diff mbox series

[net-next,v7,1/8] octeontx2-pf: map skb data as device writeable

Message ID 20240827133210.1418411-2-bbhushan2@marvell.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series cn10k-ipsec: Add outbound inline ipsec support | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next, async
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 7 this patch: 7
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 8 of 8 maintainers
netdev/build_clang success Errors and warnings before: 16 this patch: 16
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 19 this patch: 19
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 48 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-08-27--21-00 (tests: 714)

Commit Message

Bharat Bhushan Aug. 27, 2024, 1:32 p.m. UTC 
Crypto hardware need write permission for in-place encrypt
or decrypt operation on skb-data to support IPsec crypto
offload. That patch uses skb_unshare to make sdk data writeable
for ipsec crypto offload and map skb fragment memory as
device read-write.

Signed-off-by: Bharat Bhushan <bbhushan2@marvell.com>
---
v6->v7:
 - skb data was mapped as device writeable but it was not ensured
   that skb is writeable. This version calls skb_unshare() to make
   skb data writeable.

 .../ethernet/marvell/octeontx2/nic/otx2_txrx.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

Comments

Jakub Kicinski Aug. 29, 2024, 1:21 a.m. UTC | #1 
On Tue, 27 Aug 2024 19:02:03 +0530 Bharat Bhushan wrote:
> Crypto hardware need write permission for in-place encrypt
> or decrypt operation on skb-data to support IPsec crypto
> offload. That patch uses skb_unshare to make sdk data writeable

sdk -> skb ? :(

> for ipsec crypto offload and map skb fragment memory as
> device read-write.

Does the crypto engine always override the data with ciphertext?
How did you test this prior to adding skb_unshare()?
Could you share some performance data with this change?
Bharat Bhushan Aug. 29, 2024, 5:47 a.m. UTC | #2 
On Thu, Aug 29, 2024 at 6:51 AM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Tue, 27 Aug 2024 19:02:03 +0530 Bharat Bhushan wrote:
> > Crypto hardware need write permission for in-place encrypt
> > or decrypt operation on skb-data to support IPsec crypto
> > offload. That patch uses skb_unshare to make sdk data writeable
>
> sdk -> skb ? :(
Will fix in next version

>
> > for ipsec crypto offload and map skb fragment memory as
> > device read-write.
>
> Does the crypto engine always override the data with ciphertext?

yes,

> How did you test this prior to adding skb_unshare()?
> Could you share some performance data with this change?

testing using flood ping and iperf with multiple instance,
I do not see any drop in performance numbers

Thanks
-Bharat
Jakub Kicinski Aug. 29, 2024, 2:48 p.m. UTC | #3 
On Thu, 29 Aug 2024 11:17:25 +0530 Bharat Bhushan wrote:
> > How did you test this prior to adding skb_unshare()?
> > Could you share some performance data with this change?  
> 
> testing using flood ping and iperf with multiple instance,

Makes sense, neither of these will detect corruption of data pages :(
IIRC iperf just ignores the data, ping doesn't retransmit.
You gotta beef up your testing...

> I do not see any drop in performance numbers

Well. What's the difference in CPU busy time of v5 vs v7?
You'll copy all TCP packets, they are (pretty much) all clones.
Bharat Bhushan Sept. 2, 2024, 5:48 a.m. UTC | #4 
On Thu, Aug 29, 2024 at 8:18 PM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Thu, 29 Aug 2024 11:17:25 +0530 Bharat Bhushan wrote:
> > > How did you test this prior to adding skb_unshare()?
> > > Could you share some performance data with this change?
> >
> > testing using flood ping and iperf with multiple instance,
>
> Makes sense, neither of these will detect corruption of data pages :(
> IIRC iperf just ignores the data, ping doesn't retransmit.
> You gotta beef up your testing...
>
> > I do not see any drop in performance numbers
>
> Well. What's the difference in CPU busy time of v5 vs v7?
> You'll copy all TCP packets, they are (pretty much) all clones.

cpu is 5-8% more busy when skb unshare.

Thanks
-Bharat
diff mbox series

Patch

diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c
index 3eb85949677a..6ed27d900426 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c
@@ -11,6 +11,7 @@ 
 #include <linux/bpf.h>
 #include <linux/bpf_trace.h>
 #include <net/ip6_checksum.h>
+#include <net/xfrm.h>
 
 #include "otx2_reg.h"
 #include "otx2_common.h"
@@ -83,10 +84,17 @@  static unsigned int frag_num(unsigned int i)
 static dma_addr_t otx2_dma_map_skb_frag(struct otx2_nic *pfvf,
 					struct sk_buff *skb, int seg, int *len)
 {
+	enum dma_data_direction dir = DMA_TO_DEVICE;
 	const skb_frag_t *frag;
 	struct page *page;
 	int offset;
 
+	/* Crypto hardware need write permission for ipsec crypto offload */
+	if (unlikely(xfrm_offload(skb))) {
+		dir = DMA_BIDIRECTIONAL;
+		skb = skb_unshare(skb, GFP_ATOMIC);
+	}
+
 	/* First segment is always skb->data */
 	if (!seg) {
 		page = virt_to_page(skb->data);
@@ -98,16 +106,22 @@  static dma_addr_t otx2_dma_map_skb_frag(struct otx2_nic *pfvf,
 		offset = skb_frag_off(frag);
 		*len = skb_frag_size(frag);
 	}
-	return otx2_dma_map_page(pfvf, page, offset, *len, DMA_TO_DEVICE);
+	return otx2_dma_map_page(pfvf, page, offset, *len, dir);
 }
 
 static void otx2_dma_unmap_skb_frags(struct otx2_nic *pfvf, struct sg_list *sg)
 {
+	enum dma_data_direction dir = DMA_TO_DEVICE;
+	struct sk_buff *skb = NULL;
 	int seg;
 
+	skb = (struct sk_buff *)sg->skb;
+	if (unlikely(xfrm_offload(skb)))
+		dir = DMA_BIDIRECTIONAL;
+
 	for (seg = 0; seg < sg->num_segs; seg++) {
 		otx2_dma_unmap_page(pfvf, sg->dma_addr[seg],
-				    sg->size[seg], DMA_TO_DEVICE);
+				    sg->size[seg], dir);
 	}
 	sg->num_segs = 0;
 }