From owner-dev-commits-src-all@freebsd.org Thu Mar 25 20:46:59 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A43A357B3A7; Thu, 25 Mar 2021 20:46:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F5xwz4DZRz4dmF; Thu, 25 Mar 2021 20:46:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 840C15CB7; Thu, 25 Mar 2021 20:46:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 12PKkxRa048456; Thu, 25 Mar 2021 20:46:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 12PKkxJb048455; Thu, 25 Mar 2021 20:46:59 GMT (envelope-from git) Date: Thu, 25 Mar 2021 20:46:59 GMT Message-Id: <202103252046.12PKkxJb048455@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Navdeep Parhar Subject: git: 15f335556783 - main - cxgbe(4): Allow a T6 adapter to switch between TOE and NIC TLS mode. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: np X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 15f33555678300953858f6ed98dfc72c399a9139 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2021 20:46:59 -0000 The branch main has been updated by np: URL: https://cgit.FreeBSD.org/src/commit/?id=15f33555678300953858f6ed98dfc72c399a9139 commit 15f33555678300953858f6ed98dfc72c399a9139 Author: Navdeep Parhar AuthorDate: 2021-03-24 01:01:01 +0000 Commit: Navdeep Parhar CommitDate: 2021-03-25 19:39:41 +0000 cxgbe(4): Allow a T6 adapter to switch between TOE and NIC TLS mode. The hw.cxgbe.kern_tls tunable was used for this in the past and if it was set then all T6 adapters would be configured for NIC TLS operation and could not be reconfigured for TOE without a reload. With this change ifconfig can be used to manipulate toe and txtls caps like any other caps. hw.cxgbe.kern_tls continues to work as usual but its effects are not permanent any more. * Enable nic_ktls_ofld in the default configuration file and use the firmware instead of direct register manipulation to apply/rollback NIC TLS configuration. This allows the driver to switch the hardware between TOE and NIC TLS mode in a safe manner. Note that the configuration is adapter-wide and not per-port. * Remove the kern_tls config file as it works with 100G T6 cards only and leads to firmware crashes with 25G cards. The configurations included with the driver (with the exception of the FPGA configs) are supposed to work with all adapters. Reported by: Veeresh U.K. at Chelsio MFC after: 2 weeks Sponsored by: Chelsio Communications Reviewed by: jhb@ Differential Revision: https://reviews.freebsd.org/D29291 --- sys/dev/cxgbe/adapter.h | 2 +- sys/dev/cxgbe/common/common.h | 5 + sys/dev/cxgbe/firmware/t6fw_cfg.txt | 4 +- sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt | 278 --------------------------- sys/dev/cxgbe/t4_clip.c | 2 +- sys/dev/cxgbe/t4_main.c | 171 ++++++++++------ sys/dev/cxgbe/t4_sge.c | 2 +- sys/dev/cxgbe/tom/t4_connect.c | 2 +- sys/dev/cxgbe/tom/t4_listen.c | 2 +- 9 files changed, 129 insertions(+), 339 deletions(-) diff --git a/sys/dev/cxgbe/adapter.h b/sys/dev/cxgbe/adapter.h index 82adfac63c91..1a90560a55d8 100644 --- a/sys/dev/cxgbe/adapter.h +++ b/sys/dev/cxgbe/adapter.h @@ -163,7 +163,7 @@ enum { ADAP_ERR = (1 << 5), BUF_PACKING_OK = (1 << 6), IS_VF = (1 << 7), - KERN_TLS_OK = (1 << 8), + KERN_TLS_ON = (1 << 8), /* HW is