qat: add disable safe dc mode for QAT SPR devices

Build and sysctl configuration modes are introduced for QAT SPR devices to disable safe dc mode. A new QAT driver build option ‘QAT_DISABLE_SAFE_DC_MODE’ is required to build the QAT driver with code that allows a request to be sent to FW to override the ‘History Buffer’ mitigation. Default QAT driver builds do not include this ‘QAT_DISABLE_SAFE_DC_MODE’ build option. Even if the QAT driver was built with code that allows a request to be sent to FW to override the ‘History Buffer’ mitigation, the QAT driver must still be configured using sysctl to request an override of the ‘History Buffer’ mitigation if desired. The default QAT driver configuration option sysctl dev.qat.X.disable_safe_dc_mode does not allow override of the mitigation. The new sysctl attribute disable_safe_dc_mode is to be set to 1 for overriding the history buffer mitigation. Firmware for qat_4xxx is updated for this change. If this mode is enabled, decompression throughput increases but may result in a data leak if num_user_processes is more than 1. This option is to be enabled only if your system is not prone to user data leaks. Reviewed by: markj, ziaee MFC after: 2 weeks Sponsored by: Intel Corporation Differential Revision: https://reviews.freebsd.org/D50379
2026-06-08 16:22:46 -04:00 · 2025-04-29 20:00:01 -04:00 · 2025-04-29 20:00:01 -04:00 · 5a8e5215ce
commit 5a8e5215ce
parent 25f09d4a9c
12 changed files with 154 additions and 9 deletions
--- a/share/man/man4/qat.4
+++ b/share/man/man4/qat.4
@ -1,6 +1,6 @@
 .\" SPDX-License-Identifier: BSD-3-Clause
-.\" Copyright(c) 2007-2022 Intel Corporation
-.Dd May 16, 2025
+.\" Copyright(c) 2007-2025 Intel Corporation
+.Dd June 2, 2025
 .Dt QAT 4
 .Os
 .Sh NAME
@ -108,6 +108,13 @@ Default value "ks;us".
 Override the number of uio user space processes
 that can connect to the QAT device.
 Default: 2
+.It Va dev.qat.X.disable_safe_dc_mode
+Override history buffer mitigation.
+Disabled by default.
+If enabled, decompression throughput increases but may result in a data leak if
+.Va dev.qat.X.num_user_processes
+is more than 1.
+Enable this option only if your system is not prone to user data leaks.
 .El
 .Pp
 The following
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@ -2869,3 +2869,6 @@ options 	STATS

 # File system monitoring
 device		filemon		# file monitoring for make(1) meta-mode
+
+# Options for the Intel QuickAssist (QAT) driver.
+options		QAT_DISABLE_SAFE_DC_MODE	# Disable QAT safe data compression mode (only for 4940 devices).
--- a/sys/conf/options
+++ b/sys/conf/options
@ -1014,3 +1014,6 @@ HIDRAW_MAKE_UHID_ALIAS	opt_hid.h
 # This option is insecure except in controlled environments where the static
 # environment's contents are known to be safe.
 PRESERVE_EARLY_KENV	opt_global.h
+
+# Options for the Intel QuickAssist (QAT) driver.
+QAT_DISABLE_SAFE_DC_MODE	opt_qat.h
--- a/sys/contrib/dev/qat/qat_4xxx.bin
+++ b/sys/contrib/dev/qat/qat_4xxx.bin
--- a/sys/dev/qat/include/common/adf_accel_devices.h
+++ b/sys/dev/qat/include/common/adf_accel_devices.h
@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
 #ifndef ADF_ACCEL_DEVICES_H_
 #define ADF_ACCEL_DEVICES_H_

@ -7,6 +7,8 @@
 #include "adf_cfg_common.h"
 #include "adf_pfvf_msg.h"

