Commit Graph

1159 Commits

Author SHA1 Message Date
John Baldwin
4361c4eb6e cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of
block 0 passed to CBC_MAC, so merely copying the first N bytes is
insufficient.

To avoid adding more sideband data to the CBC MAC software context,
pull the generation of block 0, the AAD length, and AAD padding out of
cbc_mac.c and into cryptosoft.c.  This matches how GCM/GMAC are
handled where the length block is constructed in cryptosoft.c and
passed as an input to the Update callback.  As a result, the CBC MAC
Update() routine is now much simpler and simply performs the
XOR-and-encrypt step on each input block.

While here, avoid a copy to the staging block in the Update routine
when one or more full blocks are passed as input to the Update
callback.

Reviewed by:	sef
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32120
2021-10-06 14:08:48 -07:00
John Baldwin
e148e407df ccr: Support AES-CCM requests with truncated tags.
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D32117
2021-10-06 14:08:48 -07:00
John Baldwin
3e6a97b3a7 ccr: Support multiple nonce lengths for AES-CCM.
Sponsored by:	Chelsio Communications, The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32116
2021-10-06 14:08:48 -07:00
John Baldwin
5ae5ed5b8f cryptosoft, ccr: Use crp_iv directly for AES-CCM and AES-GCM.
Rather than copying crp_iv to a local array on the stack that is then
passed to xform reinit routines, pass crp_iv directly and remove the
local copy.

Reviewed by:	markj
Sponsored by:	Chelsio Communications, The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32106
2021-10-06 14:08:46 -07:00
John Baldwin
1833d6042c crypto: Permit variable-sized IVs for ciphers with a reinit hook.
Add a 'len' argument to the reinit hook in 'struct enc_xform' to
permit support for AEAD ciphers such as AES-CCM and Chacha20-Poly1305
which support different nonce lengths.

Reviewed by:	markj
Sponsored by:	Chelsio Communications, The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32105
2021-10-06 14:08:46 -07:00
John Baldwin
cb128893b9 ccp, ccr: Simplify drivers to assume an AES-GCM IV length of 12.
While here, use crypto_read_iv() in a few more places in ccr(4) that I
missed previously.

Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D32104
2021-10-06 14:08:46 -07:00
Navdeep Parhar
45d6fbaec2 cxgbe(4): Update firmwares to 1.26.2.0.
The firmwares and the following changelog are from the "Chelsio Unified
Wire v3.15.0.0 for Linux."

Version : 1.26.2.0
Date    : 09/24/2021
====================

FIXES
-----

BASE:
- Added support for SFP+ RJ45 (0x1C).
- Fixing backward compatibility issue with older drivers when multiple
  speeds are passed to firmware.

OFLD:
- Do not touch tp_plen_max if driver is supplying tp_plen_max. This
  fixes a connection reset issue in iscsi.

ENHANCEMENTS
------------

BASE:
- Firmware header modified to add firmware binary signature.

MFC after:	1 month
Sponsored by:	Chelsio Communications
2021-09-27 23:52:51 -07:00
Mark Johnston
14a634df53 cxgbe: Mark received packets as initialized for KMSAN
The KMSAN runtime needs to have its shadow maps updated when devices
update host memory, otherwise it assumes that device-populated memory is
uninitialized.  For most drivers this is handled transparently by
busdma, but cxgbe doesn't make use of dma maps for receive buffers and
so requires special treatment.

Reported by:	mjg
Tested by:	mjg
Reviewed by:	np
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32102
2021-09-24 14:37:05 -04:00
Kristof Provost
de2a0fafe6 cxgbe: fix LINT-NOIP builds
The -NOIP builds fail because cxgbe_tls_tag_free() has no prototype (if
neither INET nor INET6 are defined). The function isn't actually used
in that case, so we can just remove the stub implementation.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-09-24 14:21:18 +02:00
John Baldwin
9affbb0f52 cxgbe tom: Enter network epoch in t4_aiotx_task().
While here, don't restore the old vnet until after sorele().

