1/*-
2 * Copyright (c) 2017 Mellanox Technologies. All rights reserved.
3 *
4 * This software is available to you under a choice of one of two
5 * licenses.  You may choose to be licensed under the terms of the GNU
6 * General Public License (GPL) Version 2, available from the file
7 * COPYING in the main directory of this source tree, or the
8 * OpenIB.org BSD license below:
9 *
10 *     Redistribution and use in source and binary forms, with or
11 *     without modification, are permitted provided that the following
12 *     conditions are met:
13 *
14 *      - Redistributions of source code must retain the above
15 *        copyright notice, this list of conditions and the following
16 *        disclaimer.
17 *
18 *      - Redistributions in binary form must reproduce the above
19 *        copyright notice, this list of conditions and the following
20 *        disclaimer in the documentation and/or other materials
21 *        provided with the distribution.
22 *
23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30 * SOFTWARE.
31 *
32 * $FreeBSD$
33 */
34
35#include <dev/mlx5/driver.h>
36
37#include <dev/mlx5/mlx5_core/mlx5_core.h>
38#include <dev/mlx5/mlx5_fpga/ipsec.h>
39#include <dev/mlx5/mlx5_fpga/sdk.h>
40#include <dev/mlx5/mlx5_fpga/core.h>
41
42#define SBU_QP_QUEUE_SIZE 8
43
44enum mlx5_ipsec_response_syndrome {
45	MLX5_IPSEC_RESPONSE_SUCCESS = 0,
46	MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST = 1,
47	MLX5_IPSEC_RESPONSE_SADB_ISSUE = 2,
48	MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE = 3,
49};
50
51enum mlx5_fpga_ipsec_sacmd_status {
52	MLX5_FPGA_IPSEC_SACMD_PENDING,
53	MLX5_FPGA_IPSEC_SACMD_SEND_FAIL,
54	MLX5_FPGA_IPSEC_SACMD_COMPLETE,
55};
56
57struct mlx5_ipsec_command_context {
58	struct mlx5_fpga_dma_buf buf;
59	struct mlx5_accel_ipsec_sa sa;
60	enum mlx5_fpga_ipsec_sacmd_status status;
61	int status_code;
62	struct completion complete;
63	struct mlx5_fpga_device *dev;
64	struct list_head list; /* Item in pending_cmds */
65};
66
67struct mlx5_ipsec_sadb_resp {
68	__be32 syndrome;
69	__be32 sw_sa_handle;
70	u8 reserved[24];
71} __packed;
72
73struct mlx5_fpga_ipsec {
74	struct list_head pending_cmds;
75	spinlock_t pending_cmds_lock; /* Protects pending_cmds */
76	u32 caps[MLX5_ST_SZ_DW(ipsec_extended_cap)];
77	struct mlx5_fpga_conn *conn;
78};
79
80static bool mlx5_fpga_is_ipsec_device(struct mlx5_core_dev *mdev)
81{
82	if (!mdev->fpga || !MLX5_CAP_GEN(mdev, fpga))
83		return false;
84
85	if (MLX5_CAP_FPGA(mdev, ieee_vendor_id) !=
86	    MLX5_FPGA_CAP_SANDBOX_VENDOR_ID_MLNX)
87		return false;
88
89	if (MLX5_CAP_FPGA(mdev, sandbox_product_id) !=
90	    MLX5_FPGA_CAP_SANDBOX_PRODUCT_ID_IPSEC)
91		return false;
92
93	return true;
94}
95
96static void mlx5_fpga_ipsec_send_complete(struct mlx5_fpga_conn *conn,
97					  struct mlx5_fpga_device *fdev,
98					  struct mlx5_fpga_dma_buf *buf,
99					  u8 status)
100{
101	struct mlx5_ipsec_command_context *context;
102
103	if (status) {
104		context = container_of(buf, struct mlx5_ipsec_command_context,
105				       buf);
106		mlx5_fpga_warn(fdev, "IPSec command send failed with status %u\n",
107			       status);
108		context->status = MLX5_FPGA_IPSEC_SACMD_SEND_FAIL;
109		complete(&context->complete);
110	}
111}
112
113static inline int syndrome_to_errno(enum mlx5_ipsec_response_syndrome syndrome)
114{
115	switch (syndrome) {
116	case MLX5_IPSEC_RESPONSE_SUCCESS:
117		return 0;
118	case MLX5_IPSEC_RESPONSE_SADB_ISSUE:
119		return -EEXIST;
120	case MLX5_IPSEC_RESPONSE_ILLEGAL_REQUEST:
121		return -EINVAL;
122	case MLX5_IPSEC_RESPONSE_WRITE_RESPONSE_ISSUE:
123		return -EIO;
124	}
125	return -EIO;
126}
127
