181 | case MCS_RSRC_TYPE_SA: |
182 | *rsrc_id = rsp->sa_ids[0]; |
183 | break; |
184 | default: |
185 | ret = -EINVAL; |
186 | goto fail; |
187 | } |
188 | |
189 | mutex_unlock(lock: &mbox->lock); |
190 | |
191 | return 0; |
192 | fail: |
193 | dev_err(pfvf->dev, "Failed to allocate %s %s resource\n" , |
194 | dir == MCS_TX ? "TX" : "RX" , rsrc_name(type)); |
195 | mutex_unlock(lock: &mbox->lock); |
196 | return ret; |
197 | } |
198 | |
199 | static void cn10k_mcs_free_rsrc(struct otx2_nic *pfvf, enum mcs_direction dir, |
200 | enum mcs_rsrc_type type, u16 hw_rsrc_id, |
201 | bool all) |
202 | { |
203 | struct mcs_clear_stats *clear_req; |
204 | struct mbox *mbox = &pfvf->mbox; |
205 | struct mcs_free_rsrc_req *req; |
206 | |
207 | mutex_lock(&mbox->lock); |
208 | |
209 | clear_req = otx2_mbox_alloc_msg_mcs_clear_stats(mbox); |
210 | if (!clear_req) |
211 | goto fail; |
212 | |
213 | clear_req->id = hw_rsrc_id; |
214 | clear_req->type = type; |
215 | clear_req->dir = dir; |
216 | |
217 | req = otx2_mbox_alloc_msg_mcs_free_resources(mbox); |
218 | if (!req) |
219 | goto fail; |
220 | |
221 | req->rsrc_id = hw_rsrc_id; |
222 | req->rsrc_type = type; |
223 | req->dir = dir; |
224 | if (all) |
225 | req->all = 1; |
226 | |
227 | if (otx2_sync_mbox_msg(mbox: &pfvf->mbox)) |
228 | goto fail; |
229 | |
230 | mutex_unlock(lock: &mbox->lock); |
231 | |
232 | return; |
233 | fail: |
234 | dev_err(pfvf->dev, "Failed to free %s %s resource\n" , |
235 | dir == MCS_TX ? "TX" : "RX" , rsrc_name(type)); |
236 | mutex_unlock(lock: &mbox->lock); |
237 | } |
238 | |
239 | static int cn10k_mcs_alloc_txsa(struct otx2_nic *pfvf, u16 *hw_sa_id) |
240 | { |
241 | return cn10k_mcs_alloc_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_SA, rsrc_id: hw_sa_id); |
242 | } |
243 | |
244 | static int cn10k_mcs_alloc_rxsa(struct otx2_nic *pfvf, u16 *hw_sa_id) |
245 | { |
246 | return cn10k_mcs_alloc_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_SA, rsrc_id: hw_sa_id); |
247 | } |
248 | |
249 | static void cn10k_mcs_free_txsa(struct otx2_nic *pfvf, u16 hw_sa_id) |
250 | { |
251 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_SA, hw_rsrc_id: hw_sa_id, all: false); |
252 | } |
253 | |
254 | static void cn10k_mcs_free_rxsa(struct otx2_nic *pfvf, u16 hw_sa_id) |
255 | { |
256 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_SA, hw_rsrc_id: hw_sa_id, all: false); |
257 | } |
258 | |
259 | static int cn10k_mcs_write_rx_secy(struct otx2_nic *pfvf, |
260 | struct macsec_secy *secy, u8 hw_secy_id) |
261 | { |
262 | struct mcs_secy_plcy_write_req *req; |
263 | struct mbox *mbox = &pfvf->mbox; |
264 | u64 policy; |
265 | u8 cipher; |
266 | int ret; |
267 | |
268 | mutex_lock(&mbox->lock); |
269 | |
270 | req = otx2_mbox_alloc_msg_mcs_secy_plcy_write(mbox); |
271 | if (!req) { |
272 | ret = -ENOMEM; |
273 | goto fail; |
274 | } |
275 | |
276 | policy = FIELD_PREP(MCS_RX_SECY_PLCY_RW_MASK, secy->replay_window); |
277 | if (secy->replay_protect) |
278 | policy |= MCS_RX_SECY_PLCY_RP; |
279 | |
280 | policy |= MCS_RX_SECY_PLCY_AUTH_ENA; |
281 | |
282 | switch (secy->key_len) { |
283 | case 16: |
284 | cipher = secy->xpn ? MCS_GCM_AES_XPN_128 : MCS_GCM_AES_128; |
285 | break; |
286 | case 32: |
287 | cipher = secy->xpn ? MCS_GCM_AES_XPN_256 : MCS_GCM_AES_256; |
288 | break; |
289 | default: |
290 | cipher = MCS_GCM_AES_128; |
291 | dev_warn(pfvf->dev, "Unsupported key length\n" ); |
292 | break; |
293 | } |
294 | |
295 | policy |= FIELD_PREP(MCS_RX_SECY_PLCY_CIP, cipher); |
296 | policy |= FIELD_PREP(MCS_RX_SECY_PLCY_VAL, secy->validate_frames); |
297 | |
298 | policy |= MCS_RX_SECY_PLCY_ENA; |
299 | |
300 | req->plcy = policy; |
301 | req->secy_id = hw_secy_id; |
302 | req->dir = MCS_RX; |
303 | |
304 | ret = otx2_sync_mbox_msg(mbox); |
305 | |
306 | fail: |
307 | mutex_unlock(lock: &mbox->lock); |
308 | return ret; |
309 | } |
310 | |
311 | static int cn10k_mcs_write_rx_flowid(struct otx2_nic *pfvf, |
312 | struct cn10k_mcs_rxsc *rxsc, u8 hw_secy_id) |
313 | { |
314 | struct macsec_rx_sc *sw_rx_sc = rxsc->sw_rxsc; |
315 | struct macsec_secy *secy = rxsc->sw_secy; |
316 | struct mcs_flowid_entry_write_req *req; |
317 | struct mbox *mbox = &pfvf->mbox; |
318 | u64 mac_da; |
319 | int ret; |
320 | |
321 | mutex_lock(&mbox->lock); |
322 | |
323 | req = otx2_mbox_alloc_msg_mcs_flowid_entry_write(mbox); |
324 | if (!req) { |
325 | ret = -ENOMEM; |
326 | goto fail; |
327 | } |
328 | |
329 | mac_da = ether_addr_to_u64(addr: secy->netdev->dev_addr); |
330 | |
331 | req->data[0] = FIELD_PREP(MCS_TCAM0_MAC_DA_MASK, mac_da); |
332 | req->mask[0] = ~0ULL; |
333 | req->mask[0] = ~MCS_TCAM0_MAC_DA_MASK; |
334 | |
335 | req->data[1] = FIELD_PREP(MCS_TCAM1_ETYPE_MASK, ETH_P_MACSEC); |
336 | req->mask[1] = ~0ULL; |
337 | req->mask[1] &= ~MCS_TCAM1_ETYPE_MASK; |
338 | |
339 | req->mask[2] = ~0ULL; |
340 | req->mask[3] = ~0ULL; |
341 | |
342 | req->flow_id = rxsc->hw_flow_id; |
343 | req->secy_id = hw_secy_id; |
344 | req->sc_id = rxsc->hw_sc_id; |
345 | req->dir = MCS_RX; |
346 | |
347 | if (sw_rx_sc->active) |
348 | req->ena = 1; |
349 | |
350 | ret = otx2_sync_mbox_msg(mbox); |
351 | |
352 | fail: |
353 | mutex_unlock(lock: &mbox->lock); |
354 | return ret; |
355 | } |
356 | |
357 | static int cn10k_mcs_write_sc_cam(struct otx2_nic *pfvf, |
358 | struct cn10k_mcs_rxsc *rxsc, u8 hw_secy_id) |
359 | { |
360 | struct macsec_rx_sc *sw_rx_sc = rxsc->sw_rxsc; |
361 | struct mcs_rx_sc_cam_write_req *sc_req; |
362 | struct mbox *mbox = &pfvf->mbox; |
363 | int ret; |
364 | |
365 | mutex_lock(&mbox->lock); |
366 | |
367 | sc_req = otx2_mbox_alloc_msg_mcs_rx_sc_cam_write(mbox); |
368 | if (!sc_req) { |
369 | ret = -ENOMEM; |
370 | goto fail; |
371 | } |
372 | |
373 | sc_req->sci = (__force u64)cpu_to_be64((__force u64)sw_rx_sc->sci); |
374 | sc_req->sc_id = rxsc->hw_sc_id; |
375 | sc_req->secy_id = hw_secy_id; |
376 | |
377 | ret = otx2_sync_mbox_msg(mbox); |
378 | |
379 | fail: |
380 | mutex_unlock(lock: &mbox->lock); |
381 | return ret; |
382 | } |
383 | |
384 | static int cn10k_mcs_write_keys(struct otx2_nic *pfvf, |
385 | struct macsec_secy *secy, |
386 | struct mcs_sa_plcy_write_req *req, |
387 | u8 *sak, u8 *salt, ssci_t ssci) |
388 | { |
389 | u8 hash_rev[CN10K_MAX_HASH_LEN]; |
390 | u8 sak_rev[CN10K_MAX_SAK_LEN]; |
391 | u8 salt_rev[MACSEC_SALT_LEN]; |
392 | u8 hash[CN10K_MAX_HASH_LEN]; |
393 | u32 ssci_63_32; |
394 | int err, i; |
395 | |
396 | err = cn10k_ecb_aes_encrypt(pfvf, sak, sak_len: secy->key_len, hash); |
397 | if (err) { |
398 | dev_err(pfvf->dev, "Generating hash using ECB(AES) failed\n" ); |
399 | return err; |
400 | } |
401 | |
402 | for (i = 0; i < secy->key_len; i++) |
403 | sak_rev[i] = sak[secy->key_len - 1 - i]; |
404 | |
405 | for (i = 0; i < CN10K_MAX_HASH_LEN; i++) |