Sponsored by:	Chelsio Communications
2021-09-14 13:46:15 -07:00
John Baldwin
5dbf8c1588 cxgbe tom: Update rcv_nxt for a FIN after handle_ddp_close().
For TCP DDP, handle_ddp_close() needs to see the pre-FIN rcv_nxt to
determine how much data was placed in the local buffer before the FIN
was received.  The changes in d59f1c49e2 broke this by updating
rcv_nxt before calling handle_ddp_close().

Fixes:		d59f1c49e2 cxgbe tom: Permit rcv_nxt mismatches on FIN for iSCSI connections on T6.
Sponsored by:	Chelsio Communications
2021-09-14 13:46:14 -07:00
John Baldwin
1ecbc1d8e9 cxgbe tom: Don't queue AIO requests on listen sockets.
This is similar to the fixes in 141fe2dcee.  One difference is that
TOE sockets do not change states (listen vs non-listen) once created,
so no lock is needed for SOLISTENING().

Sponsored by:	Chelsio Communications
2021-09-14 13:46:14 -07:00
John Baldwin
c782ea8bb5 Add a switch structure for send tags.
Move the type and function pointers for operations on existing send
tags (modify, query, next, free) out of 'struct ifnet' and into a new
'struct if_snd_tag_sw'.  A pointer to this structure is added to the
generic part of send tags and is initialized by m_snd_tag_init()
(which now accepts a switch structure as a new argument in place of
the type).

Previously, device driver ifnet methods switched on the type to call
type-specific functions.  Now, those type-specific functions are saved
in the switch structure and invoked directly.  In addition, this more
gracefully permits multiple implementations of the same tag within a
driver.  In particular, NIC TLS for future Chelsio adapters will use a
different implementation than the existing NIC TLS support for T6
adapters.

Reviewed by:	gallatin, hselasky, kib (older version)
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31572
2021-09-14 11:43:41 -07:00
John Baldwin
f63ddf465f cxgbei: Only convert "plain" TCP connections to ISCSI.
Reject attempts to convert a connection using a different ULP
mode: (e.g. DDP or TLS) to ISCSI.

Reported by:	Jithesh Arakkan @ Chelsio
Sponsored by:	Chelsio Communications
2021-09-13 09:57:54 -07:00
John Baldwin
b7caa81576 cxgbei: Return early for EBUSY error in icl_cxgbei_conn_handoff.
This permits unindenting almost half of the function.

Sponsored by:	Chelsio Communications
2021-09-13 09:57:54 -07:00
John Baldwin
9b1bb0aee6 cxgbei: Disable ISO for -SO cards without external memory.
Reported by:	Jithesh Arakkan @ Chelsio
Sponsored by:	Chelsio Communications
2021-09-13 09:57:54 -07:00
John Baldwin
4d4cf62e29 cxgbei: Handle errors in PDUs.
When a PDU with an error (bad padding, header digest, or data digest)
is received, log the error via ICL_WARN() and then reset the
connection via the ic_error callback.

While here, add per-rxq counters for errors.

Sponsored by:	Chelsio Communications
2021-09-10 15:10:00 -07:00
Navdeep Parhar
53c17de2b4 cxgbe/t4_tom: Use stale L2T entry and avoid busy-waiting for resolution.
MFC after:	1 week
Sponsored by:	Chelsio Communications
2021-09-08 20:55:47 -07:00
Navdeep Parhar
92de737996 cxgbe(4): Fix the decode and display of the DBVFIFO region in meminfo.
MFC after:	1 week
Sponsored by:	Chelsio Communications
2021-09-07 16:28:11 -07:00
Navdeep Parhar
83a611e092 cxgbe(4): Display HMA information in meminfo.
This should have been added with initial T6 support many years ago.

MFC after:	1 week
Sponsored by:	Chelsio Communications
2021-09-07 16:05:33 -07:00
Mark Johnston
f94acf52a4 socket: Rename sb(un)lock() and interlock with listen(2)
In preparation for moving sockbuf locks into the containing socket,
provide alternative macros for the sockbuf I/O locks:
SOCK_IO_SEND_(UN)LOCK() and SOCK_IO_RECV_(UN)LOCK().  These operate on a
socket rather than a socket buffer.  Note that these locks are used only
to prevent concurrent readers and writters from interleaving I/O.

When locking for I/O, return an error if the socket is a listening
socket.  Currently the check is racy since the sockbuf sx locks are
destroyed during the transition to a listening socket, but that will no
longer be true after some follow-up changes.