128static void mlx5_fpga_ipsec_recv(void *cb_arg, struct mlx5_fpga_dma_buf *buf)
129{
130	struct mlx5_ipsec_sadb_resp *resp = buf->sg[0].data;
131	struct mlx5_ipsec_command_context *context;
132	enum mlx5_ipsec_response_syndrome syndrome;
133	struct mlx5_fpga_device *fdev = cb_arg;
134	unsigned long flags;
135
136	if (buf->sg[0].size < sizeof(*resp)) {
137		mlx5_fpga_warn(fdev, "Short receive from FPGA IPSec: %u < %zu bytes\n",
138			       buf->sg[0].size, sizeof(*resp));
139		return;
140	}
141
142	mlx5_fpga_dbg(fdev, "mlx5_ipsec recv_cb syndrome %08x sa_id %x\n",
143		      ntohl(resp->syndrome), ntohl(resp->sw_sa_handle));
144
145	spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
146	context = list_first_entry_or_null(&fdev->ipsec->pending_cmds,
147					   struct mlx5_ipsec_command_context,
148					   list);
149	if (context)
150		list_del(&context->list);
151	spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
152
153	if (!context) {
154		mlx5_fpga_warn(fdev, "Received IPSec offload response without pending command request\n");
155		return;
156	}
157	mlx5_fpga_dbg(fdev, "Handling response for %p\n", context);
158
159	if (context->sa.sw_sa_handle != resp->sw_sa_handle) {
160		mlx5_fpga_err(fdev, "mismatch SA handle. cmd 0x%08x vs resp 0x%08x\n",
161			      ntohl(context->sa.sw_sa_handle),
162			      ntohl(resp->sw_sa_handle));
163		return;
164	}
165
166	syndrome = ntohl(resp->syndrome);
167	context->status_code = syndrome_to_errno(syndrome);
168	context->status = MLX5_FPGA_IPSEC_SACMD_COMPLETE;
169
170	if (context->status_code)
171		mlx5_fpga_warn(fdev, "IPSec SADB command failed with syndrome %08x\n",
172			       syndrome);
173	complete(&context->complete);
174}
175
176void *mlx5_fpga_ipsec_sa_cmd_exec(struct mlx5_core_dev *mdev,
177				  struct mlx5_accel_ipsec_sa *cmd)
178{
179	struct mlx5_ipsec_command_context *context;
180	struct mlx5_fpga_device *fdev = mdev->fpga;
181	unsigned long flags;
182	int res = 0;
183
184	BUILD_BUG_ON((sizeof(struct mlx5_accel_ipsec_sa) & 3) != 0);
185	if (!fdev || !fdev->ipsec)
186		return ERR_PTR(-EOPNOTSUPP);
187
188	context = kzalloc(sizeof(*context), GFP_ATOMIC);
189	if (!context)
190		return ERR_PTR(-ENOMEM);
191
192	memcpy(&context->sa, cmd, sizeof(*cmd));
193	context->buf.complete = mlx5_fpga_ipsec_send_complete;
194	context->buf.sg[0].size = sizeof(context->sa);
195	context->buf.sg[0].data = &context->sa;
196	init_completion(&context->complete);
197	context->dev = fdev;
198	spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
199	list_add_tail(&context->list, &fdev->ipsec->pending_cmds);
200	spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
201
202	context->status = MLX5_FPGA_IPSEC_SACMD_PENDING;
203
204	res = mlx5_fpga_sbu_conn_sendmsg(fdev->ipsec->conn, &context->buf);
205	if (res) {
206		mlx5_fpga_warn(fdev, "Failure sending IPSec command: %d\n",
207			       res);
208		spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
209		list_del(&context->list);
210		spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
211		kfree(context);
212		return ERR_PTR(res);
213	}
214	/* Context will be freed by wait func after completion */
215	return context;
216}
217
218int mlx5_fpga_ipsec_sa_cmd_wait(void *ctx)
219{
220	struct mlx5_ipsec_command_context *context = ctx;
221	int res;
222
223	res = wait_for_completion/*_killable XXXKIB*/(&context->complete);
224	if (res) {
225		mlx5_fpga_warn(context->dev, "Failure waiting for IPSec command response\n");
226		return -EINTR;
227	}
228
229	if (context->status == MLX5_FPGA_IPSEC_SACMD_COMPLETE)
230		res = context->status_code;
231	else
232		res = -EIO;
233
234	kfree(context);
235	return res;
236}
237
238u32 mlx5_fpga_ipsec_device_caps(struct mlx5_core_dev *mdev)
