tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

net/mlx5e: Add PSP stats support for Rx/Tx flows

Add all statistics described under the "Implementation Requirements"
section of the PSP Architecture Specification:

Rx successfully decrypted PSP packets:
psp_rx_pkts : Number of packets decrypted successfully
psp_rx_bytes : Number of bytes decrypted successfully

Rx PSP authentication failure statistics:
psp_rx_pkts_auth_fail : Number of PSP packets that failed authentication
psp_rx_bytes_auth_fail : Number of PSP bytes that failed authentication

Rx PSP bad frame error statistics:
psp_rx_pkts_frame_err;
psp_rx_bytes_frame_err;

Rx PSP drop statistics:
psp_rx_pkts_drop : Number of PSP packets dropped
psp_rx_bytes_drop : Number of PSP bytes dropped

Tx successfully encrypted PSP packets:
psp_tx_pkts : Number of packets encrypted successfully
psp_tx_bytes : Number of bytes encrypted successfully

Tx drops:
tx_drop : Number of misc psp related drops

The above can be seen using the ynl cli:
./pyynl/cli.py --spec netlink/specs/psp.yaml --dump get-stats

Signed-off-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>
Signed-off-by: Daniel Zahka <daniel.zahka@gmail.com>
Link: https://patch.msgid.link/20251106002608.1578518-5-daniel.zahka@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski b1346219 f05d2619