configured for KERN_TLS */ CXGBE_BUSY = (1 << 9), /* port flags */ diff --git a/sys/dev/cxgbe/common/common.h b/sys/dev/cxgbe/common/common.h index e04101c9adc5..6264a7d6ec07 100644 --- a/sys/dev/cxgbe/common/common.h +++ b/sys/dev/cxgbe/common/common.h @@ -499,6 +499,11 @@ static inline int is_hashfilter(const struct adapter *adap) return adap->params.hash_filter; } +static inline int is_ktls(const struct adapter *adap) +{ + return adap->cryptocaps & FW_CAPS_CONFIG_TLS_HW; +} + static inline int chip_id(struct adapter *adap) { return adap->params.chipid; diff --git a/sys/dev/cxgbe/firmware/t6fw_cfg.txt b/sys/dev/cxgbe/firmware/t6fw_cfg.txt index 6e5649642b29..1ad84f63b25f 100644 --- a/sys/dev/cxgbe/firmware/t6fw_cfg.txt +++ b/sys/dev/cxgbe/firmware/t6fw_cfg.txt @@ -161,7 +161,7 @@ nserver = 512 nhpfilter = 0 nhash = 16384 - protocol = ofld, rddp, rdmac, iscsi_initiator_pdu, iscsi_target_pdu, iscsi_t10dif, tlskeys, crypto_lookaside + protocol = ofld, rddp, rdmac, iscsi_initiator_pdu, iscsi_target_pdu, iscsi_t10dif, tlskeys, crypto_lookaside, nic_ktls_ofld tp_l2t = 4096 tp_ddp = 2 tp_ddp_iscsi = 2 @@ -273,7 +273,7 @@ [fini] version = 0x1 - checksum = 0xa92352a8 + checksum = 0x5fbc0a4a # # $FreeBSD$ # diff --git a/sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt b/sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt deleted file mode 100644 index 911ebd9cff65..000000000000 --- a/sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt +++ /dev/null @@ -1,278 +0,0 @@ -# Firmware configuration file. -# -# Global limits (some are hardware limits, others are due to the firmware). -# nvi = 128 virtual interfaces -# niqflint = 1023 ingress queues with freelists and/or interrupts -# nethctrl = 64K Ethernet or ctrl egress queues -# neq = 64K egress queues of all kinds, including freelists -# nexactf = 512 MPS TCAM entries, can oversubscribe. - -[global] - rss_glb_config_mode = basicvirtual - rss_glb_config_options = tnlmapen,hashtoeplitz,tnlalllkp - - # PL_TIMEOUT register - pl_timeout_value = 200 # the timeout value in units of us - - sge_timer_value = 1, 5, 10, 50, 100, 200 # SGE_TIMER_VALUE* in usecs - - reg[0x10c4] = 0x20000000/0x20000000 # GK_CONTROL, enable 5th thread - - reg[0x7dc0] = 0x0e2f8849 # TP_SHIFT_CNT - - #Tick granularities in kbps - tsch_ticks = 100000, 10000, 1000, 10 - - filterMode = fragmentation, mpshittype, protocol, vlan, port, fcoe - filterMask = protocol - - tp_pmrx = 10, 512 - tp_pmrx_pagesize = 64K - - # TP number of RX channels (0 = auto) - tp_nrxch = 0 - - tp_pmtx = 10, 512 - tp_pmtx_pagesize = 64K - - # TP number of TX channels (0 = auto) - tp_ntxch = 0 - - # TP OFLD MTUs - tp_mtus = 88, 256, 512, 576, 808, 1024, 1280, 1488, 1500, 2002, 2048, 4096, 4352, 8192, 9000, 9600 - - # enable TP_OUT_CONFIG.IPIDSPLITMODE and CRXPKTENC - reg[0x7d04] = 0x00010008/0x00010008 - - # TP_GLOBAL_CONFIG - reg[0x7d08] = 0x00000800/0x00000800 # set IssFromCplEnable - - # TP_PC_CONFIG - reg[0x7d48] = 0x00000000/0x00000400 # clear EnableFLMError - - # TP_PARA_REG0 - reg[0x7d60] = 0x06000000/0x07000000 # set InitCWND to 6 - - # cluster, lan, or wan. - tp_tcptuning = lan - - # LE_DB_CONFIG - reg[0x19c04] = 0x00000000/0x00440000 # LE Server SRAM disabled - # LE IPv4 compression disabled - # LE_DB_HASH_CONFIG - reg[0x19c28] = 0x00800000/0x01f00000 # LE Hash bucket size 8, - - # ULP_TX_CONFIG - reg[0x8dc0] = 0x00000104/0x00000104 # Enable ITT on PI err - # Enable more error msg for ... - # TPT error. - - # ULP_RX_MISC_FEATURE_ENABLE - #reg[0x1925c] = 0x01003400/0x01003400 # iscsi tag pi bit - # Enable offset decrement after ... - # PI extraction and before DDP - # ulp insert pi source info in DIF - # iscsi_eff_offset_en - - #Enable iscsi completion moderation feature - reg[0x1925c] = 0x000041c0/0x000031c0 # Enable offset decrement after - # PI extraction and before DDP. - # ulp insert pi source info in - # DIF. - # Enable iscsi hdr cmd mode. - # iscsi force cmd mode. - # Enable iscsi cmp mode. - # MC configuration - #mc_mode_brc[0] = 1 # mc0 - 1: enable BRC, 0: enable RBC - -# PFs 0-3. These get 8 MSI/8 MSI-X vectors each. VFs are supported by -# these 4 PFs only. -[function "0"] - wx_caps = all - r_caps = all - nvi = 1 - rssnvi = 0 - niqflint = 2 - nethctrl = 2 - neq = 4 - nexactf = 2 - cmask = all - pmask = 0x1 - -[function "1"] - wx_caps = all - r_caps = all - nvi = 1 - rssnvi = 0 - niqflint = 2 - nethctrl = 2 - neq = 4 - nexactf = 2 - cmask = all - pmask = 0x2 - -[function "2"] - wx_caps = all - r_caps = all - nvi = 1 - rssnvi = 0 - niqflint = 2 - nethctrl = 2 - neq = 4 - nexactf = 2 - cmask = all - pmask = 0x4 - -[function "3"] - wx_caps = all - r_caps = all - nvi = 1 - rssnvi = 0 - niqflint = 2 - nethctrl = 2 - neq = 4 - nexactf = 2 - cmask = all - pmask = 0x8 - -# PF4 is the resource-rich PF that the bus/nexus driver attaches to. -# It gets 32 MSI/128 MSI-X vectors. -[function "4"] - wx_caps = all - r_caps = all - nvi = 32 - rssnvi = 32 - niqflint = 512 - nethctrl = 1024 - neq = 2048 - nqpcq = 8192 - nexactf = 456 - cmask = all - pmask = all - ncrypto_lookaside = 16 - nclip = 320 - nethofld = 8192 - - # TCAM has 6K cells; each region must start at a multiple of 128 cell. - # Each entry in these categories takes 2 cells each. nhash will use the - # TCAM iff there is room left (that is, the rest don't add up to 3072). - nfilter = 48 - nserver = 64 - nhpfilter = 0 - nhash = 524288 - protocol = ofld, tlskeys, crypto_lookaside - tp_l2t = 4096 - tp_ddp = 2 - tp_ddp_iscsi = 2 - tp_tls_key = 3 - tp_tls_mxrxsize = 17408 # 16384 + 1024, governs max rx data, pm max xfer len, rx coalesce sizes - tp_stag = 2 - tp_pbl = 5 - tp_rq = 7 - tp_srq = 128 - -# PF5 is the SCSI Controller PF. It gets 32 MSI/40 MSI-X vectors. -# Not used right now. -[function "5"] - nvi = 1 - rssnvi = 0 - -# PF6 is the FCoE Controller PF. It gets 32 MSI/40 MSI-X vectors. -# Not used right now. -[function "6"] - nvi = 1 - rssnvi = 0 - -# The following function, 1023, is not an actual PCIE function but is used to -# configure and reserve firmware internal resources that come from the global -# resource pool. -# -[function "1023"] - wx_caps = all - r_caps = all - nvi = 4 - rssnvi = 0 - cmask = all - pmask = all - nexactf = 8 - nfilter = 16 - - -# For Virtual functions, we only allow NIC functionality and we only allow -# access to one port (1 << PF). Note that because of limitations in the -# Scatter Gather Engine (SGE) hardware which checks writes to VF KDOORBELL -# and GTS registers, the number of Ingress and