ch_ktls: Issue if connection offload fails

Since driver first return success to tls_dev_add, if req to HW is
successful, but later if HW returns failure, that connection traffic
fails permanently and connection status remains unknown to stack.

v1->v2:
- removed conn_up from all places.

v2->v3:
- Corrected timeout handling.

Fixes: 34aba2c450 ("cxgb4/chcr : Register to tls add and del callback")
Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Rohit Maheshwari 2020-09-29 23:14:23 +05:30 committed by David S. Miller
parent 2c956a5ad4
commit efca3878a5
2 changed files with 153 additions and 147 deletions

View File

@ -125,60 +125,6 @@ static int chcr_ktls_save_keys(struct chcr_ktls_info *tx_info,
return ret; return ret;
} }
static int chcr_ktls_update_connection_state(struct chcr_ktls_info *tx_info,
int new_state)
{
/* This function can be called from both rx (interrupt context) and tx
* queue contexts.
*/
spin_lock_bh(&tx_info->lock);
switch (tx_info->connection_state) {
case KTLS_CONN_CLOSED:
tx_info->connection_state = new_state;
break;
case KTLS_CONN_ACT_OPEN_REQ:
/* only go forward if state is greater than current state. */
if (new_state <= tx_info->connection_state)
break;
/* update to the next state and also initialize TCB */
tx_info->connection_state = new_state;
fallthrough;
case KTLS_CONN_ACT_OPEN_RPL:
/* if we are stuck in this state, means tcb init might not
* received by HW, try sending it again.
*/
if (!chcr_init_tcb_fields(tx_info))
tx_info->connection_state = KTLS_CONN_SET_TCB_REQ;
break;
case KTLS_CONN_SET_TCB_REQ:
/* only go forward if state is greater than current state. */
if (new_state <= tx_info->connection_state)
break;
/* update to the next state and check if l2t_state is valid */
tx_info->connection_state = new_state;
fallthrough;
case KTLS_CONN_SET_TCB_RPL:
/* Check if l2t state is valid, then move to ready state. */
if (cxgb4_check_l2t_valid(tx_info->l2te)) {
tx_info->connection_state = KTLS_CONN_TX_READY;
atomic64_inc(&tx_info->adap->ch_ktls_stats.ktls_tx_ctx);
}
break;
case KTLS_CONN_TX_READY:
/* nothing to be done here */
break;
default:
pr_err("unknown KTLS connection state\n");
break;
}
spin_unlock_bh(&tx_info->lock);
return tx_info->connection_state;
}
/* /*
* chcr_ktls_act_open_req: creates TCB entry for ipv4 connection. * chcr_ktls_act_open_req: creates TCB entry for ipv4 connection.
* @sk - tcp socket. * @sk - tcp socket.
@ -298,27 +244,17 @@ static int chcr_setup_connection(struct sock *sk,
return -EINVAL; return -EINVAL;
tx_info->atid = atid; tx_info->atid = atid;
tx_info->ip_family = sk->sk_family;
if (sk->sk_family == AF_INET) { if (tx_info->ip_family == AF_INET) {
tx_info->ip_family = AF_INET;
ret = chcr_ktls_act_open_req(sk, tx_info, atid); ret = chcr_ktls_act_open_req(sk, tx_info, atid);
#if IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_IPV6)
} else { } else {
if (!sk->sk_ipv6only && ret = cxgb4_clip_get(tx_info->netdev, (const u32 *)
ipv6_addr_type(&sk->sk_v6_daddr) == IPV6_ADDR_MAPPED) { &sk->sk_v6_rcv_saddr,
tx_info->ip_family = AF_INET;
ret = chcr_ktls_act_open_req(sk, tx_info, atid);
} else {
tx_info->ip_family = AF_INET6;
ret = cxgb4_clip_get(tx_info->netdev,
(const u32 *)
&sk->sk_v6_rcv_saddr.s6_addr,
1); 1);
if (ret) if (ret)
goto out; return ret;
ret = chcr_ktls_act_open_req6(sk, tx_info, atid); ret = chcr_ktls_act_open_req6(sk, tx_info, atid);
}
#endif #endif
} }
@ -326,16 +262,21 @@ static int chcr_setup_connection(struct sock *sk,
* success, if any other return type clear atid and return that failure. * success, if any other return type clear atid and return that failure.