406 | hash_rev[i] = hash[CN10K_MAX_HASH_LEN - 1 - i]; |
407 | |
408 | for (i = 0; i < MACSEC_SALT_LEN; i++) |
409 | salt_rev[i] = salt[MACSEC_SALT_LEN - 1 - i]; |
410 | |
411 | ssci_63_32 = (__force u32)cpu_to_be32((__force u32)ssci); |
412 | |
413 | memcpy(&req->plcy[0][0], sak_rev, secy->key_len); |
414 | memcpy(&req->plcy[0][4], hash_rev, CN10K_MAX_HASH_LEN); |
415 | memcpy(&req->plcy[0][6], salt_rev, MACSEC_SALT_LEN); |
416 | req->plcy[0][7] |= (u64)ssci_63_32 << 32; |
417 | |
418 | return 0; |
419 | } |
420 | |
421 | static int cn10k_mcs_write_rx_sa_plcy(struct otx2_nic *pfvf, |
422 | struct macsec_secy *secy, |
423 | struct cn10k_mcs_rxsc *rxsc, |
424 | u8 assoc_num, bool sa_in_use) |
425 | { |
426 | struct mcs_sa_plcy_write_req *plcy_req; |
427 | u8 *sak = rxsc->sa_key[assoc_num]; |
428 | u8 *salt = rxsc->salt[assoc_num]; |
429 | struct mcs_rx_sc_sa_map *map_req; |
430 | struct mbox *mbox = &pfvf->mbox; |
431 | int ret; |
432 | |
433 | mutex_lock(&mbox->lock); |
434 | |
435 | plcy_req = otx2_mbox_alloc_msg_mcs_sa_plcy_write(mbox); |
436 | if (!plcy_req) { |
437 | ret = -ENOMEM; |
438 | goto fail; |
439 | } |
440 | |
441 | map_req = otx2_mbox_alloc_msg_mcs_rx_sc_sa_map_write(mbox); |
442 | if (!map_req) { |
443 | otx2_mbox_reset(mbox: &mbox->mbox, devid: 0); |
444 | ret = -ENOMEM; |
445 | goto fail; |
446 | } |
447 | |
448 | ret = cn10k_mcs_write_keys(pfvf, secy, req: plcy_req, sak, |
449 | salt, ssci: rxsc->ssci[assoc_num]); |
450 | if (ret) |
451 | goto fail; |
452 | |
453 | plcy_req->sa_index[0] = rxsc->hw_sa_id[assoc_num]; |
454 | plcy_req->sa_cnt = 1; |
455 | plcy_req->dir = MCS_RX; |
456 | |
457 | map_req->sa_index = rxsc->hw_sa_id[assoc_num]; |
458 | map_req->sa_in_use = sa_in_use; |
459 | map_req->sc_id = rxsc->hw_sc_id; |
460 | map_req->an = assoc_num; |
461 | |
462 | /* Send two messages together */ |
463 | ret = otx2_sync_mbox_msg(mbox); |
464 | |
465 | fail: |
466 | mutex_unlock(lock: &mbox->lock); |
467 | return ret; |
468 | } |
469 | |
470 | static int cn10k_mcs_write_rx_sa_pn(struct otx2_nic *pfvf, |
471 | struct cn10k_mcs_rxsc *rxsc, |
472 | u8 assoc_num, u64 next_pn) |
473 | { |
474 | struct mcs_pn_table_write_req *req; |
475 | struct mbox *mbox = &pfvf->mbox; |
476 | int ret; |
477 | |
478 | mutex_lock(&mbox->lock); |
479 | |
480 | req = otx2_mbox_alloc_msg_mcs_pn_table_write(mbox); |
481 | if (!req) { |
482 | ret = -ENOMEM; |
483 | goto fail; |
484 | } |
485 | |
486 | req->pn_id = rxsc->hw_sa_id[assoc_num]; |
487 | req->next_pn = next_pn; |
488 | req->dir = MCS_RX; |
489 | |
490 | ret = otx2_sync_mbox_msg(mbox); |
491 | |
492 | fail: |
493 | mutex_unlock(lock: &mbox->lock); |
494 | return ret; |
495 | } |
496 | |
497 | static int cn10k_mcs_write_tx_secy(struct otx2_nic *pfvf, |
498 | struct macsec_secy *secy, |
499 | struct cn10k_mcs_txsc *txsc) |
500 | { |
501 | struct mcs_secy_plcy_write_req *req; |
502 | struct mbox *mbox = &pfvf->mbox; |
503 | struct macsec_tx_sc *sw_tx_sc; |
504 | u8 sectag_tci = 0; |
505 | u8 tag_offset; |
506 | u64 policy; |
507 | u8 cipher; |
508 | int ret; |
509 | |
510 | /* Insert SecTag after 12 bytes (DA+SA) or 16 bytes |
511 | * if VLAN tag needs to be sent in clear text. |
512 | */ |
513 | tag_offset = txsc->vlan_dev ? 16 : 12; |
514 | sw_tx_sc = &secy->tx_sc; |
515 | |
516 | mutex_lock(&mbox->lock); |
517 | |
518 | req = otx2_mbox_alloc_msg_mcs_secy_plcy_write(mbox); |
519 | if (!req) { |
520 | ret = -ENOMEM; |
521 | goto fail; |
522 | } |
523 | |
524 | if (sw_tx_sc->send_sci) { |
525 | sectag_tci |= MCS_TCI_SC; |
526 | } else { |
527 | if (sw_tx_sc->end_station) |
528 | sectag_tci |= MCS_TCI_ES; |
529 | if (sw_tx_sc->scb) |
530 | sectag_tci |= MCS_TCI_SCB; |
531 | } |
532 | |
533 | if (sw_tx_sc->encrypt) |
534 | sectag_tci |= (MCS_TCI_E | MCS_TCI_C); |
535 | |
536 | policy = FIELD_PREP(MCS_TX_SECY_PLCY_MTU, secy->netdev->mtu); |
537 | /* Write SecTag excluding AN bits(1..0) */ |
538 | policy |= FIELD_PREP(MCS_TX_SECY_PLCY_ST_TCI, sectag_tci >> 2); |
539 | policy |= FIELD_PREP(MCS_TX_SECY_PLCY_ST_OFFSET, tag_offset); |
540 | policy |= MCS_TX_SECY_PLCY_INS_MODE; |
541 | policy |= MCS_TX_SECY_PLCY_AUTH_ENA; |
542 | |
543 | switch (secy->key_len) { |
544 | case 16: |
545 | cipher = secy->xpn ? MCS_GCM_AES_XPN_128 : MCS_GCM_AES_128; |
546 | break; |
547 | case 32: |
548 | cipher = secy->xpn ? MCS_GCM_AES_XPN_256 : MCS_GCM_AES_256; |
549 | break; |
550 | default: |
551 | cipher = MCS_GCM_AES_128; |
552 | dev_warn(pfvf->dev, "Unsupported key length\n" ); |
553 | break; |
554 | } |
555 | |
556 | policy |= FIELD_PREP(MCS_TX_SECY_PLCY_CIP, cipher); |
557 | |
558 | if (secy->protect_frames) |
559 | policy |= MCS_TX_SECY_PLCY_PROTECT; |
560 | |
561 | /* If the encodingsa does not exist/active and protect is |
562 | * not set then frames can be sent out as it is. Hence enable |
563 | * the policy irrespective of secy operational when !protect. |
564 | */ |
565 | if (!secy->protect_frames || secy->operational) |
566 | policy |= MCS_TX_SECY_PLCY_ENA; |
567 | |
568 | req->plcy = policy; |
569 | req->secy_id = txsc->hw_secy_id_tx; |
570 | req->dir = MCS_TX; |
571 | |
572 | ret = otx2_sync_mbox_msg(mbox); |
573 | |
574 | fail: |
575 | mutex_unlock(lock: &mbox->lock); |
576 | return ret; |
577 | } |
578 | |
579 | static int cn10k_mcs_write_tx_flowid(struct otx2_nic *pfvf, |
580 | struct macsec_secy *secy, |
581 | struct cn10k_mcs_txsc *txsc) |
582 | { |
583 | struct mcs_flowid_entry_write_req *req; |
584 | struct mbox *mbox = &pfvf->mbox; |
585 | u64 mac_sa; |
586 | int ret; |
587 | |
588 | mutex_lock(&mbox->lock); |
589 | |
590 | req = otx2_mbox_alloc_msg_mcs_flowid_entry_write(mbox); |
591 | if (!req) { |
592 | ret = -ENOMEM; |
593 | goto fail; |
594 | } |
595 | |
596 | mac_sa = ether_addr_to_u64(addr: secy->netdev->dev_addr); |
597 | |
598 | req->data[0] = FIELD_PREP(MCS_TCAM0_MAC_SA_MASK, mac_sa); |
599 | req->data[1] = FIELD_PREP(MCS_TCAM1_MAC_SA_MASK, mac_sa >> 16); |
600 | |
601 | req->mask[0] = ~0ULL; |
602 | req->mask[0] &= ~MCS_TCAM0_MAC_SA_MASK; |
603 | |
604 | req->mask[1] = ~0ULL; |
605 | req->mask[1] &= ~MCS_TCAM1_MAC_SA_MASK; |
606 | |
607 | req->mask[2] = ~0ULL; |
608 | req->mask[3] = ~0ULL; |
609 | |
610 | req->flow_id = txsc->hw_flow_id; |
611 | req->secy_id = txsc->hw_secy_id_tx; |
612 | req->sc_id = txsc->hw_sc_id; |
613 | req->sci = (__force u64)cpu_to_be64((__force u64)secy->sci); |
614 | req->dir = MCS_TX; |
615 | /* This can be enabled since stack xmits packets only when interface is up */ |
616 | req->ena = 1; |
617 | |
618 | ret = otx2_sync_mbox_msg(mbox); |
619 | |
620 | fail: |
621 | mutex_unlock(lock: &mbox->lock); |
622 | return ret; |
623 | } |
624 | |
625 | static int cn10k_mcs_link_tx_sa2sc(struct otx2_nic *pfvf, |
626 | struct macsec_secy *secy, |
627 | struct cn10k_mcs_txsc *txsc, |