+#include "opt_qat.h"
+
 #define ADF_CFG_NUM_SERVICES 4

 #define ADF_DH895XCC_DEVICE_NAME "dh895xcc"
@ -687,6 +689,10 @@ struct adf_accel_dev {
 	struct adf_accel_pci accel_pci_dev;
 	struct adf_accel_compat_manager *cm;
 	u8 compat_ver;
+#ifdef QAT_DISABLE_SAFE_DC_MODE
+	struct sysctl_oid *safe_dc_mode;
+	u8 disable_safe_dc_mode;
+#endif /* QAT_DISABLE_SAFE_DC_MODE */
 	union {
 		struct {
 			/* vf_info is non-zero when SR-IOV is init'ed */
--- a/sys/dev/qat/include/icp_qat_fw_init_admin.h
+++ b/sys/dev/qat/include/icp_qat_fw_init_admin.h
@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
 #ifndef _ICP_QAT_FW_INIT_ADMIN_H_
 #define _ICP_QAT_FW_INIT_ADMIN_H_

@ -43,6 +43,8 @@ enum icp_qat_fw_cnv_error_type {
 	CNV_ERR_TYPE_UNKNOWN_ERROR
 };

+#define ICP_QAT_FW_INIT_DISABLE_SAFE_DC_MODE_FLAG 0x02
+
 #define CNV_ERROR_TYPE_GET(latest_error)                                       \
 	({                                                                     \
 		__typeof__(latest_error) _lerror = latest_error;               \
@ -69,7 +71,8 @@ struct icp_qat_fw_init_admin_req {
 		struct {
 			u64 resrvd2;
 			u16 ibuf_size_in_kb;
-			u16 resrvd3;
+			u8 fw_flags;
+			u8 resrvd3;
 			u32 resrvd4;
 		};
 		/* ICP_QAT_FW_CONSTANTS_CFG */
--- a/sys/dev/qat/qat_hw/qat_4xxx/adf_4xxx_hw_data.c
+++ b/sys/dev/qat/qat_hw/qat_4xxx/adf_4xxx_hw_data.c
@ -709,6 +709,10 @@ adf_4xxx_send_admin_init(struct adf_accel_dev *accel_dev)
 	memset(&req, 0, sizeof(req));
 	memset(&resp, 0, sizeof(resp));
 	req.cmd_id = ICP_QAT_FW_INIT_ME;
+#ifdef QAT_DISABLE_SAFE_DC_MODE
+	if (accel_dev->disable_safe_dc_mode)
+		req.fw_flags = ICP_QAT_FW_INIT_DISABLE_SAFE_DC_MODE_FLAG;
+#endif /* QAT_DISABLE_SAFE_DC_MODE */
 	if (adf_send_admin(accel_dev, &req, &resp, ae_mask)) {
 		device_printf(GET_DEV(accel_dev),
 			      "Error sending init message\n");
--- a/sys/dev/qat/qat_hw/qat_4xxx/adf_drv.c
+++ b/sys/dev/qat/qat_hw/qat_4xxx/adf_drv.c
@ -47,6 +47,74 @@ adf_probe(device_t dev)
 	return ENXIO;
 }

