From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6FC1AA0A02; Tue, 4 May 2021 19:56:28 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 558E4410F4; Tue, 4 May 2021 19:56:28 +0200 (CEST) Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2065.outbound.protection.outlook.com [40.107.244.65]) by mails.dpdk.org (Postfix) with ESMTP id 6150F4014E for ; Tue, 4 May 2021 19:56:26 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aT5x/F5Qa7j/HemFe6oERVawEqjbwt6ptSIuH1QcHWbY+SkSfdmVudsfonACxrAGYXWpZ71roHZeXRVAoXbI3tCjEBEmbo8oxYvGY65QZOi3iYOt5V9PjE1GWYcqxQGPXkHOd6waRGeE7uk6TGqeekSR/gmjCjFi5CoTQkRmE1lyH1Nfo8gOIFfjLfxUxHvzb8Xuk6f+YRE+WnEjMzff14t/7WHD92TgAmMu+boeRJxr0rdolIOwHylih4iYivi+/p8IEJT/O8Vgw1fF8Uu2lnqppptNMXTZmnjzTARlpB5kciEZjhxQuypJPVmvmxVqbbTZmEI5GrcLhxYsrfLYkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g7xM29uppSNuhI1yZ3cFPBqwulIE5X9UXoJnvUDeKfo=; b=j/8+y6F0NplnO4idaKNZvGc6k7vhjJzqIhsw4ZGRnncJASAK1xOIiSPIQq7bAwyc/P3q9DSZ4SPKEwKwi/4WC4jJmoD6u5NKf17Cmt9DZFP/fu8U8xGLEDtYgis7kt2sKqW5T8C13UAzSl4zbSrIJkdg33ggbl1ftl8D/J1NIIt15qKtqXUrkCP3paph0IvsWS5Oj3vscBxpAISedMkRujMvAL7lqvQ4NSe6ra5ae4jS2uhi2iaU3CT/ZTelpOHHdTd0aAxG9Bmo7H/ihfpwf6GDedhw372ZWCyTq3WgDsPfy1+Yz1pQh099RTCAPllY1Tec0pZPQtvDugt6a1FaTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=monjalon.net smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g7xM29uppSNuhI1yZ3cFPBqwulIE5X9UXoJnvUDeKfo=; b=lN/s6x2HCNnlkVV9g1yKfYfMhZYtvRkGeh0fQE83XL5XFvvIRY8B3oMs3GmyuP9j86n7qokqLa2pn9rw0hbehGhg5EqSAAH28oVbTxTFwrUZ6HM17h+efUZl/WbQqSI/raDjt9Rg2I1J8CP5QKiixyQrkQsizYDpwRoAcU418EAg1E82fFJcbRmvU263nlxURz0NzEyHCVSVwwGqqBKWaLF/7Qe6HCiRJFmdd5psu7b4VXK+OtyYrYOHfw9BQSpDU0JTHhmoyuQs8+/RXblUrSlsU37Dkvn7v8JmIrcysV8Fr52V9OaRoY/+2xAnJMFqx9q9SsPSsi+GNSULAL6rWw== Received: from DM5PR20CA0020.namprd20.prod.outlook.com (2603:10b6:3:93::30) by BN6PR12MB1268.namprd12.prod.outlook.com (2603:10b6:404:1a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.38; Tue, 4 May 2021 17:56:24 +0000 Received: from DM6NAM11FT039.eop-nam11.prod.protection.outlook.com (2603:10b6:3:93:cafe::ba) by DM5PR20CA0020.outlook.office365.com (2603:10b6:3:93::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.28 via Frontend Transport; Tue, 4 May 2021 17:56:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; monjalon.net; dkim=none (message not signed) header.d=none;monjalon.net; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by DM6NAM11FT039.mail.protection.outlook.com (10.13.172.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4087.32 via Frontend Transport; Tue, 4 May 2021 17:56:24 +0000 Received: from nvidia.com (172.20.145.