#include <crypto/skcipher.h>
#include <linux/rtnetlink.h>
#include <linux/bitfield.h>
#include "otx2_common.h"
#define MCS_TCAM0_MAC_DA_MASK GENMASK_ULL(47, 0)
#define MCS_TCAM0_MAC_SA_MASK GENMASK_ULL(63, 48)
#define MCS_TCAM1_MAC_SA_MASK GENMASK_ULL(31, 0)
#define MCS_TCAM1_ETYPE_MASK GENMASK_ULL(47, 32)
#define MCS_SA_MAP_MEM_SA_USE BIT_ULL(9)
#define MCS_RX_SECY_PLCY_RW_MASK GENMASK_ULL(49, 18)
#define MCS_RX_SECY_PLCY_RP BIT_ULL(17)
#define MCS_RX_SECY_PLCY_AUTH_ENA BIT_ULL(16)
#define MCS_RX_SECY_PLCY_CIP GENMASK_ULL(8, 5)
#define MCS_RX_SECY_PLCY_VAL GENMASK_ULL(2, 1)
#define MCS_RX_SECY_PLCY_ENA BIT_ULL(0)
#define MCS_TX_SECY_PLCY_MTU GENMASK_ULL(43, 28)
#define MCS_TX_SECY_PLCY_ST_TCI GENMASK_ULL(27, 22)
#define MCS_TX_SECY_PLCY_ST_OFFSET GENMASK_ULL(21, 15)
#define MCS_TX_SECY_PLCY_INS_MODE BIT_ULL(14)
#define MCS_TX_SECY_PLCY_AUTH_ENA BIT_ULL(13)
#define MCS_TX_SECY_PLCY_CIP GENMASK_ULL(5, 2)
#define MCS_TX_SECY_PLCY_PROTECT BIT_ULL(1)
#define MCS_TX_SECY_PLCY_ENA BIT_ULL(0)
#define MCS_GCM_AES_128 0
#define MCS_GCM_AES_256 1
#define MCS_GCM_AES_XPN_128 2
#define MCS_GCM_AES_XPN_256 3
#define MCS_TCI_ES 0x40
#define MCS_TCI_SC 0x20
#define MCS_TCI_SCB 0x10
#define MCS_TCI_E 0x08
#define MCS_TCI_C 0x04
#define CN10K_MAX_HASH_LEN 16
#define CN10K_MAX_SAK_LEN 32
static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, u8 *sak,
u16 sak_len, u8 *hash)
{
u8 data[CN10K_MAX_HASH_LEN] = { 0 };
struct skcipher_request *req = NULL;
struct scatterlist sg_src, sg_dst;
struct crypto_skcipher *tfm;
DECLARE_CRYPTO_WAIT(wait);
int err;
tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0);
if (IS_ERR(tfm)) {
dev_err(pfvf->dev, "failed to allocate transform for ecb-aes\n");
return PTR_ERR(tfm);
}
req = skcipher_request_alloc(tfm, GFP_KERNEL);
if (!req) {
dev_err(pfvf->dev, "failed to allocate request for skcipher\n");
err = -ENOMEM;
goto free_tfm;
}
err = crypto_skcipher_setkey(tfm, sak, sak_len);
if (err) {
dev_err(pfvf->dev, "failed to set key for skcipher\n");
goto free_req;
}
sg_init_one(&sg_src, data, CN10K_MAX_HASH_LEN);
sg_init_one(&sg_dst, hash, CN10K_MAX_HASH_LEN);
skcipher_request_set_callback(req, 0, crypto_req_done, &wait);
skcipher_request_set_crypt(req, &sg_src, &sg_dst,
CN10K_MAX_HASH_LEN, NULL);
err = crypto_skcipher_encrypt(req);
err = crypto_wait_req(err, &wait);
free_req:
skcipher_request_free(req);
free_tfm:
crypto_free_skcipher(tfm);
return err;
}
static struct cn10k_mcs_txsc *cn10k_mcs_get_txsc(struct cn10k_mcs_cfg *cfg,
struct macsec_secy *secy)
{
struct cn10k_mcs_txsc *txsc;
list_for_each_entry(txsc, &cfg->txsc_list, entry) {
if (txsc->sw_secy == secy)
return txsc;
}
return NULL;
}
static struct cn10k_mcs_rxsc *cn10k_mcs_get_rxsc(struct cn10k_mcs_cfg *cfg,
struct macsec_secy *secy,
struct macsec_rx_sc *rx_sc)
{
struct cn10k_mcs_rxsc *rxsc;
list_for_each_entry(rxsc, &cfg->rxsc_list, entry) {
if (rxsc->sw_rxsc == rx_sc && rxsc->sw_secy == secy)
return rxsc;
}
return NULL;
}
static const char *rsrc_name(enum mcs_rsrc_type rsrc_type)
{
switch (rsrc_type) {
case MCS_RSRC_TYPE_FLOWID:
return "FLOW";
case MCS_RSRC_TYPE_SC:
return "SC";
case MCS_RSRC_TYPE_SECY:
return "SECY";
case MCS_RSRC_TYPE_SA:
return "SA";
default:
return "Unknown";
}
}
static int cn10k_mcs_alloc_rsrc(struct otx2_nic *pfvf, enum mcs_direction dir,
enum mcs_rsrc_type type, u16 *rsrc_id)
{
struct mbox *mbox = &pfvf->mbox;
struct mcs_alloc_rsrc_req *req;
struct mcs_alloc_rsrc_rsp *rsp;
int ret = -ENOMEM;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_alloc_resources(mbox);
if (!req)
goto fail;
req->rsrc_type = type;
req->rsrc_cnt = 1;
req->dir = dir;
ret = otx2_sync_mbox_msg(mbox);
if (ret)
goto fail;
rsp = (struct mcs_alloc_rsrc_rsp *)otx2_mbox_get_rsp(&pfvf->mbox.mbox,
0, &req->hdr);
if (IS_ERR(rsp) || req->rsrc_cnt != rsp->rsrc_cnt ||
req->rsrc_type != rsp->rsrc_type || req->dir != rsp->dir) {
ret = -EINVAL;
goto fail;
}
switch (rsp->rsrc_type) {
case MCS_RSRC_TYPE_FLOWID:
*rsrc_id = rsp->flow_ids[0];
break;
case MCS_RSRC_TYPE_SC:
*rsrc_id = rsp->sc_ids[0];
break;
case MCS_RSRC_TYPE_SECY:
*rsrc_id = rsp->secy_ids[0];
break;
case MCS_RSRC_TYPE_SA:
*rsrc_id = rsp->sa_ids[0];
break;
default:
ret = -EINVAL;
goto fail;
}
mutex_unlock(&mbox->lock);
return 0;
fail:
dev_err(pfvf->dev, "Failed to allocate %s %s resource\n",
dir == MCS_TX ? "TX" : "RX", rsrc_name(type));
mutex_unlock(&mbox->lock);
return ret;
}
static void cn10k_mcs_free_rsrc(struct otx2_nic *pfvf, enum mcs_direction dir,
enum mcs_rsrc_type type, u16 hw_rsrc_id,
bool all)
{
struct mcs_clear_stats *clear_req;
struct mbox *mbox = &pfvf->mbox;
struct mcs_free_rsrc_req *req;
mutex_lock(&mbox->lock);
clear_req = otx2_mbox_alloc_msg_mcs_clear_stats(mbox);
if (!clear_req)
goto fail;
clear_req->id = hw_rsrc_id;
clear_req->type = type;
clear_req->dir = dir;
req = otx2_mbox_alloc_msg_mcs_free_resources(mbox);
if (!req)
goto fail;
req->rsrc_id = hw_rsrc_id;
req->rsrc_type = type;
req->dir = dir;
if (all)
req->all = 1;
if (otx2_sync_mbox_msg(&pfvf->mbox))
goto fail;
