From nobody Wed Oct 23 19:53:14 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XYfqH04NVz5ZcVL;
	Wed, 23 Oct 2024 19:53:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XYfqG6fW6z4MvY;
	Wed, 23 Oct 2024 19:53:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1729713194;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nregX+34VuksDLxLFwdZkzh7SsndOj8fYKa4yrBAyHc=;
	b=MCx5Kw6YtDO166adTB6CRs3MUHxvAAquzpeHI/HgOKVt6+E/S8pWHw6ThAV6T8Swkc7r68
	klu3DTWhLm9MJdb8T91/yl6tgHzq9cnC6PJxnJKvWajv8V8MD5SiPOgoXDbqGNVaDrsImT
	c0rdMLQPTsHmbDy+1BP5XXgjkrwZmCEfryZ/BbvqldSJcfrkNGy8OHtmCbphstWEJeJZNf
	jf8O/V2PflfVCCfRZiKWLDXo5Q7wIBu+DnHpKOxG9ajSkR7CPMjfDESSeSlCIE/tZCen0z
	YwHK3QbQV2QS+Ij/MtueCIstdbl1lAv0kN0z0Guoj2N4F6Mr4q1D4N/OjFNtZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1729713194;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nregX+34VuksDLxLFwdZkzh7SsndOj8fYKa4yrBAyHc=;
	b=N3fyr9ndW3jbvvLSzKdRt714MBMkV8VpIyXVRU6g5FJ0Y3kTIjmIU4GwPmNwSGze9IsZ+O
	jjoCFBz7zQEBFUP/Z2drEgfZT0b99B4qhK1rpQWhIK2Z3npI3cENb50nhLIP8j/KocwV3C
	FtdfxLUtYTudYeAfp+y67MkByuBrw9cDxbzC+blmvrZ7iFzW/GAXw8mVoEqXOyKs5PITg8
	HlMC3i1OOtg61GtcgweLhpkN2QWBDbP413OGhvjfUnOtcPtHA7PtENtJhOq4WmYViVKk0a
	MIpGKAOXwu3Mv5DhI1XTk35Rw+ylw9NMmymjzuvmF5mHyWT2wZwNn8K7Lkv/Sw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1729713194; a=rsa-sha256; cv=none;
	b=VMnGckNDRih9iR7iHBq2ZtCr0waNxGYhFubiYuhIYB5lzYdRB81kGUEyNpN1YUL3LYIRIG
	X9J8+E0g0DHs0KDscAxhZphKdrOx6AoPRMEgYyCTIB0/qFM8WgwgT+ImdResblesVL+Oaq
	iRS8v1eANRmhGCk3ITkNgKqwDWOt0+sfOUvaXEwCrNWGX6R+mh7wO432SB0xKb0VOLFfpM
	C89LgnfFZwlXx27m6aqz0Lh1JgTTWCQ1IkjXtXy5ZW5aPU+dTW924GnoFbiBrvH3jobzvZ
	th9TfvIL7gfiXhA8jJsBgnXOOHiPV96nSzJ6Am6q8x1eWyUpQOmRcpglMW5wJw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XYfqG6673z19c2;
	Wed, 23 Oct 2024 19:53:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49NJrEAr026699;
	Wed, 23 Oct 2024 19:53:14 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49NJrE2h026696;
	Wed, 23 Oct 2024 19:53:14 GMT
	(envelope-from git)
Date: Wed, 23 Oct 2024 19:53:14 GMT
Message-Id: <202410231953.49NJrE2h026696@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Andrew Gallatin <gallatin@FreeBSD.org>
Subject: git: 81dbc22ce8b6 - main - mlx5e: Immediately initialize
  TLS send tags
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: gallatin
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 81dbc22ce8b66759a9fc4ebdef5cfc7a6185af22
Auto-Submitted: auto-generated

The branch main has been updated by gallatin:

URL: https://cgit.FreeBSD.org/src/commit/?id=81dbc22ce8b66759a9fc4ebdef5cfc7a6185af22

commit 81dbc22ce8b66759a9fc4ebdef5cfc7a6185af22
Author:     Andrew Gallatin <gallatin@FreeBSD.org>
AuthorDate: 2024-10-23 19:16:19 +0000
Commit:     Andrew Gallatin <gallatin@FreeBSD.org>
CommitDate: 2024-10-23 19:16:19 +0000

    mlx5e: Immediately initialize TLS send tags
    
    Under massive connection thrashing (web server restarting), we see
    long periods where the web server blocks when enabling ktls offload
    when NIC ktls offload is enabled.
    
    It turns out the driver uses a single-threaded linux work queue to
    serialize the commands that must be sent to the nic to allocate and
    free tls resources. When freeing sessions, this work is handled
    asynchronously. However, when allocating sessions, the work is handled
    synchronously and the driver waits for the work to complete before
    returning. When under massive connection thrashing, the work queue is
    first filled by TLS sessions closing. Then when new sessions arrive,
    the web server enables kTLS and blocks while the tens or hundreds of
    thousands of sessions closes queued up are processed by the NIC.
    
    Rather than using the work queue to open a TLS session on the NIC,
    switch to doing the open directly. This allows use to cut in front of
    all those sessions that are waiting to close, and minimize the amount
    of time the web server blocks. The risk is that the NIC may be out of
    resources because it has not processed all of those session frees. So
    if we fail to open a session directly, we fall back to using the work
    queue.
    