*/ */
if (ret) { if (ret) {
if (ret == NET_XMIT_CN) if (ret == NET_XMIT_CN) {
ret = 0; ret = 0;
else } else {
#if IS_ENABLED(CONFIG_IPV6)
/* clear clip entry */
if (tx_info->ip_family == AF_INET6)
cxgb4_clip_release(tx_info->netdev,
(const u32 *)
&sk->sk_v6_rcv_saddr,
1);
#endif
cxgb4_free_atid(t, atid); cxgb4_free_atid(t, atid);
goto out; }
} }
/* update the connection state */
chcr_ktls_update_connection_state(tx_info, KTLS_CONN_ACT_OPEN_REQ);
out:
return ret; return ret;
} }
@ -396,15 +337,9 @@ static void chcr_ktls_dev_del(struct net_device *netdev,
struct chcr_ktls_ofld_ctx_tx *tx_ctx = struct chcr_ktls_ofld_ctx_tx *tx_ctx =
chcr_get_ktls_tx_context(tls_ctx); chcr_get_ktls_tx_context(tls_ctx);
struct chcr_ktls_info *tx_info = tx_ctx->chcr_info; struct chcr_ktls_info *tx_info = tx_ctx->chcr_info;
struct sock *sk;
if (!tx_info) if (!tx_info)
return; return;
sk = tx_info->sk;
spin_lock(&tx_info->lock);
tx_info->connection_state = KTLS_CONN_CLOSED;
spin_unlock(&tx_info->lock);
/* clear l2t entry */ /* clear l2t entry */
if (tx_info->l2te) if (tx_info->l2te)
@ -413,8 +348,8 @@ static void chcr_ktls_dev_del(struct net_device *netdev,
#if IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_IPV6)
/* clear clip entry */ /* clear clip entry */
if (tx_info->ip_family == AF_INET6) if (tx_info->ip_family == AF_INET6)
cxgb4_clip_release(netdev, cxgb4_clip_release(netdev, (const u32 *)
(const u32 *)&sk->sk_v6_daddr.in6_u.u6_addr8, &tx_info->sk->sk_v6_rcv_saddr,
1); 1);
#endif #endif
@ -461,30 +396,22 @@ static int chcr_ktls_dev_add(struct net_device *netdev, struct sock *sk,
pi = netdev_priv(netdev); pi = netdev_priv(netdev);
adap = pi->adapter; adap = pi->adapter;
atomic64_inc(&adap->ch_ktls_stats.ktls_tx_connection_open);
if (direction == TLS_OFFLOAD_CTX_DIR_RX) { if (direction == TLS_OFFLOAD_CTX_DIR_RX) {
pr_err("not expecting for RX direction\n"); pr_err("not expecting for RX direction\n");
ret = -EINVAL;
goto out; goto out;
} }
if (tx_ctx->chcr_info) {
ret = -EINVAL; if (tx_ctx->chcr_info)
goto out; goto out;
}
tx_info = kvzalloc(sizeof(*tx_info), GFP_KERNEL); tx_info = kvzalloc(sizeof(*tx_info), GFP_KERNEL);
if (!tx_info) { if (!tx_info)
ret = -ENOMEM;
goto out; goto out;
}
spin_lock_init(&tx_info->lock);
/* clear connection state */
spin_lock(&tx_info->lock);
tx_info->connection_state = KTLS_CONN_CLOSED;
spin_unlock(&tx_info->lock);
tx_info->sk = sk; tx_info->sk = sk;
spin_lock_init(&tx_info->lock);
/* initialize tid and atid to -1, 0 is a also a valid id. */ /* initialize tid and atid to -1, 0 is a also a valid id. */
tx_info->tid = -1; tx_info->tid = -1;
tx_info->atid = -1; tx_info->atid = -1;
@ -495,10 +422,12 @@ static int chcr_ktls_dev_add(struct net_device *netdev, struct sock *sk,
tx_info->tx_chan = pi->tx_chan; tx_info->tx_chan = pi->tx_chan;
tx_info->smt_idx = pi->smt_idx; tx_info->smt_idx = pi->smt_idx;