mutex_unlock(&mbox->lock);
return;
fail:
dev_err(pfvf->dev, "Failed to free %s %s resource\n",
dir == MCS_TX ? "TX" : "RX", rsrc_name(type));
mutex_unlock(&mbox->lock);
}
static int cn10k_mcs_alloc_txsa(struct otx2_nic *pfvf, u16 *hw_sa_id)
{
return cn10k_mcs_alloc_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_SA, hw_sa_id);
}
static int cn10k_mcs_alloc_rxsa(struct otx2_nic *pfvf, u16 *hw_sa_id)
{
return cn10k_mcs_alloc_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_SA, hw_sa_id);
}
static void cn10k_mcs_free_txsa(struct otx2_nic *pfvf, u16 hw_sa_id)
{
cn10k_mcs_free_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_SA, hw_sa_id, false);
}
static void cn10k_mcs_free_rxsa(struct otx2_nic *pfvf, u16 hw_sa_id)
{
cn10k_mcs_free_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_SA, hw_sa_id, false);
}
static int cn10k_mcs_write_rx_secy(struct otx2_nic *pfvf,
struct macsec_secy *secy, u8 hw_secy_id)
{
struct mcs_secy_plcy_write_req *req;
struct mbox *mbox = &pfvf->mbox;
u64 policy;
u8 cipher;
int ret;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_secy_plcy_write(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
policy = FIELD_PREP(MCS_RX_SECY_PLCY_RW_MASK, secy->replay_window);
if (secy->replay_protect)
policy |= MCS_RX_SECY_PLCY_RP;
policy |= MCS_RX_SECY_PLCY_AUTH_ENA;
switch (secy->key_len) {
case 16:
cipher = secy->xpn ? MCS_GCM_AES_XPN_128 : MCS_GCM_AES_128;
break;
case 32:
cipher = secy->xpn ? MCS_GCM_AES_XPN_256 : MCS_GCM_AES_256;
break;
default:
cipher = MCS_GCM_AES_128;
dev_warn(pfvf->dev, "Unsupported key length\n");
break;
}
policy |= FIELD_PREP(MCS_RX_SECY_PLCY_CIP, cipher);
policy |= FIELD_PREP(MCS_RX_SECY_PLCY_VAL, secy->validate_frames);
policy |= MCS_RX_SECY_PLCY_ENA;
req->plcy = policy;
req->secy_id = hw_secy_id;
req->dir = MCS_RX;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_write_rx_flowid(struct otx2_nic *pfvf,
struct cn10k_mcs_rxsc *rxsc, u8 hw_secy_id)
{
struct macsec_rx_sc *sw_rx_sc = rxsc->sw_rxsc;
struct macsec_secy *secy = rxsc->sw_secy;
struct mcs_flowid_entry_write_req *req;
struct mbox *mbox = &pfvf->mbox;
u64 mac_da;
int ret;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_flowid_entry_write(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
mac_da = ether_addr_to_u64(secy->netdev->dev_addr);
req->data[0] = FIELD_PREP(MCS_TCAM0_MAC_DA_MASK, mac_da);
req->mask[0] = ~0ULL;
req->mask[0] &= ~MCS_TCAM0_MAC_DA_MASK;
req->data[1] = FIELD_PREP(MCS_TCAM1_ETYPE_MASK, ETH_P_MACSEC);
req->mask[1] = ~0ULL;
req->mask[1] &= ~MCS_TCAM1_ETYPE_MASK;
req->mask[2] = ~0ULL;
req->mask[3] = ~0ULL;
req->flow_id = rxsc->hw_flow_id;
req->secy_id = hw_secy_id;
req->sc_id = rxsc->hw_sc_id;
req->dir = MCS_RX;
if (sw_rx_sc->active)
req->ena = 1;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_write_sc_cam(struct otx2_nic *pfvf,
struct cn10k_mcs_rxsc *rxsc, u8 hw_secy_id)
{
struct macsec_rx_sc *sw_rx_sc = rxsc->sw_rxsc;
struct mcs_rx_sc_cam_write_req *sc_req;
struct mbox *mbox = &pfvf->mbox;
int ret;
mutex_lock(&mbox->lock);
sc_req = otx2_mbox_alloc_msg_mcs_rx_sc_cam_write(mbox);
if (!sc_req) {
ret = -ENOMEM;
goto fail;
}
sc_req->sci = (__force u64)cpu_to_be64((__force u64)sw_rx_sc->sci);
sc_req->sc_id = rxsc->hw_sc_id;
sc_req->secy_id = hw_secy_id;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_write_keys(struct otx2_nic *pfvf,
struct macsec_secy *secy,
struct mcs_sa_plcy_write_req *req,
u8 *sak, u8 *salt, ssci_t ssci)
{
u8 hash_rev[CN10K_MAX_HASH_LEN];
u8 sak_rev[CN10K_MAX_SAK_LEN];
u8 salt_rev[MACSEC_SALT_LEN];
u8 hash[CN10K_MAX_HASH_LEN];
u32 ssci_63_32;
int err, i;
err = cn10k_ecb_aes_encrypt(pfvf, sak, secy->key_len, hash);
if (err) {
dev_err(pfvf->dev, "Generating hash using ECB(AES) failed\n");
return err;
}
for (i = 0; i < secy->key_len; i++)
sak_rev[i] = sak[secy->key_len - 1 - i];
for (i = 0; i < CN10K_MAX_HASH_LEN; i++)
hash_rev[i] = hash[CN10K_MAX_HASH_LEN - 1 - i];
for (i = 0; i < MACSEC_SALT_LEN; i++)
salt_rev[i] = salt[MACSEC_SALT_LEN - 1 - i];
ssci_63_32 = (__force u32)cpu_to_be32((__force u32)ssci);
memcpy(&req->plcy[0][0], sak_rev, secy->key_len);
memcpy(&req->plcy[0][4], hash_rev, CN10K_MAX_HASH_LEN);
memcpy(&req->plcy[0][6], salt_rev, MACSEC_SALT_LEN);
req->plcy[0][7] |= (u64)ssci_63_32 << 32;
return 0;
}
static int cn10k_mcs_write_rx_sa_plcy(struct otx2_nic *pfvf,
struct macsec_secy *secy,
struct cn10k_mcs_rxsc *rxsc,
u8 assoc_num, bool sa_in_use)
{
struct mcs_sa_plcy_write_req *plcy_req;
u8 *sak = rxsc->sa_key[assoc_num];
u8 *salt = rxsc->salt[assoc_num];
struct mcs_rx_sc_sa_map *map_req;
struct mbox *mbox = &pfvf->mbox;
int ret;
mutex_lock(&mbox->lock);
plcy_req = otx2_mbox_alloc_msg_mcs_sa_plcy_write(mbox);
if (!plcy_req) {
ret = -ENOMEM;
goto fail;
}
map_req = otx2_mbox_alloc_msg_mcs_rx_sc_sa_map_write(mbox);
if (!map_req) {
otx2_mbox_reset(&mbox->mbox, 0);
ret = -ENOMEM;
goto fail;
}
ret = cn10k_mcs_write_keys(pfvf, secy, plcy_req, sak,
salt, rxsc->ssci[assoc_num]);
if (ret)
goto fail;
plcy_req->sa_index[0] = rxsc->hw_sa_id[assoc_num];
