From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F3CB946AE4 for ; Thu, 3 Jul 2025 13:24:05 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CD6C540264; Thu, 3 Jul 2025 13:24:05 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 28C4E40264 for ; Thu, 3 Jul 2025 13:24:05 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 563As63B015377 for ; Thu, 3 Jul 2025 04:24:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= cc:content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=pfpt0220; bh=yoBYpYwsjaVmR+vBiGoZkGr SCeVmW0Qs7goLe0pLCbg=; b=A7MP2w2TZO20Baod5l6ChvKjzaFaqU73X4IQzH8 ptzsvutpkTa/vt0ofQis8dRloDuLVm2Bpn9nkp0t7nglV81AvyD6xta2ErSGib/E kOFY952nUkhZstJTOgYpE2vfwDuZ1lhlG7P6Um+3a4yDiR5L4Tt9sDyf5UittdlA /HU4sP7UttGKWj3anKnFKLv05lw8HWKbfll8YhBcqnBB7CXI5h0awDqN5NEou2eK JfsresuySJkoONVEJWnrnNdeJbEBOODQTYvaOR30yH4qtB4w32F5QqW6IGXB8eYD EIZb70eDviiZOvPVF6SGmDAI7wWIz902BdFaJiAOpnDnWdQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 47nq5j06ur-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 03 Jul 2025 04:24:04 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 3 Jul 2025 04:24:02 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1544.4 via Frontend Transport; Thu, 3 Jul 2025 04:24:02 -0700 Received: from localhost.localdomain (unknown [10.28.36.158]) by maili.marvell.com (Postfix) with ESMTP id 88CF73F704C; Thu, 3 Jul 2025 04:24:01 -0700 (PDT) From: Rahul Bhansali To: CC: Rahul Bhansali Subject: [PATCH 22.11] net/cnxk: fix lock for security session ops Date: Thu, 3 Jul 2025 16:53:54 +0530 Message-ID: <20250703112354.57978-1-rbhansali@marvell.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: KeO8zrV0S3BHdTuj6-5RXCTSXcOYkWDU X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNzAzMDA5NCBTYWx0ZWRfX4NdhLrSm5DKQ 7k4zYw338QEZTij46T861lNujw9a23DGcQUBpCC0YSwdur8xRpu6mb2xd8lzr9dxGpfipMzbM1e IJDsw4wce/hNV8roqK6MwQgTi0RVgeSV0Cet4hLXeGF8b2LEYdqfzDFc2LQzfU2k8fLAtY+oe37 TLhdAabQsmdIg+zdM1PyXlA8ooHY+0UjJ4GkwqumIvSQw5WtT738i/PFNiAP3WTy3X3eG7lLXxP ZX+zl/15viIlg95L6QUxoB/KtztFSbUdVqQ2XygUBF3g+kZ5V4t2997j1QLQHfkhgf3n6ewSIFV vpWcPu2w6rClLnBt3MpxRhSB13eR1AfHdSPk21xLjvcjIynVXoNV1qcGMtjqkA8KKe2zp8h4GBX DVVQAt6oLYKIbkCGpZ0PXtsiwA1RXHCwBE6TlXwdxDT3KQcD89N5vUTf90Xv976Dt4/VJC/v X-Proofpoint-ORIG-GUID: KeO8zrV0S3BHdTuj6-5RXCTSXcOYkWDU X-Authority-Analysis: v=2.4 cv=e6MGSbp/ c=1 sm=1 tr=0 ts=68666854 cx=c_pps p=gIfcoYsirJbf48DBMSPrZA==:17 a=gIfcoYsirJbf48DBMSPrZA==:117 a=Wb1JkmetP80A:10 a=M5GUcnROAAAA:8 a=3-44JtZai2CPQ6laVIYA:9 a=OBjm3rFKGHvpk9ecZwUJ:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.7,FMLib:17.12.80.40 definitions=2025-07-03_03,2025-07-02_04,2025-03-28_01 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org [ upstream commit 9bebc33703df999a405ed7103dc45230d0f1fbda ] Add fixes to have lock on security session update, write and read to prevent corruption. Fixes: 8efa348e8160 ("net/cnxk: support custom SA index") Signed-off-by: Rahul Bhansali --- drivers/net/cnxk/cn10k_ethdev_sec.c | 107 +++++++++++++++++++++++----- 1 file changed, 90 insertions(+), 17 deletions(-) diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c index ed5c335787..9c266f218d 100644 --- a/drivers/net/cnxk/cn10k_ethdev_sec.c +++ b/drivers/net/cnxk/cn10k_ethdev_sec.c @@ -636,7 +636,6 @@ cn10k_eth_sec_session_create(void *device, return -EEXIST; } - memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess)); sess_priv.u64 = 0; lock = inbound ? &dev->inb.lock : &dev->outb.lock; @@ -646,6 +645,8 @@ cn10k_eth_sec_session_create(void *device, if (inbound && inl_dev) roc_nix_inl_dev_lock(); + memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess)); + if (inbound) { struct roc_ot_ipsec_inb_sa *inb_sa, *inb_sa_dptr; struct cn10k_inb_priv_data *inb_priv; @@ -831,7 +832,7 @@ cn10k_eth_sec_session_create(void *device, roc_nix_inl_dev_unlock(); rte_spinlock_unlock(lock); - plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u", + plt_nix_dbg("Created %s session with spi=0x%x, sa_idx=0x%x inl_dev=%u", inbound ? "inbound" : "outbound", eth_sec->spi, eth_sec->sa_idx, eth_sec->inl_dev); /* @@ -897,7 +898,7 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess) rte_spinlock_unlock(lock); - plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u", + plt_nix_dbg("Destroyed %s session with spi=0x%x, sa_idx=0x%x, inl_dev=%u", eth_sec->inb ? "inbound" : "outbound", eth_sec->spi, eth_sec->sa_idx, eth_sec->inl_dev); @@ -920,7 +921,8 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, struct rte_security_ipsec_xform *ipsec; struct rte_crypto_sym_xform *crypto; struct cnxk_eth_sec_sess *eth_sec; - bool inbound; + bool inbound, inl_dev; + rte_spinlock_t *lock; int rc; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || @@ -935,6 +937,14 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, if (!eth_sec) return -ENOENT; + inl_dev = !!dev->inb.inl_dev; + lock = inbound ? &dev->inb.lock : &dev->outb.lock; + rte_spinlock_lock(lock); + + /* Acquire lock on inline dev for inbound */ + if (inbound && inl_dev) + roc_nix_inl_dev_lock(); + eth_sec->spi = conf->ipsec.spi; if (inbound) { @@ -944,13 +954,13 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto, true); if (rc) - return -EINVAL; + goto err; rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa, eth_sec->inb, sizeof(struct roc_ot_ipsec_inb_sa)); if (rc) - return -EINVAL; + goto err; } else { struct roc_ot_ipsec_outb_sa *outb_sa_dptr; @@ -959,15 +969,29 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto); if (rc) - return -EINVAL; + goto err; rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa, eth_sec->inb, sizeof(struct roc_ot_ipsec_outb_sa)); if (rc) - return -EINVAL; + goto err; } + if (inbound && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + plt_nix_dbg("Updated %s session with spi=0x%x, sa_idx=0x%x inl_dev=%u", + inbound ? "inbound" : "outbound", eth_sec->spi, eth_sec->sa_idx, + eth_sec->inl_dev); return 0; + +err: + if (inbound && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + return rc; } int @@ -977,20 +1001,41 @@ rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess, struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); struct cnxk_eth_sec_sess *eth_sec; + rte_spinlock_t *lock; + bool inl_dev; int rc; eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); if (eth_sec == NULL) return -EINVAL; + inl_dev = !!dev->inb.inl_dev; + lock = inb ? &dev->inb.lock : &dev->outb.lock; + rte_spinlock_lock(lock); + + /* Acquire lock on inline dev for inbound */ + if (inb && inl_dev) + roc_nix_inl_dev_lock(); + rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb, ROC_NIX_INL_SA_OP_FLUSH); if (rc) - return -EINVAL; + goto err; + + if (inb && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + rte_delay_ms(1); memcpy(data, eth_sec->sa, len); return 0; +err: + if (inb && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + return rc; } int @@ -1000,36 +1045,59 @@ rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess, struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); struct cnxk_eth_sec_sess *eth_sec; + rte_spinlock_t *lock; + bool inl_dev; int rc = -EINVAL; eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); if (eth_sec == NULL) return rc; + + inl_dev = !!dev->inb.inl_dev; + lock = inb ? &dev->inb.lock : &dev->outb.lock; + rte_spinlock_lock(lock); + + /* Acquire lock on inline dev for inbound */ + if (inb && inl_dev) + roc_nix_inl_dev_lock(); + rc = roc_nix_inl_ctx_write(&dev->nix, data, eth_sec->sa, eth_sec->inb, len); - if (rc) - return rc; - return 0; + if (inb && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + return rc; } static int cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess, - struct rte_security_stats *stats) + struct rte_security_stats *stats) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); struct cnxk_eth_sec_sess *eth_sec; + rte_spinlock_t *lock; + bool inl_dev, inb; int rc; eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); if (eth_sec == NULL) return -EINVAL; - rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb, - ROC_NIX_INL_SA_OP_FLUSH); + inl_dev = !!dev->inb.inl_dev; + inb = eth_sec->inb; + lock = inb ? &dev->inb.lock : &dev->outb.lock; + rte_spinlock_lock(lock); + + /* Acquire lock on inline dev for inbound */ + if (inb && inl_dev) + roc_nix_inl_dev_lock(); + + rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb, ROC_NIX_INL_SA_OP_FLUSH); if (rc) - return -EINVAL; + goto err; rte_delay_ms(1); stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC; @@ -1046,7 +1114,12 @@ cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess, ((struct roc_ot_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_octs; } - return 0; +err: + if (inb && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + return rc; } void -- 2.25.1