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 4 May 2021 17:56:22 +0000 From: Matan Azrad To: CC: , , , "Thomas Monjalon" , Dekel Peled Date: Tue, 4 May 2021 20:54:52 +0300 Message-ID: <20210504175500.3385811-8-matan@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210504175500.3385811-1-matan@nvidia.com> References: <20210429154335.2820028-1-matan@nvidia.com> <20210504175500.3385811-1-matan@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [172.20.145.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e3afe9ab-59bf-40c6-68d9-08d90f25eee4 X-MS-TrafficTypeDiagnostic: BN6PR12MB1268: X-LD-Processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MN7L83mQk0kJkwecjQrTCJTNaGce/zUzgf5+upYCeY07u1Qc+s2PfsV7lSst2116FgvTvJeY7ptXy970WWlqVGzboH0gK+0cSBWiLT76730nywgqYSYjYbmhu23tl0q4VnA41cq4R4g5Mi52t0tijOG6NBCYriLHlI+0Cj7unf3YWPYrVMGVwzb5HEKKpfnZHxnTgoHm46Qj2NbnVwrw4txxu3iwN4YygV0BXueEpgfF+JSj5N38ObpabakzjH6o1V0AaiSLqDrwbD7gxoBwgeet2q0v4U2wa6wXE4YcApT1j8+1uBQtir0FBzyO1Km1wg/iimylQ+e8AyK17Cazsl47/z17qinquGXFDkn8DS2/XTk8MPmup6v0KpjZuZBL6STRRa9nZ9qwqcqgr0LhfkxqmFK1qe4ut9mX4CyuayqP/0Cvz+QPNdCtsAphPA/bHew7OBU1coWava0pg0fyceKwZMJyGVNmsFTkyTh7WLNnSnyjf9XkjnfodGSVfqtg/Q6rGu4B7BiRO+YDnkfADF1moDJ4Fj+oGelP4jfVAslnI1p6SxuRgSGvSLiTj/P2dLCgF0qHu6DMZ7aRI2k/j8yPPqwdUybvCEEUaR9rt+L4fXbR+Q9cRH/AFrb6fixxEkXl2Xpr17NJTXF0ILzQWsMGgFyx0N00X/Pa4RYPxQM= X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(346002)(39850400004)(136003)(396003)(376002)(46966006)(36840700001)(70206006)(70586007)(47076005)(1076003)(82740400003)(7636003)(6286002)(6916009)(36860700001)(83380400001)(26005)(16526019)(4326008)(356005)(36756003)(6666004)(478600001)(316002)(7696005)(55016002)(336012)(82310400003)(8936002)(54906003)(2906002)(8676002)(36906005)(186003)(86362001)(426003)(2616005)(5660300002)(107886003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 May 2021 17:56:24.4599 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e3afe9ab-59bf-40c6-68d9-08d90f25eee4 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT039.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1268 Subject: [dpdk-dev] [PATCH v3 07/15] common/mlx5: support general obj IMPORT KEK create X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Dekel Peled IMPORT_KEK object is used to wrap (encrypt) critical security parameters, such as other keys and credentials, when those need to be passed between the device and the software. This patch add support of IMPORT_KEK object create operation. Add reading of IMPORT_KEK support capability. Add function to create general object type IMPORT_KEK, using DevX API. Signed-off-by: Dekel Peled Acked-by: Matan Azrad --- drivers/common/mlx5/mlx5_devx_cmds.c | 50 ++++++++++++++++++++++++++++ drivers/common/mlx5/mlx5_devx_cmds.h | 13 ++++++++ drivers/common/mlx5/mlx5_prm.h | 18 ++++++++++ drivers/common/mlx5/version.map | 1 + 4 files changed, 82 insertions(+) diff --git a/drivers/common/mlx5/mlx5_devx_cmds.c b/drivers/common/mlx5/mlx5_devx_cmds.c index 7e3c8b55fa..afef7a5f63 100644 --- a/drivers/common/mlx5/mlx5_devx_cmds.c +++ b/drivers/common/mlx5/mlx5_devx_cmds.c @@ -752,6 +752,8 @@ mlx5_devx_cmd_query_hca_attr(void *ctx, MLX5_GENERAL_OBJ_TYPES_CAP_GENEVE_TLV_OPT); attr->dek = !!