git: 95a3005326e9 - stable/13 - cxgbe(4): Allow a T6 adapter to switch between TOE and NIC TLS mode.
Navdeep Parhar
np at FreeBSD.org
Sun May 16 03:14:10 UTC 2021
The branch stable/13 has been updated by np:
URL: https://cgit.FreeBSD.org/src/commit/?id=95a3005326e91dfdf4c3c639b60690db3bf4ddcf
commit 95a3005326e91dfdf4c3c639b60690db3bf4ddcf
Author: Navdeep Parhar <np at FreeBSD.org>
AuthorDate: 2021-03-24 01:01:01 +0000
Commit: Navdeep Parhar <np at FreeBSD.org>
CommitDate: 2021-05-16 03:12:11 +0000
cxgbe(4): Allow a T6 adapter to switch between TOE and NIC TLS mode.
The hw.cxgbe.kern_tls tunable was used for this in the past and if it
was set then all T6 adapters would be configured for NIC TLS operation
and could not be reconfigured for TOE without a reload. With this
change ifconfig can be used to manipulate toe and txtls caps like any
other caps. hw.cxgbe.kern_tls continues to work as usual but its
effects are not permanent any more.
* Enable nic_ktls_ofld in the default configuration file and use the
firmware instead of direct register manipulation to apply/rollback
NIC TLS configuration. This allows the driver to switch the hardware
between TOE and NIC TLS mode in a safe manner. Note that the
configuration is adapter-wide and not per-port.
* Remove the kern_tls config file as it works with 100G T6 cards only
and leads to firmware crashes with 25G cards. The configurations
included with the driver (with the exception of the FPGA configs) are
supposed to work with all adapters.
Reported by: Veeresh U.K. at Chelsio
Sponsored by: Chelsio Communications
Reviewed by: jhb@
Differential Revision: https://reviews.freebsd.org/D29291
(cherry picked from commit 15f33555678300953858f6ed98dfc72c399a9139)
---
sys/dev/cxgbe/adapter.h | 2 +-
sys/dev/cxgbe/common/common.h | 5 +
sys/dev/cxgbe/firmware/t6fw_cfg.txt | 4 +-
sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt | 278 ---------------------------
sys/dev/cxgbe/t4_clip.c | 2 +-
sys/dev/cxgbe/t4_main.c | 171 ++++++++++------
sys/dev/cxgbe/t4_sge.c | 2 +-
sys/dev/cxgbe/tom/t4_connect.c | 2 +-
sys/dev/cxgbe/tom/t4_listen.c | 2 +-
9 files changed, 129 insertions(+), 339 deletions(-)
diff --git a/sys/dev/cxgbe/adapter.h b/sys/dev/cxgbe/adapter.h
index 21c642519d83..a7429c3914a8 100644
--- a/sys/dev/cxgbe/adapter.h
+++ b/sys/dev/cxgbe/adapter.h
@@ -163,7 +163,7 @@ enum {
ADAP_ERR = (1 << 5),
BUF_PACKING_OK = (1 << 6),
IS_VF = (1 << 7),
- KERN_TLS_OK = (1 << 8),
+ KERN_TLS_ON = (1 << 8), /* HW is configured for KERN_TLS */
CXGBE_BUSY = (1 << 9),
/* port flags */
diff --git a/sys/dev/cxgbe/common/common.h b/sys/dev/cxgbe/common/common.h
index e04101c9adc5..6264a7d6ec07 100644
--- a/sys/dev/cxgbe/common/common.h
+++ b/sys/dev/cxgbe/common/common.h
@@ -499,6 +499,11 @@ static inline int is_hashfilter(const struct adapter *adap)
return adap->params.hash_filter;
}
+static inline int is_ktls(const struct adapter *adap)
+{
+ return adap->cryptocaps & FW_CAPS_CONFIG_TLS_HW;
+}
+
static inline int chip_id(struct adapter *adap)
{
return adap->params.chipid;
diff --git a/sys/dev/cxgbe/firmware/t6fw_cfg.txt b/sys/dev/cxgbe/firmware/t6fw_cfg.txt
index 6e5649642b29..1ad84f63b25f 100644
--- a/sys/dev/cxgbe/firmware/t6fw_cfg.txt
+++ b/sys/dev/cxgbe/firmware/t6fw_cfg.txt
@@ -161,7 +161,7 @@
nserver = 512
nhpfilter = 0
nhash = 16384
- protocol = ofld, rddp, rdmac, iscsi_initiator_pdu, iscsi_target_pdu, iscsi_t10dif, tlskeys, crypto_lookaside
+ protocol = ofld, rddp, rdmac, iscsi_initiator_pdu, iscsi_target_pdu, iscsi_t10dif, tlskeys, crypto_lookaside, nic_ktls_ofld
tp_l2t = 4096
tp_ddp = 2
tp_ddp_iscsi = 2
@@ -273,7 +273,7 @@
[fini]
version = 0x1
- checksum = 0xa92352a8
+ checksum = 0x5fbc0a4a
#
# $FreeBSD$
#
diff --git a/sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt b/sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt
deleted file mode 100644
index 911ebd9cff65..000000000000
--- a/sys/dev/cxgbe/firmware/t6fw_cfg_kern_tls.txt
+++ /dev/null
@@ -1,278 +0,0 @@
-# Firmware configuration file.