+241 -16
+219 -16
drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.c
··· 28 28 struct mlx5_flow_handle *rule; 29 29 struct mutex mutex; /* Protect PSP TX steering */ 30 30 u32 refcnt; 31 + struct mlx5_fc *tx_counter; 31 32 }; 32 33 33 34 struct mlx5e_psp_rx_err { 34 35 struct mlx5_flow_table *ft; 35 36 struct mlx5_flow_handle *rule; 36 - struct mlx5_flow_handle *drop_rule; 37 + struct mlx5_flow_handle *auth_fail_rule; 38 + struct mlx5_flow_handle *err_rule; 39 + struct mlx5_flow_handle *bad_rule; 37 40 struct mlx5_modify_hdr *copy_modify_hdr; 38 41 }; 39 42 ··· 53 50 54 51 struct mlx5e_accel_fs_psp { 55 52 struct mlx5e_accel_fs_psp_prot fs_prot[ACCEL_FS_PSP_NUM_TYPES]; 53 + struct mlx5_fc *rx_counter; 54 + struct mlx5_fc *rx_auth_fail_counter; 55 + struct mlx5_fc *rx_err_counter; 56 + struct mlx5_fc *rx_bad_counter; 56 57 }; 57 58 58 59 struct mlx5e_psp_fs { ··· 79 72 static void accel_psp_fs_rx_err_del_rules(struct mlx5e_psp_fs *fs, 80 73 struct mlx5e_psp_rx_err *rx_err) 81 74 { 82 - if (rx_err->drop_rule) { 83 - mlx5_del_flow_rules(rx_err->drop_rule); 84 - rx_err->drop_rule = NULL; 75 + if (rx_err->bad_rule) { 76 + mlx5_del_flow_rules(rx_err->bad_rule); 77 + rx_err->bad_rule = NULL; 78 + } 79 + 80 + if (rx_err->err_rule) { 81 + mlx5_del_flow_rules(rx_err->err_rule); 82 + rx_err->err_rule = NULL; 83 + } 84 + 85 + if (rx_err->auth_fail_rule) { 86 + mlx5_del_flow_rules(rx_err->auth_fail_rule); 87 + rx_err->auth_fail_rule = NULL; 85 88 } 86 89 87 90 if (rx_err->rule) { ··· 134 117 { 135 118 u8 action[MLX5_UN_SZ_BYTES(set_add_copy_action_in_auto)] = {}; 136 119 struct mlx5_core_dev *mdev = fs->mdev; 120 + struct mlx5_flow_destination dest[2]; 137 121 struct mlx5_flow_act flow_act = {}; 138 122 struct mlx5_modify_hdr *modify_hdr; 139 123 struct mlx5_flow_handle *fte; ··· 165 147 accel_psp_setup_syndrome_match(spec, PSP_OK); 166 148 /* create fte */ 167 149 flow_act.action = MLX5_FLOW_CONTEXT_ACTION_MOD_HDR | 168 - MLX5_FLOW_CONTEXT_ACTION_FWD_DEST; 150 + MLX5_FLOW_CONTEXT_ACTION_FWD_DEST | 151 + MLX5_FLOW_CONTEXT_ACTION_COUNT; 169 152 flow_act.modify_hdr = modify_hdr; 170 - fte = mlx5_add_flow_rules(rx_err->ft, spec, &flow_act, 171 - &fs_prot->default_dest, 1); 153 + dest[0].type = fs_prot->default_dest.type; 154 + dest[0].ft = fs_prot->default_dest.ft; 155 + dest[1].type = MLX5_FLOW_DESTINATION_TYPE_COUNTER; 156 + dest[1].counter = fs->rx_fs->rx_counter; 157 + fte = mlx5_add_flow_rules(rx_err->ft, spec, &flow_act, dest, 2); 172 158 if (IS_ERR(fte)) { 173 159 err = PTR_ERR(fte); 174 160 mlx5_core_err(mdev, "fail to add psp rx err copy rule err=%d\n", err); ··· 180 158 } 181 159 rx_err->rule = fte; 182 160 183 - /* add default drop rule */ 161 + /* add auth fail drop rule */ 162 + memset(spec, 0, sizeof(*spec)); 163 + memset(&flow_act, 0, sizeof(flow_act)); 164 + accel_psp_setup_syndrome_match(spec, PSP_ICV_FAIL); 165 + /* create fte */ 166 + flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP | 167 + MLX5_FLOW_CONTEXT_ACTION_COUNT; 168 + dest[0].type = MLX5_FLOW_DESTINATION_TYPE_COUNTER; 169 + dest[0].counter = fs->rx_fs->rx_auth_fail_counter; 170 + fte = mlx5_add_flow_rules(rx_err->ft, spec, &flow_act, dest, 1); 171 + if (IS_ERR(fte)) { 172 + err = PTR_ERR(fte); 173 + mlx5_core_err(mdev, "fail to add psp rx auth fail drop rule err=%d\n", 174 + err); 175 + goto out_drop_rule; 176 + } 177 + rx_err->auth_fail_rule = fte; 178 + 179 + /* add framing drop rule */ 180 + memset(spec, 0, sizeof(*spec)); 181 + memset(&flow_act, 0, sizeof(flow_act)); 182 + accel_psp_setup_syndrome_match(spec, PSP_BAD_TRAILER); 