linux/Documentation
David S. Miller 1078029172 mlx5-tls-2020-06-26
1) Improve hardware layouts and structure for kTLS support
 
 2) Generalize ICOSQ (Internal Channel Operations Send Queue)
 Due to the asynchronous nature of adding new kTLS flows and handling
 HW asynchronous kTLS resync requests, the XSK ICOSQ was extended to
 support generic async operations, such as kTLS add flow and resync, in
 addition to the existing XSK usages.
 
 3) kTLS hardware flow steering and classification:
 The driver already has the means to classify TCP ipv4/6 flows to send them
 to the corresponding RSS HW engine, as reflected in patches 3 through 5,
 the series will add a steering layer that will hook to the driver's TCP
 classifiers and will match on well known kTLS connection, in case of a
 match traffic will be redirected to the kTLS decryption engine, otherwise
 traffic will continue flowing normally to the TCP RSS engine.
 
 3) kTLS add flow RX HW offload support
 New offload contexts post their static/progress params WQEs
 (Work Queue Element) to communicate the newly added kTLS contexts
 over the per-channel async ICOSQ.
 
 The Channel/RQ is selected according to the socket's rxq index.
 
 A new TLS-RX workqueue is used to allow asynchronous addition of
 steering rules, out of the NAPI context.
 It will be also used in a downstream patch in the resync procedure.
 
 Feature is OFF by default. Can be turned on by:
 $ ethtool -K <if> tls-hw-rx-offload on
 
 4) Added mlx5 kTLS sw stats and new counters are documented in
 Documentation/networking/tls-offload.rst
 rx_tls_ctx - number of TLS RX HW offload contexts added to device for
 decryption.
 
 rx_tls_ooo - number of RX packets which were part of a TLS stream
 but did not arrive in the expected order and triggered the resync
 procedure.
 
 rx_tls_del - number of TLS RX HW offload contexts deleted from device
 (connection has finished).
 
 rx_tls_err - number of RX packets which were part of a TLS stream
  but were not decrypted due to unexpected error in the state machine.
 
 5) Asynchronous RX resync
 
 a. The NIC driver indicates that it would like to resync on some TLS
 record within the received packet (P), but the driver does not
 know (yet) which of the TLS records within the packet.
 At this stage, the NIC driver will query the device to find the exact
 TCP sequence for resync (tcpsn), however, the driver does not wait
 for the device to provide the response.
 
 b. Eventually, the device responds, and the driver provides the tcpsn
 within the resync packet to KTLS. Now, KTLS can check the tcpsn against
 any processed TLS records within packet P, and also against any record
 that is processed in the future within packet P.
 
 The asynchronous resync path simplifies the device driver, as it can
 save bits on the packet completion (32-bit TCP sequence), and pass this
 information on an asynchronous command instead.
 
 Performance:
     CPU: Intel(R) Xeon(R) CPU E5-2687W v4 @ 3.00GHz, 24 cores, HT off
     NIC: ConnectX-6 Dx 100GbE dual port
 
     Goodput (app-layer throughput) comparison:
     +---------------+-------+-------+---------+
     | # connections |   1   |   4   |    8    |
     +---------------+-------+-------+---------+
     | SW (Gbps)     |  7.26 | 24.70 |   50.30 |
     +---------------+-------+-------+---------+
     | HW (Gbps)     | 18.50 | 64.30 |   92.90 |
     +---------------+-------+-------+---------+
     | Speedup       | 2.55x | 2.56x | 1.85x * |
     +---------------+-------+-------+---------+
 
     * After linerate is reached, diff is observed in CPU util
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEGhZs6bAKwk/OTgTpSD+KveBX+j4FAl73s2kACgkQSD+KveBX
 +j4wqAf/ZhcEn7i4N2F9wMMIL6wd4DgwKWWhbGpiREIxDwcRbqH7PGom8nBZMNd9
 +3g3zfURvByWehLtYcjmMgR4B7+xDgEs0dSx6pQM9764HqLDV2jW8ENr9Vr/u8s1
 hJ/eV8uzIfvx27MzbENZi0oJTw7N9nCgdcv1OyZkIba+Iado9pOeakPgBmTbINgo
 46LJI9nIEROE15gfjyxrVeYAs3Nxt+bogQCWYfMqUfRmKcMJ0d4oTHaUdtmm+xQB
 jC685/e4gE7jRgZ3qH/xvCZYp7+TVKaXsB0EtaJdPFEkvvvQpgPTfquIQ+6l7vvE
 Yf1YUhnDOoxGUQy1CdSZ2reNxLIm8A==
 =7+rG
 -----END PGP SIGNATURE-----

Merge tag 'mlx5-tls-2020-06-26' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

Saeed Mahameed says:

====================
mlx5-tls-2020-06-26

1) Improve hardware layouts and structure for kTLS support

2) Generalize ICOSQ (Internal Channel Operations Send Queue)
Due to the asynchronous nature of adding new kTLS flows and handling
HW asynchronous kTLS resync requests, the XSK ICOSQ was extended to
support generic async operations, such as kTLS add flow and resync, in
addition to the existing XSK usages.

