1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright (C) 2018 Intel Corporation. 3 * All rights reserved. 4 * Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. 5 * All rights reserved. 6 */ 7 8 #include "vbdev_crypto.h" 9 10 #include "spdk/env.h" 11 #include "spdk/likely.h" 12 #include "spdk/endian.h" 13 #include "spdk/thread.h" 14 #include "spdk/bdev_module.h" 15 #include "spdk/log.h" 16 #include "spdk/hexlify.h" 17 18 #include <rte_config.h> 19 #include <rte_bus_vdev.h> 20 #include <rte_crypto.h> 21 #include <rte_cryptodev.h> 22 #include <rte_mbuf_dyn.h> 23 #include <rte_version.h> 24 25 /* Used to store IO context in mbuf */ 26 static const struct rte_mbuf_dynfield rte_mbuf_dynfield_io_context = { 27 .name = "context_bdev_io", 28 .size = sizeof(uint64_t), 29 .align = __alignof__(uint64_t), 30 .flags = 0, 31 }; 32 static int g_mbuf_offset; 33 34 /* To add support for new device types, follow the examples of the following... 35 * Note that the string names are defined by the DPDK PMD in question so be 36 * sure to use the exact names. 37 */ 38 #define MAX_NUM_DRV_TYPES 3 39 40 /* The VF spread is the number of queue pairs between virtual functions, we use this to 41 * load balance the QAT device. 42 */ 43 #define QAT_VF_SPREAD 32 44 static uint8_t g_qat_total_qp = 0; 45 static uint8_t g_next_qat_index; 46 47 const char *g_driver_names[MAX_NUM_DRV_TYPES] = { AESNI_MB, QAT, MLX5 }; 48 49 /* Global list of available crypto devices. */ 50 struct vbdev_dev { 51 struct rte_cryptodev_info cdev_info; /* includes device friendly name */ 52 uint8_t cdev_id; /* identifier for the device */ 53 TAILQ_ENTRY(vbdev_dev) link; 54 }; 55 static TAILQ_HEAD(, vbdev_dev) g_vbdev_devs = TAILQ_HEAD_INITIALIZER(g_vbdev_devs); 56 57 /* Global list and lock for unique device/queue pair combos. We keep 1 list per supported PMD 58 * so that we can optimize per PMD where it make sense. For example, with QAT there an optimal 59 * pattern for assigning queue pairs where with AESNI there is not. 60 */ 61 struct device_qp { 62 struct vbdev_dev *device; /* ptr to crypto device */ 63 uint8_t qp; /* queue pair for this node */ 64 bool in_use; /* whether this node is in use or not */ 65 uint8_t index; /* used by QAT to load balance placement of qpairs */ 66 TAILQ_ENTRY(device_qp) link; 67 }; 68 static TAILQ_HEAD(, device_qp) g_device_qp_qat = TAILQ_HEAD_INITIALIZER(g_device_qp_qat); 69 static TAILQ_HEAD(, device_qp) g_device_qp_aesni_mb = TAILQ_HEAD_INITIALIZER(g_device_qp_aesni_mb); 70 static TAILQ_HEAD(, device_qp) g_device_qp_mlx5 = TAILQ_HEAD_INITIALIZER(g_device_qp_mlx5); 71 static pthread_mutex_t g_device_qp_lock = PTHREAD_MUTEX_INITIALIZER; 72 73 74 /* In order to limit the number of resources we need to do one crypto 75 * operation per LBA (we use LBA as IV), we tell the bdev layer that 76 * our max IO size is something reasonable. Units here are in bytes. 77 */ 78 #define CRYPTO_MAX_IO (64 * 1024) 79 80 /* This controls how many ops will be dequeued from the crypto driver in one run 81 * of the poller. It is mainly a performance knob as it effectively determines how 82 * much work the poller has to do. However even that can vary between crypto drivers 83 * as the AESNI_MB driver for example does all the crypto work on dequeue whereas the 84 * QAT driver just dequeues what has been completed already. 85 */ 86 #define MAX_DEQUEUE_BURST_SIZE 64 87 88 /* When enqueueing, we need to supply the crypto driver with an array of pointers to 89 * operation structs. As each of these can be max 512B, we can adjust the CRYPTO_MAX_IO 90 * value in conjunction with the other defines to make sure we're not using crazy amounts 91 * of memory. All of these numbers can and probably should be adjusted based on the 92 * workload. By default we'll use the worst case (smallest) block size for the 93 * minimum number of array entries. As an example, a CRYPTO_MAX_IO size of 64K with 512B 94 * blocks would give us an enqueue array size of 128. 95 */ 96 #define MAX_ENQUEUE_ARRAY_SIZE (CRYPTO_MAX_IO / 512) 97 98 /* The number of MBUFS we need must be a power of two and to support other small IOs 99 * in addition to the limits mentioned above, we go to the next power of two. It is 100 * big number because it is one mempool for source and destination mbufs. It may 101 * need to be bigger to support multiple crypto drivers at once. 102 */ 103 #define NUM_MBUFS 32768 104 #define POOL_CACHE_SIZE 256 105 #define MAX_CRYPTO_VOLUMES 128 106 #define NUM_SESSIONS (2 * MAX_CRYPTO_VOLUMES) 107 #define SESS_MEMPOOL_CACHE_SIZE 0 108 uint8_t g_number_of_claimed_volumes = 0; 109 110 /* This is the max number of IOs we can supply to any crypto device QP at one time. 111 * It can vary between drivers. 112 */ 113 #define CRYPTO_QP_DESCRIPTORS 2048 114 115 /* At this moment DPDK descriptors allocation for mlx5 has some issues. We use 512 116 * as an compromise value between performance and the time spent for initialization. */ 117 #define CRYPTO_QP_DESCRIPTORS_MLX5 512 118 119 #define AESNI_MB_NUM_QP 64 120 121 /* Common for supported devices. */ 122 #define DEFAULT_NUM_XFORMS 2 123 #define IV_OFFSET (sizeof(struct rte_crypto_op) + \ 124 sizeof(struct rte_crypto_sym_op) + \ 125 (DEFAULT_NUM_XFORMS * \ 126 sizeof(struct rte_crypto_sym_xform))) 127 #define IV_LENGTH 16 128 #define QUEUED_OP_OFFSET (IV_OFFSET + IV_LENGTH) 129 130 static void _complete_internal_io(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg); 131 static void _complete_internal_read(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg); 132 static void _complete_internal_write(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg); 133 static void vbdev_crypto_examine(struct spdk_bdev *bdev); 134 static int vbdev_crypto_claim(const char *bdev_name); 135 static void vbdev_crypto_submit_request(struct spdk_io_channel *ch, struct spdk_bdev_io *bdev_io); 136 137 struct bdev_names { 138 struct vbdev_crypto_opts *opts; 139 TAILQ_ENTRY(bdev_names) link; 140 }; 141 142 /* List of crypto_bdev names and their base bdevs via configuration file. */ 143 static TAILQ_HEAD(, bdev_names) g_bdev_names = TAILQ_HEAD_INITIALIZER(g_bdev_names); 144 145 struct vbdev_crypto { 146 struct spdk_bdev *base_bdev; /* the thing we're attaching to */ 147 struct spdk_bdev_desc *base_desc; /* its descriptor we get from open */ 148 struct spdk_bdev crypto_bdev; /* the crypto virtual bdev */ 149 struct vbdev_crypto_opts *opts; /* crypto options such as key, cipher */ 150 uint32_t qp_desc_nr; /* number of qp descriptors */ 151 void *session_encrypt; /* encryption session for this bdev */ 152 void *session_decrypt; /* decryption session for this bdev */ 153 struct rte_crypto_sym_xform cipher_xform; /* crypto control struct for this bdev */ 154 TAILQ_ENTRY(vbdev_crypto) link; 155 struct spdk_thread *thread; /* thread where base device is opened */ 156 }; 157 158 /* List of virtual bdevs and associated info for each. We keep the device friendly name here even 159 * though its also in the device struct because we use it early on. 160 */ 161 static TAILQ_HEAD(, vbdev_crypto) g_vbdev_crypto = TAILQ_HEAD_INITIALIZER(g_vbdev_crypto); 162 163 /* Shared mempools between all devices on this system */ 164 static struct rte_mempool *g_session_mp = NULL; 165 static struct rte_mempool *g_session_mp_priv = NULL; 166 static struct rte_mempool *g_mbuf_mp = NULL; /* mbuf mempool */ 167 static struct rte_mempool *g_crypto_op_mp = NULL; /* crypto operations, must be rte* mempool */ 168 169 static struct rte_mbuf_ext_shared_info g_shinfo = {}; /* used by DPDK mbuf macro */ 170 171 /* For queueing up crypto operations that we can't submit for some reason */ 172 struct vbdev_crypto_op { 173 uint8_t cdev_id; 174 uint8_t qp; 175 struct rte_crypto_op *crypto_op; 176 struct spdk_bdev_io *bdev_io; 177 TAILQ_ENTRY(vbdev_crypto_op) link; 178 }; 179 #define QUEUED_OP_LENGTH (sizeof(struct vbdev_crypto_op)) 180 181 /* The crypto vbdev channel struct. It is allocated and freed on my behalf by the io channel code. 182 * We store things in here that are needed on per thread basis like the base_channel for this thread, 183 * and the poller for this thread. 