-#
-# Global limits (some are hardware limits, others are due to the firmware).
-# nvi = 128 virtual interfaces
-# niqflint = 1023 ingress queues with freelists and/or interrupts
-# nethctrl = 64K Ethernet or ctrl egress queues
-# neq = 64K egress queues of all kinds, including freelists
-# nexactf = 512 MPS TCAM entries, can oversubscribe.
-
-[global]
- rss_glb_config_mode = basicvirtual
- rss_glb_config_options = tnlmapen,hashtoeplitz,tnlalllkp
-
- # PL_TIMEOUT register
- pl_timeout_value = 200 # the timeout value in units of us
-
- sge_timer_value = 1, 5, 10, 50, 100, 200 # SGE_TIMER_VALUE* in usecs
-
- reg[0x10c4] = 0x20000000/0x20000000 # GK_CONTROL, enable 5th thread
-
- reg[0x7dc0] = 0x0e2f8849 # TP_SHIFT_CNT
-
- #Tick granularities in kbps
- tsch_ticks = 100000, 10000, 1000, 10
-
- filterMode = fragmentation, mpshittype, protocol, vlan, port, fcoe
- filterMask = protocol
-
- tp_pmrx = 10, 512
- tp_pmrx_pagesize = 64K
-
- # TP number of RX channels (0 = auto)
- tp_nrxch = 0
-
- tp_pmtx = 10, 512
- tp_pmtx_pagesize = 64K
-
- # TP number of TX channels (0 = auto)
- tp_ntxch = 0
-
- # TP OFLD MTUs
- tp_mtus = 88, 256, 512, 576, 808, 1024, 1280, 1488, 1500, 2002, 2048, 4096, 4352, 8192, 9000, 9600
-
- # enable TP_OUT_CONFIG.IPIDSPLITMODE and CRXPKTENC
- reg[0x7d04] = 0x00010008/0x00010008
-
- # TP_GLOBAL_CONFIG
- reg[0x7d08] = 0x00000800/0x00000800 # set IssFromCplEnable
-
- # TP_PC_CONFIG
- reg[0x7d48] = 0x00000000/0x00000400 # clear EnableFLMError
-
- # TP_PARA_REG0
- reg[0x7d60] = 0x06000000/0x07000000 # set InitCWND to 6
-
- # cluster, lan, or wan.
- tp_tcptuning = lan
-
- # LE_DB_CONFIG
- reg[0x19c04] = 0x00000000/0x00440000 # LE Server SRAM disabled
- # LE IPv4 compression disabled
- # LE_DB_HASH_CONFIG
- reg[0x19c28] = 0x00800000/0x01f00000 # LE Hash bucket size 8,
-
- # ULP_TX_CONFIG
- reg[0x8dc0] = 0x00000104/0x00000104 # Enable ITT on PI err
- # Enable more error msg for ...
- # TPT error.
-
- # ULP_RX_MISC_FEATURE_ENABLE
- #reg[0x1925c] = 0x01003400/0x01003400 # iscsi tag pi bit
- # Enable offset decrement after ...
- # PI extraction and before DDP
- # ulp insert pi source info in DIF
- # iscsi_eff_offset_en
-
- #Enable iscsi completion moderation feature
- reg[0x1925c] = 0x000041c0/0x000031c0 # Enable offset decrement after
- # PI extraction and before DDP.
- # ulp insert pi source info in
- # DIF.
- # Enable iscsi hdr cmd mode.
- # iscsi force cmd mode.
- # Enable iscsi cmp mode.
