Date: Fri, 6 Jun 2025 13:57:04 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 5a8e5215cef0 - main - qat: add disable safe dc mode for QAT SPR devices Message-ID: <202506061357.556Dv40g083914@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=5a8e5215cef0dac1115853889e925099f61bb5fa commit 5a8e5215cef0dac1115853889e925099f61bb5fa Author: Hareshx Sankar Raj <hareshx.sankar.raj@intel.com> AuthorDate: 2025-04-30 00:00:01 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2025-06-06 13:42:58 +0000 qat: add disable safe dc mode for QAT SPR devices Build and sysctl configuration modes are introduced for QAT SPR devices to disable safe dc mode. A new QAT driver build option ‘QAT_DISABLE_SAFE_DC_MODE’ is required to build the QAT driver with code that allows a request to be sent to FW to override the ‘History Buffer’ mitigation. Default QAT driver builds do not include this ‘QAT_DISABLE_SAFE_DC_MODE’ build option. Even if the QAT driver was built with code that allows a request to be sent to FW to override the ‘History Buffer’ mitigation, the QAT driver must still be configured using sysctl to request an override of the ‘History Buffer’ mitigation if desired. The default QAT driver configuration option sysctl dev.qat.X.disable_safe_dc_mode does not allow override of the mitigation. The new sysctl attribute disable_safe_dc_mode is to be set to 1 for overriding the history buffer mitigation. Firmware for qat_4xxx is updated for this change. If this mode is enabled, decompression throughput increases but may result in a data leak if num_user_processes is more than 1. This option is to be enabled only if your system is not prone to user data leaks. Reviewed by: markj, ziaee MFC after: 2 weeks Sponsored by: Intel Corporation Differential Revision: https://reviews.freebsd.org/D50379 --- share/man/man4/qat.4 | 11 +++- sys/conf/NOTES | 3 + sys/conf/options | 3 + sys/contrib/dev/qat/qat_4xxx.bin | Bin 665356 -> 665356 bytes sys/dev/qat/include/common/adf_accel_devices.h | 8 ++- sys/dev/qat/include/icp_qat_fw_init_admin.h | 7 ++- sys/dev/qat/qat_hw/qat_4xxx/adf_4xxx_hw_data.c | 4 ++ sys/dev/qat/qat_hw/qat_4xxx/adf_drv.c | 75 +++++++++++++++++++++++++ sys/modules/qat/qat/Makefile | 13 ++++- sys/modules/qat/qat_api/Makefile | 13 ++++- sys/modules/qat/qat_common/Makefile | 13 ++++- sys/modules/qat/qat_hw/Makefile | 13 ++++- 12 files changed, 154 insertions(+), 9 deletions(-) diff --git a/share/man/man4/qat.4 b/share/man/man4/qat.4 index e7907c7c6331..613091df2e7e 100644 --- a/share/man/man4/qat.4 +++ b/share/man/man4/qat.4 @@ -1,6 +1,6 @@ .\" SPDX-License-Identifier: BSD-3-Clause -.\" Copyright(c) 2007-2022 Intel Corporation -.Dd May 16, 2025 +.\" Copyright(c) 2007-2025 Intel Corporation +.Dd June 2, 2025 .Dt QAT 4 .Os .Sh NAME @@ -108,6 +108,13 @@ Default value "ks;us". Override the number of uio user space processes that can connect to the QAT device. Default: 2 +.It Va dev.qat.X.disable_safe_dc_mode +Override history buffer mitigation. +Disabled by default. +If enabled, decompression throughput increases but may result in a data leak if +.Va dev.qat.X.num_user_processes +is more than 1. +Enable this option only if your system is not prone to user data leaks. .El .Pp The following diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 8aa0ed9dda78..2458756ae350 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -2869,3 +2869,6 @@ options STATS # File system monitoring device filemon # file monitoring