plcy_req->sa_cnt = 1;
plcy_req->dir = MCS_RX;
map_req->sa_index = rxsc->hw_sa_id[assoc_num];
map_req->sa_in_use = sa_in_use;
map_req->sc_id = rxsc->hw_sc_id;
map_req->an = assoc_num;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_write_rx_sa_pn(struct otx2_nic *pfvf,
struct cn10k_mcs_rxsc *rxsc,
u8 assoc_num, u64 next_pn)
{
struct mcs_pn_table_write_req *req;
struct mbox *mbox = &pfvf->mbox;
int ret;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_pn_table_write(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
req->pn_id = rxsc->hw_sa_id[assoc_num];
req->next_pn = next_pn;
req->dir = MCS_RX;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_write_tx_secy(struct otx2_nic *pfvf,
struct macsec_secy *secy,
struct cn10k_mcs_txsc *txsc)
{
struct mcs_secy_plcy_write_req *req;
struct mbox *mbox = &pfvf->mbox;
struct macsec_tx_sc *sw_tx_sc;
u8 sectag_tci = 0;
u8 tag_offset;
u64 policy;
u8 cipher;
int ret;
tag_offset = txsc->vlan_dev ? 16 : 12;
sw_tx_sc = &secy->tx_sc;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_secy_plcy_write(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
if (sw_tx_sc->send_sci) {
sectag_tci |= MCS_TCI_SC;
} else {
if (sw_tx_sc->end_station)
sectag_tci |= MCS_TCI_ES;
if (sw_tx_sc->scb)
sectag_tci |= MCS_TCI_SCB;
}
if (sw_tx_sc->encrypt)
sectag_tci |= (MCS_TCI_E | MCS_TCI_C);
policy = FIELD_PREP(MCS_TX_SECY_PLCY_MTU,
pfvf->netdev->mtu + OTX2_ETH_HLEN);
policy |= FIELD_PREP(MCS_TX_SECY_PLCY_ST_TCI, sectag_tci >> 2);
policy |= FIELD_PREP(MCS_TX_SECY_PLCY_ST_OFFSET, tag_offset);
policy |= MCS_TX_SECY_PLCY_INS_MODE;
policy |= MCS_TX_SECY_PLCY_AUTH_ENA;
switch (secy->key_len) {
case 16:
cipher = secy->xpn ? MCS_GCM_AES_XPN_128 : MCS_GCM_AES_128;
break;
case 32:
cipher = secy->xpn ? MCS_GCM_AES_XPN_256 : MCS_GCM_AES_256;
break;
default:
cipher = MCS_GCM_AES_128;
dev_warn(pfvf->dev, "Unsupported key length\n");
break;
}
policy |= FIELD_PREP(MCS_TX_SECY_PLCY_CIP, cipher);
if (secy->protect_frames)
policy |= MCS_TX_SECY_PLCY_PROTECT;
if (!secy->protect_frames || secy->operational)
policy |= MCS_TX_SECY_PLCY_ENA;
req->plcy = policy;
req->secy_id = txsc->hw_secy_id_tx;
req->dir = MCS_TX;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_write_tx_flowid(struct otx2_nic *pfvf,
struct macsec_secy *secy,
struct cn10k_mcs_txsc *txsc)
{
struct mcs_flowid_entry_write_req *req;
struct mbox *mbox = &pfvf->mbox;
u64 mac_sa;
int ret;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_flowid_entry_write(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
mac_sa = ether_addr_to_u64(secy->netdev->dev_addr);
req->data[0] = FIELD_PREP(MCS_TCAM0_MAC_SA_MASK, mac_sa);
req->data[1] = FIELD_PREP(MCS_TCAM1_MAC_SA_MASK, mac_sa >> 16);
req->mask[0] = ~0ULL;
req->mask[0] &= ~MCS_TCAM0_MAC_SA_MASK;
req->mask[1] = ~0ULL;
req->mask[1] &= ~MCS_TCAM1_MAC_SA_MASK;
req->mask[2] = ~0ULL;
req->mask[3] = ~0ULL;
req->flow_id = txsc->hw_flow_id;
req->secy_id = txsc->hw_secy_id_tx;
req->sc_id = txsc->hw_sc_id;
req->sci = (__force u64)cpu_to_be64((__force u64)secy->sci);
req->dir = MCS_TX;
req->ena = 1;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_link_tx_sa2sc(struct otx2_nic *pfvf,
struct macsec_secy *secy,
struct cn10k_mcs_txsc *txsc,
u8 sa_num, bool sa_active)
{
struct mcs_tx_sc_sa_map *map_req;
struct mbox *mbox = &pfvf->mbox;
int ret;
if (txsc->encoding_sa != sa_num)
return 0;
mutex_lock(&mbox->lock);
map_req = otx2_mbox_alloc_msg_mcs_tx_sc_sa_map_write(mbox);
if (!map_req) {
otx2_mbox_reset(&mbox->mbox, 0);
ret = -ENOMEM;
goto fail;
}
map_req->sa_index0 = txsc->hw_sa_id[sa_num];
map_req->sa_index0_vld = sa_active;
map_req->sectag_sci = (__force u64)cpu_to_be64((__force u64)secy->sci);
map_req->sc_id = txsc->hw_sc_id;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_write_tx_sa_plcy(struct otx2_nic *pfvf,
struct macsec_secy *secy,
struct cn10k_mcs_txsc *txsc,
u8 assoc_num)
{
struct mcs_sa_plcy_write_req *plcy_req;
u8 *sak = txsc->sa_key[assoc_num];
u8 *salt = txsc->salt[assoc_num];
struct mbox *mbox = &pfvf->mbox;
int ret;
mutex_lock(&mbox->lock);
plcy_req = otx2_mbox_alloc_msg_mcs_sa_plcy_write(mbox);
if (!plcy_req) {
ret = -ENOMEM;
goto fail;
}
ret = cn10k_mcs_write_keys(pfvf, secy, plcy_req, sak,
salt, txsc->ssci[assoc_num]);
if (ret)
goto fail;
plcy_req->plcy[0][8] = assoc_num;
plcy_req->sa_index[0] = txsc->hw_sa_id[assoc_num];
plcy_req->sa_cnt = 1;
plcy_req->dir = MCS_TX;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_write_tx_sa_pn(struct otx2_nic *pfvf,
struct cn10k_mcs_txsc *txsc,
u8 assoc_num, u64 next_pn)
{
struct mcs_pn_table_write_req *req;
struct mbox *mbox = &pfvf->mbox;
int ret;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_pn_table_write(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
req->pn_id = txsc->hw_sa_id[assoc_num];
req->next_pn = next_pn;
req->dir = MCS_TX;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_ena_dis_flowid(struct otx2_nic *pfvf, u16 hw_flow_id,
bool enable, enum mcs_direction dir)
{
struct mcs_flowid_ena_dis_entry *req;
