Some FC adapters from Marvell offer the ability to encrypt data in flight
(EDIF). This feature requires an application to act as an authenticator.
During runtime, driver and authentication application need to stay in sync
in terms of: Session being down|up, arrival of new authentication
message (AUTH ELS) and SADB update completion.
These events are queued up as doorbell to the authentication
application. Application would read this doorbell on regular basis to stay
up to date. Each SCSI host would have a separate doorbell queue.
The doorbell interface can daisy chain a list of events for each read. Each
event contains an event code + hint to help application steer the next
course of action.
Link: https://lore.kernel.org/r/20210624052606.21613-9-njavali@marvell.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Co-developed-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Signed-off-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Co-developed-by: Duane Grigsby <duane.grigsby@marvell.com>
Signed-off-by: Duane Grigsby <duane.grigsby@marvell.com>
Co-developed-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 7a09e8d92c6d56121910ccb2e8bc0d1affff66ee upstream ]
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9533 d57e44dd-8a1f-0410-8b47-8ef2f437770f
Some FC adapters from Marvell offer the ability to encrypt data in flight
(EDIF). This feature requires an application to act as an authenticator.
There is no FC switch scan service that can indicate whether a device is
secure or non-secure.
In order to detect whether the remote port supports encrypted operation,
driver must first do a PLOGI with the remote device. On completion of the
PLOGI, driver will query firmware to see if the device supports secure
login. To do that, driver + firmware must advertise the security bit via
PLOGI's service parameter. The remote device shall respond using the same
service parameter whether it supports it or not.
Link: https://lore.kernel.org/r/20210624052606.21613-8-njavali@marvell.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Co-developed-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Signed-off-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Co-developed-by: Duane Grigsby <duane.grigsby@marvell.com>
Signed-off-by: Duane Grigsby <duane.grigsby@marvell.com>
Co-developed-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 9efea843a906c6674ac6728f3f5db2cbfa3e1830 upstream ]
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9532 d57e44dd-8a1f-0410-8b47-8ef2f437770f
Some FC adapters from Marvell offer the ability to encrypt data in flight
(EDIF). This feature requires an application to act as an authenticator.
On completion of the authentication process, the authentication application
will notify driver on whether it is successful or not.
In case of success, application will use the QL_VND_SC_AUTH_OK BSG call to
tell driver to proceed to the PRLI phase.
In case of failure, application will use the QL_VND_SC_AUTH_FAIL bsg call
to tell driver to tear down the connection and retry. In the case where an
existing session is active, the re-key process can fail. The session tear
down ensures data is not further compromised.
Link: https://lore.kernel.org/r/20210624052606.21613-7-njavali@marvell.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Co-developed-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Signed-off-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Co-developed-by: Duane Grigsby <duane.grigsby@marvell.com>
Signed-off-by: Duane Grigsby <duane.grigsby@marvell.com>
Co-developed-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 8a4bb2c1dd623b5a71609de5b04ef3b5086b0a3e upstream ]
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9531 d57e44dd-8a1f-0410-8b47-8ef2f437770f
Some FC adapters from Marvell offer the ability to encrypt data in flight
(EDIF). This feature requires an application to act as an authenticator.
As part of the authentication process, the authentication application will
generate a SADB entry (Security Association/SA, key, SPI value, etc). This
SADB is then passed to driver to be programmed into hardware. There will be
a pair of SADB's (Tx and Rx) for each connection.
After some period, the application can choose to change the key. At that
time, a new set of SADB pair is given to driver. The old set of SADB will
be deleted.
Add a new bsg call (QL_VND_SC_SA_UPDATE) to allow application to allow
adding or deleting SADB entries. Driver will not keep the key in
memory. It will pass it to HW.
It is assumed that application will assign a unique SPI value to this SADB
(SA + key). Driver + hardware will assign a handle to track this unique
SPI/SADB.
Link: https://lore.kernel.org/r/20210624052606.21613-6-njavali@marvell.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Co-developed-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Signed-off-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Co-developed-by: Duane Grigsby <duane.grigsby@marvell.com>
Signed-off-by: Duane Grigsby <duane.grigsby@marvell.com>
Co-developed-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit dd30706e73b70d67e88fdaca688db7a3374fd5de upstream ]
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9530 d57e44dd-8a1f-0410-8b47-8ef2f437770f
Some FC adapters from Marvell offer the ability to encrypt data in flight
(EDIF). This feature requires an application to act as an authenticator.