Modify a few places to check for errors from
sblock()/SOCK_IO_(SEND|RECV)_LOCK() where they were not before.  In
particular, add checks to sendfile() and sorflush().

Reviewed by:	tuexen, gallatin
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31657
2021-09-07 15:06:48 -04:00
John Baldwin
d39e65b5bd cxgbei: Add sysctls to report the maximum data segment lengths.
These sysctls report the maximum data segment lengths supported by an
adapter.  These are the values advertised to the remote end during the
login phase.

Sponsored by:	Chelsio Communications
2021-08-30 15:55:40 -07:00
John Baldwin
64f09f2346 cxgbei: Limit T5 transmit data segments to 15k.
This avoids exceeding a limit in the firmware when using ISO with
jumbo frames.

Reported by:	Jithesh Arakkan @ Chelsio
Sponsored by:	Chelsio Communications
2021-08-30 15:27:08 -07:00
Gordon Bergling
5bdf58e196 Fix some common typos in source code comments
- s/priviledged/privileged/
- s/funtion/function/
- s/doens't/doesn't/
- s/sychronization/synchronization/

MFC after:	3 days
2021-08-28 18:57:23 +02:00
Zhenlei Huang
62e1a437f3 routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549).
Implement kernel support for RFC 5549/8950.

* Relax control plane restrictions and allow specifying IPv6 gateways
 for IPv4 routes. This behavior is controlled by the
 net.route.rib_route_ipv6_nexthop sysctl (on by default).

* Always pass final destination in ro->ro_dst in ip_forward().

* Use ro->ro_dst to exract packet family inside if_output() routines.
 Consistently use RO_GET_FAMILY() macro to handle ro=NULL case.

* Pass extracted family to nd6_resolve() to get the LLE with proper encap.
 It leverages recent lltable changes committed in c541bd368f.

Presence of the functionality can be checked using ipv4_rfc5549_support feature(3).
Example usage:
  route add -net 192.0.0.0/24 -inet6 fe80::5054:ff:fe14:e319%vtnet0

Differential Revision: https://reviews.freebsd.org/D30398
MFC after:	2 weeks
2021-08-22 22:56:08 +00:00
John Baldwin
c261b6ea4e iscsi: Teach the iSCSI stack about "large" received PDUs.
When using iSCSI PDU offload (cxgbei) on T6 adapters, a burst of
received PDUs can be reported via a single message to the driver.

Previously the driver passed these multi-PDU bursts up to the iSCSI
stack up as a single "large" PDU by rewriting the buffer offset, data
segment length, and DataSN fields in the iSCSI header.  The DataSN
field in particular was rewritten so that each of the "large" PDUs
used consecutively increasing values.  While this worked, the forged
DataSN values did not match the ExpDataSN value in the subsequent SCSI
Response PDU.  The initiator does not currently verify this value, but
the forged DataSN values prevent adding a check.

To avoid this, allow a logical iSCSI PDU (struct icl_pdu) to describe
a burst of PDUs via a new 'ip_additional_pdus' field.  Normally this
field is set to zero when 'struct icl_pdu' represents a single PDU.
If logical PDU represents a burst of on-the-wire PDUs, then 'ip_npdus'
contains the count of additional on-the-wire PDUs.  The header of this
"large" PDU is still modified, but the DataSN field now contains the
DataSN value of the first on-the-wire PDU in the burst.

Reviewed by:	mav
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31577
2021-08-18 10:56:28 -07:00
John Baldwin
d75b0870e5 cxgbei: Restrict received PDUs to 4 DDP pages in length.
Reviewed by:	np
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31576
2021-08-17 11:14:37 -07:00
John Baldwin
f28715fdc1 cxgbei: Only round PDU data segment lengths down by 512 on T5.
Reviewed by:	np
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31575
2021-08-17 11:14:29 -07:00
John Baldwin
cbc186360c cxgbei: Restructure how PDU limits are managed.
- Compute data segment limits in read_pdu_limits() rather than PDU
  length limits.

- Add back connection-specific PDU overhead lengths to compute PDU
  length limits in icl_cxgbei_conn_handoff().