184 */ 185 struct crypto_io_channel { 186 struct spdk_io_channel *base_ch; /* IO channel of base device */ 187 struct spdk_poller *poller; /* completion poller */ 188 struct device_qp *device_qp; /* unique device/qp combination for this channel */ 189 TAILQ_HEAD(, spdk_bdev_io) pending_cry_ios; /* outstanding operations to the crypto device */ 190 struct spdk_io_channel_iter *iter; /* used with for_each_channel in reset */ 191 TAILQ_HEAD(, vbdev_crypto_op) queued_cry_ops; /* queued for re-submission to CryptoDev */ 192 }; 193 194 /* This is the crypto per IO context that the bdev layer allocates for us opaquely and attaches to 195 * each IO for us. 196 */ 197 struct crypto_bdev_io { 198 int cryop_cnt_remaining; /* counter used when completing crypto ops */ 199 struct crypto_io_channel *crypto_ch; /* need to store for crypto completion handling */ 200 struct vbdev_crypto *crypto_bdev; /* the crypto node struct associated with this IO */ 201 struct spdk_bdev_io *orig_io; /* the original IO */ 202 struct spdk_bdev_io *read_io; /* the read IO we issued */ 203 int8_t bdev_io_status; /* the status we'll report back on the bdev IO */ 204 bool on_pending_list; 205 /* Used for the single contiguous buffer that serves as the crypto destination target for writes */ 206 uint64_t aux_num_blocks; /* num of blocks for the contiguous buffer */ 207 uint64_t aux_offset_blocks; /* block offset on media */ 208 void *aux_buf_raw; /* raw buffer that the bdev layer gave us for write buffer */ 209 struct iovec aux_buf_iov; /* iov representing aligned contig write buffer */ 210 211 /* for bdev_io_wait */ 212 struct spdk_bdev_io_wait_entry bdev_io_wait; 213 struct spdk_io_channel *ch; 214 }; 215 216 /* Called by vbdev_crypto_init_crypto_drivers() to init each discovered crypto device */ 217 static int 218 create_vbdev_dev(uint8_t index, uint16_t num_lcores) 219 { 220 struct vbdev_dev *device; 221 uint8_t j, cdev_id, cdrv_id; 222 struct device_qp *dev_qp; 223 struct device_qp *tmp_qp; 224 uint32_t qp_desc_nr; 225 int rc; 226 TAILQ_HEAD(device_qps, device_qp) *dev_qp_head; 227 228 device = calloc(1, sizeof(struct vbdev_dev)); 229 if (!device) { 230 return -ENOMEM; 231 } 232 233 /* Get details about this device. */ 234 rte_cryptodev_info_get(index, &device->cdev_info); 235 cdrv_id = device->cdev_info.driver_id; 236 cdev_id = device->cdev_id = index; 237 238 /* QAT_ASYM devices are not supported at this time. */ 239 if (strcmp(device->cdev_info.driver_name, QAT_ASYM) == 0) { 240 free(device); 241 return 0; 242 } 243 244 /* Before going any further, make sure we have enough resources for this 245 * device type to function. We need a unique queue pair per core across each 246 * device type to remain lockless.... 247 */ 248 if ((rte_cryptodev_device_count_by_driver(cdrv_id) * 249 device->cdev_info.max_nb_queue_pairs) < num_lcores) { 250 SPDK_ERRLOG("Insufficient unique queue pairs available for %s\n", 251 device->cdev_info.driver_name); 252 SPDK_ERRLOG("Either add more crypto devices or decrease core count\n"); 253 rc = -EINVAL; 254 goto err; 255 } 256 257 /* Setup queue pairs. */ 258 struct rte_cryptodev_config conf = { 259 .nb_queue_pairs = device->cdev_info.max_nb_queue_pairs, 260 .socket_id = SPDK_ENV_SOCKET_ID_ANY 261 }; 262 263 rc = rte_cryptodev_configure(cdev_id, &conf); 264 if (rc < 0) { 265 SPDK_ERRLOG("Failed to configure cryptodev %u: error %d\n", 266 cdev_id, rc); 267 rc = -EINVAL; 268 goto err; 269 } 270 271 /* Select the right device/qp list based on driver name 272 * or error if it does not exist. 273 */ 274 if (strcmp(device->cdev_info.driver_name, QAT) == 0) { 275 dev_qp_head = (struct device_qps *)&g_device_qp_qat; 276 qp_desc_nr = CRYPTO_QP_DESCRIPTORS; 277 } else if (strcmp(device->cdev_info.driver_name, AESNI_MB) == 0) { 278 dev_qp_head = (struct device_qps *)&g_device_qp_aesni_mb; 279 qp_desc_nr = CRYPTO_QP_DESCRIPTORS; 280 } else if (strcmp(device->cdev_info.driver_name, MLX5) == 0) { 281 dev_qp_head = (struct device_qps *)&g_device_qp_mlx5; 282 qp_desc_nr = CRYPTO_QP_DESCRIPTORS_MLX5; 283 } else { 284 SPDK_ERRLOG("Failed to start device %u. Invalid driver name \"%s\"\n", 285 cdev_id, device->cdev_info.driver_name); 286 rc = -EINVAL; 287 goto err_qp_setup; 288 } 289 290 struct rte_cryptodev_qp_conf qp_conf = { 291 .nb_descriptors = qp_desc_nr, 292 .mp_session = g_session_mp, 293 #if RTE_VERSION < RTE_VERSION_NUM(22, 11, 0, 0) 294 .mp_session_private = g_session_mp_priv, 295 #endif 296 }; 297 298 /* Pre-setup all potential qpairs now and assign them in the channel 299 * callback. If we were to create them there, we'd have to stop the 300 * entire device affecting all other threads that might be using it 301 * even on other queue pairs. 302 */ 303 for (j = 0; j < device->cdev_info.max_nb_queue_pairs; j++) { 304 rc = rte_cryptodev_queue_pair_setup(cdev_id, j, &qp_conf, SOCKET_ID_ANY); 305 if (rc < 0) { 306 SPDK_ERRLOG("Failed to setup queue pair %u on " 307 "cryptodev %u: error %d\n", j, cdev_id, rc); 308 rc = -EINVAL; 309 goto err_qp_setup; 310 } 311 } 312 313 rc = rte_cryptodev_start(cdev_id); 314 if (rc < 0) { 315 SPDK_ERRLOG("Failed to start device %u: error %d\n", 316 cdev_id, rc); 317 rc = -EINVAL; 318 goto err_dev_start; 319 } 320 321 /* Build up lists of device/qp combinations per PMD */ 322 for (j = 0; j < device->cdev_info.max_nb_queue_pairs; j++) { 323 dev_qp = calloc(1, sizeof(struct device_qp)); 324 if (!dev_qp) { 325 rc = -ENOMEM; 326 goto err_qp_alloc; 327 } 328 dev_qp->device = device; 329 dev_qp->qp = j; 330 dev_qp->in_use = false; 331 if (strcmp(device->cdev_info.driver_name, QAT) == 0) { 332 g_qat_total_qp++; 333 } 334 TAILQ_INSERT_TAIL(dev_qp_head, dev_qp, link); 335 } 336 337 /* Add to our list of available crypto devices. */ 338 TAILQ_INSERT_TAIL(&g_vbdev_devs, device, link); 339 340 return 0; 341 err_qp_alloc: 342 TAILQ_FOREACH_SAFE(dev_qp, dev_qp_head, link, tmp_qp) { 343 if (dev_qp->device->cdev_id != device->cdev_id) { 344 continue; 345 } 346 TAILQ_REMOVE(dev_qp_head, dev_qp, link); 347 if (dev_qp_head == (struct device_qps *)&g_device_qp_qat) { 348 g_qat_total_qp--; 349 } 350 free(dev_qp); 351 } 352 rte_cryptodev_stop(cdev_id); 353 err_dev_start: 354 err_qp_setup: 355 rte_cryptodev_close(cdev_id); 356 err: 357 free(device); 358 359 return rc; 360 } 361 362 static void 363 release_vbdev_dev(struct vbdev_dev *device) 364 { 365 struct device_qp *dev_qp; 366 struct device_qp *tmp_qp; 367 TAILQ_HEAD(device_qps, device_qp) *dev_qp_head = NULL; 368 369 assert(device); 370 371 /* Select the right device/qp list based on driver name. */ 372 if (strcmp(device->cdev_info.driver_name, QAT) == 0) { 373 dev_qp_head = (struct device_qps *)&g_device_qp_qat; 374 } else if (strcmp(device->cdev_info.driver_name, AESNI_MB) == 0) { 375 dev_qp_head = (struct device_qps *)&g_device_qp_aesni_mb; 376 } else if (strcmp(device->cdev_info.driver_name, MLX5) == 0) { 377 dev_qp_head = (struct device_qps *)&g_device_qp_mlx5; 378 } 379 if (dev_qp_head) { 380 TAILQ_FOREACH_SAFE(dev_qp, dev_qp_head, link, tmp_qp) { 381 /* Remove only qps of our device even if the driver names matches. */ 382 if (dev_qp->device->cdev_id != device->cdev_id) { 383 continue; 384 } 385 TAILQ_REMOVE(dev_qp_head, dev_qp, link); 386 if (dev_qp_head == (struct device_qps *)&g_device_qp_qat) { 387 g_qat_total_qp--; 388 } 389 free(dev_qp); 390 } 391 } 392 rte_cryptodev_stop(device->cdev_id); 393 rte_cryptodev_close(device->cdev_id); 394 free(device); 395 } 396 397 /* Dummy function used by DPDK to free ext attached buffers to mbufs, we free them ourselves but 398 * this callback has to be here. */ 399 static void 400 shinfo_free_cb(void *arg1, void *arg2) 401 { 402 } 403 404 /* This is called from the module's init function. We setup all crypto devices early on as we are unable 405 * to easily dynamically configure queue pairs after the drivers are up and running. So, here, we 406 * configure the max capabilities of each device and assign threads to queue pairs as channels are 407 * requested. 408 */ 409 static int 410 vbdev_crypto_init_crypto_drivers(void) 411 { 412 uint8_t cdev_count; 413 uint8_t cdev_id; 414 int i, rc; 415 struct vbdev_dev *device; 416 struct vbdev_dev *tmp_dev; 417 struct device_qp *dev_qp; 418 unsigned int max_sess_size = 0, sess_size; 419 uint16_t num_lcores = rte_lcore_count(); 420 char aesni_args[32]; 421 422 /* Only the first call, via RPC or module init should init the crypto drivers. */ 423 if (g_session_mp != NULL) { 424 return 0; 425 } 426 427 /* We always init AESNI_MB */ 428 snprintf(aesni_args, sizeof(aesni_args), "max_nb_queue_pairs=%d", AESNI_MB_NUM_QP); 429 rc = rte_vdev_init(AESNI_MB, aesni_args); 430 if (rc) { 431 SPDK_NOTICELOG("Failed to create virtual PMD %s: error %d. " 432 "Possibly %s is not supported by DPDK library. " 433 "Keep going...\n", AESNI_MB, rc, AESNI_MB); 434 } 435 436 /* If we have no crypto devices, there's no reason to continue. */ 437 cdev_count = rte_cryptodev_count(); 438 SPDK_NOTICELOG("Found crypto devices: %d\n", (int)cdev_count); 439 if (cdev_count == 0) { 440 return 0; 441 } 442 443 g_mbuf_offset = rte_mbuf_dynfield_register(&rte_mbuf_dynfield_io_context); 444 if (g_mbuf_offset < 0) { 445 SPDK_ERRLOG("error registering dynamic field with DPDK\n"); 446 return -EINVAL; 447 } 448 449 /* 450 * Create global mempools, shared by all devices regardless of type. 451 */ 452 453 /* First determine max session size, most pools are shared by all the devices, 454 * so we need to find the global max sessions size. 455 */ 456 for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) { 457 sess_size = rte_cryptodev_sym_get_private_session_size(cdev_id); 458 if (sess_size > max_sess_size) { 459 max_sess_size = sess_size; 460 } 461 } 462 463 #if RTE_VERSION < RTE_VERSION_NUM(22, 11, 0, 0) 464 g_session_mp_priv = rte_mempool_create("session_mp_priv", NUM_SESSIONS, max_sess_size, 465 SESS_MEMPOOL_CACHE_SIZE, 0, NULL, NULL, NULL, 466 NULL, SOCKET_ID_ANY, 0); 467 if (g_session_mp_priv == NULL) { 468 SPDK_ERRLOG("Cannot create private session pool max size 0x%x\n", max_sess_size); 469 return -ENOMEM; 470 } 471 /* When session private data mempool allocated, the element size for the session mempool 472 * should be 0. */ 473 max_sess_size = 0; 474 #endif 475 476 g_session_mp = rte_cryptodev_sym_session_pool_create( 477 "session_mp", 478 NUM_SESSIONS, max_sess_size, SESS_MEMPOOL_CACHE_SIZE, 0, 479 SOCKET_ID_ANY); 480 if (g_session_mp == NULL) { 481 SPDK_ERRLOG("Cannot create session pool max size 0x%x\n", max_sess_size); 482 rc = -ENOMEM; 483 goto error_create_session_mp; 484 } 485 486 g_mbuf_mp = rte_pktmbuf_pool_create("mbuf_mp", NUM_MBUFS, POOL_CACHE_SIZE, 487 0, 0, SPDK_ENV_SOCKET_ID_ANY); 488 if (g_mbuf_mp == NULL) { 489 SPDK_ERRLOG("Cannot create mbuf pool\n"); 490 rc = -ENOMEM; 491 goto error_create_mbuf; 492 } 493 494 /* We use per op private data as suggested by DPDK and to store the IV and 495 * our own struct for queueing ops. 496 */ 497 g_crypto_op_mp = rte_crypto_op_pool_create("op_mp", 498 RTE_CRYPTO_OP_TYPE_SYMMETRIC, 499 NUM_MBUFS, 500 POOL_CACHE_SIZE, 501 (DEFAULT_NUM_XFORMS * 502 sizeof(struct rte_crypto_sym_xform)) + 503 IV_LENGTH + QUEUED_OP_LENGTH, 504 rte_socket_id()); 505 506 if (g_crypto_op_mp == NULL) { 507 SPDK_ERRLOG("Cannot create op pool\n"); 508 rc = -ENOMEM; 509 goto error_create_op; 510 } 511 512 /* Init all devices */ 513 for (i = 0; i < cdev_count; i++) { 514 rc = create_vbdev_dev(i, num_lcores); 515 if (rc) { 516 goto err; 517 } 518 } 519 520 /* Assign index values to the QAT device qp nodes so that we can 521 * assign them for optimal performance. 