628 | u8 sa_num, bool sa_active) |
629 | { |
630 | struct mcs_tx_sc_sa_map *map_req; |
631 | struct mbox *mbox = &pfvf->mbox; |
632 | int ret; |
633 | |
634 | /* Link the encoding_sa only to SC out of all SAs */ |
635 | if (txsc->encoding_sa != sa_num) |
636 | return 0; |
637 | |
638 | mutex_lock(&mbox->lock); |
639 | |
640 | map_req = otx2_mbox_alloc_msg_mcs_tx_sc_sa_map_write(mbox); |
641 | if (!map_req) { |
642 | otx2_mbox_reset(mbox: &mbox->mbox, devid: 0); |
643 | ret = -ENOMEM; |
644 | goto fail; |
645 | } |
646 | |
647 | map_req->sa_index0 = txsc->hw_sa_id[sa_num]; |
648 | map_req->sa_index0_vld = sa_active; |
649 | map_req->sectag_sci = (__force u64)cpu_to_be64((__force u64)secy->sci); |
650 | map_req->sc_id = txsc->hw_sc_id; |
651 | |
652 | ret = otx2_sync_mbox_msg(mbox); |
653 | |
654 | fail: |
655 | mutex_unlock(lock: &mbox->lock); |
656 | return ret; |
657 | } |
658 | |
659 | static int cn10k_mcs_write_tx_sa_plcy(struct otx2_nic *pfvf, |
660 | struct macsec_secy *secy, |
661 | struct cn10k_mcs_txsc *txsc, |
662 | u8 assoc_num) |
663 | { |
664 | struct mcs_sa_plcy_write_req *plcy_req; |
665 | u8 *sak = txsc->sa_key[assoc_num]; |
666 | u8 *salt = txsc->salt[assoc_num]; |
667 | struct mbox *mbox = &pfvf->mbox; |
668 | int ret; |
669 | |
670 | mutex_lock(&mbox->lock); |
671 | |
672 | plcy_req = otx2_mbox_alloc_msg_mcs_sa_plcy_write(mbox); |
673 | if (!plcy_req) { |
674 | ret = -ENOMEM; |
675 | goto fail; |
676 | } |
677 | |
678 | ret = cn10k_mcs_write_keys(pfvf, secy, req: plcy_req, sak, |
679 | salt, ssci: txsc->ssci[assoc_num]); |
680 | if (ret) |
681 | goto fail; |
682 | |
683 | plcy_req->plcy[0][8] = assoc_num; |
684 | plcy_req->sa_index[0] = txsc->hw_sa_id[assoc_num]; |
685 | plcy_req->sa_cnt = 1; |
686 | plcy_req->dir = MCS_TX; |
687 | |
688 | ret = otx2_sync_mbox_msg(mbox); |
689 | |
690 | fail: |
691 | mutex_unlock(lock: &mbox->lock); |
692 | return ret; |
693 | } |
694 | |
695 | static int cn10k_write_tx_sa_pn(struct otx2_nic *pfvf, |
696 | struct cn10k_mcs_txsc *txsc, |
697 | u8 assoc_num, u64 next_pn) |
698 | { |
699 | struct mcs_pn_table_write_req *req; |
700 | struct mbox *mbox = &pfvf->mbox; |
701 | int ret; |
702 | |
703 | mutex_lock(&mbox->lock); |
704 | |
705 | req = otx2_mbox_alloc_msg_mcs_pn_table_write(mbox); |
706 | if (!req) { |
707 | ret = -ENOMEM; |
708 | goto fail; |
709 | } |
710 | |
711 | req->pn_id = txsc->hw_sa_id[assoc_num]; |
712 | req->next_pn = next_pn; |
713 | req->dir = MCS_TX; |
714 | |
715 | ret = otx2_sync_mbox_msg(mbox); |
716 | |
717 | fail: |
718 | mutex_unlock(lock: &mbox->lock); |
719 | return ret; |
720 | } |
721 | |
722 | static int cn10k_mcs_ena_dis_flowid(struct otx2_nic *pfvf, u16 hw_flow_id, |
723 | bool enable, enum mcs_direction dir) |
724 | { |
725 | struct mcs_flowid_ena_dis_entry *req; |
726 | struct mbox *mbox = &pfvf->mbox; |
727 | int ret; |
728 | |
729 | mutex_lock(&mbox->lock); |
730 | |
731 | req = otx2_mbox_alloc_msg_mcs_flowid_ena_entry(mbox); |
732 | if (!req) { |
733 | ret = -ENOMEM; |
734 | goto fail; |
735 | } |
736 | |
737 | req->flow_id = hw_flow_id; |
738 | req->ena = enable; |
739 | req->dir = dir; |
740 | |
741 | ret = otx2_sync_mbox_msg(mbox); |
742 | |
743 | fail: |
744 | mutex_unlock(lock: &mbox->lock); |
745 | return ret; |
746 | } |
747 | |
748 | static int cn10k_mcs_sa_stats(struct otx2_nic *pfvf, u8 hw_sa_id, |
749 | struct mcs_sa_stats *rsp_p, |
750 | enum mcs_direction dir, bool clear) |
751 | { |
752 | struct mcs_clear_stats *clear_req; |
753 | struct mbox *mbox = &pfvf->mbox; |
754 | struct mcs_stats_req *req; |
755 | struct mcs_sa_stats *rsp; |
756 | int ret; |
757 | |
758 | mutex_lock(&mbox->lock); |
759 | |
760 | req = otx2_mbox_alloc_msg_mcs_get_sa_stats(mbox); |
761 | if (!req) { |
762 | ret = -ENOMEM; |
763 | goto fail; |
764 | } |
765 | |
766 | req->id = hw_sa_id; |
767 | req->dir = dir; |
768 | |
769 | if (!clear) |
770 | goto send_msg; |
771 | |
772 | clear_req = otx2_mbox_alloc_msg_mcs_clear_stats(mbox); |
773 | if (!clear_req) { |
774 | ret = -ENOMEM; |
775 | goto fail; |
776 | } |
777 | clear_req->id = hw_sa_id; |
778 | clear_req->dir = dir; |
779 | clear_req->type = MCS_RSRC_TYPE_SA; |
780 | |
781 | send_msg: |
782 | ret = otx2_sync_mbox_msg(mbox); |
783 | if (ret) |
784 | goto fail; |
785 | |
786 | rsp = (struct mcs_sa_stats *)otx2_mbox_get_rsp(mbox: &pfvf->mbox.mbox, |
787 | devid: 0, msg: &req->hdr); |
788 | if (IS_ERR(ptr: rsp)) { |
789 | ret = PTR_ERR(ptr: rsp); |
790 | goto fail; |
791 | } |
792 | |
793 | memcpy(rsp_p, rsp, sizeof(*rsp_p)); |
794 | |
795 | mutex_unlock(lock: &mbox->lock); |
796 | |
797 | return 0; |
798 | fail: |
799 | mutex_unlock(lock: &mbox->lock); |
800 | return ret; |
801 | } |
802 | |
803 | static int cn10k_mcs_sc_stats(struct otx2_nic *pfvf, u8 hw_sc_id, |
804 | struct mcs_sc_stats *rsp_p, |
805 | enum mcs_direction dir, bool clear) |
806 | { |
807 | struct mcs_clear_stats *clear_req; |
808 | struct mbox *mbox = &pfvf->mbox; |
809 | struct mcs_stats_req *req; |
810 | struct mcs_sc_stats *rsp; |
811 | int ret; |
812 | |
813 | mutex_lock(&mbox->lock); |
814 | |
815 | req = otx2_mbox_alloc_msg_mcs_get_sc_stats(mbox); |
816 | if (!req) { |
817 | ret = -ENOMEM; |
818 | goto fail; |
819 | } |
820 | |
821 | req->id = hw_sc_id; |
822 | req->dir = dir; |
823 | |
824 | if (!clear) |
825 | goto send_msg; |
826 | |
827 | clear_req = otx2_mbox_alloc_msg_mcs_clear_stats(mbox); |
828 | if (!clear_req) { |
829 | ret = -ENOMEM; |
830 | goto fail; |
831 | } |
832 | clear_req->id = hw_sc_id; |
833 | clear_req->dir = dir; |
834 | clear_req->type = MCS_RSRC_TYPE_SC; |
835 | |
836 | send_msg: |
837 | ret = otx2_sync_mbox_msg(mbox); |
838 | if (ret) |
839 | goto fail; |
840 | |
841 | rsp = (struct mcs_sc_stats *)otx2_mbox_get_rsp(mbox: &pfvf->mbox.mbox, |
842 | devid: 0, msg: &req->hdr); |
843 | if (IS_ERR(ptr: rsp)) { |
844 | ret = PTR_ERR(ptr: rsp); |
845 | goto fail; |
846 | } |
847 | |
848 | memcpy(rsp_p, rsp, sizeof(*rsp_p)); |
849 | |
850 | mutex_unlock(lock: &mbox->lock); |
851 | |
852 | return 0; |
853 | fail: |
854 | mutex_unlock(lock: &mbox->lock); |
855 | return ret; |
856 | } |
857 | |
858 | static int cn10k_mcs_secy_stats(struct otx2_nic *pfvf, u8 hw_secy_id, |
859 | struct mcs_secy_stats *rsp_p, |
860 | enum mcs_direction dir, bool clear) |
861 | { |
862 | struct mcs_clear_stats *clear_req; |
863 | struct mbox *mbox = &pfvf->mbox; |
864 | struct mcs_secy_stats *rsp; |
865 | struct mcs_stats_req *req; |
866 | int ret; |
867 | |
868 | mutex_lock(&mbox->lock); |
869 | |
870 | req = otx2_mbox_alloc_msg_mcs_get_secy_stats(mbox); |
871 | if (!req) { |
872 | ret = -ENOMEM; |
873 | goto fail; |
874 | } |
875 | |
876 | req->id = hw_secy_id; |
877 | req->dir = dir; |
878 | |
879 | if (!clear) |
880 | goto send_msg; |
881 | |
