Commit 691f17b9 authored by Leon Romanovsky's avatar Leon Romanovsky
Browse files

net/mlx5: Remove indirection in TLS build 

The dream described in the commit 1ae17322 ("net/mlx5: Accel, Add TLS
tx offload interface") never came true, even an opposite happened when FPGA
TLS support was dropped. Such removal revealed the problematic flow in the
build process: build of unrelated files in case of TLS or IPsec are enabled.

In both cases, the MLX5_ACCEL is enabled, which built both TLS and IPsec.
As a solution, simply merge MLX5_TLS and MLX5_EN_TLS options and move TLS
related files to the eth part of the mlx5_core.

Link: https://lore.kernel.org/r/0d1ea8cdc3a15922640b8b764d2bdb8f587b52c2.1649073691.git.leonro@nvidia.com


Reviewed-by: default avatarTariq Toukan <tariqt@nvidia.com>
Reviewed-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
parent e59437aa

drivers/net/ethernet/mellanox/mlx5/core/Kconfig

+1 −10
Original line number Diff line number Diff line
@@ -177,23 +177,14 @@ config MLX5_EN_IPSEC 
	  Note: Support for hardware with this capability needs to be selected

	  for this option to become available.



config MLX5_TLS

config MLX5_EN_TLS

	bool "Mellanox Technologies TLS Connect-X support"

	depends on TLS_DEVICE

	depends on TLS=y || MLX5_CORE=m

	depends on MLX5_CORE_EN

	select MLX5_ACCEL

	select MLX5_EN_TLS

	help

	Build TLS support for the Connect-X family of network cards by Mellanox

	Technologies.



config MLX5_EN_TLS

	bool

	help

	Build support for TLS cryptography-offload acceleration in the NIC.

	Note: Support for hardware with this capability needs to be selected

	for this option to become available.



config MLX5_SW_STEERING

	bool "Mellanox Technologies software-managed steering"

drivers/net/ethernet/mellanox/mlx5/core/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -90,7 +90,7 @@ mlx5_core-$(CONFIG_MLX5_CORE_IPOIB) += ipoib/ipoib.o ipoib/ethtool.o ipoib/ipoib 
#

mlx5_core-$(CONFIG_MLX5_IPSEC) += accel/ipsec_offload.o

mlx5_core-$(CONFIG_MLX5_FPGA_IPSEC) += fpga/ipsec.o

mlx5_core-$(CONFIG_MLX5_ACCEL)      += lib/crypto.o accel/tls.o accel/ipsec.o

mlx5_core-$(CONFIG_MLX5_ACCEL)      += lib/crypto.o accel/ipsec.o



mlx5_core-$(CONFIG_MLX5_FPGA) += fpga/cmd.o fpga/core.o fpga/conn.o fpga/sdk.o

drivers/net/ethernet/mellanox/mlx5/core/accel/tls.c

deleted100644 → 0
+0 −78
Original line number Diff line number Diff line 
/*

 * Copyright (c) 2018 Mellanox Technologies. All rights reserved.

 *

 * This software is available to you under a choice of one of two

 * licenses.  You may choose to be licensed under the terms of the GNU

 * General Public License (GPL) Version 2, available from the file

 * COPYING in the main directory of this source tree, or the

 * OpenIB.org BSD license below:

 *

 *     Redistribution and use in source and binary forms, with or

 *     without modification, are permitted provided that the following

 *     conditions are met:

 *

 *      - Redistributions of source code must retain the above

 *        copyright notice, this list of conditions and the following

 *        disclaimer.

 *

 *      - Redistributions in binary form must reproduce the above

 *        copyright notice, this list of conditions and the following

 *        disclaimer in the documentation and/or other materials

 *        provided with the distribution.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,

 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND

 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS

 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

 * SOFTWARE.

 *

 */



#include <linux/mlx5/device.h>



#include "accel/tls.h"

#include "mlx5_core.h"

#include "lib/mlx5.h"



#ifdef CONFIG_MLX5_TLS

int mlx5_ktls_create_key(struct mlx5_core_dev *mdev,

			 struct tls_crypto_info *crypto_info,

			 u32 *p_key_id)

{

	u32 sz_bytes;

	void *key;



	switch (crypto_info->cipher_type) {

	case TLS_CIPHER_AES_GCM_128: {

		struct tls12_crypto_info_aes_gcm_128 *info =

			(struct tls12_crypto_info_aes_gcm_128 *)crypto_info;



		key      = info->key;

		sz_bytes = sizeof(info->key);

		break;

	}

	case TLS_CIPHER_AES_GCM_256: {

		struct tls12_crypto_info_aes_gcm_256 *info =

			(struct tls12_crypto_info_aes_gcm_256 *)crypto_info;



		key      = info->key;

		sz_bytes = sizeof(info->key);

		break;

	}

	default:

		return -EINVAL;

	}



	return mlx5_create_encryption_key(mdev, key, sz_bytes,

					  MLX5_ACCEL_OBJ_TLS_KEY,

					  p_key_id);

}



void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id)

{

	mlx5_destroy_encryption_key(mdev, key_id);

}

#endif

drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h

deleted100644 → 0
+0 −100
Original line number Diff line number Diff line 
/*

 * Copyright (c) 2018 Mellanox Technologies. All rights reserved.