522 */ 523 i = 0; 524 TAILQ_FOREACH(dev_qp, &g_device_qp_qat, link) { 525 dev_qp->index = i++; 526 } 527 528 g_shinfo.free_cb = shinfo_free_cb; 529 return 0; 530 531 /* Error cleanup paths. */ 532 err: 533 TAILQ_FOREACH_SAFE(device, &g_vbdev_devs, link, tmp_dev) { 534 TAILQ_REMOVE(&g_vbdev_devs, device, link); 535 release_vbdev_dev(device); 536 } 537 rte_mempool_free(g_crypto_op_mp); 538 g_crypto_op_mp = NULL; 539 error_create_op: 540 rte_mempool_free(g_mbuf_mp); 541 g_mbuf_mp = NULL; 542 error_create_mbuf: 543 rte_mempool_free(g_session_mp); 544 g_session_mp = NULL; 545 error_create_session_mp: 546 if (g_session_mp_priv != NULL) { 547 rte_mempool_free(g_session_mp_priv); 548 g_session_mp_priv = NULL; 549 } 550 return rc; 551 } 552 553 /* Following an encrypt or decrypt we need to then either write the encrypted data or finish 554 * the read on decrypted data. Do that here. 555 */ 556 static void 557 _crypto_operation_complete(struct spdk_bdev_io *bdev_io) 558 { 559 struct vbdev_crypto *crypto_bdev = SPDK_CONTAINEROF(bdev_io->bdev, struct vbdev_crypto, 560 crypto_bdev); 561 struct crypto_bdev_io *io_ctx = (struct crypto_bdev_io *)bdev_io->driver_ctx; 562 struct crypto_io_channel *crypto_ch = io_ctx->crypto_ch; 563 struct spdk_bdev_io *free_me = io_ctx->read_io; 564 int rc = 0; 565 566 /* Can also be called from the crypto_dev_poller() to fail the stuck re-enqueue ops IO. */ 567 if (io_ctx->on_pending_list) { 568 TAILQ_REMOVE(&crypto_ch->pending_cry_ios, bdev_io, module_link); 569 io_ctx->on_pending_list = false; 570 } 571 572 if (bdev_io->type == SPDK_BDEV_IO_TYPE_READ) { 573 574 /* Complete the original IO and then free the one that we created 575 * as a result of issuing an IO via submit_request. 576 */ 577 if (io_ctx->bdev_io_status != SPDK_BDEV_IO_STATUS_FAILED) { 578 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_SUCCESS); 579 } else { 580 SPDK_ERRLOG("Issue with decryption on bdev_io %p\n", bdev_io); 581 rc = -EINVAL; 582 } 583 spdk_bdev_free_io(free_me); 584 585 } else if (bdev_io->type == SPDK_BDEV_IO_TYPE_WRITE) { 586 587 if (io_ctx->bdev_io_status != SPDK_BDEV_IO_STATUS_FAILED) { 588 /* Write the encrypted data. */ 589 rc = spdk_bdev_writev_blocks(crypto_bdev->base_desc, crypto_ch->base_ch, 590 &io_ctx->aux_buf_iov, 1, io_ctx->aux_offset_blocks, 591 io_ctx->aux_num_blocks, _complete_internal_write, 592 bdev_io); 593 } else { 594 SPDK_ERRLOG("Issue with encryption on bdev_io %p\n", bdev_io); 595 rc = -EINVAL; 596 } 597 598 } else { 599 SPDK_ERRLOG("Unknown bdev type %u on crypto operation completion\n", 600 bdev_io->type); 601 rc = -EINVAL; 602 } 603 604 if (rc) { 605 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 606 } 607 } 608 609 static void 610 cancel_queued_crypto_ops(struct crypto_io_channel *crypto_ch, struct spdk_bdev_io *bdev_io) 611 { 612 struct rte_mbuf *mbufs_to_free[2 * MAX_DEQUEUE_BURST_SIZE]; 613 struct rte_crypto_op *dequeued_ops[MAX_DEQUEUE_BURST_SIZE]; 614 struct vbdev_crypto_op *op_to_cancel, *tmp_op; 615 struct rte_crypto_op *crypto_op; 616 int num_mbufs, num_dequeued_ops; 617 618 /* Remove all ops from the failed IO. Since we don't know the 619 * order we have to check them all. */ 620 num_mbufs = 0; 621 num_dequeued_ops = 0; 622 TAILQ_FOREACH_SAFE(op_to_cancel, &crypto_ch->queued_cry_ops, link, tmp_op) { 623 /* Checking if this is our op. One IO contains multiple ops. */ 624 if (bdev_io == op_to_cancel->bdev_io) { 625 crypto_op = op_to_cancel->crypto_op; 626 TAILQ_REMOVE(&crypto_ch->queued_cry_ops, op_to_cancel, link); 627 628 /* Populating lists for freeing mbufs and ops. */ 629 mbufs_to_free[num_mbufs++] = (void *)crypto_op->sym->m_src; 630 if (crypto_op->sym->m_dst) { 631 mbufs_to_free[num_mbufs++] = (void *)crypto_op->sym->m_dst; 632 } 633 dequeued_ops[num_dequeued_ops++] = crypto_op; 634 } 635 } 636 637 /* Now bulk free both mbufs and crypto operations. */ 638 if (num_dequeued_ops > 0) { 639 rte_mempool_put_bulk(g_crypto_op_mp, (void **)dequeued_ops, 640 num_dequeued_ops); 641 assert(num_mbufs > 0); 642 /* This also releases chained mbufs if any. */ 643 rte_pktmbuf_free_bulk(mbufs_to_free, num_mbufs); 644 } 645 } 646 647 static int _crypto_operation(struct spdk_bdev_io *bdev_io, 648 enum rte_crypto_cipher_operation crypto_op, 649 void *aux_buf); 650 651 /* This is the poller for the crypto device. It uses a single API to dequeue whatever is ready at 652 * the device. Then we need to decide if what we've got so far (including previous poller 653 * runs) totals up to one or more complete bdev_ios and if so continue with the bdev_io 654 * accordingly. This means either completing a read or issuing a new write. 655 */ 656 static int 657 crypto_dev_poller(void *args) 658 { 659 struct crypto_io_channel *crypto_ch = args; 660 uint8_t cdev_id = crypto_ch->device_qp->device->cdev_id; 661 int i, num_dequeued_ops, num_enqueued_ops; 662 struct spdk_bdev_io *bdev_io = NULL; 663 struct crypto_bdev_io *io_ctx = NULL; 664 struct rte_crypto_op *dequeued_ops[MAX_DEQUEUE_BURST_SIZE]; 665 struct rte_mbuf *mbufs_to_free[2 * MAX_DEQUEUE_BURST_SIZE]; 666 int num_mbufs = 0; 667 struct vbdev_crypto_op *op_to_resubmit; 668 669 /* Each run of the poller will get just what the device has available 670 * at the moment we call it, we don't check again after draining the 671 * first batch. 672 */ 673 num_dequeued_ops = rte_cryptodev_dequeue_burst(cdev_id, crypto_ch->device_qp->qp, 674 dequeued_ops, MAX_DEQUEUE_BURST_SIZE); 675 676 /* Check if operation was processed successfully */ 677 for (i = 0; i < num_dequeued_ops; i++) { 678 679 /* We don't know the order or association of the crypto ops wrt any 680 * particular bdev_io so need to look at each and determine if it's 681 * the last one for it's bdev_io or not. 682 */ 683 bdev_io = (struct spdk_bdev_io *)*RTE_MBUF_DYNFIELD(dequeued_ops[i]->sym->m_src, g_mbuf_offset, 684 uint64_t *); 685 assert(bdev_io != NULL); 686 io_ctx = (struct crypto_bdev_io *)bdev_io->driver_ctx; 687 688 if (dequeued_ops[i]->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { 689 SPDK_ERRLOG("error with op %d status %u\n", i, 690 dequeued_ops[i]->status); 691 /* Update the bdev status to error, we'll still process the 692 * rest of the crypto ops for this bdev_io though so they 693 * aren't left hanging. 694 */ 695 io_ctx->bdev_io_status = SPDK_BDEV_IO_STATUS_FAILED; 696 } 697 698 assert(io_ctx->cryop_cnt_remaining > 0); 699 700 /* Return the associated src and dst mbufs by collecting them into 701 * an array that we can use the bulk API to free after the loop. 702 */ 703 *RTE_MBUF_DYNFIELD(dequeued_ops[i]->sym->m_src, g_mbuf_offset, uint64_t *) = 0; 704 mbufs_to_free[num_mbufs++] = (void *)dequeued_ops[i]->sym->m_src; 705 if (dequeued_ops[i]->sym->m_dst) { 706 mbufs_to_free[num_mbufs++] = (void *)dequeued_ops[i]->sym->m_dst; 707 } 708 709 /* done encrypting, complete the bdev_io */ 710 if (--io_ctx->cryop_cnt_remaining == 0) { 711 712 /* If we're completing this with an outstanding reset we need 713 * to fail it. 714 */ 715 if (crypto_ch->iter) { 716 io_ctx->bdev_io_status = SPDK_BDEV_IO_STATUS_FAILED; 717 } 718 719 /* Complete the IO */ 720 _crypto_operation_complete(bdev_io); 721 } 722 } 723 724 /* Now bulk free both mbufs and crypto operations. */ 725 if (num_dequeued_ops > 0) { 726 rte_mempool_put_bulk(g_crypto_op_mp, 727 (void **)dequeued_ops, 728 num_dequeued_ops); 729 assert(num_mbufs > 0); 730 /* This also releases chained mbufs if any. */ 731 rte_pktmbuf_free_bulk(mbufs_to_free, num_mbufs); 732 } 733 734 /* Check if there are any pending crypto ops to process */ 735 while (!TAILQ_EMPTY(&crypto_ch->queued_cry_ops)) { 736 op_to_resubmit = TAILQ_FIRST(&crypto_ch->queued_cry_ops); 737 bdev_io = op_to_resubmit->bdev_io; 738 io_ctx = (struct crypto_bdev_io *)bdev_io->driver_ctx; 739 num_enqueued_ops = rte_cryptodev_enqueue_burst(op_to_resubmit->cdev_id, 740 op_to_resubmit->qp, 741 &op_to_resubmit->crypto_op, 742 1); 743 if (num_enqueued_ops == 1) { 744 /* Make sure we don't put this on twice as one bdev_io is made up 745 * of many crypto ops. 746 */ 747 if (io_ctx->on_pending_list == false) { 748 TAILQ_INSERT_TAIL(&crypto_ch->pending_cry_ios, bdev_io, module_link); 749 io_ctx->on_pending_list = true; 750 } 751 TAILQ_REMOVE(&crypto_ch->queued_cry_ops, op_to_resubmit, link); 752 } else { 753 if (op_to_resubmit->crypto_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED) { 754 /* If we couldn't get one, just break and try again later. */ 755 break; 756 } else { 757 /* Something is really wrong with the op. Most probably the 758 * mbuf is broken or the HW is not able to process the request. 