239{
240	struct mlx5_fpga_device *fdev = mdev->fpga;
241	u32 ret = 0;
242
243	if (mlx5_fpga_is_ipsec_device(mdev))
244		ret |= MLX5_ACCEL_IPSEC_DEVICE;
245	else
246		return ret;
247
248	if (!fdev->ipsec)
249		return ret;
250
251	if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, esp))
252		ret |= MLX5_ACCEL_IPSEC_ESP;
253
254	if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, ipv6))
255		ret |= MLX5_ACCEL_IPSEC_IPV6;
256
257	if (MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps, lso))
258		ret |= MLX5_ACCEL_IPSEC_LSO;
259
260	return ret;
261}
262
263unsigned int mlx5_fpga_ipsec_counters_count(struct mlx5_core_dev *mdev)
264{
265	struct mlx5_fpga_device *fdev = mdev->fpga;
266
267	if (!fdev || !fdev->ipsec)
268		return 0;
269
270	return MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
271			number_of_ipsec_counters);
272}
273
274int mlx5_fpga_ipsec_counters_read(struct mlx5_core_dev *mdev, u64 *counters,
275				  unsigned int counters_count)
276{
277	struct mlx5_fpga_device *fdev = mdev->fpga;
278	unsigned int i;
279	__be32 *data;
280	u32 count;
281	u64 addr;
282	int ret;
283
284	if (!fdev || !fdev->ipsec)
285		return 0;
286
287	addr = (u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
288			     ipsec_counters_addr_low) +
289	       ((u64)MLX5_GET(ipsec_extended_cap, fdev->ipsec->caps,
290			     ipsec_counters_addr_high) << 32);
291
292	count = mlx5_fpga_ipsec_counters_count(mdev);
293
294	data = kzalloc(sizeof(*data) * count * 2, GFP_KERNEL);
295	if (!data) {
296		ret = -ENOMEM;
297		goto out;
298	}
299
300	ret = mlx5_fpga_mem_read(fdev, count * sizeof(u64), addr, data,
301				 MLX5_FPGA_ACCESS_TYPE_DONTCARE);
302	if (ret < 0) {
303		mlx5_fpga_err(fdev, "Failed to read IPSec counters from HW: %d\n",
304			      ret);
305		goto out;
306	}
307	ret = 0;
308
309	if (count > counters_count)
310		count = counters_count;
311
312	/* Each counter is low word, then high. But each word is big-endian */
313	for (i = 0; i < count; i++)
314		counters[i] = (u64)ntohl(data[i * 2]) |
315			      ((u64)ntohl(data[i * 2 + 1]) << 32);
316
317out:
318	kfree(data);
319	return ret;
320}
321
322int mlx5_fpga_ipsec_init(struct mlx5_core_dev *mdev)
323{
324	struct mlx5_fpga_conn_attr init_attr = {0};
325	struct mlx5_fpga_device *fdev = mdev->fpga;
326	struct mlx5_fpga_conn *conn;
327	int err;
328
329	if (!mlx5_fpga_is_ipsec_device(mdev))
330		return 0;
331
332	fdev->ipsec = kzalloc(sizeof(*fdev->ipsec), GFP_KERNEL);
333	if (!fdev->ipsec)
334		return -ENOMEM;
335
336	err = mlx5_fpga_get_sbu_caps(fdev, sizeof(fdev->ipsec->caps),
337				     fdev->ipsec->caps);
338	if (err) {
339		mlx5_fpga_err(fdev, "Failed to retrieve IPSec extended capabilities: %d\n",
340			      err);
341		goto error;
342	}
343
344	INIT_LIST_HEAD(&fdev->ipsec->pending_cmds);
345	spin_lock_init(&fdev->ipsec->pending_cmds_lock);
346
347	init_attr.rx_size = SBU_QP_QUEUE_SIZE;
348	init_attr.tx_size = SBU_QP_QUEUE_SIZE;
349	init_attr.recv_cb = mlx5_fpga_ipsec_recv;
350	init_attr.cb_arg = fdev;
351	conn = mlx5_fpga_sbu_conn_create(fdev, &init_attr);
352	if (IS_ERR(conn)) {
353		err = PTR_ERR(conn);
354		mlx5_fpga_err(fdev, "Error creating IPSec command connection %d\n",
355			      err);
356		goto error;
357	}
358	fdev->ipsec->conn = conn;
359	return 0;
360
361error:
362	kfree(fdev->ipsec);
363	fdev->ipsec = NULL;
364	return err;
365}
366
367void mlx5_fpga_ipsec_cleanup(struct mlx5_core_dev *mdev)
368{
369	struct mlx5_fpga_device *fdev = mdev->fpga;
370
371	if (!mlx5_fpga_is_ipsec_device(mdev))
372		return;
373
374	mlx5_fpga_sbu_conn_destroy(fdev->ipsec->conn);
375	kfree(fdev->ipsec);
376	fdev->ipsec = NULL;
377}
378