for make(1) meta-mode + +# Options for the Intel QuickAssist (QAT) driver. +options QAT_DISABLE_SAFE_DC_MODE # Disable QAT safe data compression mode (only for 4940 devices). diff --git a/sys/conf/options b/sys/conf/options index b218226b4126..03e8964e965d 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -1014,3 +1014,6 @@ HIDRAW_MAKE_UHID_ALIAS opt_hid.h # This option is insecure except in controlled environments where the static # environment's contents are known to be safe. PRESERVE_EARLY_KENV opt_global.h + +# Options for the Intel QuickAssist (QAT) driver. +QAT_DISABLE_SAFE_DC_MODE opt_qat.h diff --git a/sys/contrib/dev/qat/qat_4xxx.bin b/sys/contrib/dev/qat/qat_4xxx.bin index 23eb8077241a..7783d361a93c 100644 Binary files a/sys/contrib/dev/qat/qat_4xxx.bin and b/sys/contrib/dev/qat/qat_4xxx.bin differ diff --git a/sys/dev/qat/include/common/adf_accel_devices.h b/sys/dev/qat/include/common/adf_accel_devices.h index 0a1248b9a68e..3731cf6587b2 100644 --- a/sys/dev/qat/include/common/adf_accel_devices.h +++ b/sys/dev/qat/include/common/adf_accel_devices.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #ifndef ADF_ACCEL_DEVICES_H_ #define ADF_ACCEL_DEVICES_H_ @@ -7,6 +7,8 @@ #include "adf_cfg_common.h" #include "adf_pfvf_msg.h" +#include "opt_qat.h" + #define ADF_CFG_NUM_SERVICES 4 #define ADF_DH895XCC_DEVICE_NAME "dh895xcc" @@ -687,6 +689,10 @@ struct adf_accel_dev { struct adf_accel_pci accel_pci_dev; struct adf_accel_compat_manager *cm; u8 compat_ver; +#ifdef QAT_DISABLE_SAFE_DC_MODE + struct sysctl_oid *safe_dc_mode; + u8 disable_safe_dc_mode; +#endif /* QAT_DISABLE_SAFE_DC_MODE */ union { struct { /* vf_info is non-zero when SR-IOV is init'ed */ diff --git a/sys/dev/qat/include/icp_qat_fw_init_admin.h b/sys/dev/qat/include/icp_qat_fw_init_admin.h index 3537fb3f8cfd..cd4edbdbc93b 100644 --- a/sys/dev/qat/include/icp_qat_fw_init_admin.h +++ b/sys/dev/qat/include/icp_qat_fw_init_admin.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #ifndef _ICP_QAT_FW_INIT_ADMIN_H_ #define _ICP_QAT_FW_INIT_ADMIN_H_ @@ -43,6 +43,8 @@ enum icp_qat_fw_cnv_error_type { CNV_ERR_TYPE_UNKNOWN_ERROR }; +#define ICP_QAT_FW_INIT_DISABLE_SAFE_DC_MODE_FLAG 0x02 + #define CNV_ERROR_TYPE_GET(latest_error) \ ({ \ __typeof__(latest_error) _lerror = latest_error; \ @@ -69,7 +71,8 @@ struct icp_qat_fw_init_admin_req { struct { u64 resrvd2; u16 ibuf_size_in_kb; - u16 resrvd3; + u8 fw_flags; + u8 resrvd3; u32 resrvd4; }; /* ICP_QAT_FW_CONSTANTS_CFG */ diff --git a/sys/dev/qat/qat_hw/qat_4xxx/adf_4xxx_hw_data.c b/sys/dev/qat/qat_hw/qat_4xxx/adf_4xxx_hw_data.c index 3326d7cb4ffb..43e530c3a6f1 100644 --- a/sys/dev/qat/qat_hw/qat_4xxx/adf_4xxx_hw_data.c +++ b/sys/dev/qat/qat_hw/qat_4xxx/adf_4xxx_hw_data.c @@ -709,6 +709,10 @@ adf_4xxx_send_admin_init(struct adf_accel_dev *accel_dev) memset(&req, 0, sizeof(req)); memset(&resp, 0, sizeof(resp)); req.cmd_id = ICP_QAT_FW_INIT_ME; +#ifdef QAT_DISABLE_SAFE_DC_MODE + if (accel_dev->disable_safe_dc_mode) + req.fw_flags = ICP_QAT_FW_INIT_DISABLE_SAFE_DC_MODE_FLAG; +#endif /* QAT_DISABLE_SAFE_DC_MODE */ if (adf_send_admin(accel_dev, &req, &resp, ae_mask)) { device_printf(GET_DEV(accel_dev), "Error sending init message\n"); diff --git a/sys/dev/qat/qat_hw/qat_4xxx/adf_drv.c b/sys/dev/qat/qat_hw/qat_4xxx/adf_drv.c index f4a673e25a40..9b585fe7d3d1 100644 --- a/sys/dev/qat/qat_hw/qat_4xxx/adf_drv.c +++ b/sys/dev/qat/qat_hw/qat_4xxx/adf_drv.c @@ -47,6 +47,74 @@ adf_probe(device_t