365 lines
		
	
	
		
			9.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			365 lines
		
	
	
		
			9.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| // SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
 | |
| /* Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. */
 | |
| 
 | |
| #include "macsec.h"
 | |
| #include <linux/mlx5/macsec.h>
 | |
| 
 | |
| struct mlx5_reserved_gids {
 | |
| 	int macsec_index;
 | |
| 	const struct ib_gid_attr *physical_gid;
 | |
| };
 | |
| 
 | |
| struct mlx5_roce_gids {
 | |
| 	struct list_head roce_gid_list_entry;
 | |
| 	u16 gid_idx;
 | |
| 	union {
 | |
| 		struct sockaddr_in  sockaddr_in;
 | |
| 		struct sockaddr_in6 sockaddr_in6;
 | |
| 	} addr;
 | |
| };
 | |
| 
 | |
| struct mlx5_macsec_device {
 | |
| 	struct list_head macsec_devices_list_entry;
 | |
| 	void *macdev;
 | |
| 	struct list_head macsec_roce_gids;
 | |
| 	struct list_head tx_rules_list;
 | |
| 	struct list_head rx_rules_list;
 | |
| };
 | |
| 
 | |
| static void cleanup_macsec_device(struct mlx5_macsec_device *macsec_device)
 | |
| {
 | |
| 	if (!list_empty(&macsec_device->tx_rules_list) ||
 | |
| 	    !list_empty(&macsec_device->rx_rules_list) ||
 | |
| 	    !list_empty(&macsec_device->macsec_roce_gids))
 | |
| 		return;
 | |
| 
 | |
| 	list_del(&macsec_device->macsec_devices_list_entry);
 | |
| 	kfree(macsec_device);
 | |
| }
 | |
| 
 | |
| static struct mlx5_macsec_device *get_macsec_device(void *macdev,
 | |
| 						    struct list_head *macsec_devices_list)
 | |
| {
 | |
| 	struct mlx5_macsec_device *iter, *macsec_device = NULL;
 | |
| 
 | |
| 	list_for_each_entry(iter, macsec_devices_list, macsec_devices_list_entry) {
 | |
| 		if (iter->macdev == macdev) {
 | |
| 			macsec_device = iter;
 | |
| 			break;
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	if (macsec_device)
 | |
| 		return macsec_device;
 | |
| 
 | |
| 	macsec_device = kzalloc(sizeof(*macsec_device), GFP_KERNEL);
 | |
| 	if (!macsec_device)
 | |
| 		return NULL;
 | |
| 
 | |
| 	macsec_device->macdev = macdev;
 | |
| 	INIT_LIST_HEAD(&macsec_device->tx_rules_list);
 | |
| 	INIT_LIST_HEAD(&macsec_device->rx_rules_list);
 | |
| 	INIT_LIST_HEAD(&macsec_device->macsec_roce_gids);
 | |
| 	list_add(&macsec_device->macsec_devices_list_entry, macsec_devices_list);
 | |
| 
 | |
| 	return macsec_device;
 | |
| }
 | |
| 
 | |
| static void mlx5_macsec_del_roce_gid(struct mlx5_macsec_device *macsec_device, u16 gid_idx)
 | |
| {
 | |
| 	struct mlx5_roce_gids *current_gid, *next_gid;
 | |
| 
 | |
| 	list_for_each_entry_safe(current_gid, next_gid, &macsec_device->macsec_roce_gids,
 | |
| 				 roce_gid_list_entry)
 | |
| 		if (current_gid->gid_idx == gid_idx) {
 | |
| 			list_del(¤t_gid->roce_gid_list_entry);
 | |
| 			kfree(current_gid);
 | |
| 		}
 | |
| }
 | |
| 
 | |
| static void mlx5_macsec_save_roce_gid(struct mlx5_macsec_device *macsec_device,
 | |
| 				      const struct sockaddr *addr, u16 gid_idx)
 | |
| {
 | |
| 	struct mlx5_roce_gids *roce_gids;
 | |
| 
 | |
| 	roce_gids = kzalloc(sizeof(*roce_gids), GFP_KERNEL);
 | |
| 	if (!roce_gids)
 | |
| 		return;
 | |
| 
 | |
| 	roce_gids->gid_idx = gid_idx;
 | |
| 	if (addr->sa_family == AF_INET)
 | |