183 + /* create fte */ 184 + flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP | 185 + MLX5_FLOW_CONTEXT_ACTION_COUNT; 186 + dest[0].type = MLX5_FLOW_DESTINATION_TYPE_COUNTER; 187 + dest[0].counter = fs->rx_fs->rx_err_counter; 188 + fte = mlx5_add_flow_rules(rx_err->ft, spec, &flow_act, dest, 1); 189 + if (IS_ERR(fte)) { 190 + err = PTR_ERR(fte); 191 + mlx5_core_err(mdev, "fail to add psp rx framing err drop rule err=%d\n", 192 + err); 193 + goto out_drop_auth_fail_rule; 194 + } 195 + rx_err->err_rule = fte; 196 + 197 + /* add misc. errors drop rule */ 184 198 memset(spec, 0, sizeof(*spec)); 185 199 memset(&flow_act, 0, sizeof(flow_act)); 186 200 /* create fte */ 187 - flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP; 188 - fte = mlx5_add_flow_rules(rx_err->ft, spec, &flow_act, NULL, 0); 201 + flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP | 202 + MLX5_FLOW_CONTEXT_ACTION_COUNT; 203 + dest[0].type = MLX5_FLOW_DESTINATION_TYPE_COUNTER; 204 + dest[0].counter = fs->rx_fs->rx_bad_counter; 205 + fte = mlx5_add_flow_rules(rx_err->ft, spec, &flow_act, dest, 1); 189 206 if (IS_ERR(fte)) { 190 207 err = PTR_ERR(fte); 191 - mlx5_core_err(mdev, "fail to add psp rx err drop rule err=%d\n", err); 192 - goto out_drop_rule; 208 + mlx5_core_err(mdev, "fail to add psp rx misc. err drop rule err=%d\n", 209 + err); 210 + goto out_drop_error_rule; 193 211 } 194 - rx_err->drop_rule = fte; 212 + rx_err->bad_rule = fte; 213 + 195 214 rx_err->copy_modify_hdr = modify_hdr; 196 215 197 216 goto out_spec; 198 217 218 + out_drop_error_rule: 219 + mlx5_del_flow_rules(rx_err->err_rule); 220 + rx_err->err_rule = NULL; 221 + out_drop_auth_fail_rule: 222 + mlx5_del_flow_rules(rx_err->auth_fail_rule); 223 + rx_err->auth_fail_rule = NULL; 199 224 out_drop_rule: 200 225 mlx5_del_flow_rules(rx_err->rule); 201 226 rx_err->rule = NULL; ··· 530 461 return; 531 462 532 463 accel_psp = fs->rx_fs; 464 + mlx5_fc_destroy(fs->mdev, accel_psp->rx_bad_counter); 465 + mlx5_fc_destroy(fs->mdev, accel_psp->rx_err_counter); 466 + mlx5_fc_destroy(fs->mdev, accel_psp->rx_auth_fail_counter); 467 + mlx5_fc_destroy(fs->mdev, accel_psp->rx_counter); 533 468 for (i = 0; i < ACCEL_FS_PSP_NUM_TYPES; i++) { 534 469 fs_prot = &accel_psp->fs_prot[i]; 535 470 mutex_destroy(&fs_prot->prot_mutex); ··· 547 474 { 548 475 struct mlx5e_accel_fs_psp_prot *fs_prot; 549 476 struct mlx5e_accel_fs_psp *accel_psp; 477 + struct mlx5_core_dev *mdev = fs->mdev; 478 + struct mlx5_fc *flow_counter; 550 479 enum accel_fs_psp_type i; 480 + int err; 551 481 552 482 accel_psp = kzalloc(sizeof(*accel_psp), GFP_KERNEL); 553 483 if (!accel_psp) ··· 561 485 mutex_init(&fs_prot->prot_mutex); 562 486 } 563 487 488 + flow_counter = mlx5_fc_create(mdev, false); 489 + if (IS_ERR(flow_counter)) { 490 + mlx5_core_warn(mdev, 491 + "fail to create psp rx flow counter err=%pe\n", 492 + flow_counter); 493 + err = PTR_ERR(flow_counter); 494 + goto out_err; 495 + } 496 + accel_psp->rx_counter = flow_counter; 497 + 498 + flow_counter = mlx5_fc_create(mdev, false); 499 + if (IS_ERR(flow_counter)) { 500 + mlx5_core_warn(mdev, 501 + "fail to create psp rx auth fail flow counter err=%pe\n", 502 + flow_counter); 503 + err = PTR_ERR(flow_counter); 504 + goto out_counter_err; 505 + } 506 + accel_psp->rx_auth_fail_counter = flow_counter; 507 + 508 + flow_counter = mlx5_fc_create(mdev, false); 509 + if (IS_ERR(flow_counter)) { 510 + mlx5_core_warn(mdev, 511 + "fail to create psp rx error flow counter err=%pe\n", 512 + flow_counter); 513 + err = PTR_ERR(flow_counter); 514 + goto out_auth_fail_counter_err; 515 + } 516 + accel_psp->rx_err_counter = flow_counter; 517 + 518 + flow_counter = mlx5_fc_create(mdev, false); 519 + if (IS_ERR(flow_counter)) { 520 + mlx5_core_warn(mdev, 521 + "fail to create psp rx bad flow counter err=%pe\n", 522 + flow_counter); 523 + err = PTR_ERR(flow_counter); 524 + goto out_err_counter_err; 525 + } 526 + accel_psp->rx_bad_counter = flow_counter; 527 + 564 528 fs->rx_fs = accel_psp; 565 529 566 530 return 0; 531 + 532 + out_err_counter_err: 533 + mlx5_fc_destroy(mdev, accel_psp->rx_err_counter); 534 + accel_psp->rx_err_counter = NULL; 535 + out_auth_fail_counter_err: 536 + mlx5_fc_destroy(mdev, accel_psp->rx_auth_fail_counter); 537 + accel_psp->rx_auth_fail_counter = NULL; 538 + out_counter_err: 539 + mlx5_fc_destroy(mdev, accel_psp->rx_counter); 540 + accel_psp->rx_counter = NULL; 541 + out_err: 542 + for (i = 0; i < ACCEL_FS_PSP_NUM_TYPES; i++) { 543 + fs_prot = &accel_psp->fs_prot[i]; 544 + mutex_destroy(&fs_prot->prot_mutex); 545 + } 546 + kfree(accel_psp); 547 + fs->rx_fs = NULL; 548 + 549 + return err; 567 550 } 568 551 569 552 void mlx5_accel_psp_fs_cleanup_rx_tables(struct mlx5e_priv *priv) ··· 667 532 { 668 533 int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in); 669 534 struct mlx5_flow_table_attr ft_attr = {}; 535 + struct mlx5_flow_destination dest = {}; 670 536 struct mlx5_core_dev *mdev = fs->mdev; 671 537 struct mlx5_flow_act flow_act = {}; 672 538 u32 *in, *mc, *outer_headers_c; ··· 716 580 flow_act.crypto.type = MLX5_FLOW_CONTEXT_ENCRYPT_DECRYPT_TYPE_PSP; 717 581 flow_act.flags |= FLOW_ACT_NO_APPEND; 718 582 flow_act.action = MLX5_FLOW_CONTEXT_ACTION_ALLOW | 719 - MLX5_FLOW_CONTEXT_ACTION_CRYPTO_ENCRYPT; 720 - rule = mlx5_add_flow_rules(ft, spec, &flow_act, NULL, 0); 583 + MLX5_FLOW_CONTEXT_ACTION_CRYPTO_ENCRYPT | 584 + MLX5_FLOW_CONTEXT_ACTION_COUNT; 585 + dest.type = MLX5_FLOW_DESTINATION_TYPE_COUNTER; 586 + dest.counter = tx_fs->tx_counter; 587 + rule = mlx5_add_flow_rules(ft, spec, &flow_act, &dest, 1); 721 588 if (IS_ERR(rule)) { 722 589 err = PTR_ERR(rule); 723 590 mlx5_core_err(mdev, "PSP: fail to add psp tx flow rule, err = %d\n", err); ··· 789 650 if (!tx_fs) 790 651 return; 791 652 653 + mlx5_fc_destroy(fs->mdev, tx_fs->tx_counter); 792 654 mutex_destroy(&tx_fs->mutex); 793 655 WARN_ON(tx_fs->refcnt); 794 656 kfree(tx_fs); ··· 798 658 799 659 static int accel_psp_fs_init_tx(struct mlx5e_psp_fs *fs) 800 660 { 661 + struct mlx5_core_dev *mdev = fs->mdev; 801 662 struct mlx5_flow_namespace *ns; 663 + struct mlx5_fc *flow_counter; 802 664 struct mlx5e_psp_tx *tx_fs; 803 665 804 - ns = mlx5_get_flow_namespace(fs->mdev, MLX5_FLOW_NAMESPACE_EGRESS_IPSEC); 666 + ns = mlx5_get_flow_namespace(mdev, MLX5_FLOW_NAMESPACE_EGRESS_IPSEC); 805 667 if (!ns) 806 668 return -EOPNOTSUPP; 807 669 ··· 811 669 if (!tx_fs) 812 670 return -ENOMEM; 813 671 672 + flow_counter = mlx5_fc_create(mdev, false); 673 + if (IS_ERR(flow_counter)) { 674 + mlx5_core_warn(mdev, 675 + "fail to create psp tx flow counter err=%pe\n", 676 + flow_counter); 677 + kfree(tx_fs); 678 + return PTR_ERR(flow_counter); 679 + } 680 + tx_fs->tx_counter = flow_counter; 814 681 mutex_init(&tx_fs->mutex); 815 682 tx_fs->ns = ns; 816 683 fs->tx_fs = tx_fs; 817 684 return 0; 685 + } 686 + 687 + static void 688 + mlx5e_accel_psp_fs_get_stats_fill(struct mlx5e_priv *priv, 689 + struct mlx5e_psp_stats *stats) 690 + { 691 + struct mlx5e_psp_tx *tx_fs = priv->psp->fs->tx_fs; 692 + struct mlx5_core_dev *mdev = priv->mdev; 693 + struct