DPDK patches and discussions
 help / color / mirror / Atom feed
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "Nicolau, Radu" <radu.nicolau@intel.com>,
	"Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
	"stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session
Date: Tue, 23 Apr 2019 11:49:17 +0000	[thread overview]
Message-ID: <2601191342CEEE43887BDE71AB9772580148A9B044@irsmsx105.ger.corp.intel.com> (raw)
Message-ID: <20190423114917.Jc3pubK0MOQlz5gzhm-f3ojO-txlydkGyqsUGZVbEcg@z> (raw)
In-Reply-To: <20190422143942.26956-1-akhil.goyal@nxp.com>

Hi Akhil,

> Currently, two separate mempools are being used for creating crypto
> sessions and its private data.
> crypto sessions are created and initialized separately, so a separate
> mempool is passed to each API, but in case of security sessions, where
> only one API create and initialize the private data as well.
> So if session mempool is passed to create a security session, the
> mempool element size is not sufficient enough to hold the private
> data as well.
> As a perfect solution, the security session create API should take 2
> mempools for header and private data and initiatlize accordingly,
> but that would mean an API breakage, which will be done in the next
> release cycle. So introducing this patch as a workaround to resolve this
> issue.
> 
> Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
> Cc: roy.fan.zhang@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
>  examples/ipsec-secgw/ipsec.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4352cb842..7b8533077 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
>  			set_ipsec_conf(sa, &(sess_conf.ipsec));
> 
>  			sa->sec_session = rte_security_session_create(ctx,
> -					&sess_conf, ipsec_ctx->session_pool);
> +					&sess_conf, ipsec_ctx->session_priv_pool);
>  			if (sa->sec_session == NULL) {
>  				RTE_LOG(ERR, IPSEC,
>  				"SEC Session init failed: err: %d\n", ret);
> @@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
>  			int ret = 0;
> 
>  			sa->sec_session = rte_security_session_create(ctx,
> -					&sess_conf, ipsec_ctx->session_pool);
> +					&sess_conf, ipsec_ctx->session_priv_pool);
>  			if (sa->sec_session == NULL) {
>  				RTE_LOG(ERR, IPSEC,
>  				"SEC Session init failed: err: %d\n", ret);
> --


Looks good to me , but seems incomplete.
I think we also need to:
static int32_t
cryptodevs_init(void)
{
   ...

        /* create session pools for eth devices that implement security */
        RTE_ETH_FOREACH_DEV(port_id) {
                if ((enabled_port_mask & (1 << port_id)) &&
                                rte_eth_dev_get_sec_ctx(port_id)) {
                        int socket_id = rte_eth_dev_socket_id(port_id);

  -                      if (!socket_ctx[socket_id].session_pool) {
 +                      if (!socket_ctx[socket_id].session_priv_pool) {
                                char mp_name[RTE_MEMPOOL_NAMESIZE];
                                struct rte_mempool *sess_mp;

                                snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
                                                "sess_mp_%u", socket_id);
                                sess_mp = rte_mempool_create(mp_name,
                                                (CDEV_MP_NB_OBJS * 2),
                                                max_sess_sz,
                                                CDEV_MP_CACHE_SZ,
                                                0, NULL, NULL, NULL,
                                                NULL, socket_id,
                                                0);
                                if (sess_mp == NULL)
                                        rte_exit(EXIT_FAILURE,
                                                "Cannot create session pool "
                                                "on socket %d\n", socket_id);
                                else
                                        printf("Allocated session pool "
                                                "on socket %d\n", socket_id);
-                               socket_ctx[socket_id].session_pool = sess_mp;
+                               socket_ctx[socket_id].session_priv_pool = sess_mp;

                        }
                }
        }

Konstantin

> 2.17.1


  parent reply	other threads:[~2019-04-23 11:49 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-22 14:39 Akhil Goyal
2019-04-22 14:39 ` Akhil Goyal
2019-04-23 11:49 ` Ananyev, Konstantin [this message]
2019-04-23 11:49   ` Ananyev, Konstantin
2019-04-23 12:28   ` Akhil Goyal
2019-04-23 12:28     ` Akhil Goyal
2019-04-23 12:19 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2019-04-23 12:19   ` Akhil Goyal
2019-04-23 12:32   ` Ananyev, Konstantin
2019-04-23 12:32     ` Ananyev, Konstantin
2019-04-23 12:58     ` Akhil Goyal
2019-04-23 12:58       ` Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2601191342CEEE43887BDE71AB9772580148A9B044@irsmsx105.ger.corp.intel.com \
    --to=konstantin.ananyev@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=dev@dpdk.org \
    --cc=radu.nicolau@intel.com \
    --cc=roy.fan.zhang@intel.com \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).