+#ifdef QAT_DISABLE_SAFE_DC_MODE
+static int adf_4xxx_sysctl_disable_safe_dc_mode(SYSCTL_HANDLER_ARGS)
+{
+	struct adf_accel_dev *accel_dev = arg1;
+	int error, value = accel_dev->disable_safe_dc_mode;
+
+	error = sysctl_handle_int(oidp, &value, 0, req);
+	if (error || !req->newptr)
+		return error;
+
+	if (value != 1 && value != 0)
+		return EINVAL;
+
+	if (adf_dev_started(accel_dev)) {
+		device_printf(
+		    GET_DEV(accel_dev),
+		    "QAT: configuration can only be changed in \"down\" device state\n");
+		return EBUSY;
+	}
+
+	accel_dev->disable_safe_dc_mode = (u8)value;
+
+	return 0;
+}
+
+static void
+adf_4xxx_disable_safe_dc_sysctl_add(struct adf_accel_dev *accel_dev)
+{
+	struct sysctl_ctx_list *qat_sysctl_ctx;
+	struct sysctl_oid *qat_sysctl_tree;
+
+	qat_sysctl_ctx =
+	    device_get_sysctl_ctx(accel_dev->accel_pci_dev.pci_dev);
+	qat_sysctl_tree =
+	    device_get_sysctl_tree(accel_dev->accel_pci_dev.pci_dev);
+	accel_dev->safe_dc_mode =
+	    SYSCTL_ADD_OID(qat_sysctl_ctx,
+			   SYSCTL_CHILDREN(qat_sysctl_tree),
+			   OID_AUTO,
+			   "disable_safe_dc_mode",
+			   CTLTYPE_INT | CTLFLAG_WR | CTLFLAG_TUN |
+			       CTLFLAG_SKIP,
+			   accel_dev,
+			   0,
+			   adf_4xxx_sysctl_disable_safe_dc_mode,
+			   "LU",
+			   "Disable QAT safe data compression mode");
+}
+
+static void
+adf_4xxx_disable_safe_dc_sysctl_remove(struct adf_accel_dev *accel_dev)
+{
+	int ret;
+	struct sysctl_ctx_list *qat_sysctl_ctx =
+	    device_get_sysctl_ctx(accel_dev->accel_pci_dev.pci_dev);
+
+	ret = sysctl_ctx_entry_del(qat_sysctl_ctx, accel_dev->safe_dc_mode);
+	if (ret) {
+		device_printf(GET_DEV(accel_dev), "Failed to delete entry\n");
+	} else {
+		ret = sysctl_remove_oid(accel_dev->safe_dc_mode, 1, 1);
+		if (ret)
+			device_printf(GET_DEV(accel_dev),
+				      "Failed to delete oid\n");
+	}
+}
+#endif /* QAT_DISABLE_SAFE_DC_MODE */
+
 static void
 adf_cleanup_accel(struct adf_accel_dev *accel_dev)
 {
@ -76,6 +144,9 @@ adf_cleanup_accel(struct adf_accel_dev *accel_dev)
 		free(accel_dev->hw_device, M_QAT_4XXX);
 		accel_dev->hw_device = NULL;
 	}
+#ifdef QAT_DISABLE_SAFE_DC_MODE
+	adf_4xxx_disable_safe_dc_sysctl_remove(accel_dev);
+#endif /* QAT_DISABLE_SAFE_DC_MODE */
 	adf_cfg_dev_remove(accel_dev);
 	adf_devmgr_rm_dev(accel_dev, NULL);
 }
@ -153,6 +224,10 @@ adf_attach(device_t dev)
 	if (ret)
 		goto out_err;

+#ifdef QAT_DISABLE_SAFE_DC_MODE
+	adf_4xxx_disable_safe_dc_sysctl_add(accel_dev);
+#endif /* QAT_DISABLE_SAFE_DC_MODE */
+
 	pci_set_max_read_req(dev, 4096);

 	ret = bus_dma_tag_create(bus_get_dma_tag(dev),
--- a/sys/modules/qat/qat/Makefile
+++ b/sys/modules/qat/qat/Makefile
@ -4,7 +4,7 @@

 KMOD= qat
 SRCS+= qat_ocf.c qat_ocf_mem_pool.c qat_ocf_utils.c
-SRCS+= device_if.h bus_if.h vnode_if.h pci_if.h cryptodev_if.h
+SRCS+= device_if.h bus_if.h vnode_if.h pci_if.h cryptodev_if.h opt_qat.h

 CFLAGS+= ${LINUXKPI_INCLUDES}
 CFLAGS+= -I${SRCTOP}/sys/dev/qat/include
@ -17,6 +17,17 @@ CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/qat_direct/include
 CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/firmware/include
 CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/common/crypto/sym/include

+.if !defined(KERNBUILDDIR)
+CFLAGS+=        -include opt_qat.h
+MKDEP=          -include opt_qat.h
+
+opt_qat.h:
+	:> ${.TARGET}
+.if defined(QAT_DISABLE_SAFE_DC_MODE) && ${QAT_DISABLE_SAFE_DC_MODE} == "1"
+	@echo "#define QAT_DISABLE_SAFE_DC_MODE 1" >> ${.TARGET}
+.endif
+.endif
+
 .include <bsd.kmod.mk>

 .if ${COMPILER_TYPE} == "clang"
--- a/sys/modules/qat/qat_api/Makefile
+++ b/sys/modules/qat/qat_api/Makefile
@ -60,7 +60,7 @@ SRCS+= qat_utils/src/QatUtilsSemaphore.c
 SRCS+= qat_utils/src/QatUtilsSpinLock.c
 SRCS+= qat_utils/src/QatUtilsAtomic.c
 SRCS+= qat_utils/src/QatUtilsCrypto.c
-SRCS+= bus_if.h cryptodev_if.h device_if.h pci_if.h vnode_if.h
+SRCS+= bus_if.h cryptodev_if.h device_if.h pci_if.h vnode_if.h opt_qat.h

 CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/include
 CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/include/lac
@ -74,6 +74,17 @@ CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/firmware/include
 CFLAGS+= -I${SRCTOP}/sys/dev/qat/include/common
 CFLAGS+= ${LINUXKPI_INCLUDES}

+.if !defined(KERNBUILDDIR)
+CFLAGS+=        -include opt_qat.h
+MKDEP=          -include opt_qat.h
+
+opt_qat.h:
+	:> ${.TARGET}
+.if defined(QAT_DISABLE_SAFE_DC_MODE) && ${QAT_DISABLE_SAFE_DC_MODE} == "1"
+	@echo "#define QAT_DISABLE_SAFE_DC_MODE 1" >> ${.TARGET}
+.endif
+.endif
+
 .include <bsd.kmod.mk>

 CWARNFLAGS+= -Wno-cast-qual
--- a/sys/modules/qat/qat_common/Makefile
+++ b/sys/modules/qat/qat_common/Makefile
@ -23,10 +23,21 @@ SRCS+= adf_gen4vf_hw_csr_data.c
 SRCS+= adf_freebsd_transport_debug.c adf_clock.c
 SRCS+= adf_freebsd_cnvnr_ctrs_dbg.c
 SRCS+= adf_freebsd_pfvf_ctrs_dbg.c
-SRCS+= bus_if.h device_if.h pci_if.h vnode_if.h
+SRCS+= bus_if.h device_if.h pci_if.h vnode_if.h opt_qat.h

 CFLAGS+= -I${SRCTOP}/sys/dev/qat/include
 CFLAGS+= -I${SRCTOP}/sys/dev/qat/include/common
 CFLAGS+= ${LINUXKPI_INCLUDES}

+.if !defined(KERNBUILDDIR)
+CFLAGS+=        -include opt_qat.h
+MKDEP=          -include opt_qat.h
+
+opt_qat.h:
+	:> ${.TARGET}
+.if defined(QAT_DISABLE_SAFE_DC_MODE) && ${QAT_DISABLE_SAFE_DC_MODE} == "1"
+	@echo "#define QAT_DISABLE_SAFE_DC_MODE 1" >> ${.TARGET}
+.endif
+.endif
+
 .include <bsd.kmod.mk>
--- a/sys/modules/qat/qat_hw/Makefile
+++ b/sys/modules/qat/qat_hw/Makefile
@ -12,7 +12,7 @@ SRCS+= qat_dh895xcc/adf_dh895xcc_hw_data.c qat_dh895xcc/adf_drv.c
 SRCS+= qat_c4xxx/adf_c4xxx_hw_data.c qat_c4xxx/adf_drv.c qat_c4xxx/adf_c4xxx_ae_config.c qat_c4xxx/adf_c4xxx_misc_error_stats.c
 SRCS+= qat_c4xxx/adf_c4xxx_pke_replay_stats.c qat_c4xxx/adf_c4xxx_ras.c qat_c4xxx/adf_c4xxx_res_part.c
 SRCS+= qat_c4xxx/adf_c4xxx_reset.c
-SRCS+= device_if.h bus_if.h vnode_if.h pci_if.h cryptodev_if.h
+SRCS+= device_if.h bus_if.h vnode_if.h pci_if.h cryptodev_if.h opt_qat.h

 CFLAGS+= ${LINUXKPI_INCLUDES}
 CFLAGS+= -I${SRCTOP}/sys/dev/qat/include
@ -25,4 +25,15 @@ CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/qat_direct/include
 CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/firmware/include
 CFLAGS+= -I${SRCTOP}/sys/dev/qat/qat_api/common/crypto/sym/include

+.if !defined(KERNBUILDDIR)
+CFLAGS+=        -include opt_qat.h
+MKDEP=          -include opt_qat.h
+
+opt_qat.h:
+	:> ${.TARGET}
+.if defined(QAT_DISABLE_SAFE_DC_MODE) && ${QAT_DISABLE_SAFE_DC_MODE} == "1"
+	@echo "#define QAT_DISABLE_SAFE_DC_MODE 1" >> ${.TARGET}
+.endif
+.endif
+
 .include <bsd.kmod.mk>