Add the ability for authentication application to send and retrieve
messages as part of the authentication process via existing
FC_BSG_HST_ELS_NOLOGIN BSG interface.
To send a message, application is expected to format the data in the AUTH
ELS format. Refer to FC-SP2 for details.
If a message was received, application is required to reply with either a
LS_ACC or LS_RJT complete the exchange using the same interface. Otherwise,
remote device will treat it as a timeout.
Link: https://lore.kernel.org/r/20210624052606.21613-4-njavali@marvell.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Co-developed-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Signed-off-by: Larry Wisneski <Larry.Wisneski@marvell.com>
Co-developed-by: Duane Grigsby <duane.grigsby@marvell.com>
Signed-off-by: Duane Grigsby <duane.grigsby@marvell.com>
Co-developed-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Rick Hicksted Jr <rhicksted@marvell.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 84318a9f01ce13650ea23eb6362066bb95ccc9fe upstream ]
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9528 d57e44dd-8a1f-0410-8b47-8ef2f437770f
Target de-configuration panics at high CPU load because TPGT and WWPN can
be removed on separate threads.
TPGT removal requests a reset HBA on a separate thread and waits for reset
complete (phase1). Due to high CPU load that HBA reset can be delayed for
some time.
WWPN removal does qlt_stop_phase2(). There it is believed that phase1 has
already completed and thus tgt.tgt_ops is subsequently cleared. However,
tgt.tgt_ops is needed to process incoming traffic and therefore this will
cause one of the following panics:
NIP qlt_reset+0x7c/0x220 [qla2xxx]
LR qlt_reset+0x68/0x220 [qla2xxx]
Call Trace:
0xc000003ffff63a78 (unreliable)
qlt_handle_imm_notify+0x800/0x10c0 [qla2xxx]
qlt_24xx_atio_pkt+0x208/0x590 [qla2xxx]
qlt_24xx_process_atio_queue+0x33c/0x7a0 [qla2xxx]
qla83xx_msix_atio_q+0x54/0x90 [qla2xxx]
or
NIP qlt_24xx_handle_abts+0xd0/0x2a0 [qla2xxx]
LR qlt_24xx_handle_abts+0xb4/0x2a0 [qla2xxx]
Call Trace:
qlt_24xx_handle_abts+0x90/0x2a0 [qla2xxx] (unreliable)
qlt_24xx_process_atio_queue+0x500/0x7a0 [qla2xxx]
qla83xx_msix_atio_q+0x54/0x90 [qla2xxx]
or
NIP qlt_create_sess+0x90/0x4e0 [qla2xxx]
LR qla24xx_do_nack_work+0xa8/0x180 [qla2xxx]
Call Trace:
0xc0000000348fba30 (unreliable)
qla24xx_do_nack_work+0xa8/0x180 [qla2xxx]
qla2x00_do_work+0x674/0xbf0 [qla2xxx]
qla2x00_iocb_work_fn
The patch fixes the issue by serializing qlt_stop_phase1() and
qlt_stop_phase2() functions to make WWPN removal wait for phase1
completion.
Link: https://lore.kernel.org/r/20210415203554.27890-1-d.bogdanov@yadro.com
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 2ef7665dfd88830f15415ba007c7c9a46be7acd8 upstream ]
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9517 d57e44dd-8a1f-0410-8b47-8ef2f437770f
The status_byte() macro and also the SAM_STAT_* macros shifted right by one
bit have been removed from kernel v5.14. Hence open-code status_byte() and
change GOOD into SAM_STAT_GOOD etc.
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9505 d57e44dd-8a1f-0410-8b47-8ef2f437770f
This patch fixes a bug by changing SAM_STAT_CHECK_CONDITION << 1 into
SAM_STAT_CHECK_CONDITION in the SCSI result code.
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9502 d57e44dd-8a1f-0410-8b47-8ef2f437770f
This patch prevents that a compiler warning is reported when building this
driver against kernel v5.14.
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9500 d57e44dd-8a1f-0410-8b47-8ef2f437770f
Use the proper error codes when reporting a BSG error. The DID_* codes are
the codes that are shifted left 16 bits while the DRIVER_* codes must be
shifted left 24 bits.
git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9499 d57e44dd-8a1f-0410-8b47-8ef2f437770f