struct mbox *mbox = &pfvf->mbox;
int ret;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_flowid_ena_entry(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
req->flow_id = hw_flow_id;
req->ena = enable;
req->dir = dir;
ret = otx2_sync_mbox_msg(mbox);
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_sa_stats(struct otx2_nic *pfvf, u8 hw_sa_id,
struct mcs_sa_stats *rsp_p,
enum mcs_direction dir, bool clear)
{
struct mcs_clear_stats *clear_req;
struct mbox *mbox = &pfvf->mbox;
struct mcs_stats_req *req;
struct mcs_sa_stats *rsp;
int ret;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_get_sa_stats(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
req->id = hw_sa_id;
req->dir = dir;
if (!clear)
goto send_msg;
clear_req = otx2_mbox_alloc_msg_mcs_clear_stats(mbox);
if (!clear_req) {
ret = -ENOMEM;
goto fail;
}
clear_req->id = hw_sa_id;
clear_req->dir = dir;
clear_req->type = MCS_RSRC_TYPE_SA;
send_msg:
ret = otx2_sync_mbox_msg(mbox);
if (ret)
goto fail;
rsp = (struct mcs_sa_stats *)otx2_mbox_get_rsp(&pfvf->mbox.mbox,
0, &req->hdr);
if (IS_ERR(rsp)) {
ret = PTR_ERR(rsp);
goto fail;
}
memcpy(rsp_p, rsp, sizeof(*rsp_p));
mutex_unlock(&mbox->lock);
return 0;
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_sc_stats(struct otx2_nic *pfvf, u8 hw_sc_id,
struct mcs_sc_stats *rsp_p,
enum mcs_direction dir, bool clear)
{
struct mcs_clear_stats *clear_req;
struct mbox *mbox = &pfvf->mbox;
struct mcs_stats_req *req;
struct mcs_sc_stats *rsp;
int ret;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_get_sc_stats(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
req->id = hw_sc_id;
req->dir = dir;
if (!clear)
goto send_msg;
clear_req = otx2_mbox_alloc_msg_mcs_clear_stats(mbox);
if (!clear_req) {
ret = -ENOMEM;
goto fail;
}
clear_req->id = hw_sc_id;
clear_req->dir = dir;
clear_req->type = MCS_RSRC_TYPE_SC;
send_msg:
ret = otx2_sync_mbox_msg(mbox);
if (ret)
goto fail;
rsp = (struct mcs_sc_stats *)otx2_mbox_get_rsp(&pfvf->mbox.mbox,
0, &req->hdr);
if (IS_ERR(rsp)) {
ret = PTR_ERR(rsp);
goto fail;
}
memcpy(rsp_p, rsp, sizeof(*rsp_p));
mutex_unlock(&mbox->lock);
return 0;
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static int cn10k_mcs_secy_stats(struct otx2_nic *pfvf, u8 hw_secy_id,
struct mcs_secy_stats *rsp_p,
enum mcs_direction dir, bool clear)
{
struct mcs_clear_stats *clear_req;
struct mbox *mbox = &pfvf->mbox;
struct mcs_secy_stats *rsp;
struct mcs_stats_req *req;
int ret;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_get_secy_stats(mbox);
if (!req) {
ret = -ENOMEM;
goto fail;
}
req->id = hw_secy_id;
req->dir = dir;
if (!clear)
goto send_msg;
clear_req = otx2_mbox_alloc_msg_mcs_clear_stats(mbox);
if (!clear_req) {
ret = -ENOMEM;
goto fail;
}
clear_req->id = hw_secy_id;
clear_req->dir = dir;
clear_req->type = MCS_RSRC_TYPE_SECY;
send_msg:
ret = otx2_sync_mbox_msg(mbox);
if (ret)
goto fail;
rsp = (struct mcs_secy_stats *)otx2_mbox_get_rsp(&pfvf->mbox.mbox,
0, &req->hdr);
if (IS_ERR(rsp)) {
ret = PTR_ERR(rsp);
goto fail;
}
memcpy(rsp_p, rsp, sizeof(*rsp_p));
mutex_unlock(&mbox->lock);
return 0;
fail:
mutex_unlock(&mbox->lock);
return ret;
}
static struct cn10k_mcs_txsc *cn10k_mcs_create_txsc(struct otx2_nic *pfvf)
{
struct cn10k_mcs_txsc *txsc;
int ret;
txsc = kzalloc_obj(*txsc);
if (!txsc)
return ERR_PTR(-ENOMEM);
ret = cn10k_mcs_alloc_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_FLOWID,
&txsc->hw_flow_id);
if (ret)
goto fail;
ret = cn10k_mcs_alloc_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_SECY,
&txsc->hw_secy_id_tx);
if (ret)
goto free_flowid;
ret = cn10k_mcs_alloc_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_SECY,
&txsc->hw_secy_id_rx);
if (ret)
goto free_tx_secy;
ret = cn10k_mcs_alloc_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_SC,
&txsc->hw_sc_id);
if (ret)
goto free_rx_secy;
return txsc;
free_rx_secy:
cn10k_mcs_free_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_SECY,
txsc->hw_secy_id_rx, false);
free_tx_secy:
cn10k_mcs_free_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_SECY,
txsc->hw_secy_id_tx, false);
free_flowid:
cn10k_mcs_free_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_FLOWID,
txsc->hw_flow_id, false);
fail:
kfree(txsc);
return ERR_PTR(ret);
}
static void cn10k_mcs_delete_txsc(struct otx2_nic *pfvf,
struct cn10k_mcs_txsc *txsc)
{
u8 sa_bmap = txsc->sa_bmap;
u8 sa_num = 0;
while (sa_bmap) {
if (sa_bmap & 1) {
cn10k_mcs_write_tx_sa_plcy(pfvf, txsc->sw_secy,
txsc, sa_num);
cn10k_mcs_free_txsa(pfvf, txsc->hw_sa_id[sa_num]);
}
sa_num++;
sa_bmap >>= 1;
}
cn10k_mcs_free_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_SC,
txsc->hw_sc_id, false);
cn10k_mcs_free_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_SECY,
txsc->hw_secy_id_rx, false);
cn10k_mcs_free_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_SECY,
txsc->hw_secy_id_tx, false);
cn10k_mcs_free_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_FLOWID,
txsc->hw_flow_id, false);
}
static struct cn10k_mcs_rxsc *cn10k_mcs_create_rxsc(struct otx2_nic *pfvf)
