* [PATCH 22.11] net/cnxk: fix lock for security session ops
@ 2025-07-03 11:23 Rahul Bhansali
2025-07-04 1:02 ` Luca Boccassi
2025-07-08 7:15 ` [PATCH 22.11 v2] " Rahul Bhansali
0 siblings, 2 replies; 4+ messages in thread
From: Rahul Bhansali @ 2025-07-03 11:23 UTC (permalink / raw)
To: stable; +Cc: Rahul Bhansali
[ upstream commit 9bebc33703df999a405ed7103dc45230d0f1fbda ]
Add fixes to have lock on security session update, write and read to
prevent corruption.
Fixes: 8efa348e8160 ("net/cnxk: support custom SA index")
Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>
---
drivers/net/cnxk/cn10k_ethdev_sec.c | 107 +++++++++++++++++++++++-----
1 file changed, 90 insertions(+), 17 deletions(-)
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index ed5c335787..9c266f218d 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -636,7 +636,6 @@ cn10k_eth_sec_session_create(void *device,
return -EEXIST;
}
- memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
sess_priv.u64 = 0;
lock = inbound ? &dev->inb.lock : &dev->outb.lock;
@@ -646,6 +645,8 @@ cn10k_eth_sec_session_create(void *device,
if (inbound && inl_dev)
roc_nix_inl_dev_lock();
+ memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
+
if (inbound) {
struct roc_ot_ipsec_inb_sa *inb_sa, *inb_sa_dptr;
struct cn10k_inb_priv_data *inb_priv;
@@ -831,7 +832,7 @@ cn10k_eth_sec_session_create(void *device,
roc_nix_inl_dev_unlock();
rte_spinlock_unlock(lock);
- plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u",
+ plt_nix_dbg("Created %s session with spi=0x%x, sa_idx=0x%x inl_dev=%u",
inbound ? "inbound" : "outbound", eth_sec->spi,
eth_sec->sa_idx, eth_sec->inl_dev);
/*
@@ -897,7 +898,7 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
rte_spinlock_unlock(lock);
- plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u",
+ plt_nix_dbg("Destroyed %s session with spi=0x%x, sa_idx=0x%x, inl_dev=%u",
eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
eth_sec->sa_idx, eth_sec->inl_dev);
@@ -920,7 +921,8 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
struct rte_security_ipsec_xform *ipsec;
struct rte_crypto_sym_xform *crypto;
struct cnxk_eth_sec_sess *eth_sec;
- bool inbound;
+ bool inbound, inl_dev;
+ rte_spinlock_t *lock;
int rc;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
@@ -935,6 +937,14 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
if (!eth_sec)
return -ENOENT;
+ inl_dev = !!dev->inb.inl_dev;
+ lock = inbound ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
+ /* Acquire lock on inline dev for inbound */
+ if (inbound && inl_dev)
+ roc_nix_inl_dev_lock();
+
eth_sec->spi = conf->ipsec.spi;
if (inbound) {
@@ -944,13 +954,13 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto,
true);
if (rc)
- return -EINVAL;
+ goto err;
rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa,
eth_sec->inb,
sizeof(struct roc_ot_ipsec_inb_sa));
if (rc)
- return -EINVAL;
+ goto err;
} else {
struct roc_ot_ipsec_outb_sa *outb_sa_dptr;
@@ -959,15 +969,29 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
if (rc)
- return -EINVAL;
+ goto err;
rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa,
eth_sec->inb,
sizeof(struct roc_ot_ipsec_outb_sa));
if (rc)
- return -EINVAL;
+ goto err;
}
+ if (inbound && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ plt_nix_dbg("Updated %s session with spi=0x%x, sa_idx=0x%x inl_dev=%u",
+ inbound ? "inbound" : "outbound", eth_sec->spi, eth_sec->sa_idx,
+ eth_sec->inl_dev);
return 0;
+
+err:
+ if (inbound && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ return rc;
}
int
@@ -977,20 +1001,41 @@ rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
struct cnxk_eth_sec_sess *eth_sec;
+ rte_spinlock_t *lock;
+ bool inl_dev;
int rc;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
if (eth_sec == NULL)
return -EINVAL;
+ inl_dev = !!dev->inb.inl_dev;
+ lock = inb ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
