From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
Cc: Ankur Dwivedi <adwivedi@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 1/2] crypto/cnxk: align HW accessible field to ROC align
Date: Wed, 12 Oct 2022 11:34:24 +0530 [thread overview]
Message-ID: <20221012060425.194-1-anoobj@marvell.com> (raw)
Hardware accessible memory need to be aligned to ROC. Enforce the same.
Move software specific fields to padding space.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 33 ++++------
drivers/crypto/cnxk/cn10k_ipsec.c | 77 +++++++++++------------
drivers/crypto/cnxk/cn10k_ipsec.h | 25 ++++----
drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 40 +++++-------
4 files changed, 80 insertions(+), 95 deletions(-)
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 1d7a9e2952..2942617615 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -72,7 +72,6 @@ cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
struct cn10k_sec_session *sess, struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = op->sym;
- struct cn10k_ipsec_sa *sa;
int ret;
if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@@ -85,12 +84,10 @@ cpt_sec_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
return -ENOTSUP;
}
- sa = &sess->sa;
-
- if (sa->is_outbound)
- ret = process_outb_sa(&qp->lf, op, sa, inst);
+ if (sess->is_outbound)
+ ret = process_outb_sa(&qp->lf, op, sess, inst);
else
- ret = process_inb_sa(op, sa, inst);
+ ret = process_inb_sa(op, sess, inst);
return ret;
}
@@ -122,11 +119,11 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- sec_sess = SECURITY_GET_SESS_PRIV(sym_op->session);
+ sec_sess = (struct cn10k_sec_session *)(sym_op->session);
ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
if (unlikely(ret))
return 0;
- w7 = sec_sess->sa.inst.w7;
+ w7 = sec_sess->inst.w7;
} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
sess = CRYPTODEV_GET_SYM_SESS_PRIV(sym_op->session);
ret = cpt_sym_inst_fill(qp, op, sess, infl_req,
@@ -298,13 +295,10 @@ cn10k_cpt_crypto_adapter_ev_mdata_set(struct rte_cryptodev *dev __rte_unused,
/* Set meta according to session type */
if (op_type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- struct cn10k_sec_session *priv;
- struct cn10k_ipsec_sa *sa;
+ struct cn10k_sec_session *sec_sess = (struct cn10k_sec_session *)sess;
- priv = SECURITY_GET_SESS_PRIV(sess);
- sa = &priv->sa;
- sa->qp = qp;
- sa->inst.w2 = w2;
+ sec_sess->qp = qp;
+ sec_sess->inst.w2 = w2;
} else if (sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
struct cnxk_se_sess *priv;
@@ -335,13 +329,12 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
{
if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
- struct cn10k_sec_session *priv;
- struct cn10k_ipsec_sa *sa;
+ struct cn10k_sec_session *sec_sess;
+
+ sec_sess = (struct cn10k_sec_session *)op->sym->session;
- priv = SECURITY_GET_SESS_PRIV(op->sym->session);
- sa = &priv->sa;
- *qp = sa->qp;
- *w2 = sa->inst.w2;
+ *qp = sec_sess->qp;
+ *w2 = sec_sess->inst.w2;
} else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
struct cnxk_se_sess *priv;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index 1ebdf7793a..ef013c8bae 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -36,19 +36,17 @@ static int
cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
- struct rte_security_session *sec_sess)
+ struct cn10k_sec_session *sec_sess)
{
union roc_ot_ipsec_outb_param1 param1;
struct roc_ot_ipsec_outb_sa *sa_dptr;
struct cnxk_ipsec_outb_rlens rlens;
- struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w4 inst_w4;
void *out_sa;
int ret = 0;
- sess = SECURITY_GET_SESS_PRIV(sec_sess);
- sa = &sess->sa;
+ sa = &sec_sess->sa;
out_sa = &sa->out_sa;
/* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */
@@ -65,21 +63,21 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
goto sa_dptr_free;
}
- sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, out_sa);
+ sec_sess->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, out_sa);
#ifdef LA_IPSEC_DEBUG
/* Use IV from application in debug mode */
if (ipsec_xfrm->options.iv_gen_disable == 1) {
sa_dptr->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;
if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
- sa->iv_offset = crypto_xfrm->aead.iv.offset;
- sa->iv_length = crypto_xfrm->aead.iv.length;
+ sec_sess->iv_offset = crypto_xfrm->aead.iv.offset;
+ sec_sess->iv_length = crypto_xfrm->aead.iv.length;
} else if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
- sa->iv_offset = crypto_xfrm->cipher.iv.offset;
- sa->iv_length = crypto_xfrm->cipher.iv.length;
+ sec_sess->iv_offset = crypto_xfrm->cipher.iv.offset;
+ sec_sess->iv_length = crypto_xfrm->cipher.iv.length;
} else {
- sa->iv_offset = crypto_xfrm->auth.iv.offset;
- sa->iv_length = crypto_xfrm->auth.iv.length;
+ sec_sess->iv_offset = crypto_xfrm->auth.iv.offset;
