From: Leon Romanovsky <leon@kernel.org>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Israel Rukshin <israelr@nvidia.com>,
Bryan Tan <bryantan@vmware.com>, Christoph Hellwig <hch@lst.de>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Jens Axboe <axboe@fb.com>,
Keith Busch <kbusch@kernel.org>,
linux-kernel@vger.kernel.org, linux-nvme@lists.infradead.org,
linux-rdma@vger.kernel.org, linux-trace-kernel@vger.kernel.org,
Masami Hiramatsu <mhiramat@kernel.org>,
Max Gurtovoy <mgurtovoy@nvidia.com>,
netdev@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>,
Saeed Mahameed <saeedm@nvidia.com>,
Sagi Grimberg <sagi@grimberg.me>,
Selvin Xavier <selvin.xavier@broadcom.com>,
Steven Rostedt <rostedt@goodmis.org>,
Vishnu Dasa <vdasa@vmware.com>, Yishai Hadas <yishaih@nvidia.com>
Subject: [PATCH rdma-next 08/13] RDMA/mlx5: Add cryptographic device capabilities
Date: Mon, 16 Jan 2023 15:05:55 +0200 [thread overview]
Message-ID: <39ba2f3cd1786e47f2541f4a7be59cc5af4b03c7.1673873422.git.leon@kernel.org> (raw)
In-Reply-To: <cover.1673873422.git.leon@kernel.org>
From: Israel Rukshin <israelr@nvidia.com>
The capabilities provide information on general cryptographic support,
maximum number of DEKs and status for RDMA devices. Also, they include
the supported cryptographic engines and their import method (wrapped or
plaintext). Wrapped crypto operational flag indicates the import method
mode that can be used. For now, add only AES-XTS cryptographic support.
Signed-off-by: Israel Rukshin <israelr@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
drivers/infiniband/hw/mlx5/Makefile | 1 +
drivers/infiniband/hw/mlx5/crypto.c | 31 ++++++++++++++++++++++++++++
drivers/infiniband/hw/mlx5/crypto.h | 11 ++++++++++
drivers/infiniband/hw/mlx5/main.c | 5 +++++
drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 ++
5 files changed, 50 insertions(+)
create mode 100644 drivers/infiniband/hw/mlx5/crypto.c
create mode 100644 drivers/infiniband/hw/mlx5/crypto.h
diff --git a/drivers/infiniband/hw/mlx5/Makefile b/drivers/infiniband/hw/mlx5/Makefile
index 612ee8190a2d..d6ae1a08b5b2 100644
--- a/drivers/infiniband/hw/mlx5/Makefile
+++ b/drivers/infiniband/hw/mlx5/Makefile
@@ -6,6 +6,7 @@ mlx5_ib-y := ah.o \
cong.o \
counters.o \
cq.o \
+ crypto.o \
dm.o \
doorbell.o \
gsi.o \
diff --git a/drivers/infiniband/hw/mlx5/crypto.c b/drivers/infiniband/hw/mlx5/crypto.c
new file mode 100644
index 000000000000..6fad9084877e
--- /dev/null
+++ b/drivers/infiniband/hw/mlx5/crypto.c
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
+/* Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. */
+
+#include "crypto.h"
+
+void mlx5r_crypto_caps_init(struct mlx5_ib_dev *dev)
+{
+ struct ib_crypto_caps *caps = &dev->crypto_caps;
+ struct mlx5_core_dev *mdev = dev->mdev;
+
+ if (!(MLX5_CAP_GEN_64(dev->mdev, general_obj_types) &
+ MLX5_HCA_CAP_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY))
+ return;
+
+ if (!MLX5_CAP_GEN(mdev, aes_xts_multi_block_le_tweak) &&
+ !MLX5_CAP_GEN(mdev, aes_xts_multi_block_be_tweak))
+ return;
+
+ if (MLX5_CAP_CRYPTO(mdev, wrapped_import_method) &
+ MLX5_CRYPTO_WRAPPED_IMPORT_METHOD_CAP_AES_XTS)
+ return;
+
+ if (MLX5_CAP_CRYPTO(mdev, failed_selftests)) {
+ mlx5_ib_warn(dev, "crypto self-tests failed with error 0x%x\n",
+ MLX5_CAP_CRYPTO(mdev, failed_selftests));
+ return;
+ }
+
+ caps->crypto_engines |= IB_CRYPTO_ENGINES_CAP_AES_XTS;
+ caps->max_num_deks = 1 << MLX5_CAP_CRYPTO(mdev, log_max_num_deks);
+}
diff --git a/drivers/infiniband/hw/mlx5/crypto.h b/drivers/infiniband/hw/mlx5/crypto.h
new file mode 100644
index 000000000000..8686ac6fb0b0
--- /dev/null
+++ b/drivers/infiniband/hw/mlx5/crypto.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
+/* Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. */
+
+#ifndef _MLX5_IB_CRYPTO_H
+#define _MLX5_IB_CRYPTO_H
+
+#include "mlx5_ib.h"
+
+void mlx5r_crypto_caps_init(struct mlx5_ib_dev *dev);
+
+#endif /* _MLX5_IB_CRYPTO_H */
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index fb0d97bd4074..10f12e9a4dc3 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -39,6 +39,7 @@
#include "srq.h"
#include "qp.h"
#include "wr.h"
+#include "crypto.h"
#include "restrack.h"