mlx5e_accel_fs_psp *accel_psp; 694 + 695 + accel_psp = (struct mlx5e_accel_fs_psp *)priv->psp->fs->rx_fs; 696 + 697 + if (tx_fs->tx_counter) 698 + mlx5_fc_query(mdev, tx_fs->tx_counter, &stats->psp_tx_pkts, 699 + &stats->psp_tx_bytes); 700 + 701 + if (accel_psp->rx_counter) 702 + mlx5_fc_query(mdev, accel_psp->rx_counter, &stats->psp_rx_pkts, 703 + &stats->psp_rx_bytes); 704 + 705 + if (accel_psp->rx_auth_fail_counter) 706 + mlx5_fc_query(mdev, accel_psp->rx_auth_fail_counter, 707 + &stats->psp_rx_pkts_auth_fail, 708 + &stats->psp_rx_bytes_auth_fail); 709 + 710 + if (accel_psp->rx_err_counter) 711 + mlx5_fc_query(mdev, accel_psp->rx_err_counter, 712 + &stats->psp_rx_pkts_frame_err, 713 + &stats->psp_rx_bytes_frame_err); 714 + 715 + if (accel_psp->rx_bad_counter) 716 + mlx5_fc_query(mdev, accel_psp->rx_bad_counter, 717 + &stats->psp_rx_pkts_drop, 718 + &stats->psp_rx_bytes_drop); 818 719 } 819 720 820 721 void mlx5_accel_psp_fs_cleanup_tx_tables(struct mlx5e_priv *priv) ··· 1034 849 return mlx5e_psp_rotate_key(priv->mdev); 1035 850 } 1036 851 852 + static void 853 + mlx5e_psp_get_stats(struct psp_dev *psd, struct psp_dev_stats *stats) 854 + { 855 + struct mlx5e_priv *priv = netdev_priv(psd->main_netdev); 856 + struct mlx5e_psp_stats nstats; 857 + 858 + mlx5e_accel_psp_fs_get_stats_fill(priv, &nstats); 859 + stats->rx_packets = nstats.psp_rx_pkts; 860 + stats->rx_bytes = nstats.psp_rx_bytes; 861 + stats->rx_auth_fail = nstats.psp_rx_pkts_auth_fail; 862 + stats->rx_error = nstats.psp_rx_pkts_frame_err; 863 + stats->rx_bad = nstats.psp_rx_pkts_drop; 864 + stats->tx_packets = nstats.psp_tx_pkts; 865 + stats->tx_bytes = nstats.psp_tx_bytes; 866 + stats->tx_error = atomic_read(&priv->psp->tx_drop); 867 + } 868 + 1037 869 static struct psp_dev_ops mlx5_psp_ops = { 1038 870 .set_config = mlx5e_psp_set_config, 1039 871 .rx_spi_alloc = mlx5e_psp_rx_spi_alloc, 1040 872 .tx_key_add = mlx5e_psp_assoc_add, 1041 873 .tx_key_del = mlx5e_psp_assoc_del, 1042 874 .key_rotate = mlx5e_psp_key_rotate, 875 + .get_stats = mlx5e_psp_get_stats, 1043 876 }; 1044 877 1045 878 void mlx5e_psp_unregister(struct mlx5e_priv *priv)
+16
drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp.h
··· 7 7 #include <net/psp/types.h> 8 8 #include "en.h" 9 9 10 + struct mlx5e_psp_stats { 11 + u64 psp_rx_pkts; 12 + u64 psp_rx_bytes; 13 + u64 psp_rx_pkts_auth_fail; 14 + u64 psp_rx_bytes_auth_fail; 15 + u64 psp_rx_pkts_frame_err; 16 + u64 psp_rx_bytes_frame_err; 17 + u64 psp_rx_pkts_drop; 18 + u64 psp_rx_bytes_drop; 19 + u64 psp_tx_pkts; 20 + u64 psp_tx_bytes; 21 + u64 psp_tx_pkts_drop; 22 + u64 psp_tx_bytes_drop; 23 + }; 24 + 10 25 struct mlx5e_psp { 11 26 struct psp_dev *psp; 12 27 struct psp_dev_caps caps; 13 28 struct mlx5e_psp_fs *fs; 14 29 atomic_t tx_key_cnt; 30 + atomic_t tx_drop; 15 31 }; 16 32 17 33 static inline bool mlx5_is_psp_device(struct mlx5_core_dev *mdev)
+1
drivers/net/ethernet/mellanox/mlx5/core/en_accel/psp_rxtx.c
··· 186 186 /* psp_encap of the packet */ 187 187 if (!psp_dev_encapsulate(net, skb, psp_st->spi, psp_st->ver, 0)) { 188 188 kfree_skb_reason(skb, SKB_DROP_REASON_PSP_OUTPUT); 189 + atomic_inc(&priv->psp->tx_drop); 189 190 return false; 190 191 } 191 192 if (skb_is_gso(skb)) {
+5
drivers/net/ethernet/mellanox/mlx5/core/en_main.c
··· 4025 4025 s->rx_bytes += rq_stats->bytes; 4026 4026 s->multicast += rq_stats->mcast_packets; 4027 4027 } 4028 + 4029 + #ifdef CONFIG_MLX5_EN_PSP 4030 + if (priv->psp) 4031 + s->tx_dropped += atomic_read(&priv->psp->tx_drop); 4032 + #endif 4028 4033 } 4029 4034 4030 4035 void