[][kernel][mt7988][eth][remove XFRM offload related code]
[Description]
Remove XFRM offload related code since they should not be bound with
kernel ethernet driver and most of these code are in development.
Instead of providing XFRM offload feature inside ethernet driver, we
implement another package to support XFRM offload feature with EIP197.
[Release-log]
N/A
Change-Id: I883d5bf7faf175f843569f420dbc2d065addd502
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/7826442
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/Makefile b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/Makefile
old mode 100755
new mode 100644
index 13d852c..634640d
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/Makefile
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/Makefile
@@ -6,4 +6,3 @@
obj-$(CONFIG_NET_MEDIATEK_SOC) += mtk_eth.o
mtk_eth-y := mtk_eth_soc.o mtk_sgmii.o mtk_usxgmii.o mtk_eth_path.o mtk_eth_dbg.o mtk_eth_reset.o
obj-$(CONFIG_NET_MEDIATEK_HNAT) += mtk_hnat/
-obj-$(CONFIG_XFRM_OFFLOAD) += mtk_ipsec.o
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_eth_soc.c
old mode 100755
new mode 100644
index 353b656..6272f11
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -31,12 +31,6 @@
#include "mtk_hnat/nf_hnat_mtk.h"
#endif
-#if defined(CONFIG_XFRM_OFFLOAD)
-#include <crypto/sha.h>
-#include <net/xfrm.h>
-#include "mtk_ipsec.h"
-#endif
-
static int mtk_msg_level = -1;
atomic_t reset_lock = ATOMIC_INIT(0);
atomic_t force = ATOMIC_INIT(0);
@@ -4935,9 +4929,6 @@
mtk_napi_rx, MTK_NAPI_WEIGHT);
}
-#if defined(CONFIG_XFRM_OFFLOAD)
- mtk_ipsec_offload_init(eth);
-#endif
mtketh_debugfs_init(eth);
debug_proc_init(eth);
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_ipsec.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_ipsec.c
deleted file mode 100644
index ff61b90..0000000
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_ipsec.c
+++ /dev/null
@@ -1,326 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-// Copyright (c) 2022 MediaTek Inc.
-
-#include <crypto/aes.h>
-#include <crypto/hash.h>
-#include <crypto/hmac.h>
-#include <crypto/sha.h>
-#include <crypto/sha3.h>
-#include <net/xfrm.h>
-#include <linux/ip.h>
-#include <linux/psp-sev.h>
-#include <linux/netdevice.h>
-
-#include "mtk_eth_soc.h"
-#include "mtk_ipsec.h"
-
-static inline void write_state_le(__le32 *dst, const u32 *src, u32 size)
-{
- int i;
-
- for (i = 0; i < SIZE_IN_WORDS(size); i++)
- dst[i] = cpu_to_le32(src[i]);
-}
-
-static inline void write_state_be(__le32 *dst, const u32 *src, u32 size)
-{
- int i;
-
- for (i = 0; i < SIZE_IN_WORDS(size); i++)
- dst[i] = cpu_to_be32(src[i]);
-}
-
-static int hmac_init_iv(struct crypto_shash *tfm,
- unsigned int blocksize, u8 *pad, void *state)
-{
- SHASH_DESC_ON_STACK(desc, tfm);
- int ret;
-
- desc->tfm = tfm;
-
- ret = crypto_shash_init(desc);
- if (ret)
- return ret;
-
- ret = crypto_shash_update(desc, pad, blocksize);
- if (ret && ret != -EINPROGRESS && ret != -EBUSY)
- return ret;
-
- crypto_shash_export(desc, state);
- shash_desc_zero(desc);
-
- return 0;
-}
-
-static int hmac_init_pad(unsigned int blocksize, const u8 *key,
- unsigned int keylen, u8 *ipad, u8 *opad)
-{
- int i;
-
- if (keylen <= blocksize)
- memcpy(ipad, key, keylen);
-
- memset(ipad + keylen, 0, blocksize - keylen);
- memcpy(opad, ipad, blocksize);
-
- for (i = 0; i < blocksize; i++) {
- ipad[i] ^= HMAC_IPAD_VALUE;
- opad[i] ^= HMAC_OPAD_VALUE;
- }
-
- return 0;
-}
-
-int hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
- void *istate, void *ostate)
-{
- struct crypto_shash *tfm;
- unsigned int blocksize;
- u8 *ipad, *opad;
- int ret;
-
- tfm = crypto_alloc_shash(alg, 0, 0);
- if (IS_ERR(tfm))
- return PTR_ERR(tfm);
-
- crypto_shash_clear_flags(tfm, ~0);
- blocksize = crypto_tfm_alg_blocksize(crypto_shash_tfm(tfm));
-
- ipad = kcalloc(2, blocksize, GFP_KERNEL);
- if (!ipad) {
- ret = -ENOMEM;
- goto free_request;
- }
-
- opad = ipad + blocksize;
-
- ret = hmac_init_pad(blocksize, key, keylen, ipad, opad);
- if (ret)
- goto free_ipad;
-
- ret = hmac_init_iv(tfm, blocksize, ipad, istate);
- if (ret)
- goto free_ipad;
-
