From patchwork Thu Feb 22 19:09:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shannon Nelson X-Patchwork-Id: 876807 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="BnEgR4Iq"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3znP7h2S7Sz9s7T for ; Fri, 23 Feb 2018 06:10:24 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751350AbeBVTKR (ORCPT ); Thu, 22 Feb 2018 14:10:17 -0500 Received: from aserp2130.oracle.com ([141.146.126.79]:48730 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750842AbeBVTKQ (ORCPT ); Thu, 22 Feb 2018 14:10:16 -0500 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w1MJ3Kus084860; Thu, 22 Feb 2018 19:10:13 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=corp-2017-10-26; bh=MYDRvxeIBu7xWIAGgVenBSXm/HMSyiuk7KrFmWdhrSE=; b=BnEgR4Iq42RlhC02x20QmUbKQo4t+W8XUglCnktG3aGVh/r6d4QwRW5pI0lu4HzRm8eA fvcbk4E9FidQB5ugzyCaBXMGa+4wIBJEwoDw/onJaYGah9zquSWcJkQtTDp86GwlE2YW GQnWkWcnJdIYbHlpfrAbnIwbimviK7rNbmlCMgIrxJPvDa9tl/LqNtbw2j3mRzYeItNc haCZjSH2lzMdEXtbX73U5jGYNWFcXz7NdAqisGW65m6ykf0+1qzb41m5rA3pUa1xHiYA 9FOLV/w668H4crOD/ARzVVGsvKrafDOtLlILNgK3t6EgzyV70RXBYbJIJ4oT/UUjxcox lA== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp2130.oracle.com with ESMTP id 2ga322gavp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 22 Feb 2018 19:10:13 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w1MJACUe021626 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 22 Feb 2018 19:10:13 GMT Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w1MJABx5008129; Thu, 22 Feb 2018 19:10:12 GMT Received: from slnelson-mint18.us.oracle.com (/10.159.159.10) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 22 Feb 2018 11:10:11 -0800 From: Shannon Nelson To: intel-wired-lan@lists.osuosl.org Cc: netdev@vger.kernel.org, steffen.klassert@secunet.com Subject: [PATCH next-queue 1/3] ixgbe: check for 128-bit authentication Date: Thu, 22 Feb 2018 11:09:55 -0800 Message-Id: <1519326597-7679-2-git-send-email-shannon.nelson@oracle.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519326597-7679-1-git-send-email-shannon.nelson@oracle.com> References: <1519326597-7679-1-git-send-email-shannon.nelson@oracle.com> X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8812 signatures=668677 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802220240 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Make sure the Security Association is using a 128-bit authentication, since that's the only size that the hardware offload supports. Signed-off-by: Shannon Nelson --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +++++++++++----- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h | 1 + 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index 93eacdd..8b7dbc8 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -423,15 +423,21 @@ static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs, const char aes_gcm_name[] = "rfc4106(gcm(aes))"; int key_len; - if (xs->aead) { - key_data = &xs->aead->alg_key[0]; - key_len = xs->aead->alg_key_len; - alg_name = xs->aead->alg_name; - } else { + if (!xs->aead) { netdev_err(dev, "Unsupported IPsec algorithm\n"); return -EINVAL; } + if (xs->aead->alg_icv_len != IXGBE_IPSEC_AUTH_BITS) { + netdev_err(dev, "IPsec offload requires %d bit authentication\n", + IXGBE_IPSEC_AUTH_BITS); + return -EINVAL; + } + + key_data = &xs->aead->alg_key[0]; + key_len = xs->aead->alg_key_len; + alg_name = xs->aead->alg_name; + if (strcmp(alg_name, aes_gcm_name)) { netdev_err(dev, "Unsupported IPsec algorithm - please use %s\n", aes_gcm_name); diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h index da3ce78..87d2800 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h @@ -32,6 +32,7 @@ #define IXGBE_IPSEC_MAX_RX_IP_COUNT 128 #define IXGBE_IPSEC_BASE_RX_INDEX 0 #define IXGBE_IPSEC_BASE_TX_INDEX IXGBE_IPSEC_MAX_SA_COUNT +#define IXGBE_IPSEC_AUTH_BITS 128 #define