From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "Nicolau, Radu" <radu.nicolau@intel.com>,
"Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
"stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session
Date: Tue, 23 Apr 2019 11:49:17 +0000 [thread overview]
Message-ID: <2601191342CEEE43887BDE71AB9772580148A9B044@irsmsx105.ger.corp.intel.com> (raw)
Message-ID: <20190423114917.Jc3pubK0MOQlz5gzhm-f3ojO-txlydkGyqsUGZVbEcg@z> (raw)
In-Reply-To: <20190422143942.26956-1-akhil.goyal@nxp.com>
Hi Akhil,
> Currently, two separate mempools are being used for creating crypto
> sessions and its private data.
> crypto sessions are created and initialized separately, so a separate
> mempool is passed to each API, but in case of security sessions, where
> only one API create and initialize the private data as well.
> So if session mempool is passed to create a security session, the
> mempool element size is not sufficient enough to hold the private
> data as well.
> As a perfect solution, the security session create API should take 2
> mempools for header and private data and initiatlize accordingly,
> but that would mean an API breakage, which will be done in the next
> release cycle. So introducing this patch as a workaround to resolve this
> issue.
>
> Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
> Cc: roy.fan.zhang@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
> examples/ipsec-secgw/ipsec.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4352cb842..7b8533077 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> set_ipsec_conf(sa, &(sess_conf.ipsec));
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> @@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> int ret = 0;
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> --
Looks good to me , but seems incomplete.
I think we also need to:
static int32_t
cryptodevs_init(void)
{
...
/* create session pools for eth devices that implement security */
RTE_ETH_FOREACH_DEV(port_id) {
if ((enabled_port_mask & (1 << port_id)) &&
rte_eth_dev_get_sec_ctx(port_id)) {
int socket_id = rte_eth_dev_socket_id(port_id);
- if (!socket_ctx[socket_id].session_pool) {
+ if (!socket_ctx[socket_id].session_priv_pool) {
char mp_name[RTE_MEMPOOL_NAMESIZE];
struct rte_mempool *sess_mp;
snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
"sess_mp_%u", socket_id);
sess_mp = rte_mempool_create(mp_name,
(CDEV_MP_NB_OBJS * 2),
max_sess_sz,
CDEV_MP_CACHE_SZ,
0, NULL, NULL, NULL,
NULL, socket_id,
0);
if (sess_mp == NULL)
rte_exit(EXIT_FAILURE,
"Cannot create session pool "
"on socket %d\n", socket_id);
else
printf("Allocated session pool "
"on socket %d\n", socket_id);
- socket_ctx[socket_id].session_pool = sess_mp;
+ socket_ctx[socket_id].session_priv_pool = sess_mp;
}
}
}
Konstantin
> 2.17.1
next prev parent reply other threads:[~2019-04-23 11:49 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-22 14:39 Akhil Goyal
2019-04-22 14:39 ` Akhil Goyal
2019-04-23 11:49 ` Ananyev, Konstantin [this message]
2019-04-23 11:49 ` Ananyev, Konstantin
2019-04-23 12:28 ` Akhil Goyal
2019-04-23 12:28 ` Akhil Goyal
2019-04-23 12:19 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2019-04-23 12:19 ` Akhil Goyal
2019-04-23 12:32 ` Ananyev, Konstantin
2019-04-23 12:32 ` Ananyev, Konstantin
2019-04-23 12:58 ` Akhil Goyal
2019-04-23 12:58 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2601191342CEEE43887BDE71AB9772580148A9B044@irsmsx105.ger.corp.intel.com \
--to=konstantin.ananyev@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=radu.nicolau@intel.com \
--cc=roy.fan.zhang@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).