tx_info->port_id = pi->port_id; tx_info->port_id = pi->port_id;
tx_info->prev_ack = 0;
tx_info->prev_win = 0;
tx_info->rx_qid = chcr_get_first_rx_qid(adap); tx_info->rx_qid = chcr_get_first_rx_qid(adap);
if (unlikely(tx_info->rx_qid < 0)) if (unlikely(tx_info->rx_qid < 0))
goto out2; goto free_tx_info;
tx_info->prev_seq = start_offload_tcp_sn; tx_info->prev_seq = start_offload_tcp_sn;
tx_info->tcp_start_seq_number = start_offload_tcp_sn; tx_info->tcp_start_seq_number = start_offload_tcp_sn;
@ -506,18 +435,22 @@ static int chcr_ktls_dev_add(struct net_device *netdev, struct sock *sk,
/* save crypto keys */ /* save crypto keys */
ret = chcr_ktls_save_keys(tx_info, crypto_info, direction); ret = chcr_ktls_save_keys(tx_info, crypto_info, direction);
if (ret < 0) if (ret < 0)
goto out2; goto free_tx_info;
/* get peer ip */ /* get peer ip */
if (sk->sk_family == AF_INET) { if (sk->sk_family == AF_INET) {
memcpy(daaddr, &sk->sk_daddr, 4); memcpy(daaddr, &sk->sk_daddr, 4);
tx_info->ip_family = AF_INET;
#if IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_IPV6)
} else { } else {
if (!sk->sk_ipv6only && if (!sk->sk_ipv6only &&
ipv6_addr_type(&sk->sk_v6_daddr) == IPV6_ADDR_MAPPED) ipv6_addr_type(&sk->sk_v6_daddr) == IPV6_ADDR_MAPPED) {
memcpy(daaddr, &sk->sk_daddr, 4); memcpy(daaddr, &sk->sk_daddr, 4);
else tx_info->ip_family = AF_INET;
} else {
memcpy(daaddr, sk->sk_v6_daddr.in6_u.u6_addr8, 16); memcpy(daaddr, sk->sk_v6_daddr.in6_u.u6_addr8, 16);
tx_info->ip_family = AF_INET6;
}
#endif #endif
} }
@ -525,13 +458,13 @@ static int chcr_ktls_dev_add(struct net_device *netdev, struct sock *sk,
dst = sk_dst_get(sk); dst = sk_dst_get(sk);
if (!dst) { if (!dst) {
pr_err("DST entry not found\n"); pr_err("DST entry not found\n");
goto out2; goto free_tx_info;
} }
n = dst_neigh_lookup(dst, daaddr); n = dst_neigh_lookup(dst, daaddr);
if (!n || !n->dev) { if (!n || !n->dev) {
pr_err("neighbour not found\n"); pr_err("neighbour not found\n");
dst_release(dst); dst_release(dst);
goto out2; goto free_tx_info;
} }
tx_info->l2te = cxgb4_l2t_get(adap->l2t, n, n->dev, 0); tx_info->l2te = cxgb4_l2t_get(adap->l2t, n, n->dev, 0);
@ -540,31 +473,86 @@ static int chcr_ktls_dev_add(struct net_device *netdev, struct sock *sk,
if (!tx_info->l2te) { if (!tx_info->l2te) {
pr_err("l2t entry not found\n"); pr_err("l2t entry not found\n");
goto out2; goto free_tx_info;
} }
tx_ctx->chcr_info = tx_info; /* Driver shouldn't be removed until any single connection exists */
if (!try_module_get(THIS_MODULE))
goto free_l2t;
init_completion(&tx_info->completion);
/* create a filter and call cxgb4_l2t_send to send the packet out, which /* create a filter and call cxgb4_l2t_send to send the packet out, which
* will take care of updating l2t entry in hw if not already done. * will take care of updating l2t entry in hw if not already done.