    Differential Revision: https://reviews.freebsd.org/D47260
    Sponsored by: Netflix
    Reviewed by: kib
---
 sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c | 86 +++++++++++++++++++++--------------
 1 file changed, 52 insertions(+), 34 deletions(-)

diff --git a/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c b/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c
index a8522d68d5aa..c347de650250 100644
--- a/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c
+++ b/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c
@@ -213,54 +213,63 @@ mlx5e_tls_cleanup(struct mlx5e_priv *priv)
 		counter_u64_free(ptls->stats.arg[x]);
 }
 
+
+static int
+mlx5e_tls_st_init(struct mlx5e_priv *priv, struct mlx5e_tls_tag *ptag)
+{
+	int err;
+
+	/* try to open TIS, if not present */
+	if (ptag->tisn == 0) {
+		err = mlx5_tls_open_tis(priv->mdev, 0, priv->tdn,
+		    priv->pdn, &ptag->tisn);
+		if (err) {
+			MLX5E_TLS_STAT_INC(ptag, tx_error, 1);
+			return (err);
+		}
+	}
+	MLX5_SET(sw_tls_cntx, ptag->crypto_params, progress.pd, ptag->tisn);
+
+	/* try to allocate a DEK context ID */
+	err = mlx5_encryption_key_create(priv->mdev, priv->pdn,
+	    MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_TLS,
+	    MLX5_ADDR_OF(sw_tls_cntx, ptag->crypto_params, key.key_data),
+	    MLX5_GET(sw_tls_cntx, ptag->crypto_params, key.key_len),
+	    &ptag->dek_index);
+	if (err) {
+		MLX5E_TLS_STAT_INC(ptag, tx_error, 1);
+		return (err);
+	}
+
+	MLX5_SET(sw_tls_cntx, ptag->crypto_params, param.dek_index, ptag->dek_index);
+
+	ptag->dek_index_ok = 1;
+
+	MLX5E_TLS_TAG_LOCK(ptag);
+	if (ptag->state == MLX5E_TLS_ST_INIT)
+		ptag->state = MLX5E_TLS_ST_SETUP;
+	MLX5E_TLS_TAG_UNLOCK(ptag);
+	return (0);
+}
+
 static void
 mlx5e_tls_work(struct work_struct *work)
 {
 	struct mlx5e_tls_tag *ptag;
 	struct mlx5e_priv *priv;
-	int err;
 
 	ptag = container_of(work, struct mlx5e_tls_tag, work);
 	priv = container_of(ptag->tls, struct mlx5e_priv, tls);
 
 	switch (ptag->state) {
 	case MLX5E_TLS_ST_INIT:
-		/* try to open TIS, if not present */
-		if (ptag->tisn == 0) {
-			err = mlx5_tls_open_tis(priv->mdev, 0, priv->tdn,
-			    priv->pdn, &ptag->tisn);
-			if (err) {
-				MLX5E_TLS_STAT_INC(ptag, tx_error, 1);
-				break;
-			}
-		}
-		MLX5_SET(sw_tls_cntx, ptag->crypto_params, progress.pd, ptag->tisn);
-
-		/* try to allocate a DEK context ID */
-		err = mlx5_encryption_key_create(priv->mdev, priv->pdn,
-		    MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_TLS,
-		    MLX5_ADDR_OF(sw_tls_cntx, ptag->crypto_params, key.key_data),
-		    MLX5_GET(sw_tls_cntx, ptag->crypto_params, key.key_len),
-		    &ptag->dek_index);
-		if (err) {
-			MLX5E_TLS_STAT_INC(ptag, tx_error, 1);
-			break;
-		}
-
-		MLX5_SET(sw_tls_cntx, ptag->crypto_params, param.dek_index, ptag->dek_index);
-
-		ptag->dek_index_ok = 1;
-
-		MLX5E_TLS_TAG_LOCK(ptag);
-		if (ptag->state == MLX5E_TLS_ST_INIT)
-			ptag->state = MLX5E_TLS_ST_SETUP;
-		MLX5E_TLS_TAG_UNLOCK(ptag);
+		(void)mlx5e_tls_st_init(priv, ptag);
 		break;
 
 	case MLX5E_TLS_ST_RELEASE:
 		/* try to destroy DEK context by ID */
 		if (ptag->dek_index_ok)
-			err = mlx5_encryption_key_destroy(priv->mdev, ptag->dek_index);
+			(void)mlx5_encryption_key_destroy(priv->mdev, ptag->dek_index);
 
 		/* free tag */
 		mlx5e_tls_tag_zfree(ptag);
@@ -441,8 +450,17 @@ mlx5e_tls_snd_tag_alloc(if_t ifp,
 	/* reset state */
 	ptag->state = MLX5E_TLS_ST_INIT;
 
-	queue_work(priv->tls.wq, &ptag->work);
-	flush_work(&ptag->work);
+	/*
+	 *  Try to immediately init the tag.  We may fail if the NIC's
+	 *  resources are tied up with send tags that are in the work
+	 *  queue, waiting to be freed.  So if we fail, put ourselves
+	 *  on the queue so as to try again after resouces have been freed.
+	 */
+	error = mlx5e_tls_st_init(priv, ptag);
+	if (error != 0) {
+		queue_work(priv->tls.wq, &ptag->work);
+		flush_work(&ptag->work);
+	}
 
 	return (0);