From patchwork Mon Jun 24 09:16:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suanming Mou X-Patchwork-Id: 141530 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6A19D454DE; Mon, 24 Jun 2024 11:17:40 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CCCD640A4B; Mon, 24 Jun 2024 11:17:36 +0200 (CEST) Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2076.outbound.protection.outlook.com [40.107.236.76]) by mails.dpdk.org (Postfix) with ESMTP id 5865040A82 for ; Mon, 24 Jun 2024 11:17:35 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e2apgsF6WPr22wPtlgJ3P5D2j9qga9GZud99GkJINYAGNk3oFmgpu3885Dz0gAxi8rqF2+VaA+mbXTJZyZNPqWQKwQHMGTPTgKAW9s32tarlJG/SgVnmcVQDQxz9gb+uLSpRXWDFspj7F9wK91x6LqPbXRjRIHV8qThoCZ+Ip19NwNA27SM420db79HwS1doQj87oKLU9jUsL0x/R/bwVOV4yGuPwXV0ImdCbTDg/3GSlBZu7HDpSNFXBdMyx14GPi1yyfxWTnfqsz5KVbkw1won6Grlgalzm551kZWHwdilFibIcY4FLfjTJCyK3+TQc/BXTHqmy0pzTqEj3DrtMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T3Uu2KRhnReuXb24WdC/+EPe0i5GKTuNfIQ+InSzFZA=; b=RwGElPk+m+9mBHUFFLHhT0K7dLqMy3HOCnZr3ySlDitoTht3m98H0DGk5a67c3mibW41lTRUDDgFp3izKadVwec7VE8WuDp6j2fB/b2JvbiRlnE3+ivbbLKHV8GegO/lZXzT+K6AkhiW+uIHcnfk/1me7uGf2f1EPfhqrqK9uGCCVWz5Iy++ch8o50sltXxrLKUggID95zODbFk9BbsMbDGJACQGoeg9ZnMm3YUaqLS2qaAAz1/+ddjOOvzGFrRsaSR0ftAuqEcMHmhBlr1MSrB1Zo6AxnrObcneelyg51TY/tDg1FDm0RLQBFu21EvzUqwjL4imqou0b3lJPCJ7tQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T3Uu2KRhnReuXb24WdC/+EPe0i5GKTuNfIQ+InSzFZA=; b=VPN+0iP6O/JtGzkTbIYCIm7Ip7HLydKfToq7PWPlq9FkYHgjKTogUImYHD97sUnEWCMzwii5iHEdaxlZk5U13UOhRNWTrHV3zURPqV+MQwmLK3sCgBj/FmGe/stFY+t9aLNzT++YN/EbUnGOP1VNsamK8m64l/TM5QkVxkZVSU5OK34dZb4PgrS8anMoNZgKAgxRqz4NjdUyPhtrTbw6bwDMOCvogkzjsjc9ORN9q72LdLDyPPRNk/jrUTRqGRzWPTKGArAhvKj37xHS+/yQO2A4ewtcDPXh4GE3VuxlsclPCYqVbFrAeL/jjMeeyJuBOeF1mY/Ul5d2RyNX6vXIEQ== Received: from CH2PR07CA0015.namprd07.prod.outlook.com (2603:10b6:610:20::28) by LV3PR12MB9412.namprd12.prod.outlook.com (2603:10b6:408:211::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.30; Mon, 24 Jun 2024 09:17:32 +0000 Received: from CH2PEPF0000013D.namprd02.prod.outlook.com (2603:10b6:610:20:cafe::a1) by CH2PR07CA0015.outlook.office365.com (2603:10b6:610:20::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.38 via Frontend Transport; Mon, 24 Jun 2024 09:17:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CH2PEPF0000013D.mail.protection.outlook.com (10.167.244.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.15 via Frontend Transport; Mon, 24 Jun 2024 09:17:32 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 24 Jun 2024 02:17:16 -0700 Received: from nvidia.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 24 Jun 2024 02:17:14 -0700 From: Suanming Mou To: Matan Azrad CC: , Subject: [PATCH v3 1/2] crypto/mlx5: optimize AES-GCM IPsec operation Date: Mon, 24 Jun 2024 17:16:50 +0800 Message-ID: <20240624091651.2295533-2-suanmingm@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240624091651.2295533-1-suanmingm@nvidia.com> References: <20240530072413.1602343-1-suanmingm@nvidia.com> <20240624091651.2295533-1-suanmingm@nvidia.com> MIME-Version: 1.0 X-Originating-IP: [10.126.230.35] X-ClientProxiedBy: rnnvmail203.nvidia.com (10.129.68.9) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF0000013D:EE_|LV3PR12MB9412:EE_ X-MS-Office365-Filtering-Correlation-Id: 577cc042-c411-43f0-5dc4-08dc942e7a69 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230037|376011|82310400023|36860700010|1800799021; X-Microsoft-Antispam-Message-Info: AFK4QzroRBOk8DvU0bb2HEfqE7/7pyLRSxNFWtvpdi/p2r2/rpmz8qcDlu277AjlupYD03HiJ7JLLgwZenuYScl00rzVg19AROzasNjvZgBBjC2okMwZ7VTsJ6NeygmKoEEHgcVAW+80l59KPkjxJCx8qKTARneQPdQrmX/1lyo9Cgx69oNN0jfUul7DpVZO0zAwj2Ev6rUE8dCyLUYvD+Kfjv5hqBo7jTdmjno5QdAjjy5OkS+qhJkEcpHM32hemWDI4Ww0RDS+/UdIl36NHBFFDS2/Uk4nkDJ2F+fQdUQJx6LW4UXQOnNdXgTHnm2mpJb8B744ARo9jrpWiuU+kImlS5ZN2Wowwv7BOHK5+cGzoduGiKo800Xu3TxUtuaVM6GgzJMDXIgMnEC1YkvmrBb20ow/w3IMqy6n++DQ9VqRhLCqZKo3w+39ZziLw57TUraSog3H5tmda6G5MqOYhIjOAAD/+Tw+i54VbscJihWId4irTfDFTLmX73PU9VBQYl5rDqhubV3QvFOcNCIRBCANAGiKnVaI8vQzz4H+iEq+fpdJWeVBc61YknwiYlKpkiuh5TGfp8hZEVLmTVoF7K9pCas0P8tdiefxMR48NDXUNAz7A1OCjY95ttrxIJcDjZD+0jFED/tCHgatfDqIKRfOtJfwHuFNrIKpMkeePCdSwSemi5uzEenWGPnsgeJph4PWBkP3R+vk5NfnBm9/Oo7YkhvqifARCL2GoPMdK4hZXgT2fIX2dVShwuVjI3/8d4s5QQ+NsEBB76TrJUGSgCvFi1Pgjl1TL7AU+eAgnn/Reuf2yOXLs6yHAAbYf7WrktFImMq48dToMzU2YfXaG+QfKcXtnqu19SFJvOvJqLkWGVb31VZQ624OE7j/ZjAU1sYvgB1UHFgDsdJbeRSrepk6rsOvCiY13gVFdW7skrIKbAIpSlwP8QL5umYLK2eXNZt4p3950a++KL8Ovo/wgbVWQFcUVyxGCwG/KO+jheBiKKqvOTxu8Lo+yOAxV2Ku+QyXGfKQr7u3nLOjZOn9Pw/lCPUTUVIw5FZ2sMIiNp+0fKMKO5eGDfyRDm04H+n+PsZBBK7XrpD/q294BRY0aGVy8UPyOhPnpdv/umZ90yAeVewAbiePZbohMQoFlGt1uVGbueVoEwPtZZGV/Xwz5eGaCQd4Qy/vm5KHwjq4ok83op18yrBGsnFOPT7TNbI8dNJ6ydaE5yNj5uHjPbe52p9VsfmIE/Ijl8X66y8AMzMS8dKpfmuox/KKg0hbuJqO6qujDRKCQY4pPVf/lJEaWHHPXFwHTSeqnxlpwXv66Xky1Ew2dc/HiB7muy9+FZjJIOK9ohsCcfciWY7dzFFaLaS7pEHvPQM9qRaJt2h81lz/MHkR5PSWVXJ1YRrvGxNHgCAXFMjXT2fO8036IzA73g== X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230037)(376011)(82310400023)(36860700010)(1800799021); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jun 2024 09:17:32.1493 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 577cc042-c411-43f0-5dc4-08dc942e7a69 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9412 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org To optimize AES-GCM IPsec operation within crypto/mlx5, the DPDK API typically supplies AES_GCM AAD/Payload/Digest in separate locations, potentially disrupting their contiguous layout. In cases where the memory layout fails to meet hardware (HW) requirements, an UMR WQE is initiated ahead of the GCM's GGA WQE to establish a continuous AAD/Payload/Digest virtual memory space for the HW MMU. For IPsec scenarios, where the memory layout consistently adheres to the fixed order of AAD/IV/Payload/Digest, directly shrinking memory for AAD proves more efficient than preparing a UMR WQE. To address this, a new devarg "crypto_mode" with mode "ipsec_opt" is introduced in the commit, offering an optimization hint specifically for IPsec cases. When enabled, the PMD copies AAD directly before Payload in the enqueue_burst function instead of employing the UMR WQE. Subsequently, in the dequeue_burst function, the overridden IV before Payload is restored from the GGA WQE. It's crucial for users to avoid utilizing the input mbuf data during processing. Signed-off-by: Suanming Mou Acked-by: Matan Azrad --- v3: add limitation for non-contiguous inputs. v2: rebase version. --- doc/guides/cryptodevs/mlx5.rst | 21 +++ doc/guides/rel_notes/release_24_07.rst | 4 + drivers/crypto/mlx5/mlx5_crypto.c | 24 ++- drivers/crypto/mlx5/mlx5_crypto.h | 19 +++ drivers/crypto/mlx5/mlx5_crypto_gcm.c | 220 +++++++++++++++++++++++-- 5 files changed, 266 insertions(+), 22 deletions(-) diff --git a/doc/guides/cryptodevs/mlx5.rst b/doc/guides/cryptodevs/mlx5.rst index 8c05759ae7..fd0aa1ed8b 100644 --- a/doc/guides/cryptodevs/mlx5.rst +++ b/doc/guides/cryptodevs/mlx5.rst @@ -185,6 +185,25 @@ for an additional list of options shared with other mlx5 drivers. Maximum number of mbuf chain segments(src or dest), default value is 8. +- ``crypto_mode`` parameter [string] + + Only valid in AES-GCM mode. Will be ignored in AES-XTS mode. + + - ``full_capable`` + Use UMR WQE for inputs not as contiguous AAD/Payload/Digest. + + - ``ipsec_opt`` + Do software AAD shrink for inputs as contiguous AAD/IV/Payload/Digest. + The PMD relies on the IPsec layout, expecting the memory to align with + AAD/IV/Payload/Digest in a contiguous manner, all within a single mbuf + for any given OP. + The PMD extracts the ESP.IV bytes from the input memory and binds the + AAD (ESP SPI and SN) to the payload during enqueue OP. It then restores + the original memory layout in the decrypt OP. + ESP.IV size supported range is [0,16] bytes. + + Set to ``full_capable`` by default. + Supported NICs -------------- @@ -205,6 +224,8 @@ Limitations values. - AES-GCM is supported only on BlueField-3. - AES-GCM supports only key import plaintext mode. +- AES-GCM ``ipsec_opt`` mode does not support non-contiguous AAD/Payload/Digest + and multi-segment mode. Prerequisites diff --git a/doc/guides/rel_notes/release_24_07.rst b/doc/guides/rel_notes/release_24_07.rst index 7c88de381b..4e71573316 100644 --- a/doc/guides/rel_notes/release_24_07.rst +++ b/doc/guides/rel_notes/release_24_07.rst @@ -144,6 +144,10 @@ New Features Added an API that allows the user to reclaim the defer queue with RCU. +* **Updated NVIDIA mlx5 crypto driver.