- ret = hmac_init_iv(tfm, blocksize, opad, ostate);
-
-free_ipad:
- kfree(ipad);
-free_request:
- crypto_free_shash(tfm);
-
- return ret;
-}
-
-static int mtk_ipsec_add_sa(struct xfrm_state *xs)
-{
- struct net_device *dev = xs->xso.dev;
- struct mtk_mac *mac = netdev_priv(dev);
- struct mtk_eth *eth = mac->hw;
- struct context_record *context;
- struct ahash_export_state istate, ostate;
- unsigned char *key_aalg;
- unsigned char *key_ealg;
- unsigned int checksum;
- unsigned int key_len;
- int i;
- int cdrt_idx;
-
- if (xs->props.family != AF_INET) {
- netdev_info(dev, "Only IPv4 xfrm states may be offloaded\n");
- return -EINVAL;
- }
-
- if (xs->id.proto != IPPROTO_ESP) {
- netdev_info(dev, "Unsupported protocol 0x%04x\n",
- xs->id.proto);
- return -EINVAL;
- }
-
- context = kzalloc(sizeof(*context), GFP_KERNEL);
- if (unlikely(!context))
- return -ENOMEM;
-
- /**
- * Set Transform record
- * cdrt_idx=0, outbound for encryption
- * cdrt_idx=1, inbound for decryption
- **/
- if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
- /* rx path */
- context->control0 = CTRL_WORD0_IN;
- context->control1 = CTRL_WORD1_IN;
- context->data[46] = 0x01020000;
- context->data[49] = 0x6117d6a5;
- context->data[50] = 0x07040c10;
- context->data[52] = 0xdd07000c;
- context->data[53] = 0xe4561820;
- cdrt_idx = 1;
-
- } else {
- /* tx path */
- context->control0 = CTRL_WORD0_OUT;
- context->control1 = CTRL_WORD1_OUT;
- memcpy(context->data + 38, &xs->props.saddr.a4, 4);
- memcpy(context->data + 42, &xs->id.daddr.a4, 4);
- context->data[46] = 0x04020000;
- context->data[49] = 0x9e14ed69;
- context->data[50] = 0x01020c10;
- context->data[52] = 0xd0060000;
- context->data[53] = 0xe1560811;
- context->data[55] = 0x00000049;
- cdrt_idx = 0;
- }
- context->data[47] = 0x00080000;
- context->data[48] = 0x00f00008;
- context->data[51] = 0x94119411;
-
- /* Calculate Checksum */
- checksum = 0;
- checksum += context->data[38] % 0x10000;
- checksum += context->data[38] / 0x10000;
- checksum += context->data[42] % 0x10000;
- checksum += context->data[42] / 0x10000;
- checksum += checksum / 0x10000;
- checksum = checksum % 0x10000;
- context->data[39] = checksum;
-
- /* EIP-96 context words[2...39]*/
- if (strcmp(xs->aalg->alg_name, "hmac(sha1)") == 0) {
- key_aalg = &xs->aalg->alg_key[0];
- hmac_setkey("sha1-generic", key_aalg,
- xs->aalg->alg_key_len / 8,
- &istate.state, &ostate.state);
- key_ealg = &xs->ealg->alg_key[0];
- key_len = xs->ealg->alg_key_len / 8;
- write_state_le(context->data, (const u32 *)key_ealg, key_len);
- write_state_be(context->data + SIZE_IN_WORDS(key_len),
- (const u32 *)&istate.state, SHA1_DIGEST_SIZE);
-
- key_len += SHA1_DIGEST_SIZE;
- write_state_be(context->data + SIZE_IN_WORDS(key_len),
- (const u32 *)&ostate.state, SHA1_DIGEST_SIZE);
-
- key_len += SHA1_DIGEST_SIZE;
- memcpy(context->data + SIZE_IN_WORDS(key_len),
- &xs->id.spi, 4);
- } else if (strcmp(xs->aalg->alg_name, "hmac(sha256)") == 0) {
- key_aalg = &xs->aalg->alg_key[0];
- hmac_setkey("sha256-generic", key_aalg,
- xs->aalg->alg_key_len / 8,
- &istate.state, &ostate.state);
- key_ealg = &xs->ealg->alg_key[0];
- key_len = xs->ealg->alg_key_len / 8;
- write_state_le(context->data, (const u32 *)key_ealg, key_len);
- write_state_be(context->data + SIZE_IN_WORDS(key_len),
- (const u32 *)&istate.state, SHA256_DIGEST_SIZE);
-
- key_len += SHA256_DIGEST_SIZE;
- write_state_be(context->data + SIZE_IN_WORDS(key_len),
- (const u32 *)&ostate.state, SHA256_DIGEST_SIZE);
-
- key_len += SHA256_DIGEST_SIZE;
- memcpy(context->data + SIZE_IN_WORDS(key_len),
- &xs->id.spi, 4);
-
- if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
- /* rx path */
- context->control0 = CTRL_WORD0_IN_SHA256;
- context->control1 = CTRL_WORD1_IN_SHA256;
- context->data[50] = 0x07041010;
- context->data[52] = 0xdd070010;
- context->data[53] = 0xe4561820;
- } else {
- /* tx path */
- context->control0 = CTRL_WORD0_OUT_SHA256;
- context->control1 = CTRL_WORD1_OUT_SHA256;
- context->data[50] = 0x01021010;
- context->data[53] = 0xe1560817;
- context->data[55] = 0x0000004d;
- }
- }
-
- /**
- * Set CDRT for inline IPSec
- * Follow FE_CSR_MEM config flow.