882 | clear_req = otx2_mbox_alloc_msg_mcs_clear_stats(mbox); |
883 | if (!clear_req) { |
884 | ret = -ENOMEM; |
885 | goto fail; |
886 | } |
887 | clear_req->id = hw_secy_id; |
888 | clear_req->dir = dir; |
889 | clear_req->type = MCS_RSRC_TYPE_SECY; |
890 | |
891 | send_msg: |
892 | ret = otx2_sync_mbox_msg(mbox); |
893 | if (ret) |
894 | goto fail; |
895 | |
896 | rsp = (struct mcs_secy_stats *)otx2_mbox_get_rsp(mbox: &pfvf->mbox.mbox, |
897 | devid: 0, msg: &req->hdr); |
898 | if (IS_ERR(ptr: rsp)) { |
899 | ret = PTR_ERR(ptr: rsp); |
900 | goto fail; |
901 | } |
902 | |
903 | memcpy(rsp_p, rsp, sizeof(*rsp_p)); |
904 | |
905 | mutex_unlock(lock: &mbox->lock); |
906 | |
907 | return 0; |
908 | fail: |
909 | mutex_unlock(lock: &mbox->lock); |
910 | return ret; |
911 | } |
912 | |
913 | static struct cn10k_mcs_txsc *cn10k_mcs_create_txsc(struct otx2_nic *pfvf) |
914 | { |
915 | struct cn10k_mcs_txsc *txsc; |
916 | int ret; |
917 | |
918 | txsc = kzalloc(size: sizeof(*txsc), GFP_KERNEL); |
919 | if (!txsc) |
920 | return ERR_PTR(error: -ENOMEM); |
921 | |
922 | ret = cn10k_mcs_alloc_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_FLOWID, |
923 | rsrc_id: &txsc->hw_flow_id); |
924 | if (ret) |
925 | goto fail; |
926 | |
927 | /* For a SecY, one TX secy and one RX secy HW resources are needed */ |
928 | ret = cn10k_mcs_alloc_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_SECY, |
929 | rsrc_id: &txsc->hw_secy_id_tx); |
930 | if (ret) |
931 | goto free_flowid; |
932 | |
933 | ret = cn10k_mcs_alloc_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_SECY, |
934 | rsrc_id: &txsc->hw_secy_id_rx); |
935 | if (ret) |
936 | goto free_tx_secy; |
937 | |
938 | ret = cn10k_mcs_alloc_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_SC, |
939 | rsrc_id: &txsc->hw_sc_id); |
940 | if (ret) |
941 | goto free_rx_secy; |
942 | |
943 | return txsc; |
944 | free_rx_secy: |
945 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_SECY, |
946 | hw_rsrc_id: txsc->hw_secy_id_rx, all: false); |
947 | free_tx_secy: |
948 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_SECY, |
949 | hw_rsrc_id: txsc->hw_secy_id_tx, all: false); |
950 | free_flowid: |
951 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_FLOWID, |
952 | hw_rsrc_id: txsc->hw_flow_id, all: false); |
953 | fail: |
954 | kfree(objp: txsc); |
955 | return ERR_PTR(error: ret); |
956 | } |
957 | |
958 | /* Free Tx SC and its SAs(if any) resources to AF |
959 | */ |
960 | static void cn10k_mcs_delete_txsc(struct otx2_nic *pfvf, |
961 | struct cn10k_mcs_txsc *txsc) |
962 | { |
963 | u8 sa_bmap = txsc->sa_bmap; |
964 | u8 sa_num = 0; |
965 | |
966 | while (sa_bmap) { |
967 | if (sa_bmap & 1) { |
968 | cn10k_mcs_write_tx_sa_plcy(pfvf, secy: txsc->sw_secy, |
969 | txsc, assoc_num: sa_num); |
970 | cn10k_mcs_free_txsa(pfvf, hw_sa_id: txsc->hw_sa_id[sa_num]); |
971 | } |
972 | sa_num++; |
973 | sa_bmap >>= 1; |
974 | } |
975 | |
976 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_SC, |
977 | hw_rsrc_id: txsc->hw_sc_id, all: false); |
978 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_SECY, |
979 | hw_rsrc_id: txsc->hw_secy_id_rx, all: false); |
980 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_SECY, |
981 | hw_rsrc_id: txsc->hw_secy_id_tx, all: false); |
982 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_FLOWID, |
983 | hw_rsrc_id: txsc->hw_flow_id, all: false); |
984 | } |
985 | |
986 | static struct cn10k_mcs_rxsc *cn10k_mcs_create_rxsc(struct otx2_nic *pfvf) |
987 | { |
988 | struct cn10k_mcs_rxsc *rxsc; |
989 | int ret; |
990 | |
991 | rxsc = kzalloc(size: sizeof(*rxsc), GFP_KERNEL); |
992 | if (!rxsc) |
993 | return ERR_PTR(error: -ENOMEM); |
994 | |
995 | ret = cn10k_mcs_alloc_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_FLOWID, |
996 | rsrc_id: &rxsc->hw_flow_id); |
997 | if (ret) |
998 | goto fail; |
999 | |
1000 | ret = cn10k_mcs_alloc_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_SC, |
1001 | rsrc_id: &rxsc->hw_sc_id); |
1002 | if (ret) |
1003 | goto free_flowid; |
1004 | |
1005 | return rxsc; |
1006 | free_flowid: |
1007 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_FLOWID, |
1008 | hw_rsrc_id: rxsc->hw_flow_id, all: false); |
1009 | fail: |
1010 | kfree(objp: rxsc); |
1011 | return ERR_PTR(error: ret); |
1012 | } |
1013 | |
1014 | /* Free Rx SC and its SAs(if any) resources to AF |
1015 | */ |
1016 | static void cn10k_mcs_delete_rxsc(struct otx2_nic *pfvf, |
1017 | struct cn10k_mcs_rxsc *rxsc) |
1018 | { |
1019 | u8 sa_bmap = rxsc->sa_bmap; |
1020 | u8 sa_num = 0; |
1021 | |
1022 | while (sa_bmap) { |
1023 | if (sa_bmap & 1) { |
1024 | cn10k_mcs_write_rx_sa_plcy(pfvf, secy: rxsc->sw_secy, rxsc, |
1025 | assoc_num: sa_num, sa_in_use: false); |
1026 | cn10k_mcs_free_rxsa(pfvf, hw_sa_id: rxsc->hw_sa_id[sa_num]); |
1027 | } |
1028 | sa_num++; |
1029 | sa_bmap >>= 1; |
1030 | } |
1031 | |
1032 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_SC, |
1033 | hw_rsrc_id: rxsc->hw_sc_id, all: false); |
1034 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_FLOWID, |
1035 | hw_rsrc_id: rxsc->hw_flow_id, all: false); |
1036 | } |
1037 | |
1038 | static int cn10k_mcs_secy_tx_cfg(struct otx2_nic *pfvf, struct macsec_secy *secy, |
1039 | struct cn10k_mcs_txsc *txsc, |
1040 | struct macsec_tx_sa *sw_tx_sa, u8 sa_num) |
1041 | { |
1042 | if (sw_tx_sa) { |
1043 | cn10k_mcs_write_tx_sa_plcy(pfvf, secy, txsc, assoc_num: sa_num); |
1044 | cn10k_write_tx_sa_pn(pfvf, txsc, assoc_num: sa_num, next_pn: sw_tx_sa->next_pn); |
1045 | cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc, sa_num, |
1046 | sa_active: sw_tx_sa->active); |
1047 | } |
1048 | |
1049 | cn10k_mcs_write_tx_secy(pfvf, secy, txsc); |
1050 | cn10k_mcs_write_tx_flowid(pfvf, secy, txsc); |
1051 | /* When updating secy, change RX secy also */ |
1052 | cn10k_mcs_write_rx_secy(pfvf, secy, hw_secy_id: txsc->hw_secy_id_rx); |
1053 | |
1054 | return 0; |
1055 | } |
1056 | |
1057 | static int cn10k_mcs_secy_rx_cfg(struct otx2_nic *pfvf, |
1058 | struct macsec_secy *secy, u8 hw_secy_id) |
1059 | { |
1060 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1061 | struct cn10k_mcs_rxsc *mcs_rx_sc; |
1062 | struct macsec_rx_sc *sw_rx_sc; |
1063 | struct macsec_rx_sa *sw_rx_sa; |
1064 | u8 sa_num; |
1065 | |
1066 | for (sw_rx_sc = rcu_dereference_bh(secy->rx_sc); sw_rx_sc && sw_rx_sc->active; |
1067 | sw_rx_sc = rcu_dereference_bh(sw_rx_sc->next)) { |
1068 | mcs_rx_sc = cn10k_mcs_get_rxsc(cfg, secy, rx_sc: sw_rx_sc); |
1069 | if (unlikely(!mcs_rx_sc)) |
1070 | continue; |
1071 | |
1072 | for (sa_num = 0; sa_num < CN10K_MCS_SA_PER_SC; sa_num++) { |
1073 | sw_rx_sa = rcu_dereference_bh(sw_rx_sc->sa[sa_num]); |
1074 | if (!sw_rx_sa) |
1075 | continue; |
1076 | |
1077 | cn10k_mcs_write_rx_sa_plcy(pfvf, secy, rxsc: mcs_rx_sc, |