+ sec_sess->iv_length = crypto_xfrm->auth.iv.length;
}
}
#else
@@ -90,14 +88,14 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
}
#endif
- sa->is_outbound = true;
+ sec_sess->is_outbound = true;
/* Get Rlen calculation data */
ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm);
if (ret)
goto sa_dptr_free;
- sa->max_extended_len = rlens.max_extended_len;
+ sec_sess->max_extended_len = rlens.max_extended_len;
/* pre-populate CPT INST word 4 */
inst_w4.u64 = 0;
@@ -125,7 +123,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
inst_w4.s.param1 = param1.u16;
- sa->inst.w4 = inst_w4.u64;
+ sec_sess->inst.w4 = inst_w4.u64;
if (ipsec_xfrm->options.stats == 1) {
/* Enable mib counters */
@@ -163,18 +161,16 @@ static int
cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
- struct rte_security_session *sec_sess)
+ struct cn10k_sec_session *sec_sess)
{
union roc_ot_ipsec_inb_param1 param1;
struct roc_ot_ipsec_inb_sa *sa_dptr;
- struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
union cpt_inst_w4 inst_w4;
void *in_sa;
int ret = 0;
- sess = SECURITY_GET_SESS_PRIV(sec_sess);
- sa = &sess->sa;
+ sa = &sec_sess->sa;
in_sa = &sa->in_sa;
/* Allocate memory to be used as dptr for CPT ucode WRITE_SA op */
@@ -192,8 +188,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
goto sa_dptr_free;
}
- sa->is_outbound = false;
- sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, in_sa);
+ sec_sess->is_outbound = false;
+ sec_sess->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, in_sa);
/* pre-populate CPT INST word 4 */
inst_w4.u64 = 0;
@@ -221,7 +217,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
inst_w4.s.param1 = param1.u16;
- sa->inst.w4 = inst_w4.u64;
+ sec_sess->inst.w4 = inst_w4.u64;
if (ipsec_xfrm->options.stats == 1) {
/* Enable mib counters */
@@ -281,11 +277,11 @@ cn10k_ipsec_session_create(void *dev,
roc_cpt = &vf->cpt;
if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
- return cn10k_ipsec_inb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm,
- crypto_xfrm, sess);
+ return cn10k_ipsec_inb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm, crypto_xfrm,
+ (struct cn10k_sec_session *)sess);
else
- return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm,
- crypto_xfrm, sess);
+ return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, ipsec_xfrm, crypto_xfrm,
+ (struct cn10k_sec_session *)sess);
}
static int
@@ -314,13 +310,14 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
void *sa_dptr = NULL;
int ret;
- sess = SECURITY_GET_SESS_PRIV(sec_sess);
- if (sess == NULL)
- return 0;
+ if (unlikely(sec_sess == NULL))
+ return -EINVAL;
+
+ sess = (struct cn10k_sec_session *)sec_sess;
qp = crypto_dev->data->queue_pairs[0];
- if (qp == NULL)
- return 0;
+ if (unlikely(qp == NULL))
+ return -ENOTSUP;
lf = &qp->lf;
@@ -331,7 +328,7 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
ret = -1;
- if (sa->is_outbound) {
+ if (sess->is_outbound) {
sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_outb_sa), 8);
if (sa_dptr != NULL) {
roc_ot_ipsec_outb_sa_init(sa_dptr);
@@ -374,7 +371,7 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
static unsigned int
cn10k_sec_session_get_size(void *device __rte_unused)
{
- return sizeof(struct cn10k_sec_session);
+ return sizeof(struct cn10k_sec_session) - sizeof(struct rte_security_session);
}
static int
@@ -384,25 +381,23 @@ cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
struct rte_cryptodev *crypto_dev = device;
struct roc_ot_ipsec_outb_sa *out_sa;
struct roc_ot_ipsec_inb_sa *in_sa;
- union roc_ot_ipsec_sa_word2 *w2;
struct cn10k_sec_session *priv;
struct cn10k_ipsec_sa *sa;
struct cnxk_cpt_qp *qp;
- priv = SECURITY_GET_SESS_PRIV(sess);
- if (priv == NULL)
+ if (unlikely(sess == NULL))
return -EINVAL;
+ priv = (struct cn10k_sec_session *)sess;
+
qp = crypto_dev->data->queue_pairs[0];
if (qp == NULL)
return -EINVAL;
- sa = &priv->sa;
- w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2;
-
stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
+ sa = &priv->sa;
- if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND) {
+ if (priv->is_outbound) {
out_sa = &sa->out_sa;
roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false);
rte_delay_ms(1);
@@ -448,8 +443,8 @@ cn10k_sec_session_update(void *device, struct rte_security_session *sess,
vf = crypto_dev->data->dev_private;
roc_cpt = &vf->cpt;
- return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec,
- conf->crypto_xform, sess);
+ return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec, conf->crypto_xform,
+ (struct cn10k_sec_session *)sess);
}
/* Update platform specific security ops */
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h
index 1c1d904799..044fe33046 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec.h
@@ -6,6 +6,7 @@