+ /* Acquire lock on inline dev for inbound */
+ if (inb && inl_dev)
+ roc_nix_inl_dev_lock();
+
rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
ROC_NIX_INL_SA_OP_FLUSH);
if (rc)
- return -EINVAL;
+ goto err;
+
+ if (inb && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
rte_delay_ms(1);
memcpy(data, eth_sec->sa, len);
return 0;
+err:
+ if (inb && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ return rc;
}
int
@@ -1000,36 +1045,59 @@ rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
struct cnxk_eth_sec_sess *eth_sec;
+ rte_spinlock_t *lock;
+ bool inl_dev;
int rc = -EINVAL;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
if (eth_sec == NULL)
return rc;
+
+ inl_dev = !!dev->inb.inl_dev;
+ lock = inb ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
+ /* Acquire lock on inline dev for inbound */
+ if (inb && inl_dev)
+ roc_nix_inl_dev_lock();
+
rc = roc_nix_inl_ctx_write(&dev->nix, data, eth_sec->sa, eth_sec->inb,
len);
- if (rc)
- return rc;
- return 0;
+ if (inb && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ return rc;
}
static int
cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess,
- struct rte_security_stats *stats)
+ struct rte_security_stats *stats)
{
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
struct cnxk_eth_sec_sess *eth_sec;
+ rte_spinlock_t *lock;
+ bool inl_dev, inb;
int rc;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
if (eth_sec == NULL)
return -EINVAL;
- rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
- ROC_NIX_INL_SA_OP_FLUSH);
+ inl_dev = !!dev->inb.inl_dev;
+ inb = eth_sec->inb;
+ lock = inb ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
+ /* Acquire lock on inline dev for inbound */
+ if (inb && inl_dev)
+ roc_nix_inl_dev_lock();
+
+ rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb, ROC_NIX_INL_SA_OP_FLUSH);
if (rc)
- return -EINVAL;
+ goto err;
rte_delay_ms(1);
stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
@@ -1046,7 +1114,12 @@ cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess,
((struct roc_ot_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_octs;
}
- return 0;
+err:
+ if (inb && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ return rc;
}
void
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 22.11] net/cnxk: fix lock for security session ops
2025-07-03 11:23 [PATCH 22.11] net/cnxk: fix lock for security session ops Rahul Bhansali
@ 2025-07-04 1:02 ` Luca Boccassi
2025-07-08 6:01 ` [EXTERNAL] " Rahul Bhansali
2025-07-08 7:15 ` [PATCH 22.11 v2] " Rahul Bhansali
1 sibling, 1 reply; 4+ messages in thread
From: Luca Boccassi @ 2025-07-04 1:02 UTC (permalink / raw)
To: Rahul Bhansali; +Cc: stable
On Thu, 3 Jul 2025 at 12:24, Rahul Bhansali <rbhansali@marvell.com> wrote:
>
> [ upstream commit 9bebc33703df999a405ed7103dc45230d0f1fbda ]
>
> Add fixes to have lock on security session update, write and read to
> prevent corruption.
>
> Fixes: 8efa348e8160 ("net/cnxk: support custom SA index")
>
> Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>
> ---
> drivers/net/cnxk/cn10k_ethdev_sec.c | 107 +++++++++++++++++++++++-----
> 1 file changed, 90 insertions(+), 17 deletions(-)
Thanks for the backport, but unfortunately it doesn't build, please
double check it:
../drivers/net/cnxk/cn10k_ethdev_sec.c: In function ‘rte_pmd_cnxk_hw_sa_read’:
../drivers/net/cnxk/cn10k_ethdev_sec.c:1013:16: error: ‘inb’
undeclared (first use in this function); did you mean ‘int’?
1013 | lock = inb ? &dev->inb.lock : &dev->outb.lock;
| ^~~
| int
../drivers/net/cnxk/cn10k_ethdev_sec.c:1013:16: note: each undeclared
identifier is reported only once for each function it appears in
../drivers/net/cnxk/cn10k_ethdev_sec.c: In function ‘rte_pmd_cnxk_hw_sa_write’:
../drivers/net/cnxk/cn10k_ethdev_sec.c:1057:16: error: ‘inb’
undeclared (first use in this function); did you mean ‘int’?