Egress Queues must be a power -# of 2. -# -[function "0/*"] - wx_caps = 0x82 - r_caps = 0x86 - nvi = 1 - rssnvi = 0 - niqflint = 2 - nethctrl = 2 - neq = 4 - nexactf = 2 - cmask = all - pmask = 0x1 - -[function "1/*"] - wx_caps = 0x82 - r_caps = 0x86 - nvi = 1 - rssnvi = 0 - niqflint = 2 - nethctrl = 2 - neq = 4 - nexactf = 2 - cmask = all - pmask = 0x2 - -[function "2/*"] - wx_caps = 0x82 - r_caps = 0x86 - nvi = 1 - rssnvi = 0 - niqflint = 2 - nethctrl = 2 - neq = 4 - nexactf = 2 - cmask = all - pmask = 0x1 - -[function "3/*"] - wx_caps = 0x82 - r_caps = 0x86 - nvi = 1 - rssnvi = 0 - niqflint = 2 - nethctrl = 2 - neq = 4 - nexactf = 2 - cmask = all - pmask = 0x2 - -# MPS has 192K buffer space for ingress packets from the wire as well as -# loopback path of the L2 switch. -[port "0"] - dcb = none - #bg_mem = 25 - #lpbk_mem = 25 - hwm = 60 - lwm = 15 - dwm = 30 - -[port "1"] - dcb = none - #bg_mem = 25 - #lpbk_mem = 25 - hwm = 60 - lwm = 15 - dwm = 30 - -[fini] - version = 0x1 - checksum = 0xa737b06f -# -# $FreeBSD$ -# diff --git a/sys/dev/cxgbe/t4_clip.c b/sys/dev/cxgbe/t4_clip.c index ff34e811b82f..cc4a9b517a49 100644 --- a/sys/dev/cxgbe/t4_clip.c +++ b/sys/dev/cxgbe/t4_clip.c @@ -273,7 +273,7 @@ update_clip_table(struct adapter *sc) inet_ntop(AF_INET6, &ce->lip, &ip[0], sizeof(ip)); - if (sc->flags & KERN_TLS_OK || + if (sc->flags & KERN_TLS_ON || sc->active_ulds != 0) { log(LOG_ERR, "%s: could not add %s (%d)\n", diff --git a/sys/dev/cxgbe/t4_main.c b/sys/dev/cxgbe/t4_main.c index 12efa8042b64..cdfceb5573fd 100644 --- a/sys/dev/cxgbe/t4_main.c +++ b/sys/dev/cxgbe/t4_main.c @@ -812,9 +812,12 @@ static int read_card_mem(struct adapter *, int, struct t4_mem_range *); static int read_i2c(struct adapter *, struct t4_i2c_data *); static int clear_stats(struct adapter *, u_int); #ifdef TCP_OFFLOAD -static int toe_capability(struct vi_info *, int); +static int toe_capability(struct vi_info *, bool); static void t4_async_event(void *, int); #endif +#ifdef KERN_TLS +static int ktls_capability(struct adapter *, bool); +#endif static int mod_event(module_t, int, void *); static int notify_siblings(device_t, int); @@ -1838,7 +1841,7 @@ cxgbe_vi_attach(device_t dev, struct vi_info *vi) } #ifdef TCP_OFFLOAD - if (vi->nofldrxq != 0 && (sc->flags & KERN_TLS_OK) == 0) + if (vi->nofldrxq != 0) ifp->if_capabilities |= IFCAP_TOE; #endif #ifdef RATELIMIT @@ -1859,9 +1862,10 @@ cxgbe_vi_attach(device_t dev, struct vi_info *vi) #endif ifp->if_hw_tsomaxsegsize = 65536; #ifdef KERN_TLS - if (sc->flags & KERN_TLS_OK) { + if (is_ktls(sc)) { ifp->if_capabilities |= IFCAP_TXTLS; - ifp->if_capenable |= IFCAP_TXTLS; + if (sc->flags & KERN_TLS_ON) + ifp->if_capenable |= IFCAP_TXTLS; } #endif @@ -2186,8 +2190,15 @@ cxgbe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data) ifp->if_capenable ^= IFCAP_MEXTPG; #ifdef KERN_TLS - if (mask & IFCAP_TXTLS) + if (mask & IFCAP_TXTLS) { + int enable = (ifp->if_capenable ^ mask) & IFCAP_TXTLS; + + rc = ktls_capability(sc, enable); + if (rc != 0) + goto fail; + ifp->if_capenable ^= (mask & IFCAP_TXTLS); + } #endif if (mask & IFCAP_VXLAN_HWCSUM) { ifp->if_capenable ^= IFCAP_VXLAN_HWCSUM; @@ -4782,47 +4793,36 @@ ktls_tick(void *arg) uint32_t tstamp; sc = arg; - - tstamp = tcp_ts_getticks(); - t4_write_reg(sc, A_TP_SYNC_TIME_HI, tstamp >> 1); - t4_write_reg(sc, A_TP_SYNC_TIME_LO, tstamp << 31); - + if (sc->flags & KERN_TLS_ON) { + tstamp = tcp_ts_getticks(); + t4_write_reg(sc, A_TP_SYNC_TIME_HI, tstamp >> 1); + t4_write_reg(sc, A_TP_SYNC_TIME_LO, tstamp << 31); + } callout_schedule_sbt(&sc->ktls_tick, SBT_1MS, 0, C_HARDCLOCK); } -static void -t4_enable_kern_tls(struct adapter *sc) +static int +t4_config_kern_tls(struct adapter *sc, bool enable) { - uint32_t m, v; - - m = F_ENABLECBYP; - v = F_ENABLECBYP; - t4_set_reg_field(sc, A_TP_PARA_REG6, m, v); - - m = F_CPL_FLAGS_UPDATE_EN | F_SEQ_UPDATE_EN; - v = F_CPL_FLAGS_UPDATE_EN | F_SEQ_UPDATE_EN; - t4_set_reg_field(sc, A_ULP_TX_CONFIG, m, v); - - m = F_NICMODE; - v = F_NICMODE; - t4_set_reg_field(sc, A_TP_IN_CONFIG, m, v); - - m = F_LOOKUPEVERYPKT; - v = 0; - t4_set_reg_field(sc, A_TP_INGRESS_CONFIG, m, v); - - m = F_TXDEFERENABLE | F_DISABLEWINDOWPSH | F_DISABLESEPPSHFLAG; - v = F_DISABLEWINDOWPSH; - t4_set_reg_field(sc, A_TP_PC_CONFIG, m, v); + int rc; + uint32_t param = V_FW_PARAMS_MNEM(FW_PARAMS_MNEM_DEV) | + V_FW_PARAMS_PARAM_X(FW_PARAMS_PARAM_DEV_KTLS_HW) | + V_FW_PARAMS_PARAM_Y(enable ? 1 : 0) | + V_FW_PARAMS_PARAM_Z(FW_PARAMS_PARAM_DEV_KTLS_HW_USER_ENABLE); - m = V_TIMESTAMPRESOLUTION(M_TIMESTAMPRESOLUTION); - v = V_TIMESTAMPRESOLUTION(0x1f); - t4_set_reg_field(sc, A_TP_TIMER_RESOLUTION, m, v); + rc = -t4_set_params(sc, sc->mbox, sc->pf, 0, 1, ¶m, ¶m); + if (rc != 0) { + CH_ERR(sc, "failed to %s NIC TLS: %d\n", + enable ? "enable" : "disable", rc); + return (rc); + } - sc->flags |= KERN_TLS_OK; + if (enable) + sc->flags |= KERN_TLS_ON; + else + sc->flags &= ~KERN_TLS_ON; - sc->tlst.inline_keys = t4_tls_inline_keys; - sc->tlst.combo_wrs = t4_tls_combo_wrs; + return (rc); } #endif @@ -4936,18 +4936,19 @@ set_params__post_init(struct adapter *sc) #ifdef KERN_TLS if (sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS && sc->toecaps & FW_CAPS_CONFIG_TOE) { - if (t4_kern_tls != 0) - t4_enable_kern_tls(sc); - else { - /* - * Limit TOE connections to 2 reassembly - * "islands". This is required for TOE TLS - * connections to downgrade to plain TOE - * connections if an unsupported TLS version - * or ciphersuite is used. - */ - t4_tp_wr_bits_indirect(sc, A_TP_FRAG_CONFIG, - V_PASSMODE(M_PASSMODE), V_PASSMODE(2)); + /* + * Limit TOE connections to 2 reassembly "islands". This is + * required for TOE TLS connections to downgrade to plain TOE + * connections if an unsupported TLS version or ciphersuite is + * used. + */ + t4_tp_wr_bits_indirect(sc, A_TP_FRAG_CONFIG, + V_PASSMODE(M_PASSMODE), V_PASSMODE(2)); + if (is_ktls(sc)) { + sc->tlst.inline_keys = t4_tls_inline_keys; + sc->tlst.combo_wrs = t4_tls_combo_wrs; + if (t4_kern_tls != 0) + t4_config_kern_tls(sc, true); } } #endif @@ -5863,7 +5864,7 @@ adapter_full_init(struct adapter *sc) t4_intr_enable(sc); } #ifdef KERN_TLS - if (sc->flags & KERN_TLS_OK) + if (is_ktls(sc)) callout_reset_sbt(&sc->ktls_tick, SBT_1MS, 0, ktls_tick, sc, C_HARDCLOCK); #endif @@ -6753,7 +6754,7 @@ t4_sysctls(struct adapter *sc) } #ifdef KERN_TLS - if (sc->flags & KERN_TLS_OK) { + if (is_ktls(sc)) { /* * dev.t4nex.0.tls. */ @@ -11047,7 +11048,7 @@ t4_ioctl(struct cdev *dev, unsigned long cmd, caddr_t