3) kTLS hardware flow steering and classification:
The driver already has the means to classify TCP ipv4/6 flows to send them
to the corresponding RSS HW engine, as reflected in patches 3 through 5,
the series will add a steering layer that will hook to the driver's TCP
classifiers and will match on well known kTLS connection, in case of a
match traffic will be redirected to the kTLS decryption engine, otherwise
traffic will continue flowing normally to the TCP RSS engine.

3) kTLS add flow RX HW offload support
New offload contexts post their static/progress params WQEs
(Work Queue Element) to communicate the newly added kTLS contexts
over the per-channel async ICOSQ.

The Channel/RQ is selected according to the socket's rxq index.

A new TLS-RX workqueue is used to allow asynchronous addition of
steering rules, out of the NAPI context.
It will be also used in a downstream patch in the resync procedure.

Feature is OFF by default. Can be turned on by:
$ ethtool -K <if> tls-hw-rx-offload on

4) Added mlx5 kTLS sw stats and new counters are documented in
Documentation/networking/tls-offload.rst
rx_tls_ctx - number of TLS RX HW offload contexts added to device for
decryption.

rx_tls_ooo - number of RX packets which were part of a TLS stream
but did not arrive in the expected order and triggered the resync
procedure.

rx_tls_del - number of TLS RX HW offload contexts deleted from device
(connection has finished).

rx_tls_err - number of RX packets which were part of a TLS stream
 but were not decrypted due to unexpected error in the state machine.

5) Asynchronous RX resync

a. The NIC driver indicates that it would like to resync on some TLS
record within the received packet (P), but the driver does not
know (yet) which of the TLS records within the packet.
At this stage, the NIC driver will query the device to find the exact
TCP sequence for resync (tcpsn), however, the driver does not wait
for the device to provide the response.

b. Eventually, the device responds, and the driver provides the tcpsn
within the resync packet to KTLS. Now, KTLS can check the tcpsn against
any processed TLS records within packet P, and also against any record
that is processed in the future within packet P.

The asynchronous resync path simplifies the device driver, as it can
save bits on the packet completion (32-bit TCP sequence), and pass this
information on an asynchronous command instead.

Performance:
    CPU: Intel(R) Xeon(R) CPU E5-2687W v4 @ 3.00GHz, 24 cores, HT off
    NIC: ConnectX-6 Dx 100GbE dual port

    Goodput (app-layer throughput) comparison:
    +---------------+-------+-------+---------+
    | # connections |   1   |   4   |    8    |
    +---------------+-------+-------+---------+
    | SW (Gbps)     |  7.26 | 24.70 |   50.30 |
    +---------------+-------+-------+---------+
    | HW (Gbps)     | 18.50 | 64.30 |   92.90 |
    +---------------+-------+-------+---------+
    | Speedup       | 2.55x | 2.56x | 1.85x * |
    +---------------+-------+-------+---------+