759 * Fail the IO and remove its ops from the queued ops list. */ 760 io_ctx->bdev_io_status = SPDK_BDEV_IO_STATUS_FAILED; 761 762 cancel_queued_crypto_ops(crypto_ch, bdev_io); 763 764 /* Fail the IO if there is nothing left on device. */ 765 if (--io_ctx->cryop_cnt_remaining == 0) { 766 _crypto_operation_complete(bdev_io); 767 } 768 } 769 770 } 771 } 772 773 /* If the channel iter is not NULL, we need to continue to poll 774 * until the pending list is empty, then we can move on to the 775 * next channel. 776 */ 777 if (crypto_ch->iter && TAILQ_EMPTY(&crypto_ch->pending_cry_ios)) { 778 SPDK_NOTICELOG("Channel %p has been quiesced.\n", crypto_ch); 779 spdk_for_each_channel_continue(crypto_ch->iter, 0); 780 crypto_ch->iter = NULL; 781 } 782 783 return num_dequeued_ops; 784 } 785 786 /* Allocate the new mbuf of @remainder size with data pointed by @addr and attach 787 * it to the @orig_mbuf. */ 788 static int 789 mbuf_chain_remainder(struct spdk_bdev_io *bdev_io, struct rte_mbuf *orig_mbuf, 790 uint8_t *addr, uint32_t remainder) 791 { 792 uint64_t phys_addr, phys_len; 793 struct rte_mbuf *chain_mbuf; 794 int rc; 795 796 phys_len = remainder; 797 phys_addr = spdk_vtophys((void *)addr, &phys_len); 798 if (spdk_unlikely(phys_addr == SPDK_VTOPHYS_ERROR || phys_len != remainder)) { 799 return -EFAULT; 800 } 801 rc = rte_pktmbuf_alloc_bulk(g_mbuf_mp, (struct rte_mbuf **)&chain_mbuf, 1); 802 if (spdk_unlikely(rc)) { 803 return -ENOMEM; 804 } 805 /* Store context in every mbuf as we don't know anything about completion order */ 806 *RTE_MBUF_DYNFIELD(chain_mbuf, g_mbuf_offset, uint64_t *) = (uint64_t)bdev_io; 807 rte_pktmbuf_attach_extbuf(chain_mbuf, addr, phys_addr, phys_len, &g_shinfo); 808 rte_pktmbuf_append(chain_mbuf, phys_len); 809 810 /* Chained buffer is released by rte_pktbuf_free_bulk() automagicaly. */ 811 rte_pktmbuf_chain(orig_mbuf, chain_mbuf); 812 return 0; 813 } 814 815 /* Attach data buffer pointed by @addr to @mbuf. Return utilized len of the 816 * contiguous space that was physically available. */ 817 static uint64_t 818 mbuf_attach_buf(struct spdk_bdev_io *bdev_io, struct rte_mbuf *mbuf, 819 uint8_t *addr, uint32_t len) 820 { 821 uint64_t phys_addr, phys_len; 822 823 /* Store context in every mbuf as we don't know anything about completion order */ 824 *RTE_MBUF_DYNFIELD(mbuf, g_mbuf_offset, uint64_t *) = (uint64_t)bdev_io; 825 826 phys_len = len; 827 phys_addr = spdk_vtophys((void *)addr, &phys_len); 828 if (spdk_unlikely(phys_addr == SPDK_VTOPHYS_ERROR || phys_len == 0)) { 829 return 0; 830 } 831 assert(phys_len <= len); 832 833 /* Set the mbuf elements address and length. */ 834 rte_pktmbuf_attach_extbuf(mbuf, addr, phys_addr, phys_len, &g_shinfo); 835 rte_pktmbuf_append(mbuf, phys_len); 836 837 return phys_len; 838 } 839 840 /* We're either encrypting on the way down or decrypting on the way back. */ 841 static int 842 _crypto_operation(struct spdk_bdev_io *bdev_io, enum rte_crypto_cipher_operation crypto_op, 843 void *aux_buf) 844 { 845 uint16_t num_enqueued_ops = 0; 846 uint32_t cryop_cnt = bdev_io->u.bdev.num_blocks; 847 struct crypto_bdev_io *io_ctx = (struct crypto_bdev_io *)bdev_io->driver_ctx; 848 struct crypto_io_channel *crypto_ch = io_ctx->crypto_ch; 849 uint8_t cdev_id = crypto_ch->device_qp->device->cdev_id; 850 uint32_t crypto_len = io_ctx->crypto_bdev->crypto_bdev.blocklen; 851 uint64_t total_length = bdev_io->u.bdev.num_blocks * crypto_len; 852 int rc; 853 uint32_t iov_index = 0; 854 uint32_t allocated = 0; 855 uint8_t *current_iov = NULL; 856 uint64_t total_remaining = 0; 857 uint64_t current_iov_remaining = 0; 858 uint32_t crypto_index = 0; 859 uint32_t en_offset = 0; 860 struct rte_crypto_op *crypto_ops[MAX_ENQUEUE_ARRAY_SIZE]; 861 struct rte_mbuf *src_mbufs[MAX_ENQUEUE_ARRAY_SIZE]; 862 struct rte_mbuf *dst_mbufs[MAX_ENQUEUE_ARRAY_SIZE]; 863 int burst; 864 struct vbdev_crypto_op *op_to_queue; 865 uint64_t alignment = spdk_bdev_get_buf_align(&io_ctx->crypto_bdev->crypto_bdev); 866 867 assert((bdev_io->u.bdev.num_blocks * bdev_io->bdev->blocklen) <= CRYPTO_MAX_IO); 868 869 /* Get the number of source mbufs that we need. These will always be 1:1 because we 870 * don't support chaining. The reason we don't is because of our decision to use 871 * LBA as IV, there can be no case where we'd need >1 mbuf per crypto op or the 872 * op would be > 1 LBA. 873 */ 874 rc = rte_pktmbuf_alloc_bulk(g_mbuf_mp, src_mbufs, cryop_cnt); 875 if (rc) { 876 SPDK_ERRLOG("Failed to get src_mbufs!\n"); 877 return -ENOMEM; 878 } 879 880 /* Get the same amount but these buffers to describe the encrypted data location (dst). */ 881 if (crypto_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { 882 rc = rte_pktmbuf_alloc_bulk(g_mbuf_mp, dst_mbufs, cryop_cnt); 883 if (rc) { 884 SPDK_ERRLOG("Failed to get dst_mbufs!\n"); 885 rc = -ENOMEM; 886 goto error_get_dst; 887 } 888 } 889 890 #ifdef __clang_analyzer__ 891 /* silence scan-build false positive */ 892 SPDK_CLANG_ANALYZER_PREINIT_PTR_ARRAY(crypto_ops, MAX_ENQUEUE_ARRAY_SIZE, 0x1000); 893 #endif 894 /* Allocate crypto operations. */ 895 allocated = rte_crypto_op_bulk_alloc(g_crypto_op_mp, 896 RTE_CRYPTO_OP_TYPE_SYMMETRIC, 897 crypto_ops, cryop_cnt); 898 if (allocated < cryop_cnt) { 899 SPDK_ERRLOG("Failed to allocate crypto ops!\n"); 900 rc = -ENOMEM; 901 goto error_get_ops; 902 } 903 904 /* For encryption, we need to prepare a single contiguous buffer as the encryption 905 * destination, we'll then pass that along for the write after encryption is done. 906 * This is done to avoiding encrypting the provided write buffer which may be 907 * undesirable in some use cases. 908 */ 909 if (crypto_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { 910 io_ctx->aux_buf_iov.iov_len = total_length; 911 io_ctx->aux_buf_raw = aux_buf; 912 io_ctx->aux_buf_iov.iov_base = (void *)(((uintptr_t)aux_buf + (alignment - 1)) & ~(alignment - 1)); 913 io_ctx->aux_offset_blocks = bdev_io->u.bdev.offset_blocks; 914 io_ctx->aux_num_blocks = bdev_io->u.bdev.num_blocks; 915 } 916 917 /* This value is used in the completion callback to determine when the bdev_io is 918 * complete. 919 */ 920 io_ctx->cryop_cnt_remaining = cryop_cnt; 921 922 /* As we don't support chaining because of a decision to use LBA as IV, construction 923 * of crypto operations is straightforward. We build both the op, the mbuf and the 924 * dst_mbuf in our local arrays by looping through the length of the bdev IO and 925 * picking off LBA sized blocks of memory from the IOVs as we walk through them. Each 926 * LBA sized chunk of memory will correspond 1:1 to a crypto operation and a single 927 * mbuf per crypto operation. 928 */ 929 total_remaining = total_length; 930 current_iov = bdev_io->u.bdev.iovs[iov_index].iov_base; 931 current_iov_remaining = bdev_io->u.bdev.iovs[iov_index].iov_len; 932 do { 933 uint8_t *iv_ptr; 934 uint8_t *buf_addr; 935 uint64_t phys_len; 936 uint32_t remainder; 937 uint64_t op_block_offset; 938 939 phys_len = mbuf_attach_buf(bdev_io, src_mbufs[crypto_index], 940 current_iov, crypto_len); 941 if (spdk_unlikely(phys_len == 0)) { 942 goto error_attach_session; 943 rc = -EFAULT; 944 } 945 946 /* Handle the case of page boundary. */ 947 remainder = crypto_len - phys_len; 948 if (spdk_unlikely(remainder > 0)) { 949 rc = mbuf_chain_remainder(bdev_io, src_mbufs[crypto_index], 950 current_iov + phys_len, remainder); 951 if (spdk_unlikely(rc)) { 952 goto error_attach_session; 953 } 954 } 955 956 /* Set the IV - we use the LBA of the crypto_op */ 957 iv_ptr = rte_crypto_op_ctod_offset(crypto_ops[crypto_index], uint8_t *, 958 IV_OFFSET); 959 memset(iv_ptr, 0, IV_LENGTH); 960 op_block_offset = bdev_io->u.bdev.offset_blocks + crypto_index; 961 rte_memcpy(iv_ptr, &op_block_offset, sizeof(uint64_t)); 962 963 /* Set the data to encrypt/decrypt length */ 964 crypto_ops[crypto_index]->sym->cipher.data.length = crypto_len; 965 crypto_ops[crypto_index]->sym->cipher.data.offset = 0; 966 967 /* link the mbuf to the crypto op. */ 968 crypto_ops[crypto_index]->sym->m_src = src_mbufs[crypto_index]; 969 970 /* For encrypt, point the destination to a buffer we allocate and redirect the bdev_io 971 * that will be used to process the write on completion to the same buffer. Setting 972 * up the en_buffer is a little simpler as we know the destination buffer is single IOV. 973 */ 974 if (crypto_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { 975 buf_addr = io_ctx->aux_buf_iov.iov_base + en_offset; 976 phys_len = mbuf_attach_buf(bdev_io, dst_mbufs[crypto_index], 977 buf_addr, crypto_len); 978 if (spdk_unlikely(phys_len == 0)) { 979 rc = -EFAULT; 980 goto error_attach_session; 981 } 982 983 crypto_ops[crypto_index]->sym->m_dst = dst_mbufs[crypto_index]; 984 en_offset += phys_len; 985 986 /* Handle the case of page boundary. */ 987 remainder = crypto_len - phys_len; 988 if (spdk_unlikely(remainder > 0)) { 989 rc = mbuf_chain_remainder(bdev_io, dst_mbufs[crypto_index], 990 buf_addr + phys_len, remainder); 991 if (spdk_unlikely(rc)) { 992 goto error_attach_session; 993 } 994 en_offset += remainder; 995 } 996 997 /* Attach the crypto session to the operation */ 998 rc = rte_crypto_op_attach_sym_session(crypto_ops[crypto_index], 999 io_ctx->crypto_bdev->session_encrypt); 1000 if (rc) { 1001 rc = -EINVAL; 1002 goto error_attach_session; 1003 } 1004 } else { 1005 crypto_ops[crypto_index]->sym->m_dst = NULL; 1006 1007 /* Attach the crypto session to the operation */ 1008 rc = rte_crypto_op_attach_sym_session(crypto_ops[crypto_index], 1009 io_ctx->crypto_bdev->session_decrypt); 1010 if (rc) { 1011 rc = -EINVAL; 1012 goto error_attach_session; 1013 } 1014 } 1015 1016 /* Subtract our