- # MC configuration
- #mc_mode_brc[0] = 1 # mc0 - 1: enable BRC, 0: enable RBC
-
-# PFs 0-3. These get 8 MSI/8 MSI-X vectors each. VFs are supported by
-# these 4 PFs only.
-[function "0"]
- wx_caps = all
- r_caps = all
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x1
-
-[function "1"]
- wx_caps = all
- r_caps = all
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x2
-
-[function "2"]
- wx_caps = all
- r_caps = all
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x4
-
-[function "3"]
- wx_caps = all
- r_caps = all
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x8
-
-# PF4 is the resource-rich PF that the bus/nexus driver attaches to.
-# It gets 32 MSI/128 MSI-X vectors.
-[function "4"]
- wx_caps = all
- r_caps = all
- nvi = 32
- rssnvi = 32
- niqflint = 512
- nethctrl = 1024
- neq = 2048
- nqpcq = 8192
- nexactf = 456
- cmask = all
- pmask = all
- ncrypto_lookaside = 16
- nclip = 320
- nethofld = 8192
-
- # TCAM has 6K cells; each region must start at a multiple of 128 cell.
- # Each entry in these categories takes 2 cells each. nhash will use the
- # TCAM iff there is room left (that is, the rest don't add up to 3072).
- nfilter = 48
- nserver = 64
- nhpfilter = 0
- nhash = 524288
- protocol = ofld, tlskeys, crypto_lookaside
- tp_l2t = 4096
- tp_ddp = 2
- tp_ddp_iscsi = 2
- tp_tls_key = 3
- tp_tls_mxrxsize = 17408 # 16384 + 1024, governs max rx data, pm max xfer len, rx coalesce sizes
- tp_stag = 2
- tp_pbl = 5
- tp_rq = 7
- tp_srq = 128
-
-# PF5 is the SCSI Controller PF. It gets 32 MSI/40 MSI-X vectors.
-# Not used right now.
-[function "5"]
- nvi = 1
- rssnvi = 0
-
-# PF6 is the FCoE Controller PF. It gets 32 MSI/40 MSI-X vectors.
-# Not used right now.
-[function "6"]
- nvi = 1
- rssnvi = 0
-
-# The following function, 1023, is not an actual PCIE function but is used to
-# configure and reserve firmware internal resources that come from the global
-# resource pool.
-#
-[function "1023"]
- wx_caps = all
- r_caps = all
- nvi = 4
- rssnvi = 0
- cmask = all
- pmask = all
- nexactf = 8
- nfilter = 16
-
-
-# For Virtual functions, we only allow NIC functionality and we only allow
-# access to one port (1 << PF). Note that because of limitations in the
-# Scatter Gather Engine (SGE) hardware which checks writes to VF KDOORBELL
-# and GTS registers, the number of Ingress and Egress Queues must be a power
-# of 2.
-#
-[function "0/*"]
- wx_caps = 0x82
- r_caps = 0x86
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x1
-
-[function "1/*"]
- wx_caps = 0x82
- r_caps = 0x86
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x2
-
-[function "2/*"]
- wx_caps = 0x82
- r_caps = 0x86
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x1
-
-[function "3/*"]
- wx_caps = 0x82
- r_caps = 0x86
- nvi = 1
- rssnvi = 0
- niqflint = 2
- nethctrl = 2
- neq = 4
- nexactf = 2
- cmask = all
- pmask = 0x2
-
-# MPS has 192K buffer space for ingress packets from the wire as well as
-# loopback path of the L2 switch.