data, int fflag, #ifdef TCP_OFFLOAD static int -toe_capability(struct vi_info *vi, int enable) +toe_capability(struct vi_info *vi, bool enable) { int rc; struct port_info *pi = vi->pi; @@ -11059,6 +11060,39 @@ toe_capability(struct vi_info *vi, int enable) return (ENODEV); if (enable) { +#ifdef KERN_TLS + if (sc->flags & KERN_TLS_ON) { + int i, j, n; + struct port_info *p; + struct vi_info *v; + + /* + * Reconfigure hardware for TOE if TXTLS is not enabled + * on any ifnet. + */ + n = 0; + for_each_port(sc, i) { + p = sc->port[i]; + for_each_vi(p, j, v) { + if (v->ifp->if_capenable & IFCAP_TXTLS) { + CH_WARN(sc, + "%s has NIC TLS enabled.\n", + device_get_nameunit(v->dev)); + n++; + } + } + } + if (n > 0) { + CH_WARN(sc, "Disable NIC TLS on all interfaces " + "associated with this adapter before " + "trying to enable TOE.\n"); + return (EAGAIN); + } + rc = t4_config_kern_tls(sc, false); + if (rc) + return (rc); + } +#endif if ((vi->ifp->if_capenable & IFCAP_TOE) != 0) { /* TOE is already enabled. */ return (0); @@ -11267,6 +11301,35 @@ uld_active(struct adapter *sc, int uld_id) } #endif +#ifdef KERN_TLS +static int +ktls_capability(struct adapter *sc, bool enable) +{ + ASSERT_SYNCHRONIZED_OP(sc); + + if (!is_ktls(sc)) + return (ENODEV); + + if (enable) { + if (sc->flags & KERN_TLS_ON) + return (0); /* already on */ + if (sc->offload_map != 0) { + CH_WARN(sc, + "Disable TOE on all interfaces associated with " + "this adapter before trying to enable NIC TLS.\n"); + return (EAGAIN); + } + return (t4_config_kern_tls(sc, true)); + } else { + /* + * Nothing to do for disable. If TOE is enabled sometime later + * then toe_capability will reconfigure the hardware. + */ + return (0); + } +} +#endif + /* * t = ptr to tunable. * nc = number of CPUs. diff --git a/sys/dev/cxgbe/t4_sge.c b/sys/dev/cxgbe/t4_sge.c index 1818673b5612..b0f5b272410a 100644 --- a/sys/dev/cxgbe/t4_sge.c +++ b/sys/dev/cxgbe/t4_sge.c @@ -4419,7 +4419,7 @@ alloc_txq(struct vi_info *vi, struct sge_txq *txq, int idx, "# of times hardware assisted with inner checksums (VXLAN)"); #ifdef KERN_TLS - if (sc->flags & KERN_TLS_OK) { + if (is_ktls(sc)) { SYSCTL_ADD_UQUAD(&vi->ctx, children, OID_AUTO, "kern_tls_records", CTLFLAG_RD, &txq->kern_tls_records, "# of NIC TLS records transmitted"); diff --git a/sys/dev/cxgbe/tom/t4_connect.c b/sys/dev/cxgbe/tom/t4_connect.c index c285b6fc41fa..c71b9694bd3b 100644 --- a/sys/dev/cxgbe/tom/t4_connect.c +++ b/sys/dev/cxgbe/tom/t4_connect.c @@ -256,7 +256,7 @@ t4_connect(struct toedev *tod, struct socket *so, struct nhop_object *nh, DONT_OFFLOAD_ACTIVE_OPEN(ENOSYS); /* XXX: implement lagg+TOE */ else DONT_OFFLOAD_ACTIVE_OPEN(ENOTSUP); - if (sc->flags & KERN_TLS_OK) + if (sc->flags & KERN_TLS_ON) DONT_OFFLOAD_ACTIVE_OPEN(ENOTSUP); rw_rlock(&sc->policy_lock); diff --git a/sys/dev/cxgbe/tom/t4_listen.c b/sys/dev/cxgbe/tom/t4_listen.c index ba30f2a60120..51de83643253 100644 --- a/sys/dev/cxgbe/tom/t4_listen.c +++ b/sys/dev/cxgbe/tom/t4_listen.c @@ -538,7 +538,7 @@ t4_listen_start(struct toedev *tod, struct tcpcb *tp) if (!(inp->inp_vflag & INP_IPV6) && IN_LOOPBACK(ntohl(inp->inp_laddr.s_addr))) return (0); - if (sc->flags & KERN_TLS_OK) + if (sc->flags & KERN_TLS_ON) return (0); #if 0 ADAPTER_LOCK(sc);