dev) return ENXIO; } +#ifdef QAT_DISABLE_SAFE_DC_MODE +static int adf_4xxx_sysctl_disable_safe_dc_mode(SYSCTL_HANDLER_ARGS) +{ + struct adf_accel_dev *accel_dev = arg1; + int error, value = accel_dev->disable_safe_dc_mode; + + error = sysctl_handle_int(oidp, &value, 0, req); + if (error || !req->newptr) + return error; + + if (value != 1 && value != 0) + return EINVAL; + + if (adf_dev_started(accel_dev)) { + device_printf( + GET_DEV(accel_dev), + "QAT: configuration can only be changed in \"down\" device state\n"); + return EBUSY; + } + + accel_dev->disable_safe_dc_mode = (u8)value; + + return 0; +} + +static void +adf_4xxx_disable_safe_dc_sysctl_add(struct adf_accel_dev *accel_dev) +{ + struct sysctl_ctx_list *qat_sysctl_ctx; + struct sysctl_oid *qat_sysctl_tree; + + qat_sysctl_ctx = + device_get_sysctl_ctx(accel_dev->accel_pci_dev.pci_dev); + qat_sysctl_tree = + device_get_sysctl_tree(accel_dev->accel_pci_dev.pci_dev); + accel_dev->safe_dc_mode = + SYSCTL_ADD_OID(qat_sysctl_ctx, + SYSCTL_CHILDREN(qat_sysctl_tree), + OID_AUTO, + "disable_safe_dc_mode", + CTLTYPE_INT | CTLFLAG_WR | CTLFLAG_TUN | + CTLFLAG_SKIP, + accel_dev, + 0, + adf_4xxx_sysctl_disable_safe_dc_mode, + "LU", + "Disable QAT safe data compression mode"); +} + +static void +adf_4xxx_disable_safe_dc_sysctl_remove(struct adf_accel_dev *accel_dev) +{ + int ret; + struct sysctl_ctx_list *qat_sysctl_ctx = + device_get_sysctl_ctx(accel_dev->accel_pci_dev.pci_dev); + + ret = sysctl_ctx_entry_del(qat_sysctl_ctx, accel_dev->safe_dc_mode); + if (ret) { + device_printf(GET_DEV(accel_dev), "Failed to delete entry\n"); + } else { + ret = sysctl_remove_oid(accel_dev->safe_dc_mode, 1, 1); + if (ret) + device_printf(GET_DEV(accel_dev), + "Failed to delete oid\n"); + } +} +#endif /* QAT_DISABLE_SAFE_DC_MODE */ + static void adf_cleanup_accel(struct adf_accel_dev *accel_dev) { @@ -76,6 +144,9 @@ adf_cleanup_accel(struct adf_accel_dev *accel_dev) free(accel_dev->hw_device, M_QAT_4XXX); accel_dev->hw_device = NULL; } +#ifdef QAT_DISABLE_SAFE_DC_MODE + adf_4xxx_disable_safe_dc_sysctl_remove(accel_dev); +#endif /* QAT_DISABLE_SAFE_DC_MODE */ adf_cfg_dev_remove(accel_dev); adf_devmgr_rm_dev(accel_dev, NULL); } @@ -153,6 +224,10 @@ adf_attach(device_t dev) if (ret) goto out_err; +#ifdef QAT_DISABLE_SAFE_DC_MODE + adf_4xxx_disable_safe_dc_sysctl_add(accel_dev); +#endif /* QAT_DISABLE_SAFE_DC_MODE */ + pci_set_max_read_req(dev, 4096); ret = bus_dma_tag_create(bus_get_dma_tag(dev), diff --git a/sys/modules/qat/qat/Makefile b/sys/modules/qat/qat/Makefile index 14f3a566063f..cee1ee8fb1b1 100644 --- a/sys/modules/qat/qat/Makefile +++ b/sys/modules/qat/qat/Makefile @@ -4,7 +4,7 @@ KMOD= qat SRCS+= qat_ocf.c qat_ocf_mem_pool.c qat_ocf_utils.c -SRCS+= device_if.h bus_if.h vnode_if.h pci_if.h cryptodev_if.h +SRCS+= device_if.h bus_if.h vnode_if.h pci_if.h cryptodev_if.h opt_qat.h CFLAGS+= ${LINUXKPI_INCLUDES} CFLAGS+= -I${SRCTOP}/sys/dev/qat/include @@ -17,6 +17,17 @@ CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/qat_direct/include CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/firmware/include CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/common/crypto/sym/include +.if !defined(KERNBUILDDIR) +CFLAGS+= -include opt_qat.h +MKDEP= -include opt_qat.h + +opt_qat.h: + :> ${.TARGET} +.if defined(QAT_DISABLE_SAFE_DC_MODE) && ${QAT_DISABLE_SAFE_DC_MODE} == "1" + @echo "#define QAT_DISABLE_SAFE_DC_MODE 1" >> ${.TARGET} +.endif +.endif + .include <bsd.kmod.mk> .if ${COMPILER_TYPE} == "clang" diff --git a/sys/modules/qat/qat_api/Makefile b/sys/modules/qat/qat_api/Makefile index f30d49cd8269..24fbcb46a987 100644 --- a/sys/modules/qat/qat_api/Makefile +++ b/sys/modules/qat/qat_api/Makefile @@ -60,7 +60,7 @@ SRCS+= qat_utils/src/QatUtilsSemaphore.c SRCS+= qat_utils/src/QatUtilsSpinLock.c SRCS+= qat_utils/src/QatUtilsAtomic.c SRCS+= qat_utils/src/QatUtilsCrypto.c -SRCS+= bus_if.h cryptodev_if.h device_if.h pci_if.h vnode_if.h +SRCS+= bus_if.h cryptodev_if.h device_if.h pci_if.h vnode_if.h opt_qat.h CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/include CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/include/lac @@ -74,6 +74,17 @@ CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/firmware/include CFLAGS+= -I${SRCTOP}/sys/dev/qat/include/common CFLAGS+= ${LINUXKPI_INCLUDES} +.if !defined(KERNBUILDDIR) +CFLAGS+= -include opt_qat.h +MKDEP= -include opt_qat.h + +opt_qat.h: + :> ${.TARGET} +.if defined(QAT_DISABLE_SAFE_DC_MODE) && ${QAT_DISABLE_SAFE_DC_MODE} == "1" + @echo "#define QAT_DISABLE_SAFE_DC_MODE 1" >> ${.TARGET} +.endif +.endif + .include <bsd.kmod.mk> CWARNFLAGS+= -Wno-cast-qual diff --git a/sys/modules/qat/qat_common/Makefile b/sys/modules/qat/qat_common/Makefile index b0f847ae9a96..c2131cc1e24b 100644 --- a/sys/modules/qat/qat_common/Makefile +++ b/sys/modules/qat/qat_common/Makefile @@ -23,10 +23,21 @@ SRCS+= adf_gen4vf_hw_csr_data.c SRCS+= adf_freebsd_transport_debug.c adf_clock.c SRCS+= adf_freebsd_cnvnr_ctrs_dbg.c SRCS+= adf_freebsd_pfvf_ctrs_dbg.c -SRCS+= bus_if.h device_if.h pci_if.h vnode_if.h +SRCS+= bus_if.h device_if.h pci_if.h vnode_if.h opt_qat.h CFLAGS+= -I${SRCTOP}/sys/dev/qat/include CFLAGS+= -I${SRCTOP}/sys/dev/qat/include/common CFLAGS+= ${LINUXKPI_INCLUDES} +.if !defined(KERNBUILDDIR) +CFLAGS+= -include opt_qat.h +MKDEP= -include opt_qat.h + +opt_qat.h: + :> ${.TARGET} +.if defined(QAT_DISABLE_SAFE_DC_MODE) && ${QAT_DISABLE_SAFE_DC_MODE} == "1" + @echo "#define QAT_DISABLE_SAFE_DC_MODE 1" >> ${.TARGET} +.endif +.endif + .include <bsd.kmod.mk> diff --git a/sys/modules/qat/qat_hw/Makefile b/sys/modules/qat/qat_hw/Makefile index 2a51640bd327..4ab8db5f0c56 100644 --- a/sys/modules/qat/qat_hw/Makefile +++ b/sys/modules/qat/qat_hw/Makefile @@ -12,7 +12,7 @@ SRCS+= qat_dh895xcc/adf_dh895xcc_hw_data.c qat_dh895xcc/adf_drv.c SRCS+= qat_c4xxx/adf_c4xxx_hw_data.c qat_c4xxx/adf_drv.c qat_c4xxx/adf_c4xxx_ae_config.c qat_c4xxx/adf_c4xxx_misc_error_stats.c SRCS+= qat_c4xxx/adf_c4xxx_pke_replay_stats.c qat_c4xxx/adf_c4xxx_ras.c qat_c4xxx/adf_c4xxx_res_part.c SRCS+= qat_c4xxx/adf_c4xxx_reset.c -SRCS+= device_if.h bus_if.h vnode_if.h pci_if.h cryptodev_if.h +SRCS+= device_if.h bus_if.h vnode_if.h pci_if.h cryptodev_if.h opt_qat.h CFLAGS+= ${LINUXKPI_INCLUDES} CFLAGS+= -I${SRCTOP}/sys/dev/qat/include @@ -25,4 +25,15 @@ CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/qat_direct/include CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/firmware/include CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/common/crypto/sym/include +.if !defined(KERNBUILDDIR) +CFLAGS+= -include opt_qat.h +MKDEP= -include opt_qat.h + +opt_qat.h: + :> ${.TARGET} +.if defined(QAT_DISABLE_SAFE_DC_MODE) && ${QAT_DISABLE_SAFE_DC_MODE} == "1" + @echo "#define QAT_DISABLE_SAFE_DC_MODE 1" >> ${.TARGET} +.endif +.endif + .include <bsd.kmod.mk>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506061357.556Dv40g083914>