| 		memcpy(&roce_gids->addr.sockaddr_in, addr, sizeof(roce_gids->addr.sockaddr_in));
 | |
| 	else
 | |
| 		memcpy(&roce_gids->addr.sockaddr_in6, addr, sizeof(roce_gids->addr.sockaddr_in6));
 | |
| 
 | |
| 	list_add_tail(&roce_gids->roce_gid_list_entry, &macsec_device->macsec_roce_gids);
 | |
| }
 | |
| 
 | |
| static void handle_macsec_gids(struct list_head *macsec_devices_list,
 | |
| 			       struct mlx5_macsec_event_data *data)
 | |
| {
 | |
| 	struct mlx5_macsec_device *macsec_device;
 | |
| 	struct mlx5_roce_gids *gid;
 | |
| 
 | |
| 	macsec_device = get_macsec_device(data->macdev, macsec_devices_list);
 | |
| 	if (!macsec_device)
 | |
| 		return;
 | |
| 
 | |
| 	list_for_each_entry(gid, &macsec_device->macsec_roce_gids, roce_gid_list_entry) {
 | |
| 		mlx5_macsec_add_roce_sa_rules(data->fs_id, (struct sockaddr *)&gid->addr,
 | |
| 					      gid->gid_idx, &macsec_device->tx_rules_list,
 | |
| 					      &macsec_device->rx_rules_list, data->macsec_fs,
 | |
| 					      data->is_tx);
 | |
| 	}
 | |
| }
 | |
| 
 | |
| static void del_sa_roce_rule(struct list_head *macsec_devices_list,
 | |
| 			     struct mlx5_macsec_event_data *data)
 | |
| {
 | |
| 	struct mlx5_macsec_device *macsec_device;
 | |
| 
 | |
| 	macsec_device = get_macsec_device(data->macdev, macsec_devices_list);
 | |
| 	WARN_ON(!macsec_device);
 | |
| 
 | |
| 	mlx5_macsec_del_roce_sa_rules(data->fs_id, data->macsec_fs,
 | |
| 				      &macsec_device->tx_rules_list,
 | |
| 				      &macsec_device->rx_rules_list, data->is_tx);
 | |
| }
 | |
| 
 | |
| static int macsec_event(struct notifier_block *nb, unsigned long event, void *data)
 | |
| {
 | |
| 	struct mlx5_macsec *macsec = container_of(nb, struct mlx5_macsec, blocking_events_nb);
 | |
| 
 | |
| 	mutex_lock(&macsec->lock);
 | |
| 	switch (event) {
 | |
| 	case MLX5_DRIVER_EVENT_MACSEC_SA_ADDED:
 | |
| 		handle_macsec_gids(&macsec->macsec_devices_list, data);
 | |
| 		break;
 | |
| 	case MLX5_DRIVER_EVENT_MACSEC_SA_DELETED:
 | |
| 		del_sa_roce_rule(&macsec->macsec_devices_list, data);
 | |
| 		break;
 | |
| 	default:
 | |
| 		mutex_unlock(&macsec->lock);
 | |
| 		return NOTIFY_DONE;
 | |
| 	}
 | |
| 	mutex_unlock(&macsec->lock);
 | |
| 	return NOTIFY_OK;
 | |
| }
 | |
| 
 | |
| void mlx5r_macsec_event_register(struct mlx5_ib_dev *dev)
 | |
| {
 | |
| 	if (!mlx5_is_macsec_roce_supported(dev->mdev)) {
 | |
| 		mlx5_ib_dbg(dev, "RoCE MACsec not supported due to capabilities\n");
 | |
| 		return;
 | |
| 	}
 | |
| 
 | |
| 	dev->macsec.blocking_events_nb.notifier_call = macsec_event;
 | |
| 	blocking_notifier_chain_register(&dev->mdev->macsec_nh,
 | |
| 					 &dev->macsec.blocking_events_nb);
 | |
| }
 | |
| 
 | |
| void mlx5r_macsec_event_unregister(struct mlx5_ib_dev *dev)
 | |
| {
 | |
| 	if (!mlx5_is_macsec_roce_supported(dev->mdev)) {
 | |
| 		mlx5_ib_dbg(dev, "RoCE MACsec not supported due to capabilities\n");
 | |
| 		return;
 | |
| 	}
 | |
| 
 | |
| 	blocking_notifier_chain_unregister(&dev->mdev->macsec_nh,
 | |
| 					   &dev->macsec.blocking_events_nb);
 | |
| }
 | |
| 
 | |
| int mlx5r_macsec_init_gids_and_devlist(struct mlx5_ib_dev *dev)
 | |
| {
 | |
| 	int i, j, max_gids;
 | |
| 
 | |
| 	if (!mlx5_is_macsec_roce_supported(dev->mdev)) {