Reviewed by:	np
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31574
2021-08-17 11:14:11 -07:00
John Baldwin
2eb0e53a6b cxgbei: Wait for the final CPL to be received in icl_cxgbei_conn_close.
A socket in the FIN_WAIT_1 state is marked disconnected by
do_close_con_rpl() even though there might still receive data pending.
This is because the socket at that point has set SBS_CANTRCVMORE which
causes the protocol layer to discard any data received before the FIN.
However, icl_cxgbei_conn_close needs to wait until all the data has
been discarded.  Replace the wait for SS_ISDISCONNECTED with instead
waiting for final_cpl_received() to be called.

Reported by:	Jithesh Arakkan @ Chelsio
Sponsored by:	Chelsio Communications
2021-08-12 08:48:35 -07:00
John Baldwin
5b27e4b27c cxgbei: Support for ISO (iSCSI segmentation offload).
ISO can be disabled before establishing a connection by setting
dev.tNnex.N.toe.iso to 0.

Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31223
2021-08-06 14:21:37 -07:00
John Baldwin
87322a9075 iscsi: Remove icl_soft-only fields from struct icl_conn.
Create a struct icl_soft_conn which extends struct icl_conn and
move fields only used by icl_soft from struct icl_conn to
struct icl_soft_conn.

Reviewed by:	mav
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31414
2021-08-05 12:05:30 -07:00
John Baldwin
d59f1c49e2 cxgbe tom: Permit rcv_nxt mismatches on FIN for iSCSI connections on T6.
The remote peer might send a FIN in the middle of a burst of data
PDUs.  In the case of T6 with data PDU completion moderation, the
driver would not have seen these PDUs since the final PDU in the burst
was never received resulting in a stale rcv_nxt when the FIN is
received.

While here, invert the logic in the condition to be more readable and
always set tp->rcv_nxt from the sequence number in the CPL.  This sets
the proper value of rcv_nxt for FINs on connections with data received
but not reported via a CPL (e.g. a partial iSCSI PDU burst interrupted
by a FIN).

Reported by:	Jithesh Arakkan @ Chelsio
Reviewed by:	np
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D30871
2021-08-02 09:41:27 -07:00
John Baldwin
d0d631d5f4 cxgbei: Round up the maximum PDU data length by the MSS for TXDATAPLEN_MAX.
Recent firmware versions round down the value passed here by the MSS
and subsequently mishandle transmitted PDUs larger than the rounded
down value.

Reported by:	Jithesh Arakkan @ Chelsio
Sponsored by:	Chelsio Communications
2021-07-30 13:27:24 -07:00
John Baldwin
67495c13d0 cxgbei: Wait for socket to close in icl_cxgbei_conn_close.
This ensures the TOE has finished processing any in-flight received
data before returning to the caller.  The caller assumes it is safe to
free any open tasks or transfers (and associated buffers) after this
function returns.

Previously, data placed directly via DDP could be written to buffers
after the caller had freed the buffers.

Reported by:	Jithesh Arakkan @ Chelsio
Sponsored by:	Chelsio Communications
2021-07-29 16:34:46 -07:00
Hans Petter Selasky
b633e08c70 ibcore: Kernel space update based on Linux 5.7-rc1.
Overview:

This is the first stage of a RDMA stack upgrade introducing kernel
changes only based on Linux 5.7-rc1.

This patch is based on about four main areas of work:
- Update of the IB uobjects system:
  - The memory holding so-called AH, CQ, PD, SRQ and UCONTEXT objects
    is now managed by ibcore. This also require some changes in the
    kernel verbs API. The updated verbs changes are typically about
    initialize and deinitialize objects, and remove allocation and
    free of memory.

- Update of the uverbs IOCTL framework:
  - The parsing and handling of user-space commands has been
    completely refactored to integrate with the updated IB uobjects
    system.

- Various changes and updates to the generic uverbs interfaces in
  device drivers including the new uAPI surface.

- The mlx5_ib_devx.c in mlx5ib and related mlx5 core changes.

Dependencies:

- The mlx4ib driver code has been updated with the minimum changes
needed.

- The mlx5ib driver code has been updated with the minimum changes
needed including DV support.

Compatibility:

- All user-space facing APIs are backwards compatible after this
  change.