-[port "0"]
- dcb = none
- #bg_mem = 25
- #lpbk_mem = 25
- hwm = 60
- lwm = 15
- dwm = 30
-
-[port "1"]
- dcb = none
- #bg_mem = 25
- #lpbk_mem = 25
- hwm = 60
- lwm = 15
- dwm = 30
-
-[fini]
- version = 0x1
- checksum = 0xa737b06f
-#
-# $FreeBSD$
-#
diff --git a/sys/dev/cxgbe/t4_clip.c b/sys/dev/cxgbe/t4_clip.c
index 1472ae926617..a93271103998 100644
--- a/sys/dev/cxgbe/t4_clip.c
+++ b/sys/dev/cxgbe/t4_clip.c
@@ -276,7 +276,7 @@ update_clip_table(struct adapter *sc)
inet_ntop(AF_INET6, &ce->lip, &ip[0],
sizeof(ip));
- if (sc->flags & KERN_TLS_OK ||
+ if (sc->flags & KERN_TLS_ON ||
sc->active_ulds != 0) {
log(LOG_ERR,
"%s: could not add %s (%d)\n",
diff --git a/sys/dev/cxgbe/t4_main.c b/sys/dev/cxgbe/t4_main.c
index 67b42dc297b3..284f20f9e183 100644
--- a/sys/dev/cxgbe/t4_main.c
+++ b/sys/dev/cxgbe/t4_main.c
@@ -812,9 +812,12 @@ static int read_card_mem(struct adapter *, int, struct t4_mem_range *);
static int read_i2c(struct adapter *, struct t4_i2c_data *);
static int clear_stats(struct adapter *, u_int);
#ifdef TCP_OFFLOAD
-static int toe_capability(struct vi_info *, int);
+static int toe_capability(struct vi_info *, bool);
static void t4_async_event(void *, int);
#endif
+#ifdef KERN_TLS
+static int ktls_capability(struct adapter *, bool);
+#endif
static int mod_event(module_t, int, void *);
static int notify_siblings(device_t, int);
@@ -1838,7 +1841,7 @@ cxgbe_vi_attach(device_t dev, struct vi_info *vi)
}
#ifdef TCP_OFFLOAD
- if (vi->nofldrxq != 0 && (sc->flags & KERN_TLS_OK) == 0)
+ if (vi->nofldrxq != 0)
ifp->if_capabilities |= IFCAP_TOE;
#endif
#ifdef RATELIMIT
@@ -1859,9 +1862,10 @@ cxgbe_vi_attach(device_t dev, struct vi_info *vi)
#endif
ifp->if_hw_tsomaxsegsize = 65536;
#ifdef KERN_TLS
- if (sc->flags & KERN_TLS_OK) {
+ if (is_ktls(sc)) {
ifp->if_capabilities |= IFCAP_TXTLS;
- ifp->if_capenable |= IFCAP_TXTLS;
+ if (sc->flags & KERN_TLS_ON)
+ ifp->if_capenable |= IFCAP_TXTLS;
}
#endif
@@ -2186,8 +2190,15 @@ cxgbe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data)
ifp->if_capenable ^= IFCAP_MEXTPG;
#ifdef KERN_TLS
- if (mask & IFCAP_TXTLS)
+ if (mask & IFCAP_TXTLS) {
+ int enable = (ifp->if_capenable ^ mask) & IFCAP_TXTLS;
+
+ rc = ktls_capability(sc, enable);
+ if (rc != 0)
+ goto fail;
+
ifp->if_capenable ^= (mask & IFCAP_TXTLS);
+ }
#endif
if (mask & IFCAP_VXLAN_HWCSUM) {
ifp->if_capenable ^= IFCAP_VXLAN_HWCSUM;
@@ -4782,47 +4793,36 @@ ktls_tick(void *arg)
uint32_t tstamp;
sc = arg;
-
- tstamp = tcp_ts_getticks();
- t4_write_reg(sc, A_TP_SYNC_TIME_HI, tstamp >> 1);
- t4_write_reg(sc, A_TP_SYNC_TIME_LO, tstamp << 31);
-
+ if (sc->flags & KERN_TLS_ON) {
+ tstamp = tcp_ts_getticks();
+ t4_write_reg(sc, A_TP_SYNC_TIME_HI, tstamp >> 1);
+ t4_write_reg(sc, A_TP_SYNC_TIME_LO, tstamp << 31);
+ }
callout_schedule_sbt(&sc->ktls_tick, SBT_1MS, 0, C_HARDCLOCK);
}
-static void
-t4_enable_kern_tls(struct adapter *sc)
+static int
+t4_config_kern_tls(struct adapter *sc, bool enable)
{
- uint32_t m, v;
-
- m = F_ENABLECBYP;
- v = F_ENABLECBYP;
- t4_set_reg_field(sc, A_TP_PARA_REG6, m, v);
-
- m = F_CPL_FLAGS_UPDATE_EN | F_SEQ_UPDATE_EN;