running totals for the op in progress and the overall bdev io */ 1017 total_remaining -= crypto_len; 1018 current_iov_remaining -= crypto_len; 1019 1020 /* move our current IOV pointer accordingly. */ 1021 current_iov += crypto_len; 1022 1023 /* move on to the next crypto operation */ 1024 crypto_index++; 1025 1026 /* If we're done with this IOV, move to the next one. */ 1027 if (current_iov_remaining == 0 && total_remaining > 0) { 1028 iov_index++; 1029 current_iov = bdev_io->u.bdev.iovs[iov_index].iov_base; 1030 current_iov_remaining = bdev_io->u.bdev.iovs[iov_index].iov_len; 1031 } 1032 } while (total_remaining > 0); 1033 1034 /* Enqueue everything we've got but limit by the max number of descriptors we 1035 * configured the crypto device for. 1036 */ 1037 burst = spdk_min(cryop_cnt, io_ctx->crypto_bdev->qp_desc_nr); 1038 num_enqueued_ops = rte_cryptodev_enqueue_burst(cdev_id, crypto_ch->device_qp->qp, 1039 &crypto_ops[0], 1040 burst); 1041 1042 /* Add this bdev_io to our outstanding list if any of its crypto ops made it. */ 1043 if (num_enqueued_ops > 0) { 1044 TAILQ_INSERT_TAIL(&crypto_ch->pending_cry_ios, bdev_io, module_link); 1045 io_ctx->on_pending_list = true; 1046 } 1047 /* We were unable to enqueue everything but did get some, so need to decide what 1048 * to do based on the status of the last op. 1049 */ 1050 if (num_enqueued_ops < cryop_cnt) { 1051 switch (crypto_ops[num_enqueued_ops]->status) { 1052 case RTE_CRYPTO_OP_STATUS_NOT_PROCESSED: 1053 /* Queue them up on a linked list to be resubmitted via the poller. */ 1054 for (crypto_index = num_enqueued_ops; crypto_index < cryop_cnt; crypto_index++) { 1055 op_to_queue = (struct vbdev_crypto_op *)rte_crypto_op_ctod_offset(crypto_ops[crypto_index], 1056 uint8_t *, QUEUED_OP_OFFSET); 1057 op_to_queue->cdev_id = cdev_id; 1058 op_to_queue->qp = crypto_ch->device_qp->qp; 1059 op_to_queue->crypto_op = crypto_ops[crypto_index]; 1060 op_to_queue->bdev_io = bdev_io; 1061 TAILQ_INSERT_TAIL(&crypto_ch->queued_cry_ops, 1062 op_to_queue, 1063 link); 1064 } 1065 break; 1066 default: 1067 /* For all other statuses, set the io_ctx bdev_io status so that 1068 * the poller will pick the failure up for the overall bdev status. 1069 */ 1070 io_ctx->bdev_io_status = SPDK_BDEV_IO_STATUS_FAILED; 1071 if (num_enqueued_ops == 0) { 1072 /* If nothing was enqueued, but the last one wasn't because of 1073 * busy, fail it now as the poller won't know anything about it. 1074 */ 1075 rc = -EINVAL; 1076 goto error_attach_session; 1077 } 1078 break; 1079 } 1080 } 1081 1082 return rc; 1083 1084 /* Error cleanup paths. */ 1085 error_attach_session: 1086 error_get_ops: 1087 if (crypto_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { 1088 /* This also releases chained mbufs if any. */ 1089 rte_pktmbuf_free_bulk(dst_mbufs, cryop_cnt); 1090 } 1091 if (allocated > 0) { 1092 rte_mempool_put_bulk(g_crypto_op_mp, (void **)crypto_ops, 1093 allocated); 1094 } 1095 error_get_dst: 1096 /* This also releases chained mbufs if any. */ 1097 rte_pktmbuf_free_bulk(src_mbufs, cryop_cnt); 1098 return rc; 1099 } 1100 1101 /* This function is called after all channels have been quiesced following 1102 * a bdev reset. 1103 */ 1104 static void 1105 _ch_quiesce_done(struct spdk_io_channel_iter *i, int status) 1106 { 1107 struct crypto_bdev_io *io_ctx = spdk_io_channel_iter_get_ctx(i); 1108 1109 assert(TAILQ_EMPTY(&io_ctx->crypto_ch->pending_cry_ios)); 1110 assert(io_ctx->orig_io != NULL); 1111 1112 spdk_bdev_io_complete(io_ctx->orig_io, SPDK_BDEV_IO_STATUS_SUCCESS); 1113 } 1114 1115 /* This function is called per channel to quiesce IOs before completing a 1116 * bdev reset that we received. 1117 */ 1118 static void 1119 _ch_quiesce(struct spdk_io_channel_iter *i) 1120 { 1121 struct spdk_io_channel *ch = spdk_io_channel_iter_get_channel(i); 1122 struct crypto_io_channel *crypto_ch = spdk_io_channel_get_ctx(ch); 1123 1124 crypto_ch->iter = i; 1125 /* When the poller runs, it will see the non-NULL iter and handle 1126 * the quiesce. 1127 */ 1128 } 1129 1130 /* Completion callback for IO that were issued from this bdev other than read/write. 1131 * They have their own for readability. 1132 */ 1133 static void 1134 _complete_internal_io(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg) 1135 { 1136 struct spdk_bdev_io *orig_io = cb_arg; 1137 int status = success ? SPDK_BDEV_IO_STATUS_SUCCESS : SPDK_BDEV_IO_STATUS_FAILED; 1138 1139 if (bdev_io->type == SPDK_BDEV_IO_TYPE_RESET) { 1140 struct crypto_bdev_io *orig_ctx = (struct crypto_bdev_io *)orig_io->driver_ctx; 1141 1142 assert(orig_io == orig_ctx->orig_io); 1143 1144 spdk_bdev_free_io(bdev_io); 1145 1146 spdk_for_each_channel(orig_ctx->crypto_bdev, 1147 _ch_quiesce, 1148 orig_ctx, 1149 _ch_quiesce_done); 1150 return; 1151 } 1152 1153 spdk_bdev_io_complete(orig_io, status); 1154 spdk_bdev_free_io(bdev_io); 1155 } 1156 1157 /* Completion callback for writes that were issued from this bdev. */ 1158 static void 1159 _complete_internal_write(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg) 1160 { 1161 struct spdk_bdev_io *orig_io = cb_arg; 1162 int status = success ? SPDK_BDEV_IO_STATUS_SUCCESS : SPDK_BDEV_IO_STATUS_FAILED; 1163 struct crypto_bdev_io *orig_ctx = (struct crypto_bdev_io *)orig_io->driver_ctx; 1164 1165 spdk_bdev_io_put_aux_buf(orig_io, orig_ctx->aux_buf_raw); 1166 1167 spdk_bdev_io_complete(orig_io, status); 1168 spdk_bdev_free_io(bdev_io); 1169 } 1170 1171 /* Completion callback for reads that were issued from this bdev. */ 1172 static void 1173 _complete_internal_read(struct spdk_bdev_io *bdev_io, bool success, void *cb_arg) 1174 { 1175 struct spdk_bdev_io *orig_io = cb_arg; 1176 struct crypto_bdev_io *orig_ctx = (struct crypto_bdev_io *)orig_io->driver_ctx; 1177 1178 if (success) { 1179 1180 /* Save off this bdev_io so it can be freed after decryption. */ 1181 orig_ctx->read_io = bdev_io; 1182 1183 if (!_crypto_operation(orig_io, RTE_CRYPTO_CIPHER_OP_DECRYPT, NULL)) { 1184 return; 1185 } else { 1186 SPDK_ERRLOG("Failed to decrypt!\n"); 1187 } 1188 } else { 1189 SPDK_ERRLOG("Failed to read prior to decrypting!\n"); 1190 } 1191 1192 spdk_bdev_io_complete(orig_io, SPDK_BDEV_IO_STATUS_FAILED); 1193 spdk_bdev_free_io(bdev_io); 1194 } 1195 1196 static void 1197 vbdev_crypto_resubmit_io(void *arg) 1198 { 1199 struct spdk_bdev_io *bdev_io = (struct spdk_bdev_io *)arg; 1200 struct crypto_bdev_io *io_ctx = (struct crypto_bdev_io *)bdev_io->driver_ctx; 1201 1202 vbdev_crypto_submit_request(io_ctx->ch, bdev_io); 1203 } 1204 1205 static void 1206 vbdev_crypto_queue_io(struct spdk_bdev_io *bdev_io) 1207 { 1208 struct crypto_bdev_io *io_ctx = (struct crypto_bdev_io *)bdev_io->driver_ctx; 1209 int rc; 1210 1211 io_ctx->bdev_io_wait.bdev = bdev_io->bdev; 1212 io_ctx->bdev_io_wait.cb_fn = vbdev_crypto_resubmit_io; 1213 io_ctx->bdev_io_wait.cb_arg = bdev_io; 1214 1215 rc = spdk_bdev_queue_io_wait(bdev_io->bdev, io_ctx->crypto_ch->base_ch, &io_ctx->bdev_io_wait); 1216 if (rc != 0) { 1217 SPDK_ERRLOG("Queue io failed in vbdev_crypto_queue_io, rc=%d.\n", rc); 1218 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 1219 } 1220 } 1221 1222 /* Callback for getting a buf from the bdev pool in the event that the caller passed 1223 * in NULL, we need to own the buffer so it doesn't get freed by another vbdev module 1224 * beneath us before we're done with it. 1225 */ 1226 static void 1227 crypto_read_get_buf_cb(struct spdk_io_channel *ch, struct spdk_bdev_io *bdev_io, 1228 bool success) 1229 { 1230 struct vbdev_crypto *crypto_bdev = SPDK_CONTAINEROF(bdev_io->bdev, struct vbdev_crypto, 1231 crypto_bdev); 1232 struct crypto_io_channel *crypto_ch = spdk_io_channel_get_ctx(ch); 1233 struct crypto_bdev_io *io_ctx = (struct crypto_bdev_io *)bdev_io->driver_ctx; 1234 int rc; 1235 1236 if (!success) { 1237 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 1238 return; 1239 } 1240 1241 rc = spdk_bdev_readv_blocks(crypto_bdev->base_desc, crypto_ch->base_ch, bdev_io->u.bdev.iovs, 1242 bdev_io->u.bdev.iovcnt, bdev_io->u.bdev.offset_blocks, 1243 bdev_io->u.bdev.num_blocks, _complete_internal_read, 1244 bdev_io); 1245 if (rc != 0) { 1246 if (rc == -ENOMEM) { 1247 SPDK_DEBUGLOG(vbdev_crypto, "No memory, queue the IO.\n"); 1248 io_ctx->ch = ch; 1249 vbdev_crypto_queue_io(bdev_io); 1250 } else { 1251 SPDK_ERRLOG("Failed to submit bdev_io!\n"); 1252 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 1253 } 1254 } 1255 } 1256 1257 /* For encryption we don't want to encrypt the data in place as the host isn't 1258 * expecting us to mangle its data buffers so we need to encrypt into the bdev 1259 * aux buffer, then we can use that as the source for the disk data transfer. 1260 */ 1261 static void 1262 crypto_write_get_buf_cb(struct spdk_io_channel *ch, struct spdk_bdev_io *bdev_io, 1263 void *aux_buf) 1264 { 1265 struct crypto_bdev_io *io_ctx = (struct crypto_bdev_io *)bdev_io->driver_ctx; 1266 int rc = 0; 1267 1268 rc = _crypto_operation(bdev_io, RTE_CRYPTO_CIPHER_OP_ENCRYPT, aux_buf); 1269 if (rc != 0) { 1270 spdk_bdev_io_put_aux_buf(bdev_io, aux_buf); 1271 if (rc == -ENOMEM) { 1272 SPDK_DEBUGLOG(vbdev_crypto, "No memory, queue the IO.\n"); 1273 io_ctx->ch = ch; 1274 vbdev_crypto_queue_io(bdev_io); 1275 } else { 1276 SPDK_ERRLOG("Failed to submit bdev_io!