1078 | assoc_num: sa_num, sa_in_use: sw_rx_sa->active); |
1079 | cn10k_mcs_write_rx_sa_pn(pfvf, rxsc: mcs_rx_sc, assoc_num: sa_num, |
1080 | next_pn: sw_rx_sa->next_pn); |
1081 | } |
1082 | |
1083 | cn10k_mcs_write_rx_flowid(pfvf, rxsc: mcs_rx_sc, hw_secy_id); |
1084 | cn10k_mcs_write_sc_cam(pfvf, rxsc: mcs_rx_sc, hw_secy_id); |
1085 | } |
1086 | |
1087 | return 0; |
1088 | } |
1089 | |
1090 | static int cn10k_mcs_disable_rxscs(struct otx2_nic *pfvf, |
1091 | struct macsec_secy *secy, |
1092 | bool delete) |
1093 | { |
1094 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1095 | struct cn10k_mcs_rxsc *mcs_rx_sc; |
1096 | struct macsec_rx_sc *sw_rx_sc; |
1097 | int ret; |
1098 | |
1099 | for (sw_rx_sc = rcu_dereference_bh(secy->rx_sc); sw_rx_sc && sw_rx_sc->active; |
1100 | sw_rx_sc = rcu_dereference_bh(sw_rx_sc->next)) { |
1101 | mcs_rx_sc = cn10k_mcs_get_rxsc(cfg, secy, rx_sc: sw_rx_sc); |
1102 | if (unlikely(!mcs_rx_sc)) |
1103 | continue; |
1104 | |
1105 | ret = cn10k_mcs_ena_dis_flowid(pfvf, hw_flow_id: mcs_rx_sc->hw_flow_id, |
1106 | enable: false, dir: MCS_RX); |
1107 | if (ret) |
1108 | dev_err(pfvf->dev, "Failed to disable TCAM for SC %d\n" , |
1109 | mcs_rx_sc->hw_sc_id); |
1110 | if (delete) { |
1111 | cn10k_mcs_delete_rxsc(pfvf, rxsc: mcs_rx_sc); |
1112 | list_del(entry: &mcs_rx_sc->entry); |
1113 | kfree(objp: mcs_rx_sc); |
1114 | } |
1115 | } |
1116 | |
1117 | return 0; |
1118 | } |
1119 | |
1120 | static void cn10k_mcs_sync_stats(struct otx2_nic *pfvf, struct macsec_secy *secy, |
1121 | struct cn10k_mcs_txsc *txsc) |
1122 | { |
1123 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1124 | struct mcs_secy_stats rx_rsp = { 0 }; |
1125 | struct mcs_sc_stats sc_rsp = { 0 }; |
1126 | struct cn10k_mcs_rxsc *rxsc; |
1127 | |
1128 | /* Because of shared counters for some stats in the hardware, when |
1129 | * updating secy policy take a snapshot of current stats and reset them. |
1130 | * Below are the effected stats because of shared counters. |
1131 | */ |
1132 | |
1133 | /* Check if sync is really needed */ |
1134 | if (secy->validate_frames == txsc->last_validate_frames && |
1135 | secy->replay_protect == txsc->last_replay_protect) |
1136 | return; |
1137 | |
1138 | cn10k_mcs_secy_stats(pfvf, hw_secy_id: txsc->hw_secy_id_rx, rsp_p: &rx_rsp, dir: MCS_RX, clear: true); |
1139 | |
1140 | txsc->stats.InPktsBadTag += rx_rsp.pkt_badtag_cnt; |
1141 | txsc->stats.InPktsUnknownSCI += rx_rsp.pkt_nosa_cnt; |
1142 | txsc->stats.InPktsNoSCI += rx_rsp.pkt_nosaerror_cnt; |
1143 | if (txsc->last_validate_frames == MACSEC_VALIDATE_STRICT) |
1144 | txsc->stats.InPktsNoTag += rx_rsp.pkt_untaged_cnt; |
1145 | else |
1146 | txsc->stats.InPktsUntagged += rx_rsp.pkt_untaged_cnt; |
1147 | |
1148 | list_for_each_entry(rxsc, &cfg->rxsc_list, entry) { |
1149 | cn10k_mcs_sc_stats(pfvf, hw_sc_id: rxsc->hw_sc_id, rsp_p: &sc_rsp, dir: MCS_RX, clear: true); |
1150 | |
1151 | rxsc->stats.InOctetsValidated += sc_rsp.octet_validate_cnt; |
1152 | rxsc->stats.InOctetsDecrypted += sc_rsp.octet_decrypt_cnt; |
1153 | |
1154 | rxsc->stats.InPktsInvalid += sc_rsp.pkt_invalid_cnt; |
1155 | rxsc->stats.InPktsNotValid += sc_rsp.pkt_notvalid_cnt; |
1156 | |
1157 | if (txsc->last_replay_protect) |
1158 | rxsc->stats.InPktsLate += sc_rsp.pkt_late_cnt; |
1159 | else |
1160 | rxsc->stats.InPktsDelayed += sc_rsp.pkt_late_cnt; |
1161 | |
1162 | if (txsc->last_validate_frames == MACSEC_VALIDATE_DISABLED) |
1163 | rxsc->stats.InPktsUnchecked += sc_rsp.pkt_unchecked_cnt; |
1164 | else |
1165 | rxsc->stats.InPktsOK += sc_rsp.pkt_unchecked_cnt; |
1166 | } |
1167 | |
1168 | txsc->last_validate_frames = secy->validate_frames; |
1169 | txsc->last_replay_protect = secy->replay_protect; |
1170 | } |
1171 | |
1172 | static int cn10k_mdo_open(struct macsec_context *ctx) |
1173 | { |
1174 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1175 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1176 | struct macsec_secy *secy = ctx->secy; |
1177 | struct macsec_tx_sa *sw_tx_sa; |
1178 | struct cn10k_mcs_txsc *txsc; |
1179 | u8 sa_num; |
1180 | int err; |
1181 | |
1182 | txsc = cn10k_mcs_get_txsc(cfg, secy: ctx->secy); |
1183 | if (!txsc) |
1184 | return -ENOENT; |
1185 | |
1186 | sa_num = txsc->encoding_sa; |
1187 | sw_tx_sa = rcu_dereference_bh(secy->tx_sc.sa[sa_num]); |
1188 | |
1189 | err = cn10k_mcs_secy_tx_cfg(pfvf, secy, txsc, sw_tx_sa, sa_num); |
1190 | if (err) |
1191 | return err; |
1192 | |
1193 | return cn10k_mcs_secy_rx_cfg(pfvf, secy, hw_secy_id: txsc->hw_secy_id_rx); |
1194 | } |
1195 | |
1196 | static int cn10k_mdo_stop(struct macsec_context *ctx) |
1197 | { |
1198 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1199 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1200 | struct cn10k_mcs_txsc *txsc; |
1201 | int err; |
1202 | |
1203 | txsc = cn10k_mcs_get_txsc(cfg, secy: ctx->secy); |
1204 | if (!txsc) |
1205 | return -ENOENT; |
1206 | |
1207 | err = cn10k_mcs_ena_dis_flowid(pfvf, hw_flow_id: txsc->hw_flow_id, enable: false, dir: MCS_TX); |
1208 | if (err) |
1209 | return err; |
1210 | |
1211 | return cn10k_mcs_disable_rxscs(pfvf, secy: ctx->secy, delete: false); |
1212 | } |
1213 | |
1214 | static int cn10k_mdo_add_secy(struct macsec_context *ctx) |
1215 | { |
1216 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1217 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1218 | struct macsec_secy *secy = ctx->secy; |
1219 | struct cn10k_mcs_txsc *txsc; |
1220 | |
1221 | if (secy->icv_len != MACSEC_DEFAULT_ICV_LEN) |
1222 | return -EOPNOTSUPP; |
1223 | |
1224 | txsc = cn10k_mcs_create_txsc(pfvf); |
1225 | if (IS_ERR(ptr: txsc)) |
1226 | return -ENOSPC; |
1227 | |
1228 | txsc->sw_secy = secy; |
1229 | txsc->encoding_sa = secy->tx_sc.encoding_sa; |
1230 | txsc->last_validate_frames = secy->validate_frames; |
1231 | txsc->last_replay_protect = secy->replay_protect; |
1232 | txsc->vlan_dev = is_vlan_dev(dev: ctx->netdev); |
1233 | |
1234 | list_add(new: &txsc->entry, head: &cfg->txsc_list); |
1235 | |
1236 | if (netif_running(dev: secy->netdev)) |
1237 | return cn10k_mcs_secy_tx_cfg(pfvf, secy, txsc, NULL, sa_num: 0); |
1238 | |
1239 | return 0; |
1240 | } |
1241 | |
1242 | static int cn10k_mdo_upd_secy(struct macsec_context *ctx) |
1243 | { |
1244 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1245 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1246 | struct macsec_secy *secy = ctx->secy; |
1247 | struct macsec_tx_sa *sw_tx_sa; |
1248 | struct cn10k_mcs_txsc *txsc; |
1249 | bool active; |
1250 | u8 sa_num; |
1251 | int err; |
1252 | |
1253 | txsc = cn10k_mcs_get_txsc(cfg, secy); |
1254 | if (!txsc) |
1255 | return -ENOENT; |
1256 | |
1257 | /* Encoding SA got changed */ |
1258 | if (txsc->encoding_sa != secy->tx_sc.encoding_sa) { |