** + + * Added AES-GCM IPsec operation optimization. + Removed Items ------------- diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c index 26bd4087da..d49a375dcb 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.c +++ b/drivers/crypto/mlx5/mlx5_crypto.c @@ -25,10 +25,6 @@ #define MLX5_CRYPTO_FEATURE_FLAGS(wrapped_mode) \ (RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | \ - RTE_CRYPTODEV_FF_IN_PLACE_SGL | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | \ - RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | \ - RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT | \ - RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | \ (wrapped_mode ? RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY : 0) | \ RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS) @@ -60,6 +56,14 @@ mlx5_crypto_dev_infos_get(struct rte_cryptodev *dev, dev_info->driver_id = mlx5_crypto_driver_id; dev_info->feature_flags = MLX5_CRYPTO_FEATURE_FLAGS(priv->is_wrapped_mode); + if (!mlx5_crypto_is_ipsec_opt(priv)) + dev_info->feature_flags |= + RTE_CRYPTODEV_FF_IN_PLACE_SGL | + RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | + RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | + RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | + RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT; + dev_info->capabilities = priv->caps; dev_info->max_nb_queue_pairs = MLX5_CRYPTO_MAX_QPS; if (priv->caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) { @@ -249,6 +253,16 @@ mlx5_crypto_args_check_handler(const char *key, const char *val, void *opaque) fclose(file); devarg_prms->login_devarg = true; return 0; + } else if (strcmp(key, "crypto_mode") == 0) { + if (strcmp(val, "full_capable") == 0) { + devarg_prms->crypto_mode = MLX5_CRYPTO_FULL_CAPABLE; + } else if (strcmp(val, "ipsec_opt") == 0) { + devarg_prms->crypto_mode = MLX5_CRYPTO_IPSEC_OPT; + } else { + DRV_LOG(ERR, "Invalid crypto mode: %s", val); + rte_errno = EINVAL; + return -rte_errno; + } } errno = 0; tmp = strtoul(val, NULL, 0); @@ -294,6 +308,7 @@ mlx5_crypto_parse_devargs(struct mlx5_kvargs_ctrl *mkvlist, "max_segs_num", "wcs_file", "algo", + "crypto_mode", NULL, }; @@ -379,6 +394,7 @@ mlx5_crypto_dev_probe(struct mlx5_common_device *cdev, priv->crypto_dev = crypto_dev; priv->is_wrapped_mode = wrapped_mode; priv->max_segs_num = devarg_prms.max_segs_num; + priv->crypto_mode = devarg_prms.crypto_mode; /* Init and override AES-GCM configuration. */ if (devarg_prms.is_aes_gcm) { ret = mlx5_crypto_gcm_init(priv); diff --git a/drivers/crypto/mlx5/mlx5_crypto.h b/drivers/crypto/mlx5/mlx5_crypto.h index 5432484f80..547bb490e2 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.h +++ b/drivers/crypto/mlx5/mlx5_crypto.h @@ -25,6 +25,16 @@ MLX5_WSEG_SIZE) #define MLX5_CRYPTO_GCM_MAX_AAD 64 #define MLX5_CRYPTO_GCM_MAX_DIGEST 16 +#define MLX5_CRYPTO_GCM_IPSEC_IV_SIZE 16 + +enum mlx5_crypto_mode { + MLX5_CRYPTO_FULL_CAPABLE, + MLX5_CRYPTO_IPSEC_OPT, +}; + +struct mlx5_crypto_ipsec_mem { + uint8_t mem[MLX5_CRYPTO_GCM_IPSEC_IV_SIZE]; +} __rte_packed; struct mlx5_crypto_priv { TAILQ_ENTRY(mlx5_crypto_priv) next; @@ -45,6 +55,7 @@ struct mlx5_crypto_priv { uint16_t umr_wqe_stride; uint16_t max_rdmar_ds; uint32_t is_wrapped_mode:1; + enum mlx5_crypto_mode crypto_mode; }; struct mlx5_crypto_qp { @@ -57,6 +68,7 @@ struct mlx5_crypto_qp { struct mlx5_devx_obj **mkey; /* WQE's indirect mekys. */ struct mlx5_klm *klm_array; union mlx5_gga_crypto_opaque *opaque_addr; + struct mlx5_crypto_ipsec_mem *ipsec_mem; struct mlx5_mr_ctrl mr_ctrl; struct mlx5_pmd_mr mr; /* Crypto QP. */ @@ -93,6 +105,7 @@ struct mlx5_crypto_devarg_params { uint64_t keytag; uint32_t max_segs_num; uint32_t is_aes_gcm:1; + enum mlx5_crypto_mode crypto_mode; }; struct mlx5_crypto_session { @@ -139,6 +152,12 @@ struct mlx5_crypto_dek_ctx { struct mlx5_crypto_priv *priv; }; +static __rte_always_inline bool +mlx5_crypto_is_ipsec_opt(struct mlx5_crypto_priv *priv) +{ + return priv->crypto_mode == MLX5_CRYPTO_IPSEC_OPT; +} + typedef void *(*mlx5_crypto_mkey_update_t)(struct mlx5_crypto_priv *priv, struct mlx5_crypto_qp *qp, uint32_t idx); diff --git a/drivers/crypto/mlx5/mlx5_crypto_gcm.c b/drivers/crypto/mlx5/mlx5_crypto_gcm.c index fc6ade6711..189e798d1d 100644 --- a/drivers/crypto/mlx5/mlx5_crypto_gcm.c +++ b/drivers/crypto/mlx5/mlx5_crypto_gcm.c @@ -181,6 +181,7 @@ mlx5_crypto_sym_gcm_session_configure(struct rte_cryptodev *dev, DRV_LOG(ERR, "Only AES-GCM algorithm is supported."); return -ENOTSUP; } + if (aead->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) op_type = MLX5_CRYPTO_OP_TYPE_ENCRYPTION; else @@ -235,6 +236,7 @@ mlx5_crypto_gcm_qp_release(struct rte_cryptodev *dev, uint16_t qp_id) } mlx5_crypto_indirect_mkeys_release(qp, qp->entries_n); mlx5_mr_btree_free(&qp->mr_ctrl.cache_bh); + rte_free(qp->ipsec_mem); rte_free(qp); dev->data->queue_pairs[qp_id] = NULL; return 0; @@ -321,13 +323,16 @@ mlx5_crypto_gcm_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, uint32_t log_ops_n = rte_log2_u32(qp_conf->nb_descriptors); uint32_t entries = RTE_BIT32(log_ops_n); uint32_t alloc_size = sizeof(*qp); + uint32_t extra_obj_size = 0; size_t mr_size, opaq_size; void *mr_buf; int ret; + if (!mlx5_crypto_is_ipsec_opt(priv)) + extra_obj_size = sizeof(struct mlx5_devx_obj *); alloc_size = RTE_ALIGN(alloc_size, RTE_CACHE_LINE_SIZE); alloc_size += (sizeof(struct rte_crypto_op *) + - sizeof(struct mlx5_devx_obj *)) * entries; + extra_obj_size) * entries; qp = rte_zmalloc_socket(__func__, alloc_size, RTE_CACHE_LINE_SIZE, socket_id); if (qp == NULL) { @@ -370,7 +375,7 @@ mlx5_crypto_gcm_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, * Triple the CQ size as UMR QP which contains UMR and SEND_EN WQE * will share this CQ . */ - qp->cq_entries_n = rte_align32pow2(entries * 3); + qp->cq_entries_n = rte_align32pow2(entries * (mlx5_crypto_is_ipsec_opt(priv) ? 1 : 3)); ret = mlx5_devx_cq_create(priv->cdev->ctx, &qp->cq_obj, rte_log2_u32(qp->cq_entries_n), &cq_attr, socket_id); @@ -384,7 +389,7 @@ mlx5_crypto_gcm_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, qp_attr.num_of_send_wqbbs = entries; qp_attr.mmo = attr->crypto_mmo.crypto_mmo_qp; /* Set MMO QP as follower as the input data may depend on UMR. */ - qp_attr.cd_slave_send = 1; + qp_attr.cd_slave_send = !mlx5_crypto_is_ipsec_opt(priv); ret = mlx5_devx_qp_create(priv->cdev->ctx, &qp->qp_obj, qp_attr.num_of_send_wqbbs * MLX5_WQE_SIZE, &qp_attr, socket_id); @@ -397,18 +402,28 @@ mlx5_crypto_gcm_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, if (ret) goto err; qp->ops = (struct rte_crypto_op **)(qp + 1); - qp->mkey = (struct mlx5_devx_obj **)(qp->ops + entries); - if (mlx5_crypto_gcm_umr_qp_setup(dev, qp, socket_id)) { - DRV_LOG(ERR, "Failed to setup UMR QP."); - goto err; - } - DRV_LOG(INFO, "QP %u: SQN=0x%X CQN=0x%X entries num = %u", - (uint32_t)qp_id, qp->qp_obj.qp->id, qp->cq_obj.cq->id, entries); - if (mlx5_crypto_indirect_mkeys_prepare(priv, qp, &mkey_attr, - mlx5_crypto_gcm_mkey_klm_update)) { - DRV_LOG(ERR, "Cannot allocate indirect memory regions."); - rte_errno = ENOMEM; - goto err; + if (!mlx5_crypto_is_ipsec_opt(priv)) { + qp->mkey = (struct mlx5_devx_obj **)(qp->ops + entries); + if (mlx5_crypto_gcm_umr_qp_setup(dev, qp, socket_id)) { + DRV_LOG(ERR, "Failed to setup UMR QP."); + goto err; + } + DRV_LOG(INFO, "QP %u: SQN=0x%X CQN=0x%X entries num = %u", + (uint32_t)qp_id, qp->qp_obj.qp->id, qp->cq_obj.cq->id, entries); + if (mlx5_crypto_indirect_mkeys_prepare(priv, qp, &mkey_attr, + mlx5_crypto_gcm_mkey_klm_update)) { + DRV_LOG(ERR, "Cannot allocate indirect memory regions."); + rte_errno = ENOMEM; + goto err; + } + } else { + extra_obj_size = sizeof(struct mlx5_crypto_ipsec_mem) * entries; + qp->ipsec_mem = rte_calloc(__func__, (size_t)1, extra_obj_size, + RTE_CACHE_LINE_SIZE); + if (!qp->ipsec_mem) { + DRV_LOG(ERR, "Failed to allocate ipsec_mem."); + goto err; + } } dev->data->queue_pairs[qp_id] = qp; return 0; @@ -974,6 +989,168 @@ mlx5_crypto_gcm_dequeue_burst(void *queue_pair, return op_num; } +static uint16_t +mlx5_crypto_gcm_ipsec_enqueue_burst(void *queue_pair, + struct rte_crypto_op **ops, + uint16_t nb_ops) +{ + struct mlx5_crypto_qp *qp = queue_pair; + struct mlx5_crypto_session *sess; + struct mlx5_crypto_priv *priv = qp->priv; + struct mlx5_crypto_gcm_data gcm_data; + struct rte_crypto_op *op; + struct rte_mbuf *m_src; + uint16_t mask = qp->entries_n - 1; + uint16_t remain = qp->entries_n - (qp->pi - qp->qp_ci); + uint32_t idx; + uint32_t pkt_iv_len; + uint8_t *payload; + + if (remain < nb_ops) + nb_ops = remain; + else + remain = nb_ops; + if (unlikely(remain == 0)) + return 0; + do { + op = *ops++; + sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); + idx = qp->pi & mask; + m_src = op->sym->m_src; + MLX5_ASSERT(m_src->nb_segs == 1); + payload = rte_pktmbuf_mtod_offset(m_src, void *, op->sym->aead.data.offset); + gcm_data.src_addr = RTE_PTR_SUB(payload, sess->aad_len); + /* + * IPsec IV between payload and AAD should be equal or less than + * MLX5_CRYPTO_GCM_IPSEC_IV_SIZE. + */ + pkt_iv_len = RTE_PTR_DIFF(payload, + RTE_PTR_ADD(op->sym->aead.aad.data, sess->aad_len)); + MLX5_ASSERT(pkt_iv_len <= MLX5_CRYPTO_GCM_IPSEC_IV_SIZE); + gcm_data.src_bytes = op->sym->aead.data.length + sess->aad_len; + gcm_data.src_mkey = mlx5_mr_mb2mr(&qp->mr_ctrl, op->sym->m_src); + /* OOP mode is not supported. */ + MLX5_ASSERT(!op->sym->m_dst || op->sym->m_dst == m_src); + gcm_data.dst_addr = gcm_data.src_addr; + gcm_data.dst_mkey = gcm_data.src_mkey; + gcm_data.dst_bytes = gcm_data.src_bytes; + /* Digest should follow payload. */ + MLX5_ASSERT(RTE_PTR_ADD + (gcm_data.src_addr, sess->aad_len + op->sym->aead.data.length) == + op->sym->aead.digest.data); + if (sess->op_type == MLX5_CRYPTO_OP_TYPE_ENCRYPTION) + gcm_data.dst_bytes += sess->tag_len; + else + gcm_data.src_bytes += sess->tag_len; + mlx5_crypto_gcm_wqe_set(qp, op, idx, &gcm_data); + /* + * All the data such as IV have been copied above, + * shrink AAD before payload. First backup the mem, + * then do shrink. + */ + rte_memcpy(&qp->ipsec_mem[idx], + RTE_PTR_SUB(payload, MLX5_CRYPTO_GCM_IPSEC_IV_SIZE), + MLX5_CRYPTO_GCM_IPSEC_IV_SIZE); + /* If no memory overlap, do copy directly, otherwise memmove. */ + if (likely(pkt_iv_len >= sess->aad_len)) + rte_memcpy(gcm_data.src_addr, op->sym->aead.aad.data, sess->aad_len); + else + memmove(gcm_data.src_addr, op->sym->aead.aad.data, sess->aad_len); + op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + qp->ops[idx] = op; + qp->pi++; + } while (--remain); + qp->stats.enqueued_count += nb_ops; + /* Update the last GGA cseg with COMP. */ + ((struct mlx5_wqe_cseg *)qp->wqe)->flags = + RTE_BE32(MLX5_COMP_ALWAYS << MLX5_COMP_MODE_OFFSET); + mlx5_doorbell_ring(&priv->uar.bf_db, *(volatile uint64_t *)qp->wqe, + qp->pi, &qp->qp_obj.db_rec[MLX5_SND_DBR], + !priv->uar.dbnc); + return nb_ops; +} + +static __rte_always_inline void +mlx5_crypto_gcm_restore_ipsec_mem(struct mlx5_crypto_qp *qp, + uint16_t orci, + uint16_t rci, + uint16_t op_mask) +{ + uint32_t idx; + struct mlx5_crypto_session *sess; + struct rte_crypto_op *op; + struct rte_mbuf *m_src; + uint8_t *payload; + + while (orci != rci) { + idx = orci & op_mask; + op = qp->ops[idx]; + sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); + m_src = op->sym->m_src; + payload = rte_pktmbuf_mtod_offset(m_src, void *, + op->sym->aead.data.offset); + /* Restore the IPsec memory. */ + if (unlikely(sess->aad_len > MLX5_CRYPTO_GCM_IPSEC_IV_SIZE)) + memmove(op->sym->aead.aad.data, + RTE_PTR_SUB(payload, sess->aad_len), sess->aad_len); + rte_memcpy(RTE_PTR_SUB(payload, MLX5_CRYPTO_GCM_IPSEC_IV_SIZE), + &qp->ipsec_mem[idx], MLX5_CRYPTO_GCM_IPSEC_IV_SIZE); + orci++; + } +} + +static uint16_t +mlx5_crypto_gcm_ipsec_dequeue_burst(void *queue_pair, + struct rte_crypto_op **ops, + uint16_t nb_ops) +{ + struct mlx5_crypto_qp *qp = queue_pair; + volatile struct mlx5_cqe *restrict cqe; + const unsigned int cq_size = qp->cq_entries_n; + const unsigned int mask = cq_size - 1; + const unsigned int op_mask = qp->entries_n - 1; + uint32_t idx; + uint32_t next_idx = qp->cq_ci & mask; + uint16_t reported_ci = qp->reported_ci; + uint16_t qp_ci = qp->qp_ci; + const uint16_t max = RTE_MIN((uint16_t)(qp->pi - reported_ci), nb_ops); + uint16_t op_num = 0; + int ret; + + if (unlikely(max == 0)) + return 0; + while (qp_ci - reported_ci < max) { + idx = next_idx; + next_idx = (qp->cq_ci + 1) & mask; + cqe = &qp->cq_obj.cqes[idx]; + ret = check_cqe(cqe, cq_size, qp->cq_ci); + if (unlikely(ret != MLX5_CQE_STATUS_SW_OWN)) { + if (unlikely(ret != MLX5_CQE_STATUS_HW_OWN)) + mlx5_crypto_gcm_cqe_err_handle(qp, + qp->ops[reported_ci & op_mask]); + break; + } + qp_ci = rte_be_to_cpu_16(cqe->wqe_counter) + 1; + qp->cq_ci++; + } + /* If wqe_counter changed, means CQE handled. */ + if (likely(qp->qp_ci != qp_ci)) { + qp->qp_ci = qp_ci; + rte_io_wmb(); + qp->cq_obj.db_rec[0] = rte_cpu_to_be_32(qp->cq_ci); + } + /* If reported_ci is not same with qp_ci, means op retrieved. */ + if (qp_ci != reported_ci) { + op_num = RTE_MIN((uint16_t)(qp_ci - reported_ci), max); + reported_ci += op_num; + mlx5_crypto_gcm_restore_ipsec_mem(qp, qp->reported_ci, reported_ci, op_mask); + mlx5_crypto_gcm_fill_op(qp, ops, qp->reported_ci, reported_ci, op_mask); + qp->stats.dequeued_count += op_num; + qp->reported_ci = reported_ci; + } + return op_num; +} + int mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv) { @@ -987,9 +1164,16 @@ mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv) mlx5_os_set_reg_mr_cb(&priv->reg_mr_cb, &priv->dereg_mr_cb); dev_ops->queue_pair_setup = mlx5_crypto_gcm_qp_setup; dev_ops->queue_pair_release = mlx5_crypto_gcm_qp_release; - crypto_dev->dequeue_burst = mlx5_crypto_gcm_dequeue_burst; - crypto_dev->enqueue_burst = mlx5_crypto_gcm_enqueue_burst; - priv->max_klm_num = RTE_ALIGN((priv->max_segs_num + 1) * 2 + 1, MLX5_UMR_KLM_NUM_ALIGN); + if (mlx5_crypto_is_ipsec_opt(priv)) { + crypto_dev->dequeue_burst = mlx5_crypto_gcm_ipsec_dequeue_burst; + crypto_dev->enqueue_burst = mlx5_crypto_gcm_ipsec_enqueue_burst; + priv->max_klm_num = 0; + } else { + crypto_dev->dequeue_burst = mlx5_crypto_gcm_dequeue_burst; + crypto_dev->enqueue_burst = mlx5_crypto_gcm_enqueue_burst; + priv->max_klm_num = RTE_ALIGN((priv->max_segs_num + 1) * 2 + 1, + MLX5_UMR_KLM_NUM_ALIGN); + } /* Generate GCM capability. */ ret = mlx5_crypto_generate_gcm_cap(&cdev->config.hca_attr.crypto_mmo, mlx5_crypto_gcm_caps); From patchwork Mon Jun 24 09:16:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suanming Mou X-Patchwork-Id: 141531 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AB64F454DE; Mon, 24 Jun 2024 11:17:48 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0898740B8D; Mon, 24 Jun 2024 11:17:39 +0200 (CEST) Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2046.outbound.protection.outlook.com [40.107.243.46]) by mails.dpdk.org (Postfix) with ESMTP id BE73B406BA for ; Mon, 24 Jun 2024 11:17:36 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=klnAR0dN6rSv4VgqdLzGe5jINPYz9KjwphFLq+Tgc6Qe9cXa+h9XlsiHQvRE43in6SrHPs/HU9LFpwFNyZKA195PCaW0g1dqPbETkAE0COWz9jHk4jq0D5ZX4P4Uu0sdZH90ClBnR3Lpvd1S85wJCz13J9bAEn/aHyZxZU1kIGduFUbvaVouGBvwOIfrgMDiMBYNNGmAqkN67Gjd6Iv2z0gIKwgtCGeipMEBMWjkfDKNhIVwF81pG09qQCUJRyfmv5WB5u4vph+cd+15xcgBCFmp32sRJqC+Fre2Sn7j24IDd5ww66aBMe45QktCsszHFMVitNunIi0nrqHZ1f1FLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KALD01J/Ve7WearllKqLslnJJQHVjIzvv4yd3S4yeMo=; b=RvXpd7dFP9/9rNM1tNa9nTduYkgs76VCTCYdHo75r4zKuzIQ4hH5rdS52z0cyWlrzKaObrVNHoHXD++ptfCD8N5dyJRH6VQVfXY3DKXtXfqNhl2AX+5U/Kq9uxtfyjWM+zdDq6Rr0XBVBuc7wzzk/UI9vPRMq9o7SwqL7jhn+WsUVPJ3egB7BbtzRuQOgRMZmF5Zw/qxZK6Y2K5Z9g7fQW5mehVXf/z/Ag+t3MwO0Ezd9TXWaqM59a758mFkLENAZSPu/4wjSq5KFxfS2UNYh+8vhMkvJ6NQF0oNRcfzJ+fLrPlgXNqCUj0x1dm6N9vEMq3Z1pGaAEfVDn4SdEO9LA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KALD01J/Ve7WearllKqLslnJJQHVjIzvv4yd3S4yeMo=; b=Rj+8MCihm3LOcRICxd6k1z3wwRM2hMusXVpX6OVvOviHqET5IQOicAsjpuI023bIp8m4pFjdndoIvfVcIpTmg48Uj3rEquZlV/fYv7SM1+n/YKNJbV2H2cRuDl6fOR+aZx7Fyrs3DIz1vLuhtya+EoWQpQGWGkJVunC2UmOChGl0+Bfu35Wq5+zH65/POh2IgKVs+5HpGglk0XS6USkHUN/tGFEK89k3F9jvaunleVaOIYY2eiDqe3wHZOylxnxvna3ZCTc6V9o9LLm729IfS3qstBnoGuM58yjCbwlPvpq7ySXA/8H505VNb9irJ5yiR16dFURJQj+qmHUbO1VTGw== Received: from CH2PR05CA0004.namprd05.prod.outlook.com (2603:10b6:610::17) by DS7PR12MB6309.namprd12.prod.outlook.com (2603:10b6:8:96::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.28; Mon, 24 Jun 2024 09:17:34 +0000 Received: from CH2PEPF00000142.namprd02.prod.outlook.com (2603:10b6:610:0:cafe::10) by CH2PR05CA0004.outlook.office365.com (2603:10b6:610::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.19 via Frontend Transport; Mon, 24 Jun 2024 09:17:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CH2PEPF00000142.mail.protection.outlook.com (10.167.244.