\n"); 1277 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 1278 } 1279 } 1280 } 1281 1282 /* Called when someone submits IO to this crypto vbdev. For IO's not relevant to crypto, 1283 * we're simply passing it on here via SPDK IO calls which in turn allocate another bdev IO 1284 * and call our cpl callback provided below along with the original bdev_io so that we can 1285 * complete it once this IO completes. For crypto operations, we'll either encrypt it first 1286 * (writes) then call back into bdev to submit it or we'll submit a read and then catch it 1287 * on the way back for decryption. 1288 */ 1289 static void 1290 vbdev_crypto_submit_request(struct spdk_io_channel *ch, struct spdk_bdev_io *bdev_io) 1291 { 1292 struct vbdev_crypto *crypto_bdev = SPDK_CONTAINEROF(bdev_io->bdev, struct vbdev_crypto, 1293 crypto_bdev); 1294 struct crypto_io_channel *crypto_ch = spdk_io_channel_get_ctx(ch); 1295 struct crypto_bdev_io *io_ctx = (struct crypto_bdev_io *)bdev_io->driver_ctx; 1296 int rc = 0; 1297 1298 memset(io_ctx, 0, sizeof(struct crypto_bdev_io)); 1299 io_ctx->crypto_bdev = crypto_bdev; 1300 io_ctx->crypto_ch = crypto_ch; 1301 io_ctx->orig_io = bdev_io; 1302 io_ctx->bdev_io_status = SPDK_BDEV_IO_STATUS_SUCCESS; 1303 1304 switch (bdev_io->type) { 1305 case SPDK_BDEV_IO_TYPE_READ: 1306 spdk_bdev_io_get_buf(bdev_io, crypto_read_get_buf_cb, 1307 bdev_io->u.bdev.num_blocks * bdev_io->bdev->blocklen); 1308 break; 1309 case SPDK_BDEV_IO_TYPE_WRITE: 1310 /* Tell the bdev layer that we need an aux buf in addition to the data 1311 * buf already associated with the bdev. 1312 */ 1313 spdk_bdev_io_get_aux_buf(bdev_io, crypto_write_get_buf_cb); 1314 break; 1315 case SPDK_BDEV_IO_TYPE_UNMAP: 1316 rc = spdk_bdev_unmap_blocks(crypto_bdev->base_desc, crypto_ch->base_ch, 1317 bdev_io->u.bdev.offset_blocks, 1318 bdev_io->u.bdev.num_blocks, 1319 _complete_internal_io, bdev_io); 1320 break; 1321 case SPDK_BDEV_IO_TYPE_FLUSH: 1322 rc = spdk_bdev_flush_blocks(crypto_bdev->base_desc, crypto_ch->base_ch, 1323 bdev_io->u.bdev.offset_blocks, 1324 bdev_io->u.bdev.num_blocks, 1325 _complete_internal_io, bdev_io); 1326 break; 1327 case SPDK_BDEV_IO_TYPE_RESET: 1328 rc = spdk_bdev_reset(crypto_bdev->base_desc, crypto_ch->base_ch, 1329 _complete_internal_io, bdev_io); 1330 break; 1331 case SPDK_BDEV_IO_TYPE_WRITE_ZEROES: 1332 default: 1333 SPDK_ERRLOG("crypto: unknown I/O type %d\n", bdev_io->type); 1334 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 1335 return; 1336 } 1337 1338 if (rc != 0) { 1339 if (rc == -ENOMEM) { 1340 SPDK_DEBUGLOG(vbdev_crypto, "No memory, queue the IO.\n"); 1341 io_ctx->ch = ch; 1342 vbdev_crypto_queue_io(bdev_io); 1343 } else { 1344 SPDK_ERRLOG("Failed to submit bdev_io!\n"); 1345 spdk_bdev_io_complete(bdev_io, SPDK_BDEV_IO_STATUS_FAILED); 1346 } 1347 } 1348 } 1349 1350 /* We'll just call the base bdev and let it answer except for WZ command which 1351 * we always say we don't support so that the bdev layer will actually send us 1352 * real writes that we can encrypt. 1353 */ 1354 static bool 1355 vbdev_crypto_io_type_supported(void *ctx, enum spdk_bdev_io_type io_type) 1356 { 1357 struct vbdev_crypto *crypto_bdev = (struct vbdev_crypto *)ctx; 1358 1359 switch (io_type) { 1360 case SPDK_BDEV_IO_TYPE_WRITE: 1361 case SPDK_BDEV_IO_TYPE_UNMAP: 1362 case SPDK_BDEV_IO_TYPE_RESET: 1363 case SPDK_BDEV_IO_TYPE_READ: 1364 case SPDK_BDEV_IO_TYPE_FLUSH: 1365 return spdk_bdev_io_type_supported(crypto_bdev->base_bdev, io_type); 1366 case SPDK_BDEV_IO_TYPE_WRITE_ZEROES: 1367 /* Force the bdev layer to issue actual writes of zeroes so we can 1368 * encrypt them as regular writes. 1369 */ 1370 default: 1371 return false; 1372 } 1373 } 1374 1375 static struct vbdev_dev * 1376 _vdev_dev_get(struct vbdev_crypto *vbdev) 1377 { 1378 struct vbdev_dev *device; 1379 1380 TAILQ_FOREACH(device, &g_vbdev_devs, link) { 1381 if (strcmp(device->cdev_info.driver_name, vbdev->opts->drv_name) == 0) { 1382 return device; 1383 } 1384 } 1385 return NULL; 1386 } 1387 1388 static void 1389 _cryptodev_sym_session_free(struct vbdev_crypto *vbdev, void *session) 1390 { 1391 #if RTE_VERSION >= RTE_VERSION_NUM(22, 11, 0, 0) 1392 struct vbdev_dev *device = _vdev_dev_get(vbdev); 1393 1394 assert(device != NULL); 1395 1396 rte_cryptodev_sym_session_free(device->cdev_id, session); 1397 #else 1398 rte_cryptodev_sym_session_free(session); 1399 #endif 1400 } 1401 1402 static void * 1403 _cryptodev_sym_session_create(struct vbdev_crypto *vbdev, struct rte_crypto_sym_xform *xforms) 1404 { 1405 void *session; 1406 struct vbdev_dev *device; 1407 1408 device = _vdev_dev_get(vbdev); 1409 if (!device) { 1410 SPDK_ERRLOG("Failed to match crypto device driver to crypto vbdev.\n"); 1411 return NULL; 1412 } 1413 1414 #if RTE_VERSION >= RTE_VERSION_NUM(22, 11, 0, 0) 1415 session = rte_cryptodev_sym_session_create(device->cdev_id, xforms, g_session_mp); 1416 #else 1417 session = rte_cryptodev_sym_session_create(g_session_mp); 1418 if (!session) { 1419 return NULL; 1420 } 1421 1422 if (rte_cryptodev_sym_session_init(device->cdev_id, session, xforms, g_session_mp_priv) < 0) { 1423 _cryptodev_sym_session_free(vbdev, session); 1424 return NULL; 1425 } 1426 #endif 1427 1428 return session; 1429 } 1430 1431 /* Callback for unregistering the IO device. */ 1432 static void 1433 _device_unregister_cb(void *io_device) 1434 { 1435 struct vbdev_crypto *crypto_bdev = io_device; 1436 1437 /* Done with this crypto_bdev. */ 1438 _cryptodev_sym_session_free(crypto_bdev, crypto_bdev->session_decrypt); 1439 _cryptodev_sym_session_free(crypto_bdev, crypto_bdev->session_encrypt); 1440 crypto_bdev->opts = NULL; 1441 free(crypto_bdev->crypto_bdev.name); 1442 free(crypto_bdev); 1443 } 1444 1445 /* Wrapper for the bdev close operation. */ 1446 static void 1447 _vbdev_crypto_destruct(void *ctx) 1448 { 1449 struct spdk_bdev_desc *desc = ctx; 1450 1451 spdk_bdev_close(desc); 1452 } 1453 1454 /* Called after we've unregistered following a hot remove callback. 1455 * Our finish entry point will be called next. 1456 */ 1457 static int 1458 vbdev_crypto_destruct(void *ctx) 1459 { 1460 struct vbdev_crypto *crypto_bdev = (struct vbdev_crypto *)ctx; 1461 1462 /* Remove this device from the internal list */ 1463 TAILQ_REMOVE(&g_vbdev_crypto, crypto_bdev, link); 1464 1465 /* Unclaim the underlying bdev. */ 1466 spdk_bdev_module_release_bdev(crypto_bdev->base_bdev); 1467 1468 /* Close the underlying bdev on its same opened thread. */ 1469 if (crypto_bdev->thread && crypto_bdev->thread != spdk_get_thread()) { 1470 spdk_thread_send_msg(crypto_bdev->thread, _vbdev_crypto_destruct, crypto_bdev->base_desc); 1471 } else { 1472 spdk_bdev_close(crypto_bdev->base_desc); 1473 } 1474 1475 /* Unregister the io_device. */ 1476 spdk_io_device_unregister(crypto_bdev, _device_unregister_cb); 1477 1478 g_number_of_claimed_volumes--; 1479 1480 return 0; 1481 } 1482 1483 /* We supplied this as an entry point for upper layers who want to communicate to this 1484 * bdev. This is how they get a channel. We are passed the same context we provided when 1485 * we created our crypto vbdev in examine() which, for this bdev, is the address of one of 1486 * our context nodes. From here we'll ask the SPDK channel code to fill out our channel 1487 * struct and we'll keep it in our crypto node. 1488 */ 1489 static struct spdk_io_channel * 1490 vbdev_crypto_get_io_channel(void *ctx) 1491 { 1492 struct vbdev_crypto *crypto_bdev = (struct vbdev_crypto *)ctx; 1493 1494 /* The IO channel code will allocate a channel for us which consists of 1495 * the SPDK channel structure plus the size of our crypto_io_channel struct 1496 * that we passed in when we registered our IO device. It will then call 1497 * our channel create callback to populate any elements that we need to 1498 * update. 1499 */ 1500 return spdk_get_io_channel(crypto_bdev); 1501 } 1502 1503 /* This is the output for bdev_get_bdevs() for this vbdev */ 1504 static int 1505 vbdev_crypto_dump_info_json(void *ctx, struct spdk_json_write_ctx *w) 1506 { 1507 struct vbdev_crypto *crypto_bdev = (struct vbdev_crypto *)ctx; 1508 char *hexkey = NULL, *hexkey2 = NULL; 1509 int rc = 0; 1510 1511 hexkey = spdk_hexlify(crypto_bdev->opts->key, 1512 crypto_bdev->opts->key_size); 1513 if (!hexkey) { 1514 return -ENOMEM; 1515 } 1516 1517 if (crypto_bdev->opts->key2) { 1518 hexkey2 = spdk_hexlify(crypto_bdev->opts->key2, 1519 crypto_bdev->opts->key2_size); 1520 if (!hexkey2) { 1521 rc = -ENOMEM; 1522 goto out_err; 1523 } 1524 } 1525 1526 spdk_json_write_name(w, "crypto"); 1527 spdk_json_write_object_begin(w); 1528 spdk_json_write_named_string(w, "base_bdev_name", spdk_bdev_get_name(crypto_bdev->base_bdev)); 1529 spdk_json_write_named_string(w, "name", spdk_bdev_get_name(&crypto_bdev->crypto_bdev)); 1530 spdk_json_write_named_string(w, "crypto_pmd", crypto_bdev->opts->drv_name); 1531 spdk_json_write_named_string(w, "key", hexkey); 1532 if (hexkey2) { 1533 spdk_json_write_named_string(w, "key2", hexkey2); 1534 } 1535 spdk_json_write_named_string(w, "cipher", crypto_bdev->opts->cipher); 1536 spdk_json_write_object_end(w); 1537 out_err: 1538 if (hexkey) { 1539 memset(hexkey, 0, strlen(hexkey)); 1540 free(hexkey); 1541 } 1542 if (hexkey2) { 1543 memset(hexkey2, 0, strlen(hexkey2)); 1544 free(hexkey2); 1545 } 1546 return rc; 1547 } 1548 1549 static int 1550 vbdev_crypto_config_json(struct spdk_json_write_ctx *w) 1551 { 1552 struct vbdev_crypto *crypto_bdev; 1553 1554 TAILQ_FOREACH(crypto_bdev, &g_vbdev_crypto, link) { 1555 char *hexkey = NULL, *hexkey2 = NULL; 1556 1557 hexkey = spdk_hexlify(crypto_bdev->opts->key, 1558 crypto_bdev->opts->key_size); 1559 if (!hexkey) { 1560 return -ENOMEM; 1561 } 1562 1563 if (crypto_bdev->opts->key2) { 