1259 | txsc->encoding_sa = secy->tx_sc.encoding_sa; |
1260 | sa_num = txsc->encoding_sa; |
1261 | sw_tx_sa = rcu_dereference_bh(secy->tx_sc.sa[sa_num]); |
1262 | active = sw_tx_sa ? sw_tx_sa->active : false; |
1263 | cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc, sa_num, sa_active: active); |
1264 | } |
1265 | |
1266 | if (netif_running(dev: secy->netdev)) { |
1267 | cn10k_mcs_sync_stats(pfvf, secy, txsc); |
1268 | |
1269 | err = cn10k_mcs_secy_tx_cfg(pfvf, secy, txsc, NULL, sa_num: 0); |
1270 | if (err) |
1271 | return err; |
1272 | } |
1273 | |
1274 | return 0; |
1275 | } |
1276 | |
1277 | static int cn10k_mdo_del_secy(struct macsec_context *ctx) |
1278 | { |
1279 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1280 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1281 | struct cn10k_mcs_txsc *txsc; |
1282 | |
1283 | txsc = cn10k_mcs_get_txsc(cfg, secy: ctx->secy); |
1284 | if (!txsc) |
1285 | return -ENOENT; |
1286 | |
1287 | cn10k_mcs_ena_dis_flowid(pfvf, hw_flow_id: txsc->hw_flow_id, enable: false, dir: MCS_TX); |
1288 | cn10k_mcs_disable_rxscs(pfvf, secy: ctx->secy, delete: true); |
1289 | cn10k_mcs_delete_txsc(pfvf, txsc); |
1290 | list_del(entry: &txsc->entry); |
1291 | kfree(objp: txsc); |
1292 | |
1293 | return 0; |
1294 | } |
1295 | |
1296 | static int cn10k_mdo_add_txsa(struct macsec_context *ctx) |
1297 | { |
1298 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1299 | struct macsec_tx_sa *sw_tx_sa = ctx->sa.tx_sa; |
1300 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1301 | struct macsec_secy *secy = ctx->secy; |
1302 | u8 sa_num = ctx->sa.assoc_num; |
1303 | struct cn10k_mcs_txsc *txsc; |
1304 | int err; |
1305 | |
1306 | txsc = cn10k_mcs_get_txsc(cfg, secy); |
1307 | if (!txsc) |
1308 | return -ENOENT; |
1309 | |
1310 | if (sa_num >= CN10K_MCS_SA_PER_SC) |
1311 | return -EOPNOTSUPP; |
1312 | |
1313 | if (cn10k_mcs_alloc_txsa(pfvf, hw_sa_id: &txsc->hw_sa_id[sa_num])) |
1314 | return -ENOSPC; |
1315 | |
1316 | memcpy(&txsc->sa_key[sa_num], ctx->sa.key, secy->key_len); |
1317 | memcpy(&txsc->salt[sa_num], sw_tx_sa->key.salt.bytes, MACSEC_SALT_LEN); |
1318 | txsc->ssci[sa_num] = sw_tx_sa->ssci; |
1319 | |
1320 | txsc->sa_bmap |= 1 << sa_num; |
1321 | |
1322 | if (netif_running(dev: secy->netdev)) { |
1323 | err = cn10k_mcs_write_tx_sa_plcy(pfvf, secy, txsc, assoc_num: sa_num); |
1324 | if (err) |
1325 | return err; |
1326 | |
1327 | err = cn10k_write_tx_sa_pn(pfvf, txsc, assoc_num: sa_num, |
1328 | next_pn: sw_tx_sa->next_pn); |
1329 | if (err) |
1330 | return err; |
1331 | |
1332 | err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc, |
1333 | sa_num, sa_active: sw_tx_sa->active); |
1334 | if (err) |
1335 | return err; |
1336 | } |
1337 | |
1338 | return 0; |
1339 | } |
1340 | |
1341 | static int cn10k_mdo_upd_txsa(struct macsec_context *ctx) |
1342 | { |
1343 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1344 | struct macsec_tx_sa *sw_tx_sa = ctx->sa.tx_sa; |
1345 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1346 | struct macsec_secy *secy = ctx->secy; |
1347 | u8 sa_num = ctx->sa.assoc_num; |
1348 | struct cn10k_mcs_txsc *txsc; |
1349 | int err; |
1350 | |
1351 | txsc = cn10k_mcs_get_txsc(cfg, secy); |
1352 | if (!txsc) |
1353 | return -ENOENT; |
1354 | |
1355 | if (sa_num >= CN10K_MCS_SA_PER_SC) |
1356 | return -EOPNOTSUPP; |
1357 | |
1358 | if (netif_running(dev: secy->netdev)) { |
1359 | /* Keys cannot be changed after creation */ |
1360 | if (ctx->sa.update_pn) { |
1361 | err = cn10k_write_tx_sa_pn(pfvf, txsc, assoc_num: sa_num, |
1362 | next_pn: sw_tx_sa->next_pn); |
1363 | if (err) |
1364 | return err; |
1365 | } |
1366 | |
1367 | err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc, |
1368 | sa_num, sa_active: sw_tx_sa->active); |
1369 | if (err) |
1370 | return err; |
1371 | } |
1372 | |
1373 | return 0; |
1374 | } |
1375 | |
1376 | static int cn10k_mdo_del_txsa(struct macsec_context *ctx) |
1377 | { |
1378 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1379 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1380 | u8 sa_num = ctx->sa.assoc_num; |
1381 | struct cn10k_mcs_txsc *txsc; |
1382 | |
1383 | txsc = cn10k_mcs_get_txsc(cfg, secy: ctx->secy); |
1384 | if (!txsc) |
1385 | return -ENOENT; |
1386 | |
1387 | if (sa_num >= CN10K_MCS_SA_PER_SC) |
1388 | return -EOPNOTSUPP; |
1389 | |
1390 | cn10k_mcs_free_txsa(pfvf, hw_sa_id: txsc->hw_sa_id[sa_num]); |
1391 | txsc->sa_bmap &= ~(1 << sa_num); |
1392 | |
1393 | return 0; |
1394 | } |
1395 | |
1396 | static int cn10k_mdo_add_rxsc(struct macsec_context *ctx) |
1397 | { |
1398 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1399 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1400 | struct macsec_secy *secy = ctx->secy; |
1401 | struct cn10k_mcs_rxsc *rxsc; |
1402 | struct cn10k_mcs_txsc *txsc; |
1403 | int err; |
1404 | |
1405 | txsc = cn10k_mcs_get_txsc(cfg, secy); |
1406 | if (!txsc) |
1407 | return -ENOENT; |
1408 | |
1409 | rxsc = cn10k_mcs_create_rxsc(pfvf); |
1410 | if (IS_ERR(ptr: rxsc)) |
1411 | return -ENOSPC; |
1412 | |
1413 | rxsc->sw_secy = ctx->secy; |
1414 | rxsc->sw_rxsc = ctx->rx_sc; |
1415 | list_add(new: &rxsc->entry, head: &cfg->rxsc_list); |
1416 | |
1417 | if (netif_running(dev: secy->netdev)) { |
1418 | err = cn10k_mcs_write_rx_flowid(pfvf, rxsc, hw_secy_id: txsc->hw_secy_id_rx); |
1419 | if (err) |
1420 | return err; |
1421 | |
1422 | err = cn10k_mcs_write_sc_cam(pfvf, rxsc, hw_secy_id: txsc->hw_secy_id_rx); |
1423 | if (err) |
1424 | return err; |
1425 | } |
1426 | |
1427 | return 0; |
1428 | } |
1429 | |
1430 | static int cn10k_mdo_upd_rxsc(struct macsec_context *ctx) |
1431 | { |
1432 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1433 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1434 | struct macsec_secy *secy = ctx->secy; |
1435 | bool enable = ctx->rx_sc->active; |
1436 | struct cn10k_mcs_rxsc *rxsc; |
1437 | |
1438 | rxsc = cn10k_mcs_get_rxsc(cfg, secy, rx_sc: ctx->rx_sc); |
1439 | if (!rxsc) |
1440 | return -ENOENT; |
1441 | |
1442 | if (netif_running(dev: secy->netdev)) |
1443 | return cn10k_mcs_ena_dis_flowid(pfvf, hw_flow_id: rxsc->hw_flow_id, |
1444 | enable, dir: MCS_RX); |
1445 | |
1446 | return 0; |
1447 | } |
1448 | |
1449 | static int cn10k_mdo_del_rxsc(struct macsec_context *ctx) |
1450 | { |
1451 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1452 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1453 | struct cn10k_mcs_rxsc *rxsc; |
1454 | |
1455 | rxsc = cn10k_mcs_get_rxsc(cfg, secy: ctx->secy, rx_sc: ctx->rx_sc); |
1456 | if (!rxsc) |
1457 | return -ENOENT; |
1458 | |
1459 | cn10k_mcs_ena_dis_flowid(pfvf, hw_flow_id: rxsc->hw_flow_id, enable: false, dir: MCS_RX); |
1460 | cn10k_mcs_delete_rxsc(pfvf, rxsc); |
1461 | list_del(entry: &rxsc->entry); |