- v = F_CPL_FLAGS_UPDATE_EN | F_SEQ_UPDATE_EN;
- t4_set_reg_field(sc, A_ULP_TX_CONFIG, m, v);
-
- m = F_NICMODE;
- v = F_NICMODE;
- t4_set_reg_field(sc, A_TP_IN_CONFIG, m, v);
-
- m = F_LOOKUPEVERYPKT;
- v = 0;
- t4_set_reg_field(sc, A_TP_INGRESS_CONFIG, m, v);
-
- m = F_TXDEFERENABLE | F_DISABLEWINDOWPSH | F_DISABLESEPPSHFLAG;
- v = F_DISABLEWINDOWPSH;
- t4_set_reg_field(sc, A_TP_PC_CONFIG, m, v);
+ int rc;
+ uint32_t param = V_FW_PARAMS_MNEM(FW_PARAMS_MNEM_DEV) |
+ V_FW_PARAMS_PARAM_X(FW_PARAMS_PARAM_DEV_KTLS_HW) |
+ V_FW_PARAMS_PARAM_Y(enable ? 1 : 0) |
+ V_FW_PARAMS_PARAM_Z(FW_PARAMS_PARAM_DEV_KTLS_HW_USER_ENABLE);
- m = V_TIMESTAMPRESOLUTION(M_TIMESTAMPRESOLUTION);
- v = V_TIMESTAMPRESOLUTION(0x1f);
- t4_set_reg_field(sc, A_TP_TIMER_RESOLUTION, m, v);
+ rc = -t4_set_params(sc, sc->mbox, sc->pf, 0, 1, ¶m, ¶m);
+ if (rc != 0) {
+ CH_ERR(sc, "failed to %s NIC TLS: %d\n",
+ enable ? "enable" : "disable", rc);
+ return (rc);
+ }
- sc->flags |= KERN_TLS_OK;
+ if (enable)
+ sc->flags |= KERN_TLS_ON;
+ else
+ sc->flags &= ~KERN_TLS_ON;
- sc->tlst.inline_keys = t4_tls_inline_keys;
- sc->tlst.combo_wrs = t4_tls_combo_wrs;
+ return (rc);
}
#endif
@@ -4936,18 +4936,19 @@ set_params__post_init(struct adapter *sc)
#ifdef KERN_TLS
if (sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS &&
sc->toecaps & FW_CAPS_CONFIG_TOE) {
- if (t4_kern_tls != 0)
- t4_enable_kern_tls(sc);
- else {
- /*
- * Limit TOE connections to 2 reassembly
- * "islands". This is required for TOE TLS
- * connections to downgrade to plain TOE
- * connections if an unsupported TLS version
- * or ciphersuite is used.
- */
- t4_tp_wr_bits_indirect(sc, A_TP_FRAG_CONFIG,
- V_PASSMODE(M_PASSMODE), V_PASSMODE(2));
+ /*
+ * Limit TOE connections to 2 reassembly "islands". This is
+ * required for TOE TLS connections to downgrade to plain TOE
+ * connections if an unsupported TLS version or ciphersuite is
+ * used.
+ */
+ t4_tp_wr_bits_indirect(sc, A_TP_FRAG_CONFIG,
+ V_PASSMODE(M_PASSMODE), V_PASSMODE(2));
+ if (is_ktls(sc)) {
+ sc->tlst.inline_keys = t4_tls_inline_keys;
+ sc->tlst.combo_wrs = t4_tls_combo_wrs;
+ if (t4_kern_tls != 0)
+ t4_config_kern_tls(sc, true);
}
}
#endif
@@ -5863,7 +5864,7 @@ adapter_full_init(struct adapter *sc)
t4_intr_enable(sc);
}
#ifdef KERN_TLS
- if (sc->flags & KERN_TLS_OK)
+ if (is_ktls(sc))
callout_reset_sbt(&sc->ktls_tick, SBT_1MS, 0, ktls_tick, sc,
C_HARDCLOCK);
#endif
@@ -6753,7 +6754,7 @@ t4_sysctls(struct adapter *sc)
}
#ifdef KERN_TLS
- if (sc->flags & KERN_TLS_OK) {
+ if (is_ktls(sc)) {
/*
* dev.t4nex.0.tls.
*/
@@ -11043,7 +11044,7 @@ t4_ioctl(struct cdev *dev, unsigned long cmd, caddr_t data, int fflag,
#ifdef TCP_OFFLOAD
static int
-toe_capability(struct vi_info *vi, int enable)
+toe_capability(struct vi_info *vi, bool enable)
{
int rc;
struct port_info *pi = vi->pi;
@@ -11055,6 +11056,39 @@ toe_capability(struct vi_info *vi, int enable)
return (ENODEV);
if (enable) {
+#ifdef KERN_TLS
+ if (sc->flags & KERN_TLS_ON) {
+ int i, j, n;
+ struct port_info *p;
+ struct vi_info *v;
+
+ /*
+ * Reconfigure hardware for TOE if TXTLS is not enabled
+ * on any ifnet.