IXGBE_RXTXIDX_IPS_EN 0x00000001 #define IXGBE_RXIDX_TBL_SHIFT 1 From patchwork Thu Feb 22 19:09:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shannon Nelson X-Patchwork-Id: 876809 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="dZSGzkbD"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3znPF34XYMz9s7T for ; Fri, 23 Feb 2018 06:15:03 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751378AbeBVTPB (ORCPT ); Thu, 22 Feb 2018 14:15:01 -0500 Received: from aserp2120.oracle.com ([141.146.126.78]:51116 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751274AbeBVTO7 (ORCPT ); Thu, 22 Feb 2018 14:14:59 -0500 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w1MJC84c062165; Thu, 22 Feb 2018 19:14:53 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=corp-2017-10-26; bh=t4TpW2laGDVKAd5XCqYPRGGAGmEA28LfFz4ic7OqZpg=; b=dZSGzkbD54/N+YXIYF5PmmAceL96semgnoS8dvTIAYO0km7n5St+l6Hc5NepiOQylJU+ AuKKIdhhBrv1bnELnLsdmqkIdzZIOal/Y0Oiv+kf1QnmTxOulRvpm9LA2RAi21UCsBJg lBEYuEw2rWIpdjDWUIkJ5O9Ogr9osy7ooa7P+Sv4f/x41bneoxxmELFSE/+r2yZ0gvNR JCBatdEHa6l0ZqZIGStED/Wn0kMNb2ch/UdivflkSTIxM1+6GxV48fJVKBW/ZLYMUOrV 7OuUJU4qjHHOK4+BvoUZWXrNZrsPzoZgEayPFOfEvmzEctFRJnC7F7dckfYn5paDPo4m Lw== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp2120.oracle.com with ESMTP id 2ga390g6ku-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 22 Feb 2018 19:14:53 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w1MJADjn008821 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 22 Feb 2018 19:10:13 GMT Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w1MJACPr008136; Thu, 22 Feb 2018 19:10:12 GMT Received: from slnelson-mint18.us.oracle.com (/10.159.159.10) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 22 Feb 2018 11:10:11 -0800 From: Shannon Nelson To: intel-wired-lan@lists.osuosl.org Cc: netdev@vger.kernel.org, steffen.klassert@secunet.com Subject: [PATCH next-queue 2/3] ixgbe: fix ipsec trailer length Date: Thu, 22 Feb 2018 11:09:56 -0800 Message-Id: <1519326597-7679-3-git-send-email-shannon.nelson@oracle.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519326597-7679-1-git-send-email-shannon.nelson@oracle.com> References: <1519326597-7679-1-git-send-email-shannon.nelson@oracle.com> X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8812 signatures=668677 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802220241 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Fix up the Tx trailer length calculation. We can't believe the trailer len from the xstate information because it was calculated before the packet was put together and padding added. This bit of code finds the padding value in the trailer, adds it to the authentication length, and saves it so later we can put it into the Tx descriptor to tell the device where to stop the checksum calculation. Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload") Signed-off-by: Shannon Nelson --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index 8b7dbc8..8623013 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -789,11 +789,33 @@ int ixgbe_ipsec_tx(struct ixgbe_ring *tx_ring, itd->flags = 0; if (xs->id.proto == IPPROTO_ESP) { + struct sk_buff *skb = first->skb; + int ret, authlen, trailerlen; + u8 padlen; + itd->flags |= IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP | IXGBE_ADVTXD_TUCMD_L4T_TCP; if (first->protocol == htons(ETH_P_IP)) itd->flags |= IXGBE_ADVTXD_TUCMD_IPV4; - itd->trailer_len = xs->props.trailer_len; + + /* The actual trailer length is authlen (16 bytes) plus + * 2 bytes for the proto and the padlen values, plus + * padlen bytes of padding. This ends up not the same + * as the static value found in xs->props.trailer_len (21). + * + * The "correct" way to get the auth length would be to use + * authlen = crypto_aead_authsize(xs->data); + * but since we know we only have one size to worry about + * we can let the compiler