{
struct cn10k_mcs_rxsc *rxsc;
int ret;
rxsc = kzalloc_obj(*rxsc);
if (!rxsc)
return ERR_PTR(-ENOMEM);
ret = cn10k_mcs_alloc_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_FLOWID,
&rxsc->hw_flow_id);
if (ret)
goto fail;
ret = cn10k_mcs_alloc_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_SC,
&rxsc->hw_sc_id);
if (ret)
goto free_flowid;
return rxsc;
free_flowid:
cn10k_mcs_free_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_FLOWID,
rxsc->hw_flow_id, false);
fail:
kfree(rxsc);
return ERR_PTR(ret);
}
static void cn10k_mcs_delete_rxsc(struct otx2_nic *pfvf,
struct cn10k_mcs_rxsc *rxsc)
{
u8 sa_bmap = rxsc->sa_bmap;
u8 sa_num = 0;
while (sa_bmap) {
if (sa_bmap & 1) {
cn10k_mcs_write_rx_sa_plcy(pfvf, rxsc->sw_secy, rxsc,
sa_num, false);
cn10k_mcs_free_rxsa(pfvf, rxsc->hw_sa_id[sa_num]);
}
sa_num++;
sa_bmap >>= 1;
}
cn10k_mcs_free_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_SC,
rxsc->hw_sc_id, false);
cn10k_mcs_free_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_FLOWID,
rxsc->hw_flow_id, false);
}
static int cn10k_mcs_secy_tx_cfg(struct otx2_nic *pfvf, struct macsec_secy *secy,
struct cn10k_mcs_txsc *txsc,
struct macsec_tx_sa *sw_tx_sa, u8 sa_num)
{
if (sw_tx_sa) {
cn10k_mcs_write_tx_sa_plcy(pfvf, secy, txsc, sa_num);
cn10k_write_tx_sa_pn(pfvf, txsc, sa_num, sw_tx_sa->next_pn);
cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc, sa_num,
sw_tx_sa->active);
}
cn10k_mcs_write_tx_secy(pfvf, secy, txsc);
cn10k_mcs_write_tx_flowid(pfvf, secy, txsc);
cn10k_mcs_write_rx_secy(pfvf, secy, txsc->hw_secy_id_rx);
return 0;
}
static int cn10k_mcs_secy_rx_cfg(struct otx2_nic *pfvf,
struct macsec_secy *secy, u8 hw_secy_id)
{
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct cn10k_mcs_rxsc *mcs_rx_sc;
struct macsec_rx_sc *sw_rx_sc;
struct macsec_rx_sa *sw_rx_sa;
u8 sa_num;
for (sw_rx_sc = rcu_dereference_bh(secy->rx_sc); sw_rx_sc && sw_rx_sc->active;
sw_rx_sc = rcu_dereference_bh(sw_rx_sc->next)) {
mcs_rx_sc = cn10k_mcs_get_rxsc(cfg, secy, sw_rx_sc);
if (unlikely(!mcs_rx_sc))
continue;
for (sa_num = 0; sa_num < CN10K_MCS_SA_PER_SC; sa_num++) {
sw_rx_sa = rcu_dereference_bh(sw_rx_sc->sa[sa_num]);
if (!sw_rx_sa)
continue;
cn10k_mcs_write_rx_sa_plcy(pfvf, secy, mcs_rx_sc,
sa_num, sw_rx_sa->active);
cn10k_mcs_write_rx_sa_pn(pfvf, mcs_rx_sc, sa_num,
sw_rx_sa->next_pn);
}
cn10k_mcs_write_rx_flowid(pfvf, mcs_rx_sc, hw_secy_id);
cn10k_mcs_write_sc_cam(pfvf, mcs_rx_sc, hw_secy_id);
}
return 0;
}
static int cn10k_mcs_disable_rxscs(struct otx2_nic *pfvf,
struct macsec_secy *secy,
bool delete)
{
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct cn10k_mcs_rxsc *mcs_rx_sc;
struct macsec_rx_sc *sw_rx_sc;
int ret;
for (sw_rx_sc = rcu_dereference_bh(secy->rx_sc); sw_rx_sc && sw_rx_sc->active;
sw_rx_sc = rcu_dereference_bh(sw_rx_sc->next)) {
mcs_rx_sc = cn10k_mcs_get_rxsc(cfg, secy, sw_rx_sc);
if (unlikely(!mcs_rx_sc))
continue;
ret = cn10k_mcs_ena_dis_flowid(pfvf, mcs_rx_sc->hw_flow_id,
false, MCS_RX);
if (ret)
dev_err(pfvf->dev, "Failed to disable TCAM for SC %d\n",
mcs_rx_sc->hw_sc_id);
if (delete) {
cn10k_mcs_delete_rxsc(pfvf, mcs_rx_sc);
list_del(&mcs_rx_sc->entry);
kfree(mcs_rx_sc);
}
}
return 0;
}
static void cn10k_mcs_sync_stats(struct otx2_nic *pfvf, struct macsec_secy *secy,
struct cn10k_mcs_txsc *txsc)
{
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct mcs_secy_stats rx_rsp = { 0 };
struct mcs_sc_stats sc_rsp = { 0 };
struct cn10k_mcs_rxsc *rxsc;
if (secy->validate_frames == txsc->last_validate_frames &&
secy->replay_protect == txsc->last_replay_protect)
return;
cn10k_mcs_secy_stats(pfvf, txsc->hw_secy_id_rx, &rx_rsp, MCS_RX, true);
txsc->stats.InPktsBadTag += rx_rsp.pkt_badtag_cnt;
txsc->stats.InPktsUnknownSCI += rx_rsp.pkt_nosa_cnt;
txsc->stats.InPktsNoSCI += rx_rsp.pkt_nosaerror_cnt;
if (txsc->last_validate_frames == MACSEC_VALIDATE_STRICT)
txsc->stats.InPktsNoTag += rx_rsp.pkt_untaged_cnt;
else
txsc->stats.InPktsUntagged += rx_rsp.pkt_untaged_cnt;
list_for_each_entry(rxsc, &cfg->rxsc_list, entry) {
cn10k_mcs_sc_stats(pfvf, rxsc->hw_sc_id, &sc_rsp, MCS_RX, true);
rxsc->stats.InOctetsValidated += sc_rsp.octet_validate_cnt;
rxsc->stats.InOctetsDecrypted += sc_rsp.octet_decrypt_cnt;
rxsc->stats.InPktsInvalid += sc_rsp.pkt_invalid_cnt;
rxsc->stats.InPktsNotValid += sc_rsp.pkt_notvalid_cnt;
if (txsc->last_replay_protect)
rxsc->stats.InPktsLate += sc_rsp.pkt_late_cnt;
else
rxsc->stats.InPktsDelayed += sc_rsp.pkt_late_cnt;
if (txsc->last_validate_frames == MACSEC_VALIDATE_DISABLED)
rxsc->stats.InPktsUnchecked += sc_rsp.pkt_unchecked_cnt;
else
rxsc->stats.InPktsOK += sc_rsp.pkt_unchecked_cnt;
}
txsc->last_validate_frames = secy->validate_frames;
txsc->last_replay_protect = secy->replay_protect;
}
static int cn10k_mdo_open(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_secy *secy = ctx->secy;
struct macsec_tx_sa *sw_tx_sa;
struct cn10k_mcs_txsc *txsc;
u8 sa_num;
int err;
txsc = cn10k_mcs_get_txsc(cfg, ctx->secy);
if (!txsc)
return -ENOENT;