- **/
-
- /* Command descriptor W0-W3 */
- for (i = MTK_GLO_MEM_DATA0; i <= MTK_GLO_MEM_DATA9; i = i + 4)
- mtk_w32(eth, 0, i);
-
- mtk_w32(eth, TYPE(3), MTK_GLO_MEM_DATA0);
- mtk_w32(eth, TOKEN_LEN(48), MTK_GLO_MEM_DATA1);
- mtk_w32(eth, __psp_pa(context) | 2, MTK_GLO_MEM_DATA2);
- mtk_w32(eth, CTRL_CMD(1) | CTRL_INDEX(3) | CTRL_ADDR(cdrt_idx * 3),
- MTK_GLO_MEM_CTRL);
-
- /* Command descriptor W4-W7 */
- for (i = MTK_GLO_MEM_DATA0; i <= MTK_GLO_MEM_DATA9; i = i + 4)
- mtk_w32(eth, 0, i);
-
- mtk_w32(eth, HW_SER(2) | ALLOW_PAD | STRIP_PAD, MTK_GLO_MEM_DATA0);
- mtk_w32(eth, CTRL_CMD(1) | CTRL_INDEX(3) | CTRL_ADDR(cdrt_idx * 3 + 1),
- MTK_GLO_MEM_CTRL);
-
- /* Command descriptor W8-W11 */
- for (i = MTK_GLO_MEM_DATA0; i <= MTK_GLO_MEM_DATA9; i = i + 4)
- mtk_w32(eth, 0, i);
-
- mtk_w32(eth, CTRL_CMD(1) | CTRL_INDEX(3) | CTRL_ADDR(cdrt_idx * 3 + 2),
- MTK_GLO_MEM_CTRL);
-
- xs->xso.offload_handle = (unsigned long)context;
-
- return 0;
-}
-
-static void mtk_ipsec_free_state(struct xfrm_state *xs)
-{
- struct context_record *context;
-
- if (!xs->xso.offload_handle)
- return;
-
- context = (struct context_record *)xs->xso.offload_handle;
- kfree(context);
-}
-
-static bool mtk_ipsec_offload_ok(struct sk_buff *skb,
- struct xfrm_state *xs)
-{
- struct xfrm_offload *xo = NULL;
-
- if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
- /* rx path */
- if (xfrm_offload(skb) != NULL)
- xo = xfrm_offload(skb);
-
- } else {
- /* tx path */
- if (xfrm_offload(skb) != NULL)
- xo = xfrm_offload(skb);
- }
-
- if (xs->props.family == AF_INET) {
- /* Offload with IPv4 options is not supported yet */
- if (ip_hdr(skb)->ihl != 5)
- return false;
- }
-
- return true;
-}
-
-static const struct xfrmdev_ops mtk_xfrmdev_ops = {
- .xdo_dev_state_add = mtk_ipsec_add_sa,
- .xdo_dev_state_free = mtk_ipsec_free_state,
- .xdo_dev_offload_ok = mtk_ipsec_offload_ok,
-};
-
-void mtk_ipsec_offload_init(struct mtk_eth *eth)
-{
- int i;
-
- for (i = 0; i < MTK_MAC_COUNT; i++)
- eth->netdev[i]->xfrmdev_ops = &mtk_xfrmdev_ops;
-}
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_ipsec.h b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_ipsec.h
deleted file mode 100644
index a662dc3..0000000
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_ipsec.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-/* Copyright (c) 2022 MediaTek Inc. */
-
-#ifndef MTK_IPSEC_H
-#define MTK_IPSEC_H
-
-#define CTRL_WORD0_OUT 0x196b1006
-#define CTRL_WORD1_OUT 0x51400001
-#define CTRL_WORD0_IN 0x096ba20f
-#define CTRL_WORD1_IN 0x00010001
-#define CTRL_WORD0_OUT_SHA256 0x19eb1606