use the constant and save us a + * few CPU cycles. + */ + authlen = IXGBE_IPSEC_AUTH_BITS / 8; + + ret = skb_copy_bits(skb, skb->len - (authlen + 2), &padlen, 1); + if (unlikely(ret)) + return 0; + trailerlen = authlen + 2 + padlen; + itd->trailer_len = trailerlen; } if (tsa->encrypt) itd->flags |= IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN; From patchwork Thu Feb 22 19:09:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shannon Nelson X-Patchwork-Id: 876816 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="wMKMd9oG"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3znPcq2hmfz9s7T for ; Fri, 23 Feb 2018 06:32:11 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751357AbeBVTcI (ORCPT ); Thu, 22 Feb 2018 14:32:08 -0500 Received: from aserp2130.oracle.com ([141.146.126.79]:35522 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750916AbeBVTcI (ORCPT ); Thu, 22 Feb 2018 14:32:08 -0500 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w1MJW4Ce106591; Thu, 22 Feb 2018 19:32:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=corp-2017-10-26; bh=oUPLkSuVV3ExhOSSe3jNVMIgMdOc80c2JoYQeqHoUu4=; b=wMKMd9oGDj1AtxVpPyRcqyqdZvu+LHiNME723j4O4uHLP0nXlBVqrFs/XWkwU02AjQDo sNwgU6jfvzKl4R4x/N+fgA6VK/nxWOx/oXbLVkgg+SDhLgoxZUOhHQxZEJnxFjl05xGy 3hRmKl1dV2JI1UfUPA8zPZtN3vIYTLKpsMUIfOz4Q+epbQnYQBr/OkheK1h5EdFGOqKJ FLNtE/7muObQK7Wl5NFqKr1LJYxcdf0diMn/JEUi1yXWznUVFtT801vJak58SvSQqd9u wRTiZdF40VzunzM9SVIGd4hbDSzhHb+UZBO8aqEzcT9rQJ5lahZ4BbzMJb1hvPo5mNhH Zw== Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp2130.oracle.com with ESMTP id 2ga40qg1sv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 22 Feb 2018 19:32:04 +0000 Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w1MJADFx013680 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 22 Feb 2018 19:10:13 GMT Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w1MJACZ0001388; Thu, 22 Feb 2018 19:10:12 GMT Received: from slnelson-mint18.us.oracle.com (/10.159.159.10) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 22 Feb 2018 11:10:12 -0800 From: Shannon Nelson To: intel-wired-lan@lists.osuosl.org Cc: netdev@vger.kernel.org, steffen.klassert@secunet.com Subject: [PATCH next-queue 3/3] ixgbe: remove unneeded ipsec state free callback Date: Thu, 22 Feb 2018 11:09:57 -0800 Message-Id: <1519326597-7679-4-git-send-email-shannon.nelson@oracle.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519326597-7679-1-git-send-email-shannon.nelson@oracle.com> References: <1519326597-7679-1-git-send-email-shannon.nelson@oracle.com> X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8812 signatures=668677 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=3 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=940 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802220245 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org With commit 7f05b467a735 ("xfrm: check for xdo_dev_state_free") we no longer need to add an empty callback function to the driver, so now let's remove the useless code. Signed-off-by: Shannon Nelson --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index 8623013..f225452 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -724,23 +724,10 @@ static bool ixgbe_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs) return true; } -/** - * ixgbe_ipsec_free - called by xfrm garbage collections - * @xs: pointer to transformer state struct - * - * We don't have any garbage to collect, so we shouldn't bother - * implementing this function, but the XFRM code doesn't check for - * existence before calling the API callback. - **/ -static void ixgbe_ipsec_free(struct xfrm_state *xs) -{ -} - static const struct xfrmdev_ops ixgbe_xfrmdev_ops = { .xdo_dev_state_add = ixgbe_ipsec_add_sa, .xdo_dev_state_delete = ixgbe_ipsec_del_sa, .xdo_dev_offload_ok = ixgbe_ipsec_offload_ok, - .xdo_dev_state_free = ixgbe_ipsec_free, }; /**