#define __CN10K_IPSEC_H__
#include <rte_security.h>
+#include <rte_security_driver.h>
#include "roc_api.h"
@@ -14,6 +15,19 @@
typedef void *CN10K_SA_CONTEXT_MARKER[0];
struct cn10k_ipsec_sa {
+ union {
+ /** Inbound SA */
+ struct roc_ot_ipsec_inb_sa in_sa;
+ /** Outbound SA */
+ struct roc_ot_ipsec_outb_sa out_sa;
+ };
+} __rte_aligned(ROC_ALIGN);
+
+struct cn10k_sec_session {
+ struct rte_security_session rte_sess;
+
+ /** PMD private space */
+
/** Pre-populated CPT inst words */
struct cnxk_cpt_inst_tmpl inst;
uint16_t max_extended_len;
@@ -26,17 +40,6 @@ struct cn10k_ipsec_sa {
/**
* End of SW mutable area
*/
- CN10K_SA_CONTEXT_MARKER sw_area_end __rte_aligned(ROC_ALIGN);
-
- union {
- /** Inbound SA */
- struct roc_ot_ipsec_inb_sa in_sa;
- /** Outbound SA */
- struct roc_ot_ipsec_outb_sa out_sa;
- };
-} __rte_aligned(ROC_ALIGN);
-
-struct cn10k_sec_session {
struct cn10k_ipsec_sa sa;
} __rte_aligned(ROC_ALIGN);
diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
index 21502e0eb2..a75e88cb28 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
@@ -13,13 +13,12 @@
#include "cnxk_cryptodev.h"
static inline void
-ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop)
+ipsec_po_sa_iv_set(struct cn10k_sec_session *sess, struct rte_crypto_op *cop)
{
- uint64_t *iv = &sess->out_sa.iv.u64[0];
+ uint64_t *iv = &sess->sa.out_sa.iv.u64[0];
uint64_t *tmp_iv;
- memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset),
- 16);
+ memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 16);
tmp_iv = (uint64_t *)iv;
*tmp_iv = rte_be_to_cpu_64(*tmp_iv);
@@ -28,28 +27,24 @@ ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop)
}
static inline void
-ipsec_po_sa_aes_gcm_iv_set(struct cn10k_ipsec_sa *sess,
- struct rte_crypto_op *cop)
+ipsec_po_sa_aes_gcm_iv_set(struct cn10k_sec_session *sess, struct rte_crypto_op *cop)
{
- uint8_t *iv = &sess->out_sa.iv.s.iv_dbg1[0];
+ uint8_t *iv = &sess->sa.out_sa.iv.s.iv_dbg1[0];
uint32_t *tmp_iv;
- memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset),
- 4);
+ memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 4);
tmp_iv = (uint32_t *)iv;
*tmp_iv = rte_be_to_cpu_32(*tmp_iv);
- iv = &sess->out_sa.iv.s.iv_dbg2[0];
- memcpy(iv,
- rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4),
- 4);
+ iv = &sess->sa.out_sa.iv.s.iv_dbg2[0];
+ memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4), 4);
tmp_iv = (uint32_t *)iv;
*tmp_iv = rte_be_to_cpu_32(*tmp_iv);
}
static __rte_always_inline int
-process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop,
- struct cn10k_ipsec_sa *sess, struct cpt_inst_s *inst)
+process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k_sec_session *sess,
+ struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m_src = sym_op->m_src;
@@ -64,17 +59,17 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop,
RTE_SET_USED(lf);
#ifdef LA_IPSEC_DEBUG
- if (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) {
- if (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
- sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
- sess->out_sa.w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC)
+ if (sess->sa.out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) {
+ if (sess->sa.out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||
+ sess->sa.out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||
+ sess->sa.out_sa.w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC)
ipsec_po_sa_aes_gcm_iv_set(sess, cop);
else
ipsec_po_sa_iv_set(sess, cop);
}
/* Trigger CTX reload to fetch new data from DRAM */
- roc_cpt_lf_ctx_reload(lf, &sess->out_sa);
+ roc_cpt_lf_ctx_reload(lf, &sess->sa.out_sa);
rte_delay_ms(1);
#endif
@@ -94,15 +89,14 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop,
}
static __rte_always_inline int
-process_inb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sa,
- struct cpt_inst_s *inst)
+process_inb_sa(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m_src = sym_op->m_src;
uint64_t dptr;
/* Prepare CPT instruction */
- inst->w4.u64 = sa->inst.w4 | rte_pktmbuf_pkt_len(m_src);
+ inst->w4.u64 = sess->inst.w4 | rte_pktmbuf_pkt_len(m_src);
dptr = rte_pktmbuf_mtod(m_src, uint64_t);
inst->dptr = dptr;
inst->rptr = dptr;
--
2.25.1
next reply other threads:[~2022-10-12 6:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-12 6:04 Anoob Joseph [this message]
2022-10-12 6:04 ` [PATCH 2/2] crypto/cnxk: fix failure from session rework Anoob Joseph
2022-10-12 12:10 ` [PATCH v2 1/2] crypto/cnxk: align HW accessible field to ROC align Anoob Joseph
2022-10-12 12:10 ` [PATCH v2 2/2] crypto/cnxk: fix failure from session rework Anoob Joseph
2022-10-12 19:03 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221012060425.194-1-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=adwivedi@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).