From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id EFD85A034C;
	Mon, 28 Mar 2022 12:51:01 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id BF49A427EA;
	Mon, 28 Mar 2022 12:51:01 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id DF2CB41104
 for <dev@dpdk.org>; Mon, 28 Mar 2022 12:50:59 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22SA4cuJ011168;
 Mon, 28 Mar 2022 03:50:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : mime-version : content-transfer-encoding :
 content-type; s=pfpt0220; bh=e93BmWMASUT8evx6++cJs7+HInnvc9yy0+EyJc233UY=;
 b=KuUilqK/wE1sk+xVG29XdWA9ooGYsoLPtBiejeuAWJnK13d3OhcRFk3+HYv3C4LtQEPG
 jMpUucHtOKcwQ2yiZTT7Nl29gjbaxoEg2iOactFkzfYtPoK72YYRVEoVNR8CCB7IyNmT
 7daFEhb2WaXKzDMZTXx7KndkyMvL9yrXtwYAaiCocqPzLcCw+ucgLTepAbnu9goGGNkD
 8xWs16GM70f3sXEcHy/p6TV7ZGYEEhiAcsnyvafOizUGrCQYfyBlBg7h/Z4DtRb6INRy
 gB/MRoNLbgS4HWHnCYMSDpxa5nLIGRN/LIcy+mEKeHC4PH2Rptif2xmYYS0xn2w4MuSR Dg== 
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3f206p6nrk-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Mon, 28 Mar 2022 03:50:58 -0700
Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
 Mon, 28 Mar 2022 03:50:57 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.32 via Frontend
 Transport; Mon, 28 Mar 2022 03:50:57 -0700
Received: from localhost.localdomain (unknown [10.28.34.39])
 by maili.marvell.com (Postfix) with ESMTP id A56ED3F703F;
 Mon, 28 Mar 2022 03:50:55 -0700 (PDT)
From: Volodymyr Fialko <vfialko@marvell.com>
To: <dev@dpdk.org>, Radu Nicolau <radu.nicolau@intel.com>, Akhil Goyal
 <gakhil@marvell.com>
CC: <jerinj@marvell.com>, <anoobj@marvell.com>, Volodymyr Fialko
 <vfialko@marvell.com>
Subject: [PATCH] examples/ipsec-secgw: destroy lookaside sessions
Date: Mon, 28 Mar 2022 12:50:47 +0200
Message-ID: <20220328105047.2293528-1-vfialko@marvell.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Proofpoint-GUID: wZnTkGWogSJTWd3LO7PhMyrrFk6Kh3ML
X-Proofpoint-ORIG-GUID: wZnTkGWogSJTWd3LO7PhMyrrFk6Kh3ML
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514
 definitions=2022-03-28_04,2022-03-28_01,2022-02-23_01
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Lookaside mode also creates security and crypto sessions that needs to
be destroyed after they are no longer used.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 48 +++++++++++++++++++++---------
 examples/ipsec-secgw/ipsec.c       | 12 ++++----
 2 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index a7cdc273f9..f55344093c 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -2896,8 +2896,37 @@ check_event_mode_params(struct eh_conf *eh_conf)
 	return 0;
 }
 
+static int
+one_session_free(struct rte_ipsec_session *ips)
+{
+	int32_t ret = 0;
+
+	if (ips->type == RTE_SECURITY_ACTION_TYPE_NONE ||
+		ips->type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) {
+		/* Session has not been created */
+		if (ips->crypto.ses == NULL)
+			return 0;
+
+		ret = rte_cryptodev_sym_session_clear(ips->crypto.dev_id,
+						      ips->crypto.ses);
+		if (ret)
+			return ret;
+
+		ret = rte_cryptodev_sym_session_free(ips->crypto.ses);
+	} else {
+		/* Session has not been created */
+		if (ips->security.ctx == NULL || ips->security.ses == NULL)
+			return 0;
+
+		ret = rte_security_session_destroy(ips->security.ctx,
+						   ips->security.ses);
+	}
+
+	return ret;
+}
+
 static void
-inline_sessions_free(struct sa_ctx *sa_ctx)
+sessions_free(struct sa_ctx *sa_ctx)
 {
 	struct rte_ipsec_session *ips;
 	struct ipsec_sa *sa;
@@ -2914,16 +2943,7 @@ inline_sessions_free(struct sa_ctx *sa_ctx)
 			continue;
 
 		ips = ipsec_get_primary_session(sa);
-		if (ips->type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL &&
-		    ips->type != RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
-			continue;
-
-		if (!rte_eth_dev_is_valid_port(sa->portid))
-			continue;
-
-		ret = rte_security_session_destroy(
-				rte_eth_dev_get_sec_ctx(sa->portid),
-				ips->security.ses);
+		ret = one_session_free(ips);
 		if (ret)
 			RTE_LOG(ERR, IPSEC, "Failed to destroy security "
 					    "session type %d, spi %d\n",
@@ -3498,11 +3518,11 @@ main(int32_t argc, char **argv)
 	/* Free eventmode configuration memory */
 	eh_conf_uninit(eh_conf);
 
-	/* Destroy inline inbound and outbound sessions */
+	/* Destroy inbound and outbound sessions */
 	for (i = 0; i < NB_SOCKETS && i < rte_socket_count(); i++) {
 		socket_id = rte_socket_id_by_idx(i);
-		inline_sessions_free(socket_ctx[socket_id].sa_in);
-		inline_sessions_free(socket_ctx[socket_id].sa_out);
+		sessions_free(socket_ctx[socket_id].sa_in);
+		sessions_free(socket_ctx[socket_id].sa_out);
 	}
 
 	for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) {
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index b66ff2b650..3027fbc45f 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -124,31 +124,31 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
 				"SEC Session init failed: err: %d\n", ret);
 				return -1;
 			}
+			ips->security.ctx = ctx;
 		} else {
 			RTE_LOG(ERR, IPSEC, "Inline not supported\n");
 			return -1;
 		}
 	} else {
+		uint16_t cdev_id = ipsec_ctx->tbl[cdev_id_qp].id;
+
 		if (ips->type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) {
 			struct rte_cryptodev_info info;
-			uint16_t cdev_id;
 
-			cdev_id = ipsec_ctx->tbl[cdev_id_qp].id;
 			rte_cryptodev_info_get(cdev_id, &info);
 			if (!(info.feature_flags &
 				RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO))
 				return -ENOTSUP;
 
-			ips->crypto.dev_id = cdev_id;
 		}
+		ips->crypto.dev_id = cdev_id;
 		ips->crypto.ses = rte_cryptodev_sym_session_create(
 				ipsec_ctx->session_pool);
-		rte_cryptodev_sym_session_init(ipsec_ctx->tbl[cdev_id_qp].id,
+		rte_cryptodev_sym_session_init(cdev_id,
 				ips->crypto.ses, sa->xforms,
 				ipsec_ctx->session_priv_pool);
 
-		rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
-				&cdev_info);
+		rte_cryptodev_info_get(cdev_id, &cdev_info);
 	}
 
 	sa->cdev_id_qp = cdev_id_qp;
-- 
2.25.1