#include "counters.h"
#include "umr.h"
@@ -989,6 +990,7 @@ static int mlx5_ib_query_device(struct ib_device *ibdev,
props->max_ah = INT_MAX;
props->hca_core_clock = MLX5_CAP_GEN(mdev, device_frequency_khz);
props->timestamp_mask = 0x7FFFFFFFFFFFFFFFULL;
+ props->crypto_caps = dev->crypto_caps;
if (IS_ENABLED(CONFIG_INFINIBAND_ON_DEMAND_PAGING)) {
if (dev->odp_caps.general_caps & IB_ODP_SUPPORT)
@@ -3826,6 +3828,9 @@ static int mlx5_ib_stage_caps_init(struct mlx5_ib_dev *dev)
if (MLX5_CAP_GEN(mdev, xrc))
ib_set_device_ops(&dev->ib_dev, &mlx5_ib_dev_xrc_ops);
+ if (MLX5_CAP_GEN(mdev, crypto))
+ mlx5r_crypto_caps_init(dev);
+
if (MLX5_CAP_DEV_MEM(mdev, memic) ||
MLX5_CAP_GEN_64(dev->mdev, general_obj_types) &
MLX5_GENERAL_OBJ_TYPES_CAP_SW_ICM)
diff --git a/drivers/infiniband/hw/mlx5/mlx5_ib.h b/drivers/infiniband/hw/mlx5/mlx5_ib.h
index 295502692da2..8f6850539542 100644
--- a/drivers/infiniband/hw/mlx5/mlx5_ib.h
+++ b/drivers/infiniband/hw/mlx5/mlx5_ib.h
@@ -1100,6 +1100,8 @@ struct mlx5_ib_dev {
struct mlx5_ib_delay_drop delay_drop;
const struct mlx5_ib_profile *profile;
+ struct ib_crypto_caps crypto_caps;
+
struct mlx5_ib_lb_state lb;
u8 umr_fence;
struct list_head ib_dev_list;
--
2.39.0
next prev parent reply other threads:[~2023-01-16 13:07 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-16 13:05 [PATCH rdma-next 00/13] Add RDMA inline crypto support Leon Romanovsky
2023-01-16 13:05 ` [PATCH mlx5-next 01/13] net/mlx5: Introduce crypto IFC bits and structures Leon Romanovsky
2023-01-16 13:05 ` [PATCH mlx5-next 02/13] net/mlx5: Introduce crypto capabilities macro Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 03/13] RDMA: Split kernel-only create QP flags from uverbs create QP flags Leon Romanovsky
2023-01-16 17:39 ` Jason Gunthorpe
2023-01-17 12:03 ` Leon Romanovsky
2023-01-17 13:49 ` Jason Gunthorpe
2023-01-17 14:14 ` Leon Romanovsky
2023-01-17 14:21 ` Jason Gunthorpe
2023-01-17 14:34 ` Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 04/13] RDMA/core: Add cryptographic device capabilities Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 05/13] RDMA/core: Add DEK management API Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 06/13] RDMA/core: Introduce MR type for crypto operations Leon Romanovsky
2023-01-17 19:40 ` Steven Rostedt
2023-01-16 13:05 ` [PATCH rdma-next 07/13] RDMA/core: Add support for creating crypto enabled QPs Leon Romanovsky
2023-01-16 13:05 ` Leon Romanovsky [this message]
2023-01-16 13:05 ` [PATCH rdma-next 09/13] RDMA/mlx5: Add DEK management API Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 10/13] RDMA/mlx5: Add AES-XTS crypto support Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 11/13] nvme: Introduce a local variable Leon Romanovsky
2023-01-17 0:32 ` Chaitanya Kulkarni
2023-01-17 11:59 ` Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 12/13] nvme: Add crypto profile at nvme controller Leon Romanovsky
2023-01-17 0:31 ` Chaitanya Kulkarni
2023-01-17 11:59 ` Leon Romanovsky
2023-01-16 13:06 ` [PATCH rdma-next 13/13] nvme-rdma: Add inline encryption support Leon Romanovsky
2023-01-18 6:47 ` [PATCH rdma-next 00/13] Add RDMA inline crypto support Eric Biggers
2023-01-18 7:14 ` Chaitanya Kulkarni
2023-01-18 7:17 ` Eric Biggers
2023-01-18 8:22 ` Leon Romanovsky
2023-01-18 8:58 ` Israel Rukshin
2023-01-18 7:36 ` Christoph Hellwig
2023-01-18 14:20 ` Max Gurtovoy
2023-01-30 12:35 ` Christoph Hellwig
2023-01-30 14:33 ` Max Gurtovoy
2023-02-14 10:01 ` Sagi Grimberg
2023-01-23 11:27 ` Sagi Grimberg
2023-01-23 12:57 ` Israel Rukshin
2023-01-30 12:36 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=39ba2f3cd1786e47f2541f4a7be59cc5af4b03c7.1673873422.git.leon@kernel.org \
--to=leon@kernel.org \
--cc=axboe@fb.com \
--cc=bryantan@vmware.com \
--cc=edumazet@google.com \
--cc=hch@lst.de \
--cc=israelr@nvidia.com \
--cc=jgg@nvidia.com \
--cc=kbusch@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mgurtovoy@nvidia.com \
--cc=mhiramat@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rostedt@goodmis.org \
--cc=saeedm@nvidia.com \
--cc=sagi@grimberg.me \
--cc=selvin.xavier@broadcom.com \
--cc=vdasa@vmware.com \
--cc=yishaih@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.