sa_num = txsc->encoding_sa;
sw_tx_sa = rcu_dereference_bh(secy->tx_sc.sa[sa_num]);
err = cn10k_mcs_secy_tx_cfg(pfvf, secy, txsc, sw_tx_sa, sa_num);
if (err)
return err;
return cn10k_mcs_secy_rx_cfg(pfvf, secy, txsc->hw_secy_id_rx);
}
static int cn10k_mdo_stop(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct cn10k_mcs_txsc *txsc;
int err;
txsc = cn10k_mcs_get_txsc(cfg, ctx->secy);
if (!txsc)
return -ENOENT;
err = cn10k_mcs_ena_dis_flowid(pfvf, txsc->hw_flow_id, false, MCS_TX);
if (err)
return err;
return cn10k_mcs_disable_rxscs(pfvf, ctx->secy, false);
}
static int cn10k_mdo_add_secy(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_secy *secy = ctx->secy;
struct cn10k_mcs_txsc *txsc;
if (secy->icv_len != MACSEC_DEFAULT_ICV_LEN)
return -EOPNOTSUPP;
txsc = cn10k_mcs_create_txsc(pfvf);
if (IS_ERR(txsc))
return -ENOSPC;
txsc->sw_secy = secy;
txsc->encoding_sa = secy->tx_sc.encoding_sa;
txsc->last_validate_frames = secy->validate_frames;
txsc->last_replay_protect = secy->replay_protect;
txsc->vlan_dev = is_vlan_dev(ctx->netdev);
list_add(&txsc->entry, &cfg->txsc_list);
if (netif_running(secy->netdev))
return cn10k_mcs_secy_tx_cfg(pfvf, secy, txsc, NULL, 0);
return 0;
}
static int cn10k_mdo_upd_secy(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_secy *secy = ctx->secy;
struct macsec_tx_sa *sw_tx_sa;
struct cn10k_mcs_txsc *txsc;
bool active;
u8 sa_num;
int err;
txsc = cn10k_mcs_get_txsc(cfg, secy);
if (!txsc)
return -ENOENT;
if (txsc->encoding_sa != secy->tx_sc.encoding_sa) {
txsc->encoding_sa = secy->tx_sc.encoding_sa;
sa_num = txsc->encoding_sa;
sw_tx_sa = rcu_dereference_bh(secy->tx_sc.sa[sa_num]);
active = sw_tx_sa ? sw_tx_sa->active : false;
cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc, sa_num, active);
}
if (netif_running(secy->netdev)) {
cn10k_mcs_sync_stats(pfvf, secy, txsc);
err = cn10k_mcs_secy_tx_cfg(pfvf, secy, txsc, NULL, 0);
if (err)
return err;
}
return 0;
}
static int cn10k_mdo_del_secy(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct cn10k_mcs_txsc *txsc;
txsc = cn10k_mcs_get_txsc(cfg, ctx->secy);
if (!txsc)
return -ENOENT;
cn10k_mcs_ena_dis_flowid(pfvf, txsc->hw_flow_id, false, MCS_TX);
cn10k_mcs_disable_rxscs(pfvf, ctx->secy, true);
cn10k_mcs_delete_txsc(pfvf, txsc);
list_del(&txsc->entry);
kfree(txsc);
return 0;
}
static int cn10k_mdo_add_txsa(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct macsec_tx_sa *sw_tx_sa = ctx->sa.tx_sa;
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_secy *secy = ctx->secy;
u8 sa_num = ctx->sa.assoc_num;
struct cn10k_mcs_txsc *txsc;
int err;
txsc = cn10k_mcs_get_txsc(cfg, secy);
if (!txsc)
return -ENOENT;
if (sa_num >= CN10K_MCS_SA_PER_SC)
return -EOPNOTSUPP;
if (cn10k_mcs_alloc_txsa(pfvf, &txsc->hw_sa_id[sa_num]))
return -ENOSPC;
memcpy(&txsc->sa_key[sa_num], ctx->sa.key, secy->key_len);
memcpy(&txsc->salt[sa_num], sw_tx_sa->key.salt.bytes, MACSEC_SALT_LEN);
txsc->ssci[sa_num] = sw_tx_sa->ssci;
txsc->sa_bmap |= 1 << sa_num;
if (netif_running(secy->netdev)) {
err = cn10k_mcs_write_tx_sa_plcy(pfvf, secy, txsc, sa_num);
if (err)
return err;
err = cn10k_write_tx_sa_pn(pfvf, txsc, sa_num,
sw_tx_sa->next_pn);
if (err)
return err;
err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc,
sa_num, sw_tx_sa->active);
if (err)
return err;
}
return 0;
}
static int cn10k_mdo_upd_txsa(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct macsec_tx_sa *sw_tx_sa = ctx->sa.tx_sa;
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_secy *secy = ctx->secy;
u8 sa_num = ctx->sa.assoc_num;
struct cn10k_mcs_txsc *txsc;
int err;
txsc = cn10k_mcs_get_txsc(cfg, secy);
if (!txsc)
return -ENOENT;
if (sa_num >= CN10K_MCS_SA_PER_SC)
return -EOPNOTSUPP;
if (netif_running(secy->netdev)) {
if (ctx->sa.update_pn) {
err = cn10k_write_tx_sa_pn(pfvf, txsc, sa_num,
sw_tx_sa->next_pn);
if (err)
return err;
}
err = cn10k_mcs_link_tx_sa2sc(pfvf, secy, txsc,
sa_num, sw_tx_sa->active);
if (err)
return err;
}
return 0;
}
static int cn10k_mdo_del_txsa(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
u8 sa_num = ctx->sa.assoc_num;
struct cn10k_mcs_txsc *txsc;
txsc = cn10k_mcs_get_txsc(cfg, ctx->secy);
if (!txsc)
return -ENOENT;
if (sa_num >= CN10K_MCS_SA_PER_SC)
return -EOPNOTSUPP;
cn10k_mcs_free_txsa(pfvf, txsc->hw_sa_id[sa_num]);
txsc->sa_bmap &= ~(1 << sa_num);
return 0;
}
static int cn10k_mdo_add_rxsc(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_secy *secy = ctx->secy;
struct cn10k_mcs_rxsc *rxsc;
struct cn10k_mcs_txsc *txsc;
int err;
txsc = cn10k_mcs_get_txsc(cfg, secy);
if (!txsc)
return -ENOENT;
rxsc = cn10k_mcs_create_rxsc(pfvf);
if (IS_ERR(rxsc))
return -ENOSPC;
rxsc->sw_secy = ctx->secy;
rxsc->sw_rxsc = ctx->rx_sc;
list_add(&rxsc->entry, &cfg->rxsc_list);
if (netif_running(secy->netdev)) {
err = cn10k_mcs_write_rx_flowid(pfvf, rxsc, txsc->hw_secy_id_rx);
if (err)
return err;
err = cn10k_mcs_write_sc_cam(pfvf, rxsc, txsc->hw_secy_id_rx);
if (err)
return err;
}
return 0;
}
static int cn10k_mdo_upd_rxsc(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_secy *secy = ctx->secy;