1564 hexkey2 = spdk_hexlify(crypto_bdev->opts->key2, 1565 crypto_bdev->opts->key2_size); 1566 if (!hexkey2) { 1567 memset(hexkey, 0, strlen(hexkey)); 1568 free(hexkey); 1569 return -ENOMEM; 1570 } 1571 } 1572 1573 spdk_json_write_object_begin(w); 1574 spdk_json_write_named_string(w, "method", "bdev_crypto_create"); 1575 spdk_json_write_named_object_begin(w, "params"); 1576 spdk_json_write_named_string(w, "base_bdev_name", spdk_bdev_get_name(crypto_bdev->base_bdev)); 1577 spdk_json_write_named_string(w, "name", spdk_bdev_get_name(&crypto_bdev->crypto_bdev)); 1578 spdk_json_write_named_string(w, "crypto_pmd", crypto_bdev->opts->drv_name); 1579 spdk_json_write_named_string(w, "key", hexkey); 1580 if (hexkey2) { 1581 spdk_json_write_named_string(w, "key2", hexkey2); 1582 } 1583 spdk_json_write_named_string(w, "cipher", crypto_bdev->opts->cipher); 1584 spdk_json_write_object_end(w); 1585 spdk_json_write_object_end(w); 1586 1587 if (hexkey) { 1588 memset(hexkey, 0, strlen(hexkey)); 1589 free(hexkey); 1590 } 1591 if (hexkey2) { 1592 memset(hexkey2, 0, strlen(hexkey2)); 1593 free(hexkey2); 1594 } 1595 } 1596 return 0; 1597 } 1598 1599 /* Helper function for the channel creation callback. */ 1600 static void 1601 _assign_device_qp(struct vbdev_crypto *crypto_bdev, struct device_qp *device_qp, 1602 struct crypto_io_channel *crypto_ch) 1603 { 1604 pthread_mutex_lock(&g_device_qp_lock); 1605 if (strcmp(crypto_bdev->opts->drv_name, QAT) == 0) { 1606 /* For some QAT devices, the optimal qp to use is every 32nd as this spreads the 1607 * workload out over the multiple virtual functions in the device. For the devices 1608 * where this isn't the case, it doesn't hurt. 1609 */ 1610 TAILQ_FOREACH(device_qp, &g_device_qp_qat, link) { 1611 if (device_qp->index != g_next_qat_index) { 1612 continue; 1613 } 1614 if (device_qp->in_use == false) { 1615 crypto_ch->device_qp = device_qp; 1616 device_qp->in_use = true; 1617 g_next_qat_index = (g_next_qat_index + QAT_VF_SPREAD) % g_qat_total_qp; 1618 break; 1619 } else { 1620 /* if the preferred index is used, skip to the next one in this set. */ 1621 g_next_qat_index = (g_next_qat_index + 1) % g_qat_total_qp; 1622 } 1623 } 1624 } else if (strcmp(crypto_bdev->opts->drv_name, AESNI_MB) == 0) { 1625 TAILQ_FOREACH(device_qp, &g_device_qp_aesni_mb, link) { 1626 if (device_qp->in_use == false) { 1627 crypto_ch->device_qp = device_qp; 1628 device_qp->in_use = true; 1629 break; 1630 } 1631 } 1632 } else if (strcmp(crypto_bdev->opts->drv_name, MLX5) == 0) { 1633 TAILQ_FOREACH(device_qp, &g_device_qp_mlx5, link) { 1634 if (device_qp->in_use == false) { 1635 crypto_ch->device_qp = device_qp; 1636 device_qp->in_use = true; 1637 break; 1638 } 1639 } 1640 } 1641 pthread_mutex_unlock(&g_device_qp_lock); 1642 } 1643 1644 /* We provide this callback for the SPDK channel code to create a channel using 1645 * the channel struct we provided in our module get_io_channel() entry point. Here 1646 * we get and save off an underlying base channel of the device below us so that 1647 * we can communicate with the base bdev on a per channel basis. We also register the 1648 * poller used to complete crypto operations from the device. 1649 */ 1650 static int 1651 crypto_bdev_ch_create_cb(void *io_device, void *ctx_buf) 1652 { 1653 struct crypto_io_channel *crypto_ch = ctx_buf; 1654 struct vbdev_crypto *crypto_bdev = io_device; 1655 struct device_qp *device_qp = NULL; 1656 1657 crypto_ch->base_ch = spdk_bdev_get_io_channel(crypto_bdev->base_desc); 1658 crypto_ch->poller = SPDK_POLLER_REGISTER(crypto_dev_poller, crypto_ch, 0); 1659 crypto_ch->device_qp = NULL; 1660 1661 /* Assign a device/qp combination that is unique per channel per PMD. */ 1662 _assign_device_qp(crypto_bdev, device_qp, crypto_ch); 1663 assert(crypto_ch->device_qp); 1664 1665 /* We use this queue to track outstanding IO in our layer. */ 1666 TAILQ_INIT(&crypto_ch->pending_cry_ios); 1667 1668 /* We use this to queue up crypto ops when the device is busy. */ 1669 TAILQ_INIT(&crypto_ch->queued_cry_ops); 1670 1671 return 0; 1672 } 1673 1674 /* We provide this callback for the SPDK channel code to destroy a channel 1675 * created with our create callback. We just need to undo anything we did 1676 * when we created. 1677 */ 1678 static void 1679 crypto_bdev_ch_destroy_cb(void *io_device, void *ctx_buf) 1680 { 1681 struct crypto_io_channel *crypto_ch = ctx_buf; 1682 1683 pthread_mutex_lock(&g_device_qp_lock); 1684 crypto_ch->device_qp->in_use = false; 1685 pthread_mutex_unlock(&g_device_qp_lock); 1686 1687 spdk_poller_unregister(&crypto_ch->poller); 1688 spdk_put_io_channel(crypto_ch->base_ch); 1689 } 1690 1691 /* Create the association from the bdev and vbdev name and insert 1692 * on the global list. */ 1693 static int 1694 vbdev_crypto_insert_name(struct vbdev_crypto_opts *opts, struct bdev_names **out) 1695 { 1696 struct bdev_names *name; 1697 bool found = false; 1698 int j; 1699 1700 assert(opts); 1701 assert(out); 1702 1703 TAILQ_FOREACH(name, &g_bdev_names, link) { 1704 if (strcmp(opts->vbdev_name, name->opts->vbdev_name) == 0) { 1705 SPDK_ERRLOG("Crypto bdev %s already exists\n", opts->vbdev_name); 1706 return -EEXIST; 1707 } 1708 } 1709 1710 for (j = 0; j < MAX_NUM_DRV_TYPES ; j++) { 1711 if (strcmp(opts->drv_name, g_driver_names[j]) == 0) { 1712 found = true; 1713 break; 1714 } 1715 } 1716 if (!found) { 1717 SPDK_ERRLOG("Crypto PMD type %s is not supported.\n", opts->drv_name); 1718 return -EINVAL; 1719 } 1720 1721 name = calloc(1, sizeof(struct bdev_names)); 1722 if (!name) { 1723 SPDK_ERRLOG("Failed to allocate memory for bdev_names.\n"); 1724 return -ENOMEM; 1725 } 1726 1727 name->opts = opts; 1728 TAILQ_INSERT_TAIL(&g_bdev_names, name, link); 1729 *out = name; 1730 1731 return 0; 1732 } 1733 1734 void 1735 free_crypto_opts(struct vbdev_crypto_opts *opts) 1736 { 1737 free(opts->bdev_name); 1738 free(opts->vbdev_name); 1739 free(opts->drv_name); 1740 if (opts->xts_key) { 1741 memset(opts->xts_key, 0, 1742 opts->key_size + opts->key2_size); 1743 free(opts->xts_key); 1744 } 1745 memset(opts->key, 0, opts->key_size); 1746 free(opts->key); 1747 opts->key_size = 0; 1748 if (opts->key2) { 1749 memset(opts->key2, 0, opts->key2_size); 1750 free(opts->key2); 1751 } 1752 opts->key2_size = 0; 1753 free(opts); 1754 } 1755 1756 static void 1757 vbdev_crypto_delete_name(struct bdev_names *name) 1758 { 1759 TAILQ_REMOVE(&g_bdev_names, name, link); 1760 if (name->opts) { 1761 free_crypto_opts(name->opts); 1762 name->opts = NULL; 1763 } 1764 free(name); 1765 } 1766 1767 /* RPC entry point for crypto creation. */ 1768 int 1769 create_crypto_disk(struct vbdev_crypto_opts *opts) 1770 { 1771 struct bdev_names *name = NULL; 1772 int rc; 1773 1774 rc = vbdev_crypto_insert_name(opts, &name); 1775 if (rc) { 1776 return rc; 1777 } 1778 1779 rc = vbdev_crypto_claim(opts->bdev_name); 1780 if (rc == -ENODEV) { 1781 SPDK_NOTICELOG("vbdev creation deferred pending base bdev arrival\n"); 1782 rc = 0; 1783 } 1784 1785 if (rc) { 1786 assert(name != NULL); 1787 /* In case of error we let the caller function to deallocate @opts 1788 * since it is its responsibiltiy. Setting name->opts = NULL let's 1789 * vbdev_crypto_delete_name() know it does not have to do anything 1790 * about @opts. 1791 */ 1792 name->opts = NULL; 1793 vbdev_crypto_delete_name(name); 1794 } 1795 return rc; 1796 } 1797 1798 /* Called at driver init time, parses config file to prepare for examine calls, 1799 * also fully initializes the crypto drivers. 1800 */ 1801 static int 1802 vbdev_crypto_init(void) 1803 { 1804 int rc = 0; 1805 1806 /* Fully configure both SW and HW drivers. */ 1807 rc = vbdev_crypto_init_crypto_drivers(); 1808 if (rc) { 1809 SPDK_ERRLOG("Error setting up crypto devices\n"); 1810 } 1811 1812 return rc; 1813 } 1814 1815 /* Called when the entire module is being torn down. */ 1816 static void 1817 vbdev_crypto_finish(void) 1818 { 1819 struct bdev_names *name; 1820 struct vbdev_dev *device; 1821 1822 while ((name = TAILQ_FIRST(&g_bdev_names))) { 1823 vbdev_crypto_delete_name(name); 1824 } 1825 1826 while ((device = TAILQ_FIRST(&g_vbdev_devs))) { 1827 TAILQ_REMOVE(&g_vbdev_devs, device, link); 1828 release_vbdev_dev(device); 1829 } 1830 rte_vdev_uninit(AESNI_MB); 1831 1832 /* These are removed in release_vbdev_dev() */ 1833 assert(TAILQ_EMPTY(&g_device_qp_qat)); 1834 assert(TAILQ_EMPTY(&g_device_qp_aesni_mb)); 1835 assert(TAILQ_EMPTY(&g_device_qp_mlx5)); 1836 1837 rte_mempool_free(g_crypto_op_mp); 1838 rte_mempool_free(g_mbuf_mp); 1839 rte_mempool_free(g_session_mp); 1840 if (g_session_mp_priv != NULL) { 1841 rte_mempool_free(g_session_mp_priv); 1842 } 1843 } 1844 1845 /* During init we'll be asked how much memory we'd like passed to us 1846 * in bev_io structures as context. Here's where we specify how 1847 * much context we want per IO. 1848 */ 1849 static int 1850 vbdev_crypto_get_ctx_size(void) 1851 { 1852 return sizeof(struct crypto_bdev_io); 1853 } 1854 1855 static void 1856 vbdev_crypto_base_bdev_hotremove_cb(struct spdk_bdev *bdev_find) 1857 { 1858 struct vbdev_crypto *crypto_bdev, *tmp; 1859 1860 TAILQ_FOREACH_SAFE(crypto_bdev, &g_vbdev_crypto, link, tmp) { 1861 if (bdev_find == crypto_bdev->base_bdev) { 1862 spdk_bdev_unregister(&crypto_bdev->crypto_bdev, NULL, NULL); 1863 } 1864 } 1865 } 1866 1867 /* Called when the underlying base bdev triggers asynchronous event such as bdev removal. */ 1868 static void 1869 vbdev_crypto_base_bdev_event_cb(enum spdk_bdev_event_type type, struct spdk_bdev *bdev, 