(general_obj_types_supported & MLX5_GENERAL_OBJ_TYPES_CAP_DEK); + attr->import_kek = !!(general_obj_types_supported & + MLX5_GENERAL_OBJ_TYPES_CAP_IMPORT_KEK); /* Add reading of other GENERAL_OBJ_TYPES_CAP bits above this line. */ attr->log_max_cq = MLX5_GET(cmd_hca_cap, hcattr, log_max_cq); attr->log_max_qp = MLX5_GET(cmd_hca_cap, hcattr, log_max_qp); @@ -2459,3 +2461,51 @@ mlx5_devx_cmd_create_dek_obj(void *ctx, struct mlx5_devx_dek_attr *attr) dek_obj->id = MLX5_GET(general_obj_out_cmd_hdr, out, obj_id); return dek_obj; } + +/** + * Create general object of type IMPORT_KEK using DevX API. + * + * @param[in] ctx + * Context returned from mlx5 open_device() glue function. + * @param [in] attr + * Pointer to IMPORT_KEK attributes structure. + * + * @return + * The DevX object created, NULL otherwise and rte_errno is set. + */ +struct mlx5_devx_obj * +mlx5_devx_cmd_create_import_kek_obj(void *ctx, + struct mlx5_devx_import_kek_attr *attr) +{ + uint32_t in[MLX5_ST_SZ_DW(create_import_kek_in)] = {0}; + uint32_t out[MLX5_ST_SZ_DW(general_obj_out_cmd_hdr)] = {0}; + struct mlx5_devx_obj *import_kek_obj = NULL; + void *ptr = NULL, *key_addr = NULL; + + import_kek_obj = mlx5_malloc(MLX5_MEM_ZERO, sizeof(*import_kek_obj), + 0, SOCKET_ID_ANY); + if (import_kek_obj == NULL) { + DRV_LOG(ERR, "Failed to allocate IMPORT_KEK object data"); + rte_errno = ENOMEM; + return NULL; + } + ptr = MLX5_ADDR_OF(create_import_kek_in, in, hdr); + MLX5_SET(general_obj_in_cmd_hdr, ptr, opcode, + MLX5_CMD_OP_CREATE_GENERAL_OBJECT); + MLX5_SET(general_obj_in_cmd_hdr, ptr, obj_type, + MLX5_GENERAL_OBJ_TYPE_IMPORT_KEK); + ptr = MLX5_ADDR_OF(create_import_kek_in, in, import_kek); + MLX5_SET(import_kek, ptr, key_size, attr->key_size); + key_addr = MLX5_ADDR_OF(import_kek, ptr, key); + memcpy(key_addr, (void *)(attr->key), MLX5_CRYPTO_KEY_MAX_SIZE); + import_kek_obj->obj = mlx5_glue->devx_obj_create(ctx, in, sizeof(in), + out, sizeof(out)); + if (import_kek_obj->obj == NULL) { + rte_errno = errno; + DRV_LOG(ERR, "Failed to create IMPORT_KEK object using DevX."); + mlx5_free(import_kek_obj); + return NULL; + } + import_kek_obj->id = MLX5_GET(general_obj_out_cmd_hdr, out, obj_id); + return import_kek_obj; +} diff --git a/drivers/common/mlx5/mlx5_devx_cmds.h b/drivers/common/mlx5/mlx5_devx_cmds.h index 600577f18a..6423610dae 100644 --- a/drivers/common/mlx5/mlx5_devx_cmds.h +++ b/drivers/common/mlx5/mlx5_devx_cmds.h @@ -142,6 +142,7 @@ struct mlx5_hca_attr { uint32_t crypto:1; /* Crypto engine is supported. */ uint32_t aes_xts:1; /* AES-XTS crypto is supported. */ uint32_t dek:1; /* General obj type DEK is supported. */ + uint32_t import_kek:1; /* General obj type IMPORT_KEK supported. */ uint32_t regexp_num_of_engines; uint32_t log_max_ft_sampler_num:8; uint32_t geneve_tlv_opt; @@ -450,6 +451,13 @@ struct mlx5_devx_dek_attr { uint8_t key[MLX5_CRYPTO_KEY_MAX_SIZE]; }; +struct mlx5_devx_import_kek_attr { + uint64_t modify_field_select; + uint32_t state:8; + uint32_t key_size:4; + uint8_t key[MLX5_CRYPTO_KEY_MAX_SIZE]; +}; + /* mlx5_devx_cmds.c */ __rte_internal @@ -606,4 +614,9 @@ __rte_internal struct mlx5_devx_obj * mlx5_devx_cmd_create_dek_obj(void *ctx, struct mlx5_devx_dek_attr *attr); +__rte_internal +struct mlx5_devx_obj * +mlx5_devx_cmd_create_import_kek_obj(void *ctx, + struct mlx5_devx_import_kek_attr *attr); + #endif /* RTE_PMD_MLX5_DEVX_CMDS_H_ */ diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h index 25f6f8ff00..bc339566a6 100644 --- a/drivers/common/mlx5/mlx5_prm.h +++ b/drivers/common/mlx5/mlx5_prm.h @@ -1119,6 +1119,8 @@ enum { (1ULL << MLX5_GENERAL_OBJ_TYPE_GENEVE_TLV_OPT) #define MLX5_GENERAL_OBJ_TYPES_CAP_DEK \ (1ULL << MLX5_GENERAL_OBJ_TYPE_DEK) +#define MLX5_GENERAL_OBJ_TYPES_CAP_IMPORT_KEK \ + (1ULL << MLX5_GENERAL_OBJ_TYPE_IMPORT_KEK) enum { MLX5_HCA_CAP_OPMOD_GET_MAX = 0, @@ -2419,6 +2421,7 @@ enum { MLX5_GENERAL_OBJ_TYPE_DEK = 0x000c, MLX5_GENERAL_OBJ_TYPE_VIRTQ = 0x000d, MLX5_GENERAL_OBJ_TYPE_VIRTIO_Q_COUNTERS = 0x001c, + MLX5_GENERAL_OBJ_TYPE_IMPORT_KEK = 0x001d, MLX5_GENERAL_OBJ_TYPE_FLEX_PARSE_GRAPH = 0x0022, MLX5_GENERAL_OBJ_TYPE_FLOW_METER_ASO = 0x0024, MLX5_GENERAL_OBJ_TYPE_FLOW_HIT_ASO = 0x0025, @@ -2516,6 +2519,21 @@ struct mlx5_ifc_create_dek_in_bits { struct mlx5_ifc_dek_bits dek; }; +struct mlx5_ifc_import_kek_bits { + u8 modify_field_select[0x40]; + u8 state[0x8]; + u8 reserved_at_48[0xc]; + u8 key_size[0x4]; + u8 reserved_at_58[0x1a8]; + u8 key[0x400]; + u8 reserved_at_600[0x200]; +}; + +struct mlx5_ifc_create_import_kek_in_bits { + struct mlx5_ifc_general_obj_in_cmd_hdr_bits hdr; + struct mlx5_ifc_import_kek_bits import_kek; +}; + enum { MLX5_VIRTQ_STATE_INIT = 0, MLX5_VIRTQ_STATE_RDY = 1, diff --git a/drivers/common/mlx5/version.map b/drivers/common/mlx5/version.map index 42bb985fb1..60bff5f799 100644 --- a/drivers/common/mlx5/version.map +++ b/drivers/common/mlx5/version.map @@ -21,6 +21,7 @@ INTERNAL { mlx5_devx_cmd_create_flow_hit_aso_obj; mlx5_devx_cmd_create_flow_meter_aso_obj; mlx5_devx_cmd_create_geneve_tlv_option; + mlx5_devx_cmd_create_import_kek_obj; mlx5_devx_cmd_create_qp; mlx5_devx_cmd_create_rq; mlx5_devx_cmd_create_rqt; -- 2.25.1