bool enable = ctx->rx_sc->active;
struct cn10k_mcs_rxsc *rxsc;
rxsc = cn10k_mcs_get_rxsc(cfg, secy, ctx->rx_sc);
if (!rxsc)
return -ENOENT;
if (netif_running(secy->netdev))
return cn10k_mcs_ena_dis_flowid(pfvf, rxsc->hw_flow_id,
enable, MCS_RX);
return 0;
}
static int cn10k_mdo_del_rxsc(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct cn10k_mcs_rxsc *rxsc;
rxsc = cn10k_mcs_get_rxsc(cfg, ctx->secy, ctx->rx_sc);
if (!rxsc)
return -ENOENT;
cn10k_mcs_ena_dis_flowid(pfvf, rxsc->hw_flow_id, false, MCS_RX);
cn10k_mcs_delete_rxsc(pfvf, rxsc);
list_del(&rxsc->entry);
kfree(rxsc);
return 0;
}
static int cn10k_mdo_add_rxsa(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct macsec_rx_sc *sw_rx_sc = ctx->sa.rx_sa->sc;
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_rx_sa *rx_sa = ctx->sa.rx_sa;
struct macsec_secy *secy = ctx->secy;
bool sa_in_use = rx_sa->active;
u8 sa_num = ctx->sa.assoc_num;
struct cn10k_mcs_rxsc *rxsc;
int err;
rxsc = cn10k_mcs_get_rxsc(cfg, secy, sw_rx_sc);
if (!rxsc)
return -ENOENT;
if (sa_num >= CN10K_MCS_SA_PER_SC)
return -EOPNOTSUPP;
if (cn10k_mcs_alloc_rxsa(pfvf, &rxsc->hw_sa_id[sa_num]))
return -ENOSPC;
memcpy(&rxsc->sa_key[sa_num], ctx->sa.key, ctx->secy->key_len);
memcpy(&rxsc->salt[sa_num], rx_sa->key.salt.bytes, MACSEC_SALT_LEN);
rxsc->ssci[sa_num] = rx_sa->ssci;
rxsc->sa_bmap |= 1 << sa_num;
if (netif_running(secy->netdev)) {
err = cn10k_mcs_write_rx_sa_plcy(pfvf, secy, rxsc,
sa_num, sa_in_use);
if (err)
return err;
err = cn10k_mcs_write_rx_sa_pn(pfvf, rxsc, sa_num,
rx_sa->next_pn);
if (err)
return err;
}
return 0;
}
static int cn10k_mdo_upd_rxsa(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct macsec_rx_sc *sw_rx_sc = ctx->sa.rx_sa->sc;
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_rx_sa *rx_sa = ctx->sa.rx_sa;
struct macsec_secy *secy = ctx->secy;
bool sa_in_use = rx_sa->active;
u8 sa_num = ctx->sa.assoc_num;
struct cn10k_mcs_rxsc *rxsc;
int err;
rxsc = cn10k_mcs_get_rxsc(cfg, secy, sw_rx_sc);
if (!rxsc)
return -ENOENT;
if (sa_num >= CN10K_MCS_SA_PER_SC)
return -EOPNOTSUPP;
if (netif_running(secy->netdev)) {
err = cn10k_mcs_write_rx_sa_plcy(pfvf, secy, rxsc, sa_num, sa_in_use);
if (err)
return err;
if (!ctx->sa.update_pn)
return 0;
err = cn10k_mcs_write_rx_sa_pn(pfvf, rxsc, sa_num,
rx_sa->next_pn);
if (err)
return err;
}
return 0;
}
static int cn10k_mdo_del_rxsa(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct macsec_rx_sc *sw_rx_sc = ctx->sa.rx_sa->sc;
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
u8 sa_num = ctx->sa.assoc_num;
struct cn10k_mcs_rxsc *rxsc;
rxsc = cn10k_mcs_get_rxsc(cfg, ctx->secy, sw_rx_sc);
if (!rxsc)
return -ENOENT;
if (sa_num >= CN10K_MCS_SA_PER_SC)
return -EOPNOTSUPP;
cn10k_mcs_write_rx_sa_plcy(pfvf, ctx->secy, rxsc, sa_num, false);
cn10k_mcs_free_rxsa(pfvf, rxsc->hw_sa_id[sa_num]);
rxsc->sa_bmap &= ~(1 << sa_num);
return 0;
}
static int cn10k_mdo_get_dev_stats(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct mcs_secy_stats tx_rsp = { 0 }, rx_rsp = { 0 };
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_secy *secy = ctx->secy;
struct cn10k_mcs_txsc *txsc;
txsc = cn10k_mcs_get_txsc(cfg, ctx->secy);
if (!txsc)
return -ENOENT;
cn10k_mcs_secy_stats(pfvf, txsc->hw_secy_id_tx, &tx_rsp, MCS_TX, false);
ctx->stats.dev_stats->OutPktsUntagged = tx_rsp.pkt_untagged_cnt;
ctx->stats.dev_stats->OutPktsTooLong = tx_rsp.pkt_toolong_cnt;
cn10k_mcs_secy_stats(pfvf, txsc->hw_secy_id_rx, &rx_rsp, MCS_RX, true);
txsc->stats.InPktsBadTag += rx_rsp.pkt_badtag_cnt;
txsc->stats.InPktsUnknownSCI += rx_rsp.pkt_nosa_cnt;
txsc->stats.InPktsNoSCI += rx_rsp.pkt_nosaerror_cnt;
if (secy->validate_frames == MACSEC_VALIDATE_STRICT)
txsc->stats.InPktsNoTag += rx_rsp.pkt_untaged_cnt;
else
txsc->stats.InPktsUntagged += rx_rsp.pkt_untaged_cnt;
txsc->stats.InPktsOverrun = 0;
ctx->stats.dev_stats->InPktsNoTag = txsc->stats.InPktsNoTag;
ctx->stats.dev_stats->InPktsUntagged = txsc->stats.InPktsUntagged;
ctx->stats.dev_stats->InPktsBadTag = txsc->stats.InPktsBadTag;
ctx->stats.dev_stats->InPktsUnknownSCI = txsc->stats.InPktsUnknownSCI;
ctx->stats.dev_stats->InPktsNoSCI = txsc->stats.InPktsNoSCI;
ctx->stats.dev_stats->InPktsOverrun = txsc->stats.InPktsOverrun;
return 0;
}
static int cn10k_mdo_get_tx_sc_stats(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct mcs_sc_stats rsp = { 0 };
struct cn10k_mcs_txsc *txsc;
txsc = cn10k_mcs_get_txsc(cfg, ctx->secy);
if (!txsc)
return -ENOENT;
cn10k_mcs_sc_stats(pfvf, txsc->hw_sc_id, &rsp, MCS_TX, false);
ctx->stats.tx_sc_stats->OutPktsProtected = rsp.pkt_protected_cnt;
ctx->stats.tx_sc_stats->OutPktsEncrypted = rsp.pkt_encrypt_cnt;
ctx->stats.tx_sc_stats->OutOctetsProtected = rsp.octet_protected_cnt;
ctx->stats.tx_sc_stats->OutOctetsEncrypted = rsp.octet_encrypt_cnt;
return 0;
}
static int cn10k_mdo_get_tx_sa_stats(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct mcs_sa_stats rsp = { 0 };
u8 sa_num = ctx->sa.assoc_num;
struct cn10k_mcs_txsc *txsc;