 *

 * This software is available to you under a choice of one of two

 * licenses.  You may choose to be licensed under the terms of the GNU

 * General Public License (GPL) Version 2, available from the file

 * COPYING in the main directory of this source tree, or the

 * OpenIB.org BSD license below:

 *

 *     Redistribution and use in source and binary forms, with or

 *     without modification, are permitted provided that the following

 *     conditions are met:

 *

 *      - Redistributions of source code must retain the above

 *        copyright notice, this list of conditions and the following

 *        disclaimer.

 *

 *      - Redistributions in binary form must reproduce the above

 *        copyright notice, this list of conditions and the following

 *        disclaimer in the documentation and/or other materials

 *        provided with the distribution.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,

 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND

 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS

 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

 * SOFTWARE.

 *

 */



#ifndef __MLX5_ACCEL_TLS_H__

#define __MLX5_ACCEL_TLS_H__



#include <linux/mlx5/driver.h>

#include <linux/tls.h>



#ifdef CONFIG_MLX5_TLS

int mlx5_ktls_create_key(struct mlx5_core_dev *mdev,

			 struct tls_crypto_info *crypto_info,

			 u32 *p_key_id);

void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id);



static inline bool mlx5_accel_is_ktls_tx(struct mlx5_core_dev *mdev)

{

	return MLX5_CAP_GEN(mdev, tls_tx);

}



static inline bool mlx5_accel_is_ktls_rx(struct mlx5_core_dev *mdev)

{

	return MLX5_CAP_GEN(mdev, tls_rx);

}



static inline bool mlx5_accel_is_ktls_device(struct mlx5_core_dev *mdev)

{

	if (!mlx5_accel_is_ktls_tx(mdev) &&

	    !mlx5_accel_is_ktls_rx(mdev))

		return false;



	if (!MLX5_CAP_GEN(mdev, log_max_dek))

		return false;



	return MLX5_CAP_TLS(mdev, tls_1_2_aes_gcm_128);

}



static inline bool mlx5e_ktls_type_check(struct mlx5_core_dev *mdev,

					 struct tls_crypto_info *crypto_info)

{

	switch (crypto_info->cipher_type) {

	case TLS_CIPHER_AES_GCM_128:

		if (crypto_info->version == TLS_1_2_VERSION)

			return MLX5_CAP_TLS(mdev,  tls_1_2_aes_gcm_128);

		break;

	}



	return false;

}

#else

static inline bool mlx5_accel_is_ktls_tx(struct mlx5_core_dev *mdev)

{ return false; }



static inline bool mlx5_accel_is_ktls_rx(struct mlx5_core_dev *mdev)

{ return false; }



static inline int

mlx5_ktls_create_key(struct mlx5_core_dev *mdev,

		     struct tls_crypto_info *crypto_info,

		     u32 *p_key_id) { return -ENOTSUPP; }

static inline void

mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id) {}



static inline bool

mlx5_accel_is_ktls_device(struct mlx5_core_dev *mdev) { return false; }

static inline bool

mlx5e_ktls_type_check(struct mlx5_core_dev *mdev,

		      struct tls_crypto_info *crypto_info) { return false; }

#endif

#endif	/* __MLX5_ACCEL_TLS_H__ */

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls.c

+39 −0
Original line number Diff line number Diff line
@@ -2,11 +2,50 @@ 
// Copyright (c) 2019 Mellanox Technologies.



#include "en.h"

#include "lib/mlx5.h"

#include "en_accel/tls.h"

#include "en_accel/ktls.h"

#include "en_accel/ktls_utils.h"

#include "en_accel/fs_tcp.h"



int mlx5_ktls_create_key(struct mlx5_core_dev *mdev,

			 struct tls_crypto_info *crypto_info,

			 u32 *p_key_id)

{

	u32 sz_bytes;

	void *key;



	switch (crypto_info->cipher_type) {

	case TLS_CIPHER_AES_GCM_128: {

		struct tls12_crypto_info_aes_gcm_128 *info =

			(struct tls12_crypto_info_aes_gcm_128 *)crypto_info;



		key      = info->key;

		sz_bytes = sizeof(info->key);

		break;

	}

	case TLS_CIPHER_AES_GCM_256: {

		struct tls12_crypto_info_aes_gcm_256 *info =

			(struct tls12_crypto_info_aes_gcm_256 *)crypto_info;



		key      = info->key;

		sz_bytes = sizeof(info->key);

		break;

	}

	default:

		return -EINVAL;

	}



	return mlx5_create_encryption_key(mdev, key, sz_bytes,

					  MLX5_ACCEL_OBJ_TLS_KEY,

					  p_key_id);

}



void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id)

{

	mlx5_destroy_encryption_key(mdev, key_id);

}



static int mlx5e_ktls_add(struct net_device *netdev, struct sock *sk,

			  enum tls_offload_ctx_dir direction,

			  struct tls_crypto_info *crypto_info,