- All kernel-space facing RDMA APIs are backwards compatible after
  this change, with exception of ib_create_ah() and ib_destroy_ah()
  which takes a new flag.

- The "ib_device_ops" structure exist, but only contains the driver ID
  and some structure sizes.

Differences from Linux:

- Infiniband drivers must use the INIT_IB_DEVICE_OPS() macro to set
  the sizes needed for allocating various IB objects, when adding
  IB device instances.

Security:

- PRIV_NET_RAW is needed to use raw ethernet transmit features.
- PRIV_DRIVER is needed to use other privileged operations.

Based on upstream Linux, Torvalds (5.7-rc1):
8632e9b5645bbc2331d21d892b0d6961c1a08429

MFC after:	1 week
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D31149
Sponsored by:	NVIDIA Networking
2021-07-28 13:28:29 +02:00
Mark Johnston
d8787d4f78 crypto: Constify all transform descriptors
No functional change intended.

Reviewed by:	ae, jhb
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31196
2021-07-26 16:41:05 -04:00
Navdeep Parhar
76c8902296 cxgbe(4): Initialize abs_id for ctrl and ofld queues.
MFC after:	1 week
Sponsored by:	Chelsio Communications
2021-07-20 00:54:13 -07:00
John Baldwin
b5e73dd952 cxgbei: Don't assert F for data completion PDUs.
If a data PDU encounters an error such as a digest error, the firmware
will report that data PDU when completion moderation is active even if
it is not the final data PDU in a burst.

Sponsored by:	Chelsio Communications
2021-07-19 15:36:31 -07:00
John Baldwin
4a7d15ebb6 cxgbei: Remove invalid assertion.
A non-placed PDU can be delivered by CPL_RX_ISCSI_CMP in the middle of
a burst of placed PDUs (received via DDP) in which case the rcv_nxt
will not match the start of the non-placed PDU.

Reported by:	Jithesh Arakkan @ Chelsio
Sponsored by:	Chelsio Communications
2021-07-19 15:36:31 -07:00
Navdeep Parhar
f13920b39b cxgbe(4): Skip a few more T5/T6 registers during a regdump.
These registers have read side effects and a read at just the right
(wrong?) time can trash some internal hw state.

Obtained from:	Chelsio Communications
MFC after:	1 week
Sponsored by:	Chelsio Communications
2021-07-13 17:36:40 -07:00
Navdeep Parhar
3c900106ea cxgbe(4): Update firmwares to 1.26.0.0.
Changes since 1.25.6.0 are listed here.  This list comes from the
Release Notes for "Chelsio Unified Wire 3.14.0.4 for Linux" dated
2021-07-08.

Fixes
-----

BASE:
- Wait 5ms before and after the i2c command that clears the mod_select.
  This fixes incorrect port module type read from i2c.

Obtained from:	Chelsio Communications
MFC after:	1 week
Sponsored by:	Chelsio Communications
2021-07-12 21:25:36 -07:00
Hans Petter Selasky
c3987b8ea7 ibcore: Declare ib_post_send() and ib_post_recv() arguments const
Since neither ib_post_send() nor ib_post_recv() modify the data structure
their second argument points at, declare that argument const. This change
makes it necessary to declare the 'bad_wr' argument const too and also to
modify all ULPs that call ib_post_send(), ib_post_recv() or
ib_post_srq_recv(). This patch does not change any functionality but makes
it possible for the compiler to verify whether the
ib_post_(send|recv|srq_recv) really do not modify the posted work request.

Linux commit:
f696bf6d64b195b83ca1bdb7cd33c999c9dcf514
7bb1fafc2f163ad03a2007295bb2f57cfdbfb630
d34ac5cd3a73aacd11009c4fc3ba15d7ea62c411

MFC after:	1 week
Reviewed by:	kib
Sponsored by:	Mellanox Technologies // NVIDIA Networking
2021-07-12 14:22:33 +02:00
Navdeep Parhar
ec8004dd41 cxgbe(4): Do not configure traffic classes automatically on attach.
The driver used to configure all available classes with some default
parameters on attach and the rest of t4_sched.c was written with the
assumption that all traffic classes are always valid in the hardware.
But this resulted in a lot of informational messages being logged in the
firmware's circular log, crowding out other more useful messages.