-#define CTRL_WORD1_OUT_SHA256 0x57400001
-#define CTRL_WORD0_IN_SHA256 0x09eba20f
-#define CTRL_WORD1_IN_SHA256 0x00010001
-#define SIZE_IN_WORDS(x) ((x) >> 2)
-
-/* Global memory */
-#define MTK_GLO_MEM_CFG 0x600
-#define MTK_GLO_MEM_CTRL 0x604
-#define MTK_GLO_MEM_DATA0 0x608
-#define MTK_GLO_MEM_DATA1 0x60c
-#define MTK_GLO_MEM_DATA2 0x610
-#define MTK_GLO_MEM_DATA3 0x614
-#define MTK_GLO_MEM_DATA4 0x618
-#define MTK_GLO_MEM_DATA5 0x61c
-#define MTK_GLO_MEM_DATA6 0x620
-#define MTK_GLO_MEM_DATA7 0x624
-#define MTK_GLO_MEM_DATA8 0x628
-#define MTK_GLO_MEM_DATA9 0x62c
-
-/* GLO MEM CTRL */
-#define CTRL_CMD(x) ((x) << 30)
-#define CTRL_CMD_SFT 30
-#define CTRL_CMD_MASK GENMASK(31, 30)
-#define CTRL_INDEX(x) ((x) << 20)
-#define CTRL_INDEX_SFT 20
-#define CTRL_INDEX_MASK GENMASK(29, 20)
-#define CTRL_ADDR(x) ((x) << 0)
-#define CTRL_ADDR_SFT 0
-#define CTRL_ADDR_MASK GENMASK(19, 0)
-
-/* CDR Word0 */
-#define TYPE(x) ((x) << 30)
-#define TYPE_SFT 30
-#define TYPE_MASK GENMASK(31, 30)
-#define ENCLASTDEST BIT(25)
-#define ENCLASTDEST_MASK BIT(25)
-
-/* CDR Word1 */
-#define TOKEN_LEN(x) ((x) << 16)
-#define TOKEN_LEN_SFT 16
-#define TOKEN_LEN_MASK GENMASK(23, 16)
-#define APP_ID(x) ((x) << 9)
-#define APP_ID_SFT 9
-#define APP_ID_MASK GENMASK(15, 9)
-#define ADD_LEN(x) ((x) << 0)
-#define ADD_LEN_SFT 0
-#define ADD_LEN_MASK GENMASK(7, 0)
-
-/* CDR Word4 */
-#define FLOW_LOOKUP BIT(31)
-#define FLOW_LOOKUP_MASK BIT(31)
-#define HW_SER(x) ((x) << 24)
-#define HW_SER_SFT 24
-#define HW_SER_MASK GENMASK(29, 24)
-#define ALLOW_PAD BIT(23)
-#define ALLOW_PAD_MASK BIT(23)
-#define STRIP_PAD BIT(22)
-#define STRIP_PAD_MASK BIT(22)
-#define USER_DEF(x) ((x) << 0)
-#define USER_DEF_SFT 0
-#define USER_DEF_MASK GENMASK(15, 0)
-
-/* CDR Word5 */
-#define KEEP_OUTER BIT(28)
-#define KEEP_OUTER_MASK BIT(28)
-#define PARSE_ETH BIT(27)
-#define PARSE_ETH_MASK BIT(27)
-#define L4CHECKSUM BIT(26)
-#define L4CHECKSUM_MASK BIT(26)
-#define IPV4CHECKSUM BIT(25)
-#define IPV4CHECKSUM_MASK BIT(25)
-#define FL BIT(24)
-#define FL_MASK BIT(24)
-#define NEXT_HEADER(x) ((x) << 16)
-#define NEXT_HEADER_SFT 16
-#define NEXT_HEADER_MASK GENMASK(23, 16)
-
-#define HASH_CACHE_SIZE SHA512_BLOCK_SIZE
-
-struct ahash_export_state {
- u64 len;
- u64 processed;
-
- u32 digest;
-
- u32 state[SHA512_DIGEST_SIZE / sizeof(u32)];
- u8 cache[HASH_CACHE_SIZE];
-};
-
-/* Context Control */
-struct context_record {
- __le32 control0;
- __le32 control1;
-
- __le32 data[62];
-};
-
-void mtk_ipsec_offload_init(struct mtk_eth *eth);
-#endif /* MTK_IPSEC_H */