*/ */
ret = chcr_setup_connection(sk, tx_info); tx_info->open_state = CH_KTLS_OPEN_PENDING;
if (ret)
goto out2;
/* Driver shouldn't be removed until any single connection exists */ if (chcr_setup_connection(sk, tx_info))
if (!try_module_get(THIS_MODULE)) { goto put_module;
ret = -EINVAL;
goto out2; /* Wait for reply */
wait_for_completion_timeout(&tx_info->completion, 30 * HZ);
spin_lock_bh(&tx_info->lock);
if (tx_info->open_state) {
/* need to wait for hw response, can't free tx_info yet. */
if (tx_info->open_state == CH_KTLS_OPEN_PENDING)
tx_info->pending_close = true;
/* free the lock after the cleanup */
goto put_module;
} }
spin_unlock_bh(&tx_info->lock);
/* initialize tcb */
reinit_completion(&tx_info->completion);
/* mark it pending for hw response */
tx_info->open_state = CH_KTLS_OPEN_PENDING;
if (chcr_init_tcb_fields(tx_info))
goto free_tid;
/* Wait for reply */
wait_for_completion_timeout(&tx_info->completion, 30 * HZ);
spin_lock_bh(&tx_info->lock);
if (tx_info->open_state) {
/* need to wait for hw response, can't free tx_info yet. */
tx_info->pending_close = true;
/* free the lock after cleanup */
goto free_tid;
}
spin_unlock_bh(&tx_info->lock);
if (!cxgb4_check_l2t_valid(tx_info->l2te))
goto free_tid;
atomic64_inc(&adap->ch_ktls_stats.ktls_tx_ctx);
tx_ctx->chcr_info = tx_info;
atomic64_inc(&adap->ch_ktls_stats.ktls_tx_connection_open);
return 0; return 0;
out2:
free_tid:
chcr_ktls_mark_tcb_close(tx_info);
#if IS_ENABLED(CONFIG_IPV6)
/* clear clip entry */
if (tx_info->ip_family == AF_INET6)
cxgb4_clip_release(netdev, (const u32 *)
&sk->sk_v6_rcv_saddr,
1);
#endif
cxgb4_remove_tid(&tx_info->adap->tids, tx_info->tx_chan,
tx_info->tid, tx_info->ip_family);
put_module:
/* release module refcount */
module_put(THIS_MODULE);
free_l2t:
cxgb4_l2t_release(tx_info->l2te);
free_tx_info:
if (tx_info->pending_close)
spin_unlock_bh(&tx_info->lock);
else
kvfree(tx_info); kvfree(tx_info);
out: out:
atomic64_inc(&adap->ch_ktls_stats.ktls_tx_connection_fail); atomic64_inc(&adap->ch_ktls_stats.ktls_tx_connection_fail);
return ret; return -1;
} }
/* /*
@ -627,20 +615,39 @@ static int chcr_ktls_cpl_act_open_rpl(struct adapter *adap,
tx_info = lookup_atid(t, atid); tx_info = lookup_atid(t, atid);
if (!tx_info || tx_info->atid != atid) { if (!tx_info || tx_info->atid != atid) {
pr_err("tx_info or atid is not correct\n"); pr_err("%s: incorrect tx_info or atid\n", __func__);
return -1; return -1;
} }
cxgb4_free_atid(t, atid);
tx_info->atid = -1;
spin_lock(&tx_info->lock);
/* HW response is very close, finish pending cleanup */
if (tx_info->pending_close) {
spin_unlock(&tx_info->lock);
if (!status) {
/* it's a late success, tcb status is establised,
* mark it close.
*/
chcr_ktls_mark_tcb_close(tx_info);
cxgb4_remove_tid(&tx_info->adap->tids, tx_info->tx_chan,
tid, tx_info->ip_family);
}
kvfree(tx_info);
return 0;
}
if (!status) { if (!status) {
tx_info->tid = tid; tx_info->tid = tid;
cxgb4_insert_tid(t, tx_info, tx_info->tid, tx_info->ip_family); cxgb4_insert_tid(t, tx_info, tx_info->tid, tx_info->ip_family);
tx_info->open_state = CH_KTLS_OPEN_SUCCESS;
cxgb4_free_atid(t, atid); } else {
tx_info->atid = -1; tx_info->open_state = CH_KTLS_OPEN_FAILURE;
/* update the connection state */
chcr_ktls_update_connection_state(tx_info,
KTLS_CONN_ACT_OPEN_RPL);
} }
spin_unlock(&tx_info->lock);
complete(&tx_info->completion);
return 0; return 0;