1870 void *event_ctx) 1871 { 1872 switch (type) { 1873 case SPDK_BDEV_EVENT_REMOVE: 1874 vbdev_crypto_base_bdev_hotremove_cb(bdev); 1875 break; 1876 default: 1877 SPDK_NOTICELOG("Unsupported bdev event: type %d\n", type); 1878 break; 1879 } 1880 } 1881 1882 static void 1883 vbdev_crypto_write_config_json(struct spdk_bdev *bdev, struct spdk_json_write_ctx *w) 1884 { 1885 /* No config per bdev needed */ 1886 } 1887 1888 /* When we register our bdev this is how we specify our entry points. */ 1889 static const struct spdk_bdev_fn_table vbdev_crypto_fn_table = { 1890 .destruct = vbdev_crypto_destruct, 1891 .submit_request = vbdev_crypto_submit_request, 1892 .io_type_supported = vbdev_crypto_io_type_supported, 1893 .get_io_channel = vbdev_crypto_get_io_channel, 1894 .dump_info_json = vbdev_crypto_dump_info_json, 1895 .write_config_json = vbdev_crypto_write_config_json 1896 }; 1897 1898 static struct spdk_bdev_module crypto_if = { 1899 .name = "crypto", 1900 .module_init = vbdev_crypto_init, 1901 .get_ctx_size = vbdev_crypto_get_ctx_size, 1902 .examine_config = vbdev_crypto_examine, 1903 .module_fini = vbdev_crypto_finish, 1904 .config_json = vbdev_crypto_config_json 1905 }; 1906 1907 SPDK_BDEV_MODULE_REGISTER(crypto, &crypto_if) 1908 1909 static int 1910 vbdev_crypto_claim(const char *bdev_name) 1911 { 1912 struct bdev_names *name; 1913 struct vbdev_crypto *vbdev; 1914 struct spdk_bdev *bdev; 1915 uint8_t key_size; 1916 int rc = 0; 1917 1918 if (g_number_of_claimed_volumes >= MAX_CRYPTO_VOLUMES) { 1919 SPDK_DEBUGLOG(vbdev_crypto, "Reached max number of claimed volumes\n"); 1920 return -EINVAL; 1921 } 1922 g_number_of_claimed_volumes++; 1923 1924 /* Check our list of names from config versus this bdev and if 1925 * there's a match, create the crypto_bdev & bdev accordingly. 1926 */ 1927 TAILQ_FOREACH(name, &g_bdev_names, link) { 1928 if (strcmp(name->opts->bdev_name, bdev_name) != 0) { 1929 continue; 1930 } 1931 SPDK_DEBUGLOG(vbdev_crypto, "Match on %s\n", bdev_name); 1932 1933 vbdev = calloc(1, sizeof(struct vbdev_crypto)); 1934 if (!vbdev) { 1935 SPDK_ERRLOG("Failed to allocate memory for crypto_bdev.\n"); 1936 rc = -ENOMEM; 1937 goto error_vbdev_alloc; 1938 } 1939 vbdev->crypto_bdev.product_name = "crypto"; 1940 1941 vbdev->crypto_bdev.name = strdup(name->opts->vbdev_name); 1942 if (!vbdev->crypto_bdev.name) { 1943 SPDK_ERRLOG("Failed to allocate memory for crypto_bdev name.\n"); 1944 rc = -ENOMEM; 1945 goto error_bdev_name; 1946 } 1947 1948 rc = spdk_bdev_open_ext(bdev_name, true, vbdev_crypto_base_bdev_event_cb, 1949 NULL, &vbdev->base_desc); 1950 if (rc) { 1951 if (rc != -ENODEV) { 1952 SPDK_ERRLOG("Failed to open bdev %s: error %d\n", bdev_name, rc); 1953 } 1954 goto error_open; 1955 } 1956 1957 bdev = spdk_bdev_desc_get_bdev(vbdev->base_desc); 1958 vbdev->base_bdev = bdev; 1959 1960 if (strcmp(name->opts->drv_name, MLX5) == 0) { 1961 vbdev->qp_desc_nr = CRYPTO_QP_DESCRIPTORS_MLX5; 1962 } else { 1963 vbdev->qp_desc_nr = CRYPTO_QP_DESCRIPTORS; 1964 } 1965 1966 vbdev->crypto_bdev.write_cache = bdev->write_cache; 1967 if (strcmp(name->opts->drv_name, QAT) == 0) { 1968 vbdev->crypto_bdev.required_alignment = 1969 spdk_max(spdk_u32log2(bdev->blocklen), bdev->required_alignment); 1970 SPDK_NOTICELOG("QAT in use: Required alignment set to %u\n", 1971 vbdev->crypto_bdev.required_alignment); 1972 SPDK_NOTICELOG("QAT using cipher: %s\n", name->opts->cipher); 1973 } else if (strcmp(name->opts->drv_name, MLX5) == 0) { 1974 vbdev->crypto_bdev.required_alignment = bdev->required_alignment; 1975 SPDK_NOTICELOG("MLX5 using cipher: %s\n", name->opts->cipher); 1976 } else { 1977 vbdev->crypto_bdev.required_alignment = bdev->required_alignment; 1978 SPDK_NOTICELOG("AESNI_MB using cipher: %s\n", name->opts->cipher); 1979 } 1980 vbdev->cipher_xform.cipher.iv.length = IV_LENGTH; 1981 1982 /* Note: CRYPTO_MAX_IO is in units of bytes, optimal_io_boundary is 1983 * in units of blocks. 1984 */ 1985 if (bdev->optimal_io_boundary > 0) { 1986 vbdev->crypto_bdev.optimal_io_boundary = 1987 spdk_min((CRYPTO_MAX_IO / bdev->blocklen), bdev->optimal_io_boundary); 1988 } else { 1989 vbdev->crypto_bdev.optimal_io_boundary = (CRYPTO_MAX_IO / bdev->blocklen); 1990 } 1991 vbdev->crypto_bdev.split_on_optimal_io_boundary = true; 1992 vbdev->crypto_bdev.blocklen = bdev->blocklen; 1993 vbdev->crypto_bdev.blockcnt = bdev->blockcnt; 1994 1995 /* This is the context that is passed to us when the bdev 1996 * layer calls in so we'll save our crypto_bdev node here. 1997 */ 1998 vbdev->crypto_bdev.ctxt = vbdev; 1999 vbdev->crypto_bdev.fn_table = &vbdev_crypto_fn_table; 2000 vbdev->crypto_bdev.module = &crypto_if; 2001 2002 /* Assign crypto opts from the name. The pointer is valid up to the point 2003 * the module is unloaded and all names removed from the list. */ 2004 vbdev->opts = name->opts; 2005 2006 TAILQ_INSERT_TAIL(&g_vbdev_crypto, vbdev, link); 2007 2008 spdk_io_device_register(vbdev, crypto_bdev_ch_create_cb, crypto_bdev_ch_destroy_cb, 2009 sizeof(struct crypto_io_channel), vbdev->crypto_bdev.name); 2010 2011 /* Save the thread where the base device is opened */ 2012 vbdev->thread = spdk_get_thread(); 2013 2014 rc = spdk_bdev_module_claim_bdev(bdev, vbdev->base_desc, vbdev->crypto_bdev.module); 2015 if (rc) { 2016 SPDK_ERRLOG("Failed to claim bdev %s\n", spdk_bdev_get_name(bdev)); 2017 goto error_claim; 2018 } 2019 2020 /* Init our per vbdev xform with the desired cipher options. */ 2021 vbdev->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; 2022 vbdev->cipher_xform.cipher.iv.offset = IV_OFFSET; 2023 if (strcmp(vbdev->opts->cipher, AES_CBC) == 0) { 2024 vbdev->cipher_xform.cipher.key.data = vbdev->opts->key; 2025 vbdev->cipher_xform.cipher.key.length = vbdev->opts->key_size; 2026 vbdev->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC; 2027 } else if (strcmp(vbdev->opts->cipher, AES_XTS) == 0) { 2028 key_size = vbdev->opts->key_size + vbdev->opts->key2_size; 2029 vbdev->cipher_xform.cipher.key.data = vbdev->opts->xts_key; 2030 vbdev->cipher_xform.cipher.key.length = key_size; 2031 vbdev->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_XTS; 2032 } else { 2033 SPDK_ERRLOG("Invalid cipher name %s.\n", vbdev->opts->cipher); 2034 rc = -EINVAL; 2035 goto error_session_de_create; 2036 } 2037 vbdev->cipher_xform.cipher.iv.length = IV_LENGTH; 2038 2039 vbdev->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; 2040 vbdev->session_encrypt = _cryptodev_sym_session_create(vbdev, &vbdev->cipher_xform); 2041 if (NULL == vbdev->session_encrypt) { 2042 SPDK_ERRLOG("Failed to create encrypt crypto session.\n"); 2043 rc = -EINVAL; 2044 goto error_session_en_create; 2045 } 2046 2047 vbdev->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; 2048 vbdev->session_decrypt = _cryptodev_sym_session_create(vbdev, &vbdev->cipher_xform); 2049 if (NULL == vbdev->session_decrypt) { 2050 SPDK_ERRLOG("Failed to create decrypt crypto session.\n"); 2051 rc = -EINVAL; 2052 goto error_session_de_create; 2053 } 2054 2055 rc = spdk_bdev_register(&vbdev->crypto_bdev); 2056 if (rc < 0) { 2057 SPDK_ERRLOG("Failed to register vbdev: error %d\n", rc); 2058 rc = -EINVAL; 2059 goto error_bdev_register; 2060 } 2061 SPDK_DEBUGLOG(vbdev_crypto, "Registered io_device and virtual bdev for: %s\n", 2062 vbdev->opts->vbdev_name); 2063 break; 2064 } 2065 2066 return rc; 2067 2068 /* Error cleanup paths. */ 2069 error_bdev_register: 2070 _cryptodev_sym_session_free(vbdev, vbdev->session_decrypt); 2071 error_session_de_create: 2072 _cryptodev_sym_session_free(vbdev, vbdev->session_encrypt); 2073 error_session_en_create: 2074 spdk_bdev_module_release_bdev(vbdev->base_bdev); 2075 error_claim: 2076 TAILQ_REMOVE(&g_vbdev_crypto, vbdev, link); 2077 spdk_io_device_unregister(vbdev, NULL); 2078 spdk_bdev_close(vbdev->base_desc); 2079 error_open: 2080 free(vbdev->crypto_bdev.name); 2081 error_bdev_name: 2082 free(vbdev); 2083 error_vbdev_alloc: 2084 g_number_of_claimed_volumes--; 2085 return rc; 2086 } 2087 2088 /* RPC entry for deleting a crypto vbdev. */ 2089 void 2090 delete_crypto_disk(const char *bdev_name, spdk_delete_crypto_complete cb_fn, 2091 void *cb_arg) 2092 { 2093 struct bdev_names *name; 2094 int rc; 2095 2096 /* Some cleanup happens in the destruct callback. */ 2097 rc = spdk_bdev_unregister_by_name(bdev_name, &crypto_if, cb_fn, cb_arg); 2098 if (rc == 0) { 2099 /* Remove the association (vbdev, bdev) from g_bdev_names. This is required so that the 2100 * vbdev does not get re-created if the same bdev is constructed at some other time, 2101 * unless the underlying bdev was hot-removed. 2102 */ 2103 TAILQ_FOREACH(name, &g_bdev_names, link) { 2104 if (strcmp(name->opts->vbdev_name, bdev_name) == 0) { 2105 vbdev_crypto_delete_name(name); 2106 break; 2107 } 2108 } 2109 } else { 2110 cb_fn(cb_arg, rc); 2111 } 2112 } 2113 2114 /* Because we specified this function in our crypto bdev function table when we 2115 * registered our crypto bdev, we'll get this call anytime a new bdev shows up. 2116 * Here we need to decide if we care about it and if so what to do. We 2117 * parsed the config file at init so we check the new bdev against the list 2118 * we built up at that time and if the user configured us to attach to this 2119 * bdev, here's where we do it. 2120 */ 2121 static void 2122 vbdev_crypto_examine(struct spdk_bdev *bdev) 2123 { 2124 vbdev_crypto_claim(spdk_bdev_get_name(bdev)); 2125 spdk_bdev_module_examine_done(&crypto_if); 2126 } 2127 2128 SPDK_LOG_REGISTER_COMPONENT(vbdev_crypto) 2129