From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EC905A0C55; Wed, 13 Oct 2021 21:23:05 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id ABA0141209; Wed, 13 Oct 2021 21:23:01 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 73BAA4111B for ; Wed, 13 Oct 2021 21:23:00 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19DIusmm029372; Wed, 13 Oct 2021 12:22:55 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=NVHaeMOZBT3pOYQCt7GHDLrNpDETlQwzinRqHAqHxWk=; b=LP8eOz+iDW+C9Ewr08hI9M9/kGWio9H5Ep3cfz2bN8ou1GECs4Qq9M+Q5XPXUJ16XBxj BlS8/eo+2naGGZ2JGNEeMZA1k8eGWCp4Jx6QPxamhV/v9mktOCEvE/zrXq9YfGQzGhKl lvvAFzYAS/eZ2zMujBL3Rk5hgzQ6oHTm4hHXmX0qpFUooTQPNd0sBut/qm7ADmVTthRE agjdqpSQzo5tw2Jm56A/qOaDu77hU14IzxOMqkVFtpBDD8A3WAGtzrkzZqS1l0iSWDSM DOSZGKkI/MbASn+QlOvP6vpGndwHASWUhVpxq7lwiD0Qrc1LlV+d7gAbIyCA4sUYZvbM bg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3bp0h3sjyg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 13 Oct 2021 12:22:55 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 13 Oct 2021 12:22:52 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 13 Oct 2021 12:22:52 -0700 Received: from localhost.localdomain (unknown [10.28.36.185]) by maili.marvell.com (Postfix) with ESMTP id 943653F7087; Wed, 13 Oct 2021 12:22:46 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , , , , , , , , , , , , , Akhil Goyal , "Nithin Dabilpuram" Date: Thu, 14 Oct 2021 00:52:18 +0530 Message-ID: <20211013192222.1582631-4-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211013192222.1582631-1-gakhil@marvell.com> References: <20210930145014.2476799-1-gakhil@marvell.com> <20211013192222.1582631-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: 5ULe8Ver6uf2quE5LMFlEhVYaOV__viL X-Proofpoint-ORIG-GUID: 5ULe8Ver6uf2quE5LMFlEhVYaOV__viL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-13_07,2021-10-13_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 3/7] net/cnxk: rework security session framework X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Aligned the security session create and destroy as per the recent changes in rte_security and used the fast mdata field introduced in rte_security. Enabled compilation of cnxk driver. Signed-off-by: Nithin Dabilpuram Signed-off-by: Akhil Goyal --- drivers/net/cnxk/cn10k_ethdev_sec.c | 64 +++++++++++------------------ drivers/net/cnxk/cn9k_ethdev_sec.c | 59 ++++++++++---------------- drivers/net/cnxk/cnxk_ethdev.c | 6 +-- drivers/net/cnxk/cnxk_ethdev.h | 6 --- drivers/net/cnxk/cnxk_ethdev_sec.c | 21 ---------- drivers/net/meson.build | 2 +- 6 files changed, 48 insertions(+), 110 deletions(-) diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c index 82dc6367dd..3d0f4044d9 100644 --- a/drivers/net/cnxk/cn10k_ethdev_sec.c +++ b/drivers/net/cnxk/cn10k_ethdev_sec.c @@ -228,15 +228,14 @@ cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args) static int cn10k_eth_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess_priv) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); + struct cnxk_eth_sec_sess *eth_sec = sess_priv; struct rte_security_ipsec_xform *ipsec; - struct cn10k_sec_sess_priv sess_priv; + struct cn10k_sec_sess_priv fast_mdata; struct rte_crypto_sym_xform *crypto; - struct cnxk_eth_sec_sess *eth_sec; bool inbound, inl_dev; int rc = 0; @@ -264,13 +263,8 @@ cn10k_eth_sec_session_create(void *device, return -EEXIST; } - if (rte_mempool_get(mempool, (void **)ð_sec)) { - plt_err("Could not allocate security session private data"); - return -ENOMEM; - } - memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess)); - sess_priv.u64 = 0; + fast_mdata.u64 = 0; /* Acquire lock on inline dev for inbound */ if (inbound && inl_dev) @@ -290,11 +284,11 @@ cn10k_eth_sec_session_create(void *device, plt_err("Failed to create ingress sa, inline dev " "not found or spi not in range"); rc = -ENOTSUP; - goto mempool_put; + goto err; } else if (!sa) { plt_err("Failed to create ingress sa"); rc = -EFAULT; - goto mempool_put; + goto err; } inb_sa = (struct roc_ot_ipsec_inb_sa *)sa; @@ -304,7 +298,7 @@ cn10k_eth_sec_session_create(void *device, plt_err("Inbound SA with SPI %u already in use", ipsec->spi); rc = -EBUSY; - goto mempool_put; + goto err; } memset(inb_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa)); @@ -313,7 +307,7 @@ cn10k_eth_sec_session_create(void *device, rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa, ipsec, crypto); if (rc) { plt_err("Failed to init inbound sa, rc=%d", rc); - goto mempool_put; + goto err; } inb_priv = roc_nix_inl_ot_ipsec_inb_sa_sw_rsvd(inb_sa); @@ -326,12 +320,11 @@ cn10k_eth_sec_session_create(void *device, inb_sa->w1.s.cookie = rte_cpu_to_be_32(ipsec->spi); /* Prepare session priv */ - sess_priv.inb_sa = 1; - sess_priv.sa_idx = ipsec->spi; + fast_mdata.inb_sa = 1; + fast_mdata.sa_idx = ipsec->spi; /* Pointer from eth_sec -> inb_sa */ eth_sec->sa = inb_sa; - eth_sec->sess = sess; eth_sec->sa_idx = ipsec->spi; eth_sec->spi = ipsec->spi; eth_sec->inl_dev = !!dev->inb.inl_dev; @@ -352,7 +345,7 @@ cn10k_eth_sec_session_create(void *device, /* Alloc an sa index */ rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx); if (rc) - goto mempool_put; + goto err; outb_sa = roc_nix_inl_ot_ipsec_outb_sa(sa_base, sa_idx); outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa); @@ -365,7 +358,7 @@ cn10k_eth_sec_session_create(void *device, if (rc) { plt_err("Failed to init outbound sa, rc=%d", rc); rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx); - goto mempool_put; + goto err; } /* Save userdata */ @@ -377,16 +370,15 @@ cn10k_eth_sec_session_create(void *device, cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto); /* Prepare session priv */ - sess_priv.sa_idx = outb_priv->sa_idx; - sess_priv.roundup_byte = rlens->roundup_byte; - sess_priv.roundup_len = rlens->roundup_len; - sess_priv.partial_len = rlens->partial_len; - sess_priv.mode = outb_sa->w2.s.ipsec_mode; - sess_priv.outer_ip_ver = outb_sa->w2.s.outer_ip_ver; + fast_mdata.sa_idx = outb_priv->sa_idx; + fast_mdata.roundup_byte = rlens->roundup_byte; + fast_mdata.roundup_len = rlens->roundup_len; + fast_mdata.partial_len = rlens->partial_len; + fast_mdata.mode = outb_sa->w2.s.ipsec_mode; + fast_mdata.outer_ip_ver = outb_sa->w2.s.outer_ip_ver; /* Pointer from eth_sec -> outb_sa */ eth_sec->sa = outb_sa; - eth_sec->sess = sess; eth_sec->sa_idx = sa_idx; eth_sec->spi = ipsec->spi; @@ -407,29 +399,23 @@ cn10k_eth_sec_session_create(void *device, /* * Update fast path info in priv area. */ - set_sec_session_private_data(sess, (void *)sess_priv.u64); + rte_security_session_fast_mdata_set(sess_priv, fast_mdata.u64); return 0; -mempool_put: +err: if (inbound && inl_dev) roc_nix_inl_dev_unlock(); - rte_mempool_put(mempool, eth_sec); return rc; } static int -cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess) +cn10k_eth_sec_session_destroy(void *device, void *sess_priv) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); - struct roc_ot_ipsec_inb_sa *inb_sa; + struct cnxk_eth_sec_sess *eth_sec = sess_priv; struct roc_ot_ipsec_outb_sa *outb_sa; - struct cnxk_eth_sec_sess *eth_sec; - struct rte_mempool *mp; - - eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); - if (!eth_sec) - return -ENOENT; + struct roc_ot_ipsec_inb_sa *inb_sa; if (eth_sec->inl_dev) roc_nix_inl_dev_lock(); @@ -464,9 +450,7 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess) eth_sec->sa_idx, eth_sec->inl_dev); /* Put eth_sec object back to pool */ - mp = rte_mempool_from_obj(eth_sec); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(mp, eth_sec); + rte_security_session_fast_mdata_set(sess_priv, 0); return 0; } diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c index b070ad57fc..8a6fa75b37 100644 --- a/drivers/net/cnxk/cn9k_ethdev_sec.c +++ b/drivers/net/cnxk/cn9k_ethdev_sec.c @@ -137,15 +137,14 @@ ar_window_init(struct cn9k_inb_priv_data *inb_priv) static int cn9k_eth_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess, - struct rte_mempool *mempool) + void *sess_priv) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); + struct cnxk_eth_sec_sess *eth_sec = sess_priv; struct rte_security_ipsec_xform *ipsec; - struct cn9k_sec_sess_priv sess_priv; + struct cn9k_sec_sess_priv fast_mdata; struct rte_crypto_sym_xform *crypto; - struct cnxk_eth_sec_sess *eth_sec; bool inbound; int rc = 0; @@ -169,13 +168,8 @@ cn9k_eth_sec_session_create(void *device, return -EEXIST; } - if (rte_mempool_get(mempool, (void **)ð_sec)) { - plt_err("Could not allocate security session private data"); - return -ENOMEM; - } - memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess)); - sess_priv.u64 = 0; + fast_mdata.u64 = 0; if (inbound) { struct cn9k_inb_priv_data *inb_priv; @@ -192,7 +186,7 @@ cn9k_eth_sec_session_create(void *device, if (!inb_sa) { plt_err("Failed to create ingress sa"); rc = -EFAULT; - goto mempool_put; + goto err; } /* Check if SA is already in use */ @@ -200,7 +194,7 @@ cn9k_eth_sec_session_create(void *device, plt_err("Inbound SA with SPI %u already in use", ipsec->spi); rc = -EBUSY; - goto mempool_put; + goto err; } memset(inb_sa, 0, sizeof(struct roc_onf_ipsec_inb_sa)); @@ -209,7 +203,7 @@ cn9k_eth_sec_session_create(void *device, rc = cnxk_onf_ipsec_inb_sa_fill(inb_sa, ipsec, crypto); if (rc) { plt_err("Failed to init inbound sa, rc=%d", rc); - goto mempool_put; + goto err; } inb_priv = roc_nix_inl_onf_ipsec_inb_sa_sw_rsvd(inb_sa); @@ -223,16 +217,15 @@ cn9k_eth_sec_session_create(void *device, if (inb_priv->replay_win_sz) { rc = ar_window_init(inb_priv); if (rc) - goto mempool_put; + goto err; } /* Prepare session priv */ - sess_priv.inb_sa = 1; - sess_priv.sa_idx = ipsec->spi; + fast_mdata.inb_sa = 1; + fast_mdata.sa_idx = ipsec->spi; /* Pointer from eth_sec -> inb_sa */ eth_sec->sa = inb_sa; - eth_sec->sess = sess; eth_sec->sa_idx = ipsec->spi; eth_sec->spi = ipsec->spi; eth_sec->inb = true; @@ -252,7 +245,7 @@ cn9k_eth_sec_session_create(void *device, /* Alloc an sa index */ rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx); if (rc) - goto mempool_put; + goto err; outb_sa = roc_nix_inl_onf_ipsec_outb_sa(sa_base, sa_idx); outb_priv = roc_nix_inl_onf_ipsec_outb_sa_sw_rsvd(outb_sa); @@ -265,7 +258,7 @@ cn9k_eth_sec_session_create(void *device, if (rc) { plt_err("Failed to init outbound sa, rc=%d", rc); rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx); - goto mempool_put; + goto err; } /* Save userdata */ @@ -282,14 +275,13 @@ cn9k_eth_sec_session_create(void *device, /* Save rlen info */ cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto); - sess_priv.sa_idx = outb_priv->sa_idx; - sess_priv.roundup_byte = rlens->roundup_byte; - sess_priv.roundup_len = rlens->roundup_len; - sess_priv.partial_len = rlens->partial_len; + fast_mdata.sa_idx = outb_priv->sa_idx; + fast_mdata.roundup_byte = rlens->roundup_byte; + fast_mdata.roundup_len = rlens->roundup_len; + fast_mdata.partial_len = rlens->partial_len; /* Pointer from eth_sec -> outb_sa */ eth_sec->sa = outb_sa; - eth_sec->sess = sess; eth_sec->sa_idx = sa_idx; eth_sec->spi = ipsec->spi; @@ -306,27 +298,21 @@ cn9k_eth_sec_session_create(void *device, /* * Update fast path info in priv area. */ - set_sec_session_private_data(sess, (void *)sess_priv.u64); + rte_security_session_fast_mdata_set(sess_priv, fast_mdata.u64); return 0; -mempool_put: - rte_mempool_put(mempool, eth_sec); +err: return rc; } static int -cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess) +cn9k_eth_sec_session_destroy(void *device, void *sess_priv) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); + struct cnxk_eth_sec_sess *eth_sec = sess_priv; struct roc_onf_ipsec_outb_sa *outb_sa; struct roc_onf_ipsec_inb_sa *inb_sa; - struct cnxk_eth_sec_sess *eth_sec; - struct rte_mempool *mp; - - eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); - if (!eth_sec) - return -ENOENT; if (eth_sec->inb) { inb_sa = eth_sec->sa; @@ -353,10 +339,7 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess) eth_sec->inb ? "inbound" : "outbound", eth_sec->spi, eth_sec->sa_idx); - /* Put eth_sec object back to pool */ - mp = rte_mempool_from_obj(eth_sec); - set_sec_session_private_data(sess, NULL); - rte_mempool_put(mp, eth_sec); + rte_security_session_fast_mdata_set(sess_priv, 0); return 0; } diff --git a/drivers/net/cnxk/cnxk_ethdev.c b/drivers/net/cnxk/cnxk_ethdev.c index 966bd23c7f..572b40e11b 100644 --- a/drivers/net/cnxk/cnxk_ethdev.c +++ b/drivers/net/cnxk/cnxk_ethdev.c @@ -154,8 +154,7 @@ nix_security_release(struct cnxk_eth_dev *dev) /* Destroy inbound sessions */ tvar = NULL; RTE_TAILQ_FOREACH_SAFE(eth_sec, &dev->inb.list, entry, tvar) - cnxk_eth_sec_ops.session_destroy(eth_dev, - eth_sec->sess); + cnxk_eth_sec_ops.session_destroy(eth_dev, eth_sec); /* Clear lookup mem */ cnxk_nix_lookup_mem_sa_base_clear(dev); @@ -172,8 +171,7 @@ nix_security_release(struct cnxk_eth_dev *dev) /* Destroy outbound sessions */ tvar = NULL; RTE_TAILQ_FOREACH_SAFE(eth_sec, &dev->outb.list, entry, tvar) - cnxk_eth_sec_ops.session_destroy(eth_dev, - eth_sec->sess); + cnxk_eth_sec_ops.session_destroy(eth_dev, eth_sec); rc = roc_nix_inl_outb_fini(nix); if (rc) diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h index ff21b977b7..eca6c77e7a 100644 --- a/drivers/net/cnxk/cnxk_ethdev.h +++ b/drivers/net/cnxk/cnxk_ethdev.h @@ -174,9 +174,6 @@ struct cnxk_eth_sec_sess { /* SPI */ uint32_t spi; - /* Back pointer to session */ - struct rte_security_session *sess; - /* Inbound */ bool inb; @@ -497,9 +494,6 @@ __rte_internal int cnxk_nix_inb_mode_set(struct cnxk_eth_dev *dev, bool use_inl_dev); struct cnxk_eth_sec_sess *cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev, uint32_t spi, bool inb); -struct cnxk_eth_sec_sess * -cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev, - struct rte_security_session *sess); /* Other private functions */ int nix_recalc_mtu(struct rte_eth_dev *eth_dev); diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c index ae3e49cc82..b220f4d2cf 100644 --- a/drivers/net/cnxk/cnxk_ethdev_sec.c +++ b/drivers/net/cnxk/cnxk_ethdev_sec.c @@ -87,27 +87,6 @@ cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev, uint32_t spi, bool inb) return NULL; } -struct cnxk_eth_sec_sess * -cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev, - struct rte_security_session *sess) -{ - struct cnxk_eth_sec_sess *eth_sec = NULL; - - /* Search in inbound list */ - TAILQ_FOREACH(eth_sec, &dev->inb.list, entry) { - if (eth_sec->sess == sess) - return eth_sec; - } - - /* Search in outbound list */ - TAILQ_FOREACH(eth_sec, &dev->outb.list, entry) { - if (eth_sec->sess == sess) - return eth_sec; - } - - return NULL; -} - static unsigned int cnxk_eth_sec_session_get_size(void *device __rte_unused) { diff --git a/drivers/net/meson.build b/drivers/net/meson.build index 7a09f7183d..bcf488f203 100644 --- a/drivers/net/meson.build +++ b/drivers/net/meson.build @@ -12,7 +12,7 @@ drivers = [ 'bnx2x', 'bnxt', 'bonding', -# 'cnxk', + 'cnxk', 'cxgbe', 'dpaa', 'dpaa2', -- 2.25.1