1462 | kfree(objp: rxsc); |
1463 | |
1464 | return 0; |
1465 | } |
1466 | |
1467 | static int cn10k_mdo_add_rxsa(struct macsec_context *ctx) |
1468 | { |
1469 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1470 | struct macsec_rx_sc *sw_rx_sc = ctx->sa.rx_sa->sc; |
1471 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1472 | struct macsec_rx_sa *rx_sa = ctx->sa.rx_sa; |
1473 | struct macsec_secy *secy = ctx->secy; |
1474 | bool sa_in_use = rx_sa->active; |
1475 | u8 sa_num = ctx->sa.assoc_num; |
1476 | struct cn10k_mcs_rxsc *rxsc; |
1477 | int err; |
1478 | |
1479 | rxsc = cn10k_mcs_get_rxsc(cfg, secy, rx_sc: sw_rx_sc); |
1480 | if (!rxsc) |
1481 | return -ENOENT; |
1482 | |
1483 | if (sa_num >= CN10K_MCS_SA_PER_SC) |
1484 | return -EOPNOTSUPP; |
1485 | |
1486 | if (cn10k_mcs_alloc_rxsa(pfvf, hw_sa_id: &rxsc->hw_sa_id[sa_num])) |
1487 | return -ENOSPC; |
1488 | |
1489 | memcpy(&rxsc->sa_key[sa_num], ctx->sa.key, ctx->secy->key_len); |
1490 | memcpy(&rxsc->salt[sa_num], rx_sa->key.salt.bytes, MACSEC_SALT_LEN); |
1491 | rxsc->ssci[sa_num] = rx_sa->ssci; |
1492 | |
1493 | rxsc->sa_bmap |= 1 << sa_num; |
1494 | |
1495 | if (netif_running(dev: secy->netdev)) { |
1496 | err = cn10k_mcs_write_rx_sa_plcy(pfvf, secy, rxsc, |
1497 | assoc_num: sa_num, sa_in_use); |
1498 | if (err) |
1499 | return err; |
1500 | |
1501 | err = cn10k_mcs_write_rx_sa_pn(pfvf, rxsc, assoc_num: sa_num, |
1502 | next_pn: rx_sa->next_pn); |
1503 | if (err) |
1504 | return err; |
1505 | } |
1506 | |
1507 | return 0; |
1508 | } |
1509 | |
1510 | static int cn10k_mdo_upd_rxsa(struct macsec_context *ctx) |
1511 | { |
1512 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1513 | struct macsec_rx_sc *sw_rx_sc = ctx->sa.rx_sa->sc; |
1514 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1515 | struct macsec_rx_sa *rx_sa = ctx->sa.rx_sa; |
1516 | struct macsec_secy *secy = ctx->secy; |
1517 | bool sa_in_use = rx_sa->active; |
1518 | u8 sa_num = ctx->sa.assoc_num; |
1519 | struct cn10k_mcs_rxsc *rxsc; |
1520 | int err; |
1521 | |
1522 | rxsc = cn10k_mcs_get_rxsc(cfg, secy, rx_sc: sw_rx_sc); |
1523 | if (!rxsc) |
1524 | return -ENOENT; |
1525 | |
1526 | if (sa_num >= CN10K_MCS_SA_PER_SC) |
1527 | return -EOPNOTSUPP; |
1528 | |
1529 | if (netif_running(dev: secy->netdev)) { |
1530 | err = cn10k_mcs_write_rx_sa_plcy(pfvf, secy, rxsc, assoc_num: sa_num, sa_in_use); |
1531 | if (err) |
1532 | return err; |
1533 | |
1534 | if (!ctx->sa.update_pn) |
1535 | return 0; |
1536 | |
1537 | err = cn10k_mcs_write_rx_sa_pn(pfvf, rxsc, assoc_num: sa_num, |
1538 | next_pn: rx_sa->next_pn); |
1539 | if (err) |
1540 | return err; |
1541 | } |
1542 | |
1543 | return 0; |
1544 | } |
1545 | |
1546 | static int cn10k_mdo_del_rxsa(struct macsec_context *ctx) |
1547 | { |
1548 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1549 | struct macsec_rx_sc *sw_rx_sc = ctx->sa.rx_sa->sc; |
1550 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1551 | u8 sa_num = ctx->sa.assoc_num; |
1552 | struct cn10k_mcs_rxsc *rxsc; |
1553 | |
1554 | rxsc = cn10k_mcs_get_rxsc(cfg, secy: ctx->secy, rx_sc: sw_rx_sc); |
1555 | if (!rxsc) |
1556 | return -ENOENT; |
1557 | |
1558 | if (sa_num >= CN10K_MCS_SA_PER_SC) |
1559 | return -EOPNOTSUPP; |
1560 | |
1561 | cn10k_mcs_write_rx_sa_plcy(pfvf, secy: ctx->secy, rxsc, assoc_num: sa_num, sa_in_use: false); |
1562 | cn10k_mcs_free_rxsa(pfvf, hw_sa_id: rxsc->hw_sa_id[sa_num]); |
1563 | |
1564 | rxsc->sa_bmap &= ~(1 << sa_num); |
1565 | |
1566 | return 0; |
1567 | } |
1568 | |
1569 | static int cn10k_mdo_get_dev_stats(struct macsec_context *ctx) |
1570 | { |
1571 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1572 | struct mcs_secy_stats tx_rsp = { 0 }, rx_rsp = { 0 }; |
1573 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1574 | struct macsec_secy *secy = ctx->secy; |
1575 | struct cn10k_mcs_txsc *txsc; |
1576 | |
1577 | txsc = cn10k_mcs_get_txsc(cfg, secy: ctx->secy); |
1578 | if (!txsc) |
1579 | return -ENOENT; |
1580 | |
1581 | cn10k_mcs_secy_stats(pfvf, hw_secy_id: txsc->hw_secy_id_tx, rsp_p: &tx_rsp, dir: MCS_TX, clear: false); |
1582 | ctx->stats.dev_stats->OutPktsUntagged = tx_rsp.pkt_untagged_cnt; |
1583 | ctx->stats.dev_stats->OutPktsTooLong = tx_rsp.pkt_toolong_cnt; |
1584 | |
1585 | cn10k_mcs_secy_stats(pfvf, hw_secy_id: txsc->hw_secy_id_rx, rsp_p: &rx_rsp, dir: MCS_RX, clear: true); |
1586 | txsc->stats.InPktsBadTag += rx_rsp.pkt_badtag_cnt; |
1587 | txsc->stats.InPktsUnknownSCI += rx_rsp.pkt_nosa_cnt; |
1588 | txsc->stats.InPktsNoSCI += rx_rsp.pkt_nosaerror_cnt; |
1589 | if (secy->validate_frames == MACSEC_VALIDATE_STRICT) |
1590 | txsc->stats.InPktsNoTag += rx_rsp.pkt_untaged_cnt; |
1591 | else |
1592 | txsc->stats.InPktsUntagged += rx_rsp.pkt_untaged_cnt; |
1593 | txsc->stats.InPktsOverrun = 0; |
1594 | |
1595 | ctx->stats.dev_stats->InPktsNoTag = txsc->stats.InPktsNoTag; |
1596 | ctx->stats.dev_stats->InPktsUntagged = txsc->stats.InPktsUntagged; |
1597 | ctx->stats.dev_stats->InPktsBadTag = txsc->stats.InPktsBadTag; |
1598 | ctx->stats.dev_stats->InPktsUnknownSCI = txsc->stats.InPktsUnknownSCI; |
1599 | ctx->stats.dev_stats->InPktsNoSCI = txsc->stats.InPktsNoSCI; |
1600 | ctx->stats.dev_stats->InPktsOverrun = txsc->stats.InPktsOverrun; |
1601 | |
1602 | return 0; |
1603 | } |
1604 | |
1605 | static int cn10k_mdo_get_tx_sc_stats(struct macsec_context *ctx) |
1606 | { |
1607 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1608 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1609 | struct mcs_sc_stats rsp = { 0 }; |
1610 | struct cn10k_mcs_txsc *txsc; |
1611 | |
1612 | txsc = cn10k_mcs_get_txsc(cfg, secy: ctx->secy); |
1613 | if (!txsc) |
1614 | return -ENOENT; |
1615 | |
1616 | cn10k_mcs_sc_stats(pfvf, hw_sc_id: txsc->hw_sc_id, rsp_p: &rsp, dir: MCS_TX, clear: false); |
1617 | |
1618 | ctx->stats.tx_sc_stats->OutPktsProtected = rsp.pkt_protected_cnt; |
1619 | ctx->stats.tx_sc_stats->OutPktsEncrypted = rsp.pkt_encrypt_cnt; |
1620 | ctx->stats.tx_sc_stats->OutOctetsProtected = rsp.octet_protected_cnt; |
1621 | ctx->stats.tx_sc_stats->OutOctetsEncrypted = rsp.octet_encrypt_cnt; |
1622 | |
1623 | return 0; |
1624 | } |
1625 | |
1626 | static int cn10k_mdo_get_tx_sa_stats(struct macsec_context *ctx) |
1627 | { |
1628 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1629 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1630 | struct mcs_sa_stats rsp = { 0 }; |
1631 | u8 sa_num = ctx->sa.assoc_num; |
1632 | struct cn10k_mcs_txsc *txsc; |
1633 | |
1634 | txsc = cn10k_mcs_get_txsc(cfg, secy: ctx->secy); |
1635 | if (!txsc) |
1636 | return -ENOENT; |
1637 | |
1638 | if (sa_num >= CN10K_MCS_SA_PER_SC) |
1639 | return -EOPNOTSUPP; |
1640 | |
1641 | cn10k_mcs_sa_stats(pfvf, hw_sa_id: txsc->hw_sa_id[sa_num], rsp_p: &rsp, dir: MCS_TX, clear: false); |