 | |
| 		mlx5_ib_dbg(dev, "RoCE MACsec not supported due to capabilities\n");
 | |
| 		return 0;
 | |
| 	}
 | |
| 
 | |
| 	max_gids = MLX5_CAP_ROCE(dev->mdev, roce_address_table_size);
 | |
| 	for (i = 0; i < dev->num_ports; i++) {
 | |
| 		dev->port[i].reserved_gids = kcalloc(max_gids,
 | |
| 						     sizeof(*dev->port[i].reserved_gids),
 | |
| 						     GFP_KERNEL);
 | |
| 		if (!dev->port[i].reserved_gids)
 | |
| 			goto err;
 | |
| 
 | |
| 		for (j = 0; j < max_gids; j++)
 | |
| 			dev->port[i].reserved_gids[j].macsec_index = -1;
 | |
| 	}
 | |
| 
 | |
| 	INIT_LIST_HEAD(&dev->macsec.macsec_devices_list);
 | |
| 	mutex_init(&dev->macsec.lock);
 | |
| 
 | |
| 	return 0;
 | |
| err:
 | |
| 	while (i >= 0) {
 | |
| 		kfree(dev->port[i].reserved_gids);
 | |
| 		i--;
 | |
| 	}
 | |
| 	return -ENOMEM;
 | |
| }
 | |
| 
 | |
| void mlx5r_macsec_dealloc_gids(struct mlx5_ib_dev *dev)
 | |
| {
 | |
| 	int i;
 | |
| 
 | |
| 	if (!mlx5_is_macsec_roce_supported(dev->mdev))
 | |
| 		mlx5_ib_dbg(dev, "RoCE MACsec not supported due to capabilities\n");
 | |
| 
 | |
| 	for (i = 0; i < dev->num_ports; i++)
 | |
| 		kfree(dev->port[i].reserved_gids);
 | |
| 
 | |
| 	mutex_destroy(&dev->macsec.lock);
 | |
| }
 | |
| 
 | |
| int mlx5r_add_gid_macsec_operations(const struct ib_gid_attr *attr)
 | |
| {
 | |
| 	struct mlx5_ib_dev *dev = to_mdev(attr->device);
 | |
| 	struct mlx5_macsec_device *macsec_device;
 | |
| 	const struct ib_gid_attr *physical_gid;
 | |
| 	struct mlx5_reserved_gids *mgids;
 | |
| 	struct net_device *ndev;
 | |
| 	int ret = 0;
 | |
| 	union {
 | |
| 		struct sockaddr_in  sockaddr_in;
 | |
| 		struct sockaddr_in6 sockaddr_in6;
 | |
| 	} addr;
 | |
| 
 | |
| 	if (attr->gid_type != IB_GID_TYPE_ROCE_UDP_ENCAP)
 | |
| 		return 0;
 | |
| 
 | |
| 	if (!mlx5_is_macsec_roce_supported(dev->mdev)) {
 | |
| 		mlx5_ib_dbg(dev, "RoCE MACsec not supported due to capabilities\n");
 | |
| 		return 0;
 | |
| 	}
 | |
| 
 | |
| 	rcu_read_lock();
 | |
| 	ndev = rcu_dereference(attr->ndev);
 | |
| 	if (!ndev) {
 | |
| 		rcu_read_unlock();
 | |
| 		return -ENODEV;
 | |
| 	}
 | |
| 
 | |
| 	if (!netif_is_macsec(ndev) || !macsec_netdev_is_offloaded(ndev)) {
 | |
| 		rcu_read_unlock();
 | |
| 		return 0;
 | |
| 	}
 | |
| 	dev_hold(ndev);
 | |
| 	rcu_read_unlock();
 | |
| 
 | |
| 	mutex_lock(&dev->macsec.lock);
 | |
| 	macsec_device = get_macsec_device(ndev, &dev->macsec.macsec_devices_list);
 | |
| 	if (!macsec_device) {
 | |
| 		ret = -ENOMEM;
 | |
| 		goto dev_err;
 | |
| 	}
 | |
| 
 | |
| 	physical_gid = rdma_find_gid(attr->device, &attr->gid,
 | |
| 				     attr->gid_type, NULL);
 | |
| 	if (!IS_ERR(physical_gid)) {
 | |
| 		ret = set_roce_addr(to_mdev(physical_gid->device),
 | |
| 				    physical_gid->port_num,
 | |
| 				    physical_gid->index, NULL,
 | |
| 				    physical_gid);
 | |
| 		if (ret)
 | |
| 			goto gid_err;
 | |
| 
 | |
| 		mgids = &dev->port[attr->port_num - 1].reserved_gids[physical_gid->index];
 | |
| 		mgids->macsec_index = attr->index;
 | |
| 		mgids->physical_gid = physical_gid;
 | |
| 	}
 | |
| 
 | |
| 	/* Proceed with adding steering rules, regardless if there was gid ambiguity or not.*/
 | |
| 	rdma_gid2ip((struct sockaddr *)&addr, &attr->gid);