This change leaves the tx scheduler alone during attach to reduce the
spam in the devlog.  The state of every class is now tracked separately
from its flags and there is support for an 'uninitialized' state.

MFC after:	2 weeks
Sponsored by:	Chelsio Communications
2021-06-25 16:04:09 -07:00
Navdeep Parhar
6beb67c7e0 cxgbe(4): Get the number of usable traffic classes from the firmware.
Recent firmwares are able to utilize the traffic classes of tx channels
that were previously unused.  This effectively doubles the number of
traffic classes available per port for 2 port cards.  Stop using the raw
per-channel value in the driver and ask the firmware for the number of
usable traffic classes instead.

MFC after:	2 weeks
Sponsored by:	Chelsio Communications
2021-06-25 16:04:09 -07:00
Warner Losh
ddfc9c4c59 newbus: Move from bus_child_{pnpinfo,location}_src to bus_child_{pnpinfo,location} with sbuf
Now that the upper layers all go through a layer to tie into these
information functions that translates an sbuf into char * and len. The
current interface suffers issues of what to do in cases of truncation,
etc. Instead, migrate all these functions to using struct sbuf and these
issues go away. The caller is also in charge of any memory allocation
and/or expansion that's needed during this process.

Create a bus_generic_child_{pnpinfo,location} and make it default. It
just returns success. This is for those busses that have no information
for these items. Migrate the now-empty routines to using this as
appropriate.

Document these new interfaces with man pages, and oversight from before.

Reviewed by:		jhb, bcr
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D29937
2021-06-22 20:52:06 -06:00
John Baldwin
abc273a290 cxgbei: Better handle new tasks and transfers when disconnecting.
If the connection is in the process of disconnecting, ic_socket can be
NULL.  For icl_cxgbei_conn_transfer_setup(), lock the connection and
check ic_socket before using it.  For icl_cxgbei_conn_task_setup(),
the caller already holds the connection lock, so assert it and bail
early with ECONNRESET if the connection is disconnecting.

Reported by:	Jithesh Arakkan @ Chelsio
Fixes:	 	f949967c8e cxgbei: Fix a race between transfer setup and a peer reset.
2021-06-22 16:09:54 -07:00
John Baldwin
6e26b4f8f4 cxgbe tom: Remove orphaned function max_imm_tls_space().
Reported by:	markj
Fixes:		789f2d4b3f cxgbe tom: Remove support for non-KTLS TLS offload.
Sponsored by:	Chelsio Communications
2021-06-16 11:39:39 -07:00
John Baldwin
18c69734e9 cxgbe: De-duplicate some of the code for managing TLS key contexts.
The NIC TLS and TOE TLS modes in cxgbe(4) both work with TLS key
contexts.  Previously, TOE TLS supported TLS key contexts created by
two different methods, and NIC TLS had a separate bit of code copied
from NIC TLS but specific to KTLS.  Now that TOE TLS only supports
KTLS, pull common code for creating TLS key contexts and programming
them into on-card memory into t4_keyctx.c.

Sponsored by:	Chelsio Communications
2021-06-15 17:45:32 -07:00
John Baldwin
789f2d4b3f cxgbe tom: Remove support for non-KTLS TLS offload.
TOE TLS offload was first supported via a customized OpenSSL developed
by Chelsio with proprietary socket options prior to KTLS being present
either in FreeBSD or upstream OpenSSL.  With the addition of KTLS in
both places, cxgbe's TOE driver was extended to support TLS offload
via KTLS as well.  This change removes the older interface leaving
only the KTLS bindings for TOE TLS.

Since KTLS was added to TOE TLS second, it was somehat shoe-horned
into the existing code.  In addition to removing the non-KTLS TLS
offload, refactor and simplify the code to assume KTLS, e.g. not
copying keys into a helper structure that mimic'ed the non-KTLS mode,
but using the KTLS session object directly when constructing key
contexts.

This also removes some unused code to send TX keys inline in work
requests for TOE TLS.  This code was never enabled, and was arguably
sending the wrong thing (it was not sending the raw key context as we
do for NIC TLS when using inline keys).

Sponsored by:	Chelsio Communications
2021-06-15 17:45:26 -07:00