    * After linerate is reached, diff is observed in CPU util
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-06-29 17:18:40 -07:00
..
ABI Revert "kernel/printk: add kmsg SEEK_CUR handling" 2020-06-21 20:47:20 -07:00
PCI pci-v5.8-changes 2020-06-06 11:01:58 -07:00
RCU
accounting
admin-guide A handful of late-arriving docs fixes, along with a patch changing a lot of 2020-06-10 14:12:15 -07:00
arm
arm64 docs/arm64: Fix typo'd #define in sve.rst 2020-06-15 13:17:43 +01:00
block for-5.8-tag 2020-06-02 19:59:25 -07:00
bpf bpf: Document optval > PAGE_SIZE behavior for sockopt hooks 2020-06-17 10:54:05 -07:00
cdrom
core-api A handful of late-arriving docs fixes, along with a patch changing a lot of 2020-06-10 14:12:15 -07:00
cpu-freq
crypto
dev-tools kcsan: Update Documentation to change supported compilers 2020-06-11 20:04:02 +02:00
devicetree docs: networking: reorganize driver documentation again 2020-06-26 16:08:44 -07:00
doc-guide A handful of late-arriving docs fixes, along with a patch changing a lot of 2020-06-10 14:12:15 -07:00
driver-api Documentation: media: convert to use i2c_new_client_device() 2020-06-19 09:20:25 +02:00
fault-injection
fb media updates for v5.8-rc1 2020-06-03 20:59:38 -07:00
features mm/debug: add tests validating architecture page table helpers 2020-06-04 19:06:21 -07:00
filesystems This is the second round of ext4 commits for 5.8 merge window. It 2020-06-15 09:32:10 -07:00
firmware-guide usb: typec: Add firmware documentation for the Intel PMC mux control 2020-05-13 14:20:49 +02:00
firmware_class
fpga
gpu drm/amdgpu: fix documentation around busy_percentage 2020-06-17 17:42:43 -04:00
hid
hwmon Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
i2c Documentation/i2c: SMBus start signal is S not A 2020-06-19 09:21:48 +02:00
ia64 docs: add IRQ documentation at the core-api book 2020-05-15 12:00:56 -06:00
ide
iio
infiniband RDMA/core: Remove FMR device ops 2020-06-02 20:32:54 -03:00
input
isdn
kbuild kbuild: doc: rename LDFLAGS to KBUILD_LDFLAGS 2020-06-06 23:39:20 +09:00
kernel-hacking
leds
livepatch livepatch: Remove .klp.arch 2020-05-08 00:12:42 +02:00
locking A fair amount of stuff this time around, dominated by yet another massive 2020-06-01 15:45:27 -07:00
m68k
maintainer Documentation: fixes to the maintainer-entry-profile template 2020-06-01 09:36:07 -06:00
mhi
mips
misc-devices Replace HTTP links with HTTPS ones: documentation 2020-06-08 09:30:19 -06:00
netlabel
networking mlx5-tls-2020-06-26 2020-06-29 17:18:40 -07:00
nios2
nvdimm nvdimm: fixes to maintainter-entry-profile 2020-05-25 10:19:19 -06:00
openrisc
parisc
pcmcia
power Power management updates for 5.8-rc1 2020-06-02 13:17:23 -07:00
powerpc powerpc: Document details on H_SCM_HEALTH hcall 2020-06-15 18:22:43 -07:00
process Merge branch 'rwonce/rework' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux 2020-06-10 14:46:54 -07:00
riscv
s390 s390 updates for the 5.8 merge window 2020-06-08 12:05:31 -07:00
scheduler
scsi
security Notifications over pipes + Keyring notifications 2020-06-13 09:56:21 -07:00
sh Documentation: remove SH-5 index entries 2020-06-16 17:39:43 -07:00
sound
sparc
sphinx Replace HTTP links with HTTPS ones: documentation 2020-06-08 09:30:19 -06:00
sphinx-static
spi
target doc: don't use deprecated "---help---" markers in target docs 2020-06-13 13:32:40 -07:00
timers timer: add fsleep for flexible sleeping 2020-05-06 17:03:34 -07:00
trace A handful of late-arriving docs fixes, along with a patch changing a lot of 2020-06-10 14:12:15 -07:00
translations A handful of late-arriving docs fixes, along with a patch changing a lot of 2020-06-10 14:12:15 -07:00
usb A fair amount of stuff this time around, dominated by yet another massive 2020-06-01 15:45:27 -07:00
userspace-api Documentation: media: convert to use i2c_new_client_device() 2020-06-19 09:20:25 +02:00
virt ARM: 2020-06-03 15:13:47 -07:00
vm A handful of late-arriving docs fixes, along with a patch changing a lot of 2020-06-10 14:12:15 -07:00
w1 w1_therm: adding bulk read support to trigger multiple conversion on bus 2020-05-15 16:29:00 +02:00
watchdog watchdog: clarify that stop() is optional 2020-05-25 08:55:42 +02:00
x86 A fair amount of stuff this time around, dominated by yet another massive 2020-06-01 15:45:27 -07:00
xtensa
.gitignore
COPYING-logo Replace HTTP links with HTTPS ones: documentation 2020-06-08 09:30:19 -06:00
Changes
CodingStyle
Kconfig
Makefile media updates for v5.8-rc1 2020-06-03 20:59:38 -07:00
SubmittingPatches
asm-annotations.rst
atomic_bitops.txt
atomic_t.txt
bus-virt-phys-mapping.txt
conf.py Replace HTTP links with HTTPS ones: documentation 2020-06-08 09:30:19 -06:00
crc32.txt
docutils.conf
dontdiff modpost: generate vmlinux.symvers and reuse it for the second modpost 2020-06-06 23:38:12 +09:00
index.rst Devicetree updates for v5.8: 2020-06-04 20:11:25 -07:00
kprobes.txt
logo.gif
lzo.txt lib/lzo: fix ambiguous encoding bug in lzo-rle 2020-06-11 18:17:47 -07:00
mailbox.txt
memory-barriers.txt
nommu-mmap.txt
remoteproc.txt
rpmsg.txt
speculation.txt
static-keys.txt Replace HTTP links with HTTPS ones: documentation 2020-06-08 09:30:19 -06:00
tee.txt
this_cpu_ops.txt
watch_queue.rst pipe: Add general notification queue support 2020-05-19 15:08:24 +01:00
xz.txt Replace HTTP links with HTTPS ones: documentation 2020-06-08 09:30:19 -06:00