 | |
| 	ret = mlx5_macsec_add_roce_rule(ndev, (struct sockaddr *)&addr, attr->index,
 | |
| 					&macsec_device->tx_rules_list,
 | |
| 					&macsec_device->rx_rules_list, dev->mdev->macsec_fs);
 | |
| 	if (ret && !IS_ERR(physical_gid))
 | |
| 		goto rule_err;
 | |
| 
 | |
| 	mlx5_macsec_save_roce_gid(macsec_device, (struct sockaddr *)&addr, attr->index);
 | |
| 
 | |
| 	dev_put(ndev);
 | |
| 	mutex_unlock(&dev->macsec.lock);
 | |
| 	return ret;
 | |
| 
 | |
| rule_err:
 | |
| 	set_roce_addr(to_mdev(physical_gid->device), physical_gid->port_num,
 | |
| 		      physical_gid->index, &physical_gid->gid, physical_gid);
 | |
| 	mgids->macsec_index = -1;
 | |
| gid_err:
 | |
| 	rdma_put_gid_attr(physical_gid);
 | |
| 	cleanup_macsec_device(macsec_device);
 | |
| dev_err:
 | |
| 	dev_put(ndev);
 | |
| 	mutex_unlock(&dev->macsec.lock);
 | |
| 	return ret;
 | |
| }
 | |
| 
 | |
| void mlx5r_del_gid_macsec_operations(const struct ib_gid_attr *attr)
 | |
| {
 | |
| 	struct mlx5_ib_dev *dev = to_mdev(attr->device);
 | |
| 	struct mlx5_macsec_device *macsec_device;
 | |
| 	struct mlx5_reserved_gids *mgids;
 | |
| 	struct net_device *ndev;
 | |
| 	int i, max_gids;
 | |
| 
 | |
| 	if (attr->gid_type != IB_GID_TYPE_ROCE_UDP_ENCAP)
 | |
| 		return;
 | |
| 
 | |
| 	if (!mlx5_is_macsec_roce_supported(dev->mdev)) {
 | |
| 		mlx5_ib_dbg(dev, "RoCE MACsec not supported due to capabilities\n");
 | |
| 		return;
 | |
| 	}
 | |
| 
 | |
| 	mgids = &dev->port[attr->port_num - 1].reserved_gids[attr->index];
 | |
| 	if (mgids->macsec_index != -1) { /* Checking if physical gid has ambiguous IP */
 | |
| 		rdma_put_gid_attr(mgids->physical_gid);
 | |
| 		mgids->macsec_index = -1;
 | |
| 		return;
 | |
| 	}
 | |
| 
 | |
| 	rcu_read_lock();
 | |
| 	ndev = rcu_dereference(attr->ndev);
 | |
| 	if (!ndev) {
 | |
| 		rcu_read_unlock();
 | |
| 		return;
 | |
| 	}
 | |
| 
 | |
| 	if (!netif_is_macsec(ndev) || !macsec_netdev_is_offloaded(ndev)) {
 | |
| 		rcu_read_unlock();
 | |
| 		return;
 | |
| 	}
 | |
| 	dev_hold(ndev);
 | |
| 	rcu_read_unlock();
 | |
| 
 | |
| 	mutex_lock(&dev->macsec.lock);
 | |
| 	max_gids = MLX5_CAP_ROCE(dev->mdev, roce_address_table_size);
 | |
| 	for (i = 0; i < max_gids; i++) { /* Checking if macsec gid has ambiguous IP */
 | |
| 		mgids = &dev->port[attr->port_num - 1].reserved_gids[i];
 | |
| 		if (mgids->macsec_index == attr->index) {
 | |
| 			const struct ib_gid_attr *physical_gid = mgids->physical_gid;
 | |
| 
 | |
| 			set_roce_addr(to_mdev(physical_gid->device),
 | |
| 				      physical_gid->port_num,
 | |
| 				      physical_gid->index,
 | |
| 				      &physical_gid->gid, physical_gid);
 | |
| 
 | |
| 			rdma_put_gid_attr(physical_gid);
 | |
| 			mgids->macsec_index = -1;
 | |
| 			break;
 | |
| 		}
 | |
| 	}
 | |
| 	macsec_device = get_macsec_device(ndev, &dev->macsec.macsec_devices_list);
 | |
| 	mlx5_macsec_del_roce_rule(attr->index, dev->mdev->macsec_fs,
 | |
| 				  &macsec_device->tx_rules_list, &macsec_device->rx_rules_list);
 | |
| 	mlx5_macsec_del_roce_gid(macsec_device, attr->index);
 | |
| 	cleanup_macsec_device(macsec_device);
 | |
| 
 | |
| 	dev_put(ndev);
 | |
| 	mutex_unlock(&dev->macsec.lock);
 | |
| }
 |