1642 | |
1643 | ctx->stats.tx_sa_stats->OutPktsProtected = rsp.pkt_protected_cnt; |
1644 | ctx->stats.tx_sa_stats->OutPktsEncrypted = rsp.pkt_encrypt_cnt; |
1645 | |
1646 | return 0; |
1647 | } |
1648 | |
1649 | static int cn10k_mdo_get_rx_sc_stats(struct macsec_context *ctx) |
1650 | { |
1651 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1652 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1653 | struct macsec_secy *secy = ctx->secy; |
1654 | struct mcs_sc_stats rsp = { 0 }; |
1655 | struct cn10k_mcs_rxsc *rxsc; |
1656 | |
1657 | rxsc = cn10k_mcs_get_rxsc(cfg, secy, rx_sc: ctx->rx_sc); |
1658 | if (!rxsc) |
1659 | return -ENOENT; |
1660 | |
1661 | cn10k_mcs_sc_stats(pfvf, hw_sc_id: rxsc->hw_sc_id, rsp_p: &rsp, dir: MCS_RX, clear: true); |
1662 | |
1663 | rxsc->stats.InOctetsValidated += rsp.octet_validate_cnt; |
1664 | rxsc->stats.InOctetsDecrypted += rsp.octet_decrypt_cnt; |
1665 | |
1666 | rxsc->stats.InPktsInvalid += rsp.pkt_invalid_cnt; |
1667 | rxsc->stats.InPktsNotValid += rsp.pkt_notvalid_cnt; |
1668 | |
1669 | if (secy->replay_protect) |
1670 | rxsc->stats.InPktsLate += rsp.pkt_late_cnt; |
1671 | else |
1672 | rxsc->stats.InPktsDelayed += rsp.pkt_late_cnt; |
1673 | |
1674 | if (secy->validate_frames == MACSEC_VALIDATE_DISABLED) |
1675 | rxsc->stats.InPktsUnchecked += rsp.pkt_unchecked_cnt; |
1676 | else |
1677 | rxsc->stats.InPktsOK += rsp.pkt_unchecked_cnt; |
1678 | |
1679 | ctx->stats.rx_sc_stats->InOctetsValidated = rxsc->stats.InOctetsValidated; |
1680 | ctx->stats.rx_sc_stats->InOctetsDecrypted = rxsc->stats.InOctetsDecrypted; |
1681 | ctx->stats.rx_sc_stats->InPktsInvalid = rxsc->stats.InPktsInvalid; |
1682 | ctx->stats.rx_sc_stats->InPktsNotValid = rxsc->stats.InPktsNotValid; |
1683 | ctx->stats.rx_sc_stats->InPktsLate = rxsc->stats.InPktsLate; |
1684 | ctx->stats.rx_sc_stats->InPktsDelayed = rxsc->stats.InPktsDelayed; |
1685 | ctx->stats.rx_sc_stats->InPktsUnchecked = rxsc->stats.InPktsUnchecked; |
1686 | ctx->stats.rx_sc_stats->InPktsOK = rxsc->stats.InPktsOK; |
1687 | |
1688 | return 0; |
1689 | } |
1690 | |
1691 | static int cn10k_mdo_get_rx_sa_stats(struct macsec_context *ctx) |
1692 | { |
1693 | struct otx2_nic *pfvf = macsec_netdev_priv(dev: ctx->netdev); |
1694 | struct macsec_rx_sc *sw_rx_sc = ctx->sa.rx_sa->sc; |
1695 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1696 | struct mcs_sa_stats rsp = { 0 }; |
1697 | u8 sa_num = ctx->sa.assoc_num; |
1698 | struct cn10k_mcs_rxsc *rxsc; |
1699 | |
1700 | rxsc = cn10k_mcs_get_rxsc(cfg, secy: ctx->secy, rx_sc: sw_rx_sc); |
1701 | if (!rxsc) |
1702 | return -ENOENT; |
1703 | |
1704 | if (sa_num >= CN10K_MCS_SA_PER_SC) |
1705 | return -EOPNOTSUPP; |
1706 | |
1707 | cn10k_mcs_sa_stats(pfvf, hw_sa_id: rxsc->hw_sa_id[sa_num], rsp_p: &rsp, dir: MCS_RX, clear: false); |
1708 | |
1709 | ctx->stats.rx_sa_stats->InPktsOK = rsp.pkt_ok_cnt; |
1710 | ctx->stats.rx_sa_stats->InPktsInvalid = rsp.pkt_invalid_cnt; |
1711 | ctx->stats.rx_sa_stats->InPktsNotValid = rsp.pkt_notvalid_cnt; |
1712 | ctx->stats.rx_sa_stats->InPktsNotUsingSA = rsp.pkt_nosaerror_cnt; |
1713 | ctx->stats.rx_sa_stats->InPktsUnusedSA = rsp.pkt_nosa_cnt; |
1714 | |
1715 | return 0; |
1716 | } |
1717 | |
1718 | static const struct macsec_ops cn10k_mcs_ops = { |
1719 | .mdo_dev_open = cn10k_mdo_open, |
1720 | .mdo_dev_stop = cn10k_mdo_stop, |
1721 | .mdo_add_secy = cn10k_mdo_add_secy, |
1722 | .mdo_upd_secy = cn10k_mdo_upd_secy, |
1723 | .mdo_del_secy = cn10k_mdo_del_secy, |
1724 | .mdo_add_rxsc = cn10k_mdo_add_rxsc, |
1725 | .mdo_upd_rxsc = cn10k_mdo_upd_rxsc, |
1726 | .mdo_del_rxsc = cn10k_mdo_del_rxsc, |
1727 | .mdo_add_rxsa = cn10k_mdo_add_rxsa, |
1728 | .mdo_upd_rxsa = cn10k_mdo_upd_rxsa, |
1729 | .mdo_del_rxsa = cn10k_mdo_del_rxsa, |
1730 | .mdo_add_txsa = cn10k_mdo_add_txsa, |
1731 | .mdo_upd_txsa = cn10k_mdo_upd_txsa, |
1732 | .mdo_del_txsa = cn10k_mdo_del_txsa, |
1733 | .mdo_get_dev_stats = cn10k_mdo_get_dev_stats, |
1734 | .mdo_get_tx_sc_stats = cn10k_mdo_get_tx_sc_stats, |
1735 | .mdo_get_tx_sa_stats = cn10k_mdo_get_tx_sa_stats, |
1736 | .mdo_get_rx_sc_stats = cn10k_mdo_get_rx_sc_stats, |
1737 | .mdo_get_rx_sa_stats = cn10k_mdo_get_rx_sa_stats, |
1738 | }; |
1739 | |
1740 | void cn10k_handle_mcs_event(struct otx2_nic *pfvf, struct mcs_intr_info *event) |
1741 | { |
1742 | struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg; |
1743 | struct macsec_tx_sa *sw_tx_sa = NULL; |
1744 | struct macsec_secy *secy = NULL; |
1745 | struct cn10k_mcs_txsc *txsc; |
1746 | u8 an; |
1747 | |
1748 | if (!test_bit(CN10K_HW_MACSEC, &pfvf->hw.cap_flag)) |
1749 | return; |
1750 | |
1751 | if (!(event->intr_mask & MCS_CPM_TX_PACKET_XPN_EQ0_INT)) |
1752 | return; |
1753 | |
1754 | /* Find the SecY to which the expired hardware SA is mapped */ |
1755 | list_for_each_entry(txsc, &cfg->txsc_list, entry) { |
1756 | for (an = 0; an < CN10K_MCS_SA_PER_SC; an++) |
1757 | if (txsc->hw_sa_id[an] == event->sa_id) { |
1758 | secy = txsc->sw_secy; |
1759 | sw_tx_sa = rcu_dereference_bh(secy->tx_sc.sa[an]); |
1760 | } |
1761 | } |
1762 | |
1763 | if (secy && sw_tx_sa) |
1764 | macsec_pn_wrapped(secy, tx_sa: sw_tx_sa); |
1765 | } |
1766 | |
1767 | int cn10k_mcs_init(struct otx2_nic *pfvf) |
1768 | { |
1769 | struct mbox *mbox = &pfvf->mbox; |
1770 | struct cn10k_mcs_cfg *cfg; |
1771 | struct mcs_intr_cfg *req; |
1772 | |
1773 | if (!test_bit(CN10K_HW_MACSEC, &pfvf->hw.cap_flag)) |
1774 | return 0; |
1775 | |
1776 | cfg = kzalloc(size: sizeof(*cfg), GFP_KERNEL); |
1777 | if (!cfg) |
1778 | return -ENOMEM; |
1779 | |
1780 | INIT_LIST_HEAD(list: &cfg->txsc_list); |
1781 | INIT_LIST_HEAD(list: &cfg->rxsc_list); |
1782 | pfvf->macsec_cfg = cfg; |
1783 | |
1784 | pfvf->netdev->features |= NETIF_F_HW_MACSEC; |
1785 | pfvf->netdev->macsec_ops = &cn10k_mcs_ops; |
1786 | |
1787 | mutex_lock(&mbox->lock); |
1788 | |
1789 | req = otx2_mbox_alloc_msg_mcs_intr_cfg(mbox); |
1790 | if (!req) |
1791 | goto fail; |
1792 | |
1793 | req->intr_mask = MCS_CPM_TX_PACKET_XPN_EQ0_INT; |
1794 | |
1795 | if (otx2_sync_mbox_msg(mbox)) |
1796 | goto fail; |
1797 | |
1798 | mutex_unlock(lock: &mbox->lock); |
1799 | |
1800 | return 0; |
1801 | fail: |
1802 | dev_err(pfvf->dev, "Cannot notify PN wrapped event\n" ); |
1803 | mutex_unlock(lock: &mbox->lock); |
1804 | return 0; |
1805 | } |
1806 | |
1807 | void cn10k_mcs_free(struct otx2_nic *pfvf) |
1808 | { |
1809 | if (!test_bit(CN10K_HW_MACSEC, &pfvf->hw.cap_flag)) |
1810 | return; |
1811 | |
1812 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_TX, type: MCS_RSRC_TYPE_SECY, hw_rsrc_id: 0, all: true); |
1813 | cn10k_mcs_free_rsrc(pfvf, dir: MCS_RX, type: MCS_RSRC_TYPE_SECY, hw_rsrc_id: 0, all: true); |
1814 | kfree(objp: pfvf->macsec_cfg); |
1815 | pfvf->macsec_cfg = NULL; |
1816 | } |
1817 | |