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.15 via Frontend Transport; Mon, 24 Jun 2024 09:17:33 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 24 Jun 2024 02:17:17 -0700 Received: from nvidia.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 24 Jun 2024 02:17:16 -0700 From: Suanming Mou To: Matan Azrad CC: , Subject: [PATCH v3 2/2] crypto/mlx5: add out of place mode for IPsec operation Date: Mon, 24 Jun 2024 17:16:51 +0800 Message-ID: <20240624091651.2295533-3-suanmingm@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240624091651.2295533-1-suanmingm@nvidia.com> References: <20240530072413.1602343-1-suanmingm@nvidia.com> <20240624091651.2295533-1-suanmingm@nvidia.com> MIME-Version: 1.0 X-Originating-IP: [10.126.230.35] X-ClientProxiedBy: rnnvmail203.nvidia.com (10.129.68.9) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF00000142:EE_|DS7PR12MB6309:EE_ X-MS-Office365-Filtering-Correlation-Id: ad1bda7f-b08d-44b8-60fe-08dc942e7b49 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230037|36860700010|376011|1800799021|82310400023; X-Microsoft-Antispam-Message-Info: AVWlXdPEnfZrm0D8nYzEacMTtvx5mVuX+KzVoU5MBEUGyvzlvcDIcIJNy9lQA/4LsLrKdCzE42o4sR4vhTKm2X7reTfh3j4rJj4bcWGtLeHpNqF+/Onh0GbHyvUHkWpYwlvD88d+QfGJ3PTt7CuWPQeL8a3Y+aF5GxYMygbJioHGTEgV3bPz22QQZhOSQ9kguXCKot4/8YpiC6WC6kcMT8LTXOLbuyB+xxkGSGHN//tG1ybgize9RGneK211t4CJRdp4WOO/XanANutHdx/hMKzgyIKTVCNucHAWNlSuDK+gz5uliZy06s/K/yxY6jwW0EVTqMd0DeOcDrdRZKUh8h4Vtu9NXyooQALp60wXbf78x8ewJX02x+90kZbee3gu6TwdNq5vd0oPriaS2ABYs8U0+j6C25vWFyPs5U/Z4beLAB6wClhFm0GvM/qypLlZ//WijLKTrCoDOjLUYyGmFjaOkRjfvXQEOLZx8k2jLnemhKsLAXzTMUsyS+drSt5Y1OoU76FAzG3pei6QZTdyhdUg1qpRVQHJdiYv7mKKNHOweXdqIxFlV8/2cFgYJ02OKce4ClQgToDXl5IwinORiotPJAMRDk+cfFxc1JNJMq8ngVV0IgqFbT8/okqV8T5at9v5mJhZ+UVVBhFb8Hh44MLo+S2yK+QzyKtWhqK8GTZstnYu7FtQkQm1StxeukeMoqlDfB7gQ3In4SY3t4jESO6tTeMFifPy97PunHhoUvHaL6zeHbtPsJXJbq4lUzZxYHORxXf/qdSVV6iKvx1PbD97wLCsdgCI6A9eTHELG6P2e6BSlZOA8npfVJ/koZqR4mr/vaceow46ZiL1iXYkHpWPYgFSq22Og/L5cZ9bUYRxyVHq00TMyDbI2qPEzzLIRK+dc36OP5yEcBq+jhP8luyJlaXGC1eYkGpw2lJmMP6gK/SBHEHIptIT+xB6TKytpna9/pCxikQnj0ulrmOs1+LOhRLbHDXq/JK9LH5TcsuyJOAXVOpPBw5eyq5DHwy080ACZLn3xWP3aFubfWg3JoRosdh7OSphNj6qSBqon0/ZBFOS+fhVj28nUgyU+R7R64X3XAWYmrCQGjm2nLHyODvhofw0d3jKJFtp9aKcjfRlbKao6vpbY5x88YkGJ6qI4l0z1PbqWHqJ1ZKXGuW27hoSpyctkSkY+dHI7l2HNttn0brXl0SIAnfQvlS9y/uPPHTVA5h2He1IzjtPqy9JD/qHFdgfeGB9EzFg1Dr1Fa+y+toFdhlcXIedIJDeytuT4NszcoEbj/aWx0Vh+9koZQeLb1s3D+GgGC6TwZ1drAKfikg2trYfPaUKkSWRBy7xEmygkVrSlzjg+9K8to6d5XSJdle6yPXlTeEFDoIrCtrifilCdDvvxflLwRziGLDPnqe1bPpVtn4GtVX81ZolHw== X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230037)(36860700010)(376011)(1800799021)(82310400023); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jun 2024 09:17:33.5862 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ad1bda7f-b08d-44b8-60fe-08dc942e7b49 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF00000142.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6309 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org The IPsec operation shrinks AAD directly before payload in enqueue burst and restores the memory in dequeue burst. This commit adds the support of OOP mode follows the similar strategy. Signed-off-by: Suanming Mou Acked-by: Matan Azrad --- doc/guides/cryptodevs/mlx5.rst | 3 ++ drivers/crypto/mlx5/mlx5_crypto.c | 2 +- drivers/crypto/mlx5/mlx5_crypto_gcm.c | 43 +++++++++++++++++++++------ 3 files changed, 38 insertions(+), 10 deletions(-) diff --git a/doc/guides/cryptodevs/mlx5.rst b/doc/guides/cryptodevs/mlx5.rst index fd0aa1ed8b..0568852571 100644 --- a/doc/guides/cryptodevs/mlx5.rst +++ b/doc/guides/cryptodevs/mlx5.rst @@ -201,6 +201,9 @@ for an additional list of options shared with other mlx5 drivers. AAD (ESP SPI and SN) to the payload during enqueue OP. It then restores the original memory layout in the decrypt OP. ESP.IV size supported range is [0,16] bytes. + For OOP case, PMD will replace the bytes preceding the OP destination + address to match the information found between the AAD pointer and the + OP source address. User should prepare this headroom in this case. Set to ``full_capable`` by default. diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c index d49a375dcb..bf9cbd4a6a 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.c +++ b/drivers/crypto/mlx5/mlx5_crypto.c @@ -25,6 +25,7 @@ #define MLX5_CRYPTO_FEATURE_FLAGS(wrapped_mode) \ (RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | \ + RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | \ (wrapped_mode ? RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY : 0) | \ RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS) @@ -61,7 +62,6 @@ mlx5_crypto_dev_infos_get(struct rte_cryptodev *dev, RTE_CRYPTODEV_FF_IN_PLACE_SGL | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | - RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT; dev_info->capabilities = priv->caps; diff --git a/drivers/crypto/mlx5/mlx5_crypto_gcm.c b/drivers/crypto/mlx5/mlx5_crypto_gcm.c index 189e798d1d..f598273873 100644 --- a/drivers/crypto/mlx5/mlx5_crypto_gcm.c +++ b/drivers/crypto/mlx5/mlx5_crypto_gcm.c @@ -1000,6 +1000,7 @@ mlx5_crypto_gcm_ipsec_enqueue_burst(void *queue_pair, struct mlx5_crypto_gcm_data gcm_data; struct rte_crypto_op *op; struct rte_mbuf *m_src; + struct rte_mbuf *m_dst; uint16_t mask = qp->entries_n - 1; uint16_t remain = qp->entries_n - (qp->pi - qp->qp_ci); uint32_t idx; @@ -1029,19 +1030,32 @@ mlx5_crypto_gcm_ipsec_enqueue_burst(void *queue_pair, MLX5_ASSERT(pkt_iv_len <= MLX5_CRYPTO_GCM_IPSEC_IV_SIZE); gcm_data.src_bytes = op->sym->aead.data.length + sess->aad_len; gcm_data.src_mkey = mlx5_mr_mb2mr(&qp->mr_ctrl, op->sym->m_src); - /* OOP mode is not supported. */ - MLX5_ASSERT(!op->sym->m_dst || op->sym->m_dst == m_src); - gcm_data.dst_addr = gcm_data.src_addr; - gcm_data.dst_mkey = gcm_data.src_mkey; + m_dst = op->sym->m_dst; + if (m_dst && m_dst != m_src) { + MLX5_ASSERT(m_dst->nb_segs == 1 && + (rte_pktmbuf_headroom(m_dst) + op->sym->aead.data.offset) + >= sess->aad_len + pkt_iv_len); + gcm_data.dst_addr = RTE_PTR_SUB + (rte_pktmbuf_mtod_offset(m_dst, + void *, op->sym->aead.data.offset), sess->aad_len); + gcm_data.dst_mkey = mlx5_mr_mb2mr(&qp->mr_ctrl, m_dst); + } else { + gcm_data.dst_addr = gcm_data.src_addr; + gcm_data.dst_mkey = gcm_data.src_mkey; + } gcm_data.dst_bytes = gcm_data.src_bytes; /* Digest should follow payload. */ - MLX5_ASSERT(RTE_PTR_ADD - (gcm_data.src_addr, sess->aad_len + op->sym->aead.data.length) == - op->sym->aead.digest.data); - if (sess->op_type == MLX5_CRYPTO_OP_TYPE_ENCRYPTION) + if (sess->op_type == MLX5_CRYPTO_OP_TYPE_ENCRYPTION) { + MLX5_ASSERT(RTE_PTR_ADD(gcm_data.dst_addr, + sess->aad_len + op->sym->aead.data.length) == + op->sym->aead.digest.data); gcm_data.dst_bytes += sess->tag_len; - else + } else { + MLX5_ASSERT(RTE_PTR_ADD(gcm_data.src_addr, + sess->aad_len + op->sym->aead.data.length) == + op->sym->aead.digest.data); gcm_data.src_bytes += sess->tag_len; + } mlx5_crypto_gcm_wqe_set(qp, op, idx, &gcm_data); /* * All the data such as IV have been copied above, @@ -1080,6 +1094,7 @@ mlx5_crypto_gcm_restore_ipsec_mem(struct mlx5_crypto_qp *qp, struct mlx5_crypto_session *sess; struct rte_crypto_op *op; struct rte_mbuf *m_src; + struct rte_mbuf *m_dst; uint8_t *payload; while (orci != rci) { @@ -1095,6 +1110,16 @@ mlx5_crypto_gcm_restore_ipsec_mem(struct mlx5_crypto_qp *qp, RTE_PTR_SUB(payload, sess->aad_len), sess->aad_len); rte_memcpy(RTE_PTR_SUB(payload, MLX5_CRYPTO_GCM_IPSEC_IV_SIZE), &qp->ipsec_mem[idx], MLX5_CRYPTO_GCM_IPSEC_IV_SIZE); + m_dst = op->sym->m_dst; + if (m_dst && m_dst != m_src) { + uint32_t bytes_to_copy; + + bytes_to_copy = RTE_PTR_DIFF(payload, op->sym->aead.aad.data); + rte_memcpy(RTE_PTR_SUB(rte_pktmbuf_mtod_offset(m_dst, void *, + op->sym->aead.data.offset), bytes_to_copy), + op->sym->aead.aad.data, + bytes_to_copy); + } orci++; } }