txsc = cn10k_mcs_get_txsc(cfg, ctx->secy);
if (!txsc)
return -ENOENT;
if (sa_num >= CN10K_MCS_SA_PER_SC)
return -EOPNOTSUPP;
cn10k_mcs_sa_stats(pfvf, txsc->hw_sa_id[sa_num], &rsp, MCS_TX, false);
ctx->stats.tx_sa_stats->OutPktsProtected = rsp.pkt_protected_cnt;
ctx->stats.tx_sa_stats->OutPktsEncrypted = rsp.pkt_encrypt_cnt;
return 0;
}
static int cn10k_mdo_get_rx_sc_stats(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_secy *secy = ctx->secy;
struct mcs_sc_stats rsp = { 0 };
struct cn10k_mcs_rxsc *rxsc;
rxsc = cn10k_mcs_get_rxsc(cfg, secy, ctx->rx_sc);
if (!rxsc)
return -ENOENT;
cn10k_mcs_sc_stats(pfvf, rxsc->hw_sc_id, &rsp, MCS_RX, true);
rxsc->stats.InOctetsValidated += rsp.octet_validate_cnt;
rxsc->stats.InOctetsDecrypted += rsp.octet_decrypt_cnt;
rxsc->stats.InPktsInvalid += rsp.pkt_invalid_cnt;
rxsc->stats.InPktsNotValid += rsp.pkt_notvalid_cnt;
if (secy->replay_protect)
rxsc->stats.InPktsLate += rsp.pkt_late_cnt;
else
rxsc->stats.InPktsDelayed += rsp.pkt_late_cnt;
if (secy->validate_frames == MACSEC_VALIDATE_DISABLED)
rxsc->stats.InPktsUnchecked += rsp.pkt_unchecked_cnt;
else
rxsc->stats.InPktsOK += rsp.pkt_unchecked_cnt;
ctx->stats.rx_sc_stats->InOctetsValidated = rxsc->stats.InOctetsValidated;
ctx->stats.rx_sc_stats->InOctetsDecrypted = rxsc->stats.InOctetsDecrypted;
ctx->stats.rx_sc_stats->InPktsInvalid = rxsc->stats.InPktsInvalid;
ctx->stats.rx_sc_stats->InPktsNotValid = rxsc->stats.InPktsNotValid;
ctx->stats.rx_sc_stats->InPktsLate = rxsc->stats.InPktsLate;
ctx->stats.rx_sc_stats->InPktsDelayed = rxsc->stats.InPktsDelayed;
ctx->stats.rx_sc_stats->InPktsUnchecked = rxsc->stats.InPktsUnchecked;
ctx->stats.rx_sc_stats->InPktsOK = rxsc->stats.InPktsOK;
return 0;
}
static int cn10k_mdo_get_rx_sa_stats(struct macsec_context *ctx)
{
struct otx2_nic *pfvf = macsec_netdev_priv(ctx->netdev);
struct macsec_rx_sc *sw_rx_sc = ctx->sa.rx_sa->sc;
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct mcs_sa_stats rsp = { 0 };
u8 sa_num = ctx->sa.assoc_num;
struct cn10k_mcs_rxsc *rxsc;
rxsc = cn10k_mcs_get_rxsc(cfg, ctx->secy, sw_rx_sc);
if (!rxsc)
return -ENOENT;
if (sa_num >= CN10K_MCS_SA_PER_SC)
return -EOPNOTSUPP;
cn10k_mcs_sa_stats(pfvf, rxsc->hw_sa_id[sa_num], &rsp, MCS_RX, false);
ctx->stats.rx_sa_stats->InPktsOK = rsp.pkt_ok_cnt;
ctx->stats.rx_sa_stats->InPktsInvalid = rsp.pkt_invalid_cnt;
ctx->stats.rx_sa_stats->InPktsNotValid = rsp.pkt_notvalid_cnt;
ctx->stats.rx_sa_stats->InPktsNotUsingSA = rsp.pkt_nosaerror_cnt;
ctx->stats.rx_sa_stats->InPktsUnusedSA = rsp.pkt_nosa_cnt;
return 0;
}
static const struct macsec_ops cn10k_mcs_ops = {
.mdo_dev_open = cn10k_mdo_open,
.mdo_dev_stop = cn10k_mdo_stop,
.mdo_add_secy = cn10k_mdo_add_secy,
.mdo_upd_secy = cn10k_mdo_upd_secy,
.mdo_del_secy = cn10k_mdo_del_secy,
.mdo_add_rxsc = cn10k_mdo_add_rxsc,
.mdo_upd_rxsc = cn10k_mdo_upd_rxsc,
.mdo_del_rxsc = cn10k_mdo_del_rxsc,
.mdo_add_rxsa = cn10k_mdo_add_rxsa,
.mdo_upd_rxsa = cn10k_mdo_upd_rxsa,
.mdo_del_rxsa = cn10k_mdo_del_rxsa,
.mdo_add_txsa = cn10k_mdo_add_txsa,
.mdo_upd_txsa = cn10k_mdo_upd_txsa,
.mdo_del_txsa = cn10k_mdo_del_txsa,
.mdo_get_dev_stats = cn10k_mdo_get_dev_stats,
.mdo_get_tx_sc_stats = cn10k_mdo_get_tx_sc_stats,
.mdo_get_tx_sa_stats = cn10k_mdo_get_tx_sa_stats,
.mdo_get_rx_sc_stats = cn10k_mdo_get_rx_sc_stats,
.mdo_get_rx_sa_stats = cn10k_mdo_get_rx_sa_stats,
};
void cn10k_handle_mcs_event(struct otx2_nic *pfvf, struct mcs_intr_info *event)
{
struct cn10k_mcs_cfg *cfg = pfvf->macsec_cfg;
struct macsec_tx_sa *sw_tx_sa = NULL;
struct macsec_secy *secy = NULL;
struct cn10k_mcs_txsc *txsc;
u8 an;
if (!test_bit(CN10K_HW_MACSEC, &pfvf->hw.cap_flag))
return;
if (!(event->intr_mask & MCS_CPM_TX_PACKET_XPN_EQ0_INT))
return;
list_for_each_entry(txsc, &cfg->txsc_list, entry) {
for (an = 0; an < CN10K_MCS_SA_PER_SC; an++)
if (txsc->hw_sa_id[an] == event->sa_id) {
secy = txsc->sw_secy;
sw_tx_sa = rcu_dereference_bh(secy->tx_sc.sa[an]);
}
}
if (secy && sw_tx_sa)
macsec_pn_wrapped(secy, sw_tx_sa);
}
int cn10k_mcs_init(struct otx2_nic *pfvf)
{
struct mbox *mbox = &pfvf->mbox;
struct cn10k_mcs_cfg *cfg;
struct mcs_intr_cfg *req;
if (!test_bit(CN10K_HW_MACSEC, &pfvf->hw.cap_flag))
return 0;
cfg = kzalloc_obj(*cfg);
if (!cfg)
return -ENOMEM;
INIT_LIST_HEAD(&cfg->txsc_list);
INIT_LIST_HEAD(&cfg->rxsc_list);
pfvf->macsec_cfg = cfg;
pfvf->netdev->features |= NETIF_F_HW_MACSEC;
pfvf->netdev->macsec_ops = &cn10k_mcs_ops;
mutex_lock(&mbox->lock);
req = otx2_mbox_alloc_msg_mcs_intr_cfg(mbox);
if (!req)
goto fail;
req->intr_mask = MCS_CPM_TX_PACKET_XPN_EQ0_INT;
if (otx2_sync_mbox_msg(mbox))
goto fail;
mutex_unlock(&mbox->lock);
return 0;
fail:
dev_err(pfvf->dev, "Cannot notify PN wrapped event\n");
mutex_unlock(&mbox->lock);
return 0;
}
void cn10k_mcs_free(struct otx2_nic *pfvf)
{
if (!test_bit(CN10K_HW_MACSEC, &pfvf->hw.cap_flag))
return;
cn10k_mcs_free_rsrc(pfvf, MCS_TX, MCS_RSRC_TYPE_SECY, 0, true);
cn10k_mcs_free_rsrc(pfvf, MCS_RX, MCS_RSRC_TYPE_SECY, 0, true);
kfree(pfvf->macsec_cfg);
pfvf->macsec_cfg = NULL;
}