+ */
+ n = 0;
+ for_each_port(sc, i) {
+ p = sc->port[i];
+ for_each_vi(p, j, v) {
+ if (v->ifp->if_capenable & IFCAP_TXTLS) {
+ CH_WARN(sc,
+ "%s has NIC TLS enabled.\n",
+ device_get_nameunit(v->dev));
+ n++;
+ }
+ }
+ }
+ if (n > 0) {
+ CH_WARN(sc, "Disable NIC TLS on all interfaces "
+ "associated with this adapter before "
+ "trying to enable TOE.\n");
+ return (EAGAIN);
+ }
+ rc = t4_config_kern_tls(sc, false);
+ if (rc)
+ return (rc);
+ }
+#endif
if ((vi->ifp->if_capenable & IFCAP_TOE) != 0) {
/* TOE is already enabled. */
return (0);
@@ -11263,6 +11297,35 @@ uld_active(struct adapter *sc, int uld_id)
}
#endif
+#ifdef KERN_TLS
+static int
+ktls_capability(struct adapter *sc, bool enable)
+{
+ ASSERT_SYNCHRONIZED_OP(sc);
+
+ if (!is_ktls(sc))
+ return (ENODEV);
+
+ if (enable) {
+ if (sc->flags & KERN_TLS_ON)
+ return (0); /* already on */
+ if (sc->offload_map != 0) {
+ CH_WARN(sc,
+ "Disable TOE on all interfaces associated with "
+ "this adapter before trying to enable NIC TLS.\n");
+ return (EAGAIN);
+ }
+ return (t4_config_kern_tls(sc, true));
+ } else {
+ /*
+ * Nothing to do for disable. If TOE is enabled sometime later
+ * then toe_capability will reconfigure the hardware.
+ */
+ return (0);
+ }
+}
+#endif
+
/*
* t = ptr to tunable.
* nc = number of CPUs.
diff --git a/sys/dev/cxgbe/t4_sge.c b/sys/dev/cxgbe/t4_sge.c
index 9eaa72468b89..2c7e8f348331 100644
--- a/sys/dev/cxgbe/t4_sge.c
+++ b/sys/dev/cxgbe/t4_sge.c
@@ -4423,7 +4423,7 @@ alloc_txq(struct vi_info *vi, struct sge_txq *txq, int idx,
"# of times hardware assisted with inner checksums (VXLAN)");
#ifdef KERN_TLS
- if (sc->flags & KERN_TLS_OK) {
+ if (is_ktls(sc)) {
SYSCTL_ADD_UQUAD(&vi->ctx, children, OID_AUTO,
"kern_tls_records", CTLFLAG_RD, &txq->kern_tls_records,
"# of NIC TLS records transmitted");
diff --git a/sys/dev/cxgbe/tom/t4_connect.c b/sys/dev/cxgbe/tom/t4_connect.c
index c285b6fc41fa..c71b9694bd3b 100644
--- a/sys/dev/cxgbe/tom/t4_connect.c
+++ b/sys/dev/cxgbe/tom/t4_connect.c
@@ -256,7 +256,7 @@ t4_connect(struct toedev *tod, struct socket *so, struct nhop_object *nh,
DONT_OFFLOAD_ACTIVE_OPEN(ENOSYS); /* XXX: implement lagg+TOE */
else
DONT_OFFLOAD_ACTIVE_OPEN(ENOTSUP);
- if (sc->flags & KERN_TLS_OK)
+ if (sc->flags & KERN_TLS_ON)
DONT_OFFLOAD_ACTIVE_OPEN(ENOTSUP);
rw_rlock(&sc->policy_lock);
diff --git a/sys/dev/cxgbe/tom/t4_listen.c b/sys/dev/cxgbe/tom/t4_listen.c
index 126af9a1f20f..9cf527925fcc 100644
--- a/sys/dev/cxgbe/tom/t4_listen.c
+++ b/sys/dev/cxgbe/tom/t4_listen.c
@@ -539,7 +539,7 @@ t4_listen_start(struct toedev *tod, struct tcpcb *tp)
if (!(inp->inp_vflag & INP_IPV6) &&
IN_LOOPBACK(ntohl(inp->inp_laddr.s_addr)))
return (0);
- if (sc->flags & KERN_TLS_OK)
+ if (sc->flags & KERN_TLS_ON)
return (0);
#if 0
ADAPTER_LOCK(sc);
More information about the dev-commits-src-all
mailing list