} }
@ -658,12 +665,22 @@ static int chcr_ktls_cpl_set_tcb_rpl(struct adapter *adap, unsigned char *input)
t = &adap->tids; t = &adap->tids;
tx_info = lookup_tid(t, tid); tx_info = lookup_tid(t, tid);
if (!tx_info || tx_info->tid != tid) { if (!tx_info || tx_info->tid != tid) {
pr_err("tx_info or atid is not correct\n"); pr_err("%s: incorrect tx_info or tid\n", __func__);
return -1; return -1;
} }
/* update the connection state */
chcr_ktls_update_connection_state(tx_info, KTLS_CONN_SET_TCB_RPL); spin_lock(&tx_info->lock);
if (tx_info->pending_close) {
spin_unlock(&tx_info->lock);
kvfree(tx_info);
return 0;
}
tx_info->open_state = false;
spin_unlock(&tx_info->lock);
complete(&tx_info->completion);
return 0; return 0;
} }
@ -1845,7 +1862,6 @@ static int chcr_ktls_xmit(struct sk_buff *skb, struct net_device *dev)
u32 tls_end_offset, tcp_seq; u32 tls_end_offset, tcp_seq;
struct tls_context *tls_ctx; struct tls_context *tls_ctx;
struct sk_buff *local_skb; struct sk_buff *local_skb;
int new_connection_state;
struct sge_eth_txq *q; struct sge_eth_txq *q;
struct adapter *adap; struct adapter *adap;
unsigned long flags; unsigned long flags;
@ -1868,15 +1884,6 @@ static int chcr_ktls_xmit(struct sk_buff *skb, struct net_device *dev)
if (unlikely(!tx_info)) if (unlikely(!tx_info))
goto out; goto out;
/* check the connection state, we don't need to pass new connection
* state, state machine will check and update the new state if it is
* stuck due to responses not received from HW.
* Start the tx handling only if state is KTLS_CONN_TX_READY.
*/
new_connection_state = chcr_ktls_update_connection_state(tx_info, 0);
if (new_connection_state != KTLS_CONN_TX_READY)
goto out;
/* don't touch the original skb, make a new skb to extract each records /* don't touch the original skb, make a new skb to extract each records
* and send them separately. * and send them separately.
*/ */

View File

@ -27,22 +27,20 @@
#define CHCR_KTLS_WR_SIZE (CHCR_PLAIN_TX_DATA_LEN +\ #define CHCR_KTLS_WR_SIZE (CHCR_PLAIN_TX_DATA_LEN +\
sizeof(struct cpl_tx_sec_pdu)) sizeof(struct cpl_tx_sec_pdu))
enum chcr_ktls_conn_state { enum ch_ktls_open_state {
KTLS_CONN_CLOSED, CH_KTLS_OPEN_SUCCESS = 0,
KTLS_CONN_ACT_OPEN_REQ, CH_KTLS_OPEN_PENDING = 1,
KTLS_CONN_ACT_OPEN_RPL, CH_KTLS_OPEN_FAILURE = 2,
KTLS_CONN_SET_TCB_REQ,
KTLS_CONN_SET_TCB_RPL,
KTLS_CONN_TX_READY,
}; };
struct chcr_ktls_info { struct chcr_ktls_info {
struct sock *sk; struct sock *sk;
spinlock_t lock; /* state machine lock */ spinlock_t lock; /* lock for pending_close */
struct ktls_key_ctx key_ctx; struct ktls_key_ctx key_ctx;
struct adapter *adap; struct adapter *adap;
struct l2t_entry *l2te; struct l2t_entry *l2te;
struct net_device *netdev; struct net_device *netdev;
struct completion completion;
u64 iv; u64 iv;
u64 record_no; u64 record_no;
int tid; int tid;
@ -58,13 +56,14 @@ struct chcr_ktls_info {
u32 tcp_start_seq_number; u32 tcp_start_seq_number;
u32 scmd0_short_seqno_numivs; u32 scmd0_short_seqno_numivs;
u32 scmd0_short_ivgen_hdrlen; u32 scmd0_short_ivgen_hdrlen;
enum chcr_ktls_conn_state connection_state;
u16 prev_win; u16 prev_win;
u8 tx_chan; u8 tx_chan;
u8 smt_idx; u8 smt_idx;
u8 port_id; u8 port_id;
u8 ip_family; u8 ip_family;
u8 first_qset; u8 first_qset;
enum ch_ktls_open_state open_state;
bool pending_close;
}; };
struct chcr_ktls_ofld_ctx_tx { struct chcr_ktls_ofld_ctx_tx {