1057 | lock = inb ? &dev->inb.lock : &dev->outb.lock;
| ^~~
| int
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [EXTERNAL] Re: [PATCH 22.11] net/cnxk: fix lock for security session ops
2025-07-04 1:02 ` Luca Boccassi
@ 2025-07-08 6:01 ` Rahul Bhansali
0 siblings, 0 replies; 4+ messages in thread
From: Rahul Bhansali @ 2025-07-08 6:01 UTC (permalink / raw)
To: Luca Boccassi; +Cc: stable
> -----Original Message-----
> From: Luca Boccassi <luca.boccassi@gmail.com>
> Sent: Friday, July 4, 2025 6:32 AM
> To: Rahul Bhansali <rbhansali@marvell.com>
> Cc: stable@dpdk.org
> Subject: [EXTERNAL] Re: [PATCH 22.11] net/cnxk: fix lock for security session
> ops
>
> On Thu, 3 Jul 2025 at 12: 24, Rahul Bhansali <rbhansali@ marvell. com> wrote:
> > > [ upstream commit 9bebc33703df999a405ed7103dc45230d0f1fbda ] > >
> Add fixes to have lock on security session update, write and read to > prevent
> ZjQcmQRYFpfptBannerStart Prioritize security for external emails:
> Confirm sender and content safety before clicking links or opening
> attachments <https://us-phishalarm-
> ewt.proofpoint.com/EWT/v1/CRVmXkqW!uK3X-
> 9D8Q9iROC93VDO7ZZV175I0spRBIzgtaAMKCcgV14TBwRsdHtiQf9se748hO6
> Zmwbq8WUgLG4SNJCqYgfGLGBoJIe8NLMbE8-
> PbkLpwx0MhnTDuTO8ukI2X$>
> Report Suspicious
>
> ZjQcmQRYFpfptBannerEnd
> On Thu, 3 Jul 2025 at 12:24, Rahul Bhansali <rbhansali@marvell.com> wrote:
> >
> > [ upstream commit 9bebc33703df999a405ed7103dc45230d0f1fbda ]
> >
> > Add fixes to have lock on security session update, write and read to
> > prevent corruption.
> >
> > Fixes: 8efa348e8160 ("net/cnxk: support custom SA index")
> >
> > Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>
> > ---
> > drivers/net/cnxk/cn10k_ethdev_sec.c | 107
> > +++++++++++++++++++++++-----
> > 1 file changed, 90 insertions(+), 17 deletions(-)
>
> Thanks for the backport, but unfortunately it doesn't build, please double
> check it:
Ack. There was an API arg change, I missed it. I will send v2.
Thanks.
>
> ../drivers/net/cnxk/cn10k_ethdev_sec.c: In function
> ‘rte_pmd_cnxk_hw_sa_read’:
> ../drivers/net/cnxk/cn10k_ethdev_sec.c:1013:16: error: ‘inb’
> undeclared (first use in this function); did you mean ‘int’?
> 1013 | lock = inb ? &dev->inb.lock : &dev->outb.lock;
> | ^~~
> | int
> ../drivers/net/cnxk/cn10k_ethdev_sec.c:1013:16: note: each undeclared
> identifier is reported only once for each function it appears in
> ../drivers/net/cnxk/cn10k_ethdev_sec.c: In function
> ‘rte_pmd_cnxk_hw_sa_write’:
> ../drivers/net/cnxk/cn10k_ethdev_sec.c:1057:16: error: ‘inb’
> undeclared (first use in this function); did you mean ‘int’?
> 1057 | lock = inb ? &dev->inb.lock : &dev->outb.lock;
> | ^~~
> | int
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 22.11 v2] net/cnxk: fix lock for security session ops
2025-07-03 11:23 [PATCH 22.11] net/cnxk: fix lock for security session ops Rahul Bhansali
2025-07-04 1:02 ` Luca Boccassi
@ 2025-07-08 7:15 ` Rahul Bhansali
1 sibling, 0 replies; 4+ messages in thread
From: Rahul Bhansali @ 2025-07-08 7:15 UTC (permalink / raw)
To: stable; +Cc: Rahul Bhansali
[ upstream commit 9bebc33703df999a405ed7103dc45230d0f1fbda ]
Add fixes to have lock on security session update, write and read to
prevent corruption.
Fixes: 8efa348e8160 ("net/cnxk: support custom SA index")
Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>
---
Changes in v2: fix compilation failure.
drivers/net/cnxk/cn10k_ethdev_sec.c | 109 +++++++++++++++++++++++-----
1 file changed, 92 insertions(+), 17 deletions(-)
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index ed5c335787..c264f0a1cd 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -636,7 +636,6 @@ cn10k_eth_sec_session_create(void *device,
return -EEXIST;
}
- memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
sess_priv.u64 = 0;
lock = inbound ? &dev->inb.lock : &dev->outb.lock;
@@ -646,6 +645,8 @@ cn10k_eth_sec_session_create(void *device,
if (inbound && inl_dev)
roc_nix_inl_dev_lock();
+ memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
+
if (inbound) {
struct roc_ot_ipsec_inb_sa *inb_sa, *inb_sa_dptr;
struct cn10k_inb_priv_data *inb_priv;
@@ -831,7 +832,7 @@ cn10k_eth_sec_session_create(void *device,
roc_nix_inl_dev_unlock();
rte_spinlock_unlock(lock);
- plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u",
+ plt_nix_dbg("Created %s session with spi=0x%x, sa_idx=0x%x inl_dev=%u",
inbound ? "inbound" : "outbound", eth_sec->spi,
eth_sec->sa_idx, eth_sec->inl_dev);
/*
@@ -897,7 +898,7 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
rte_spinlock_unlock(lock);
- plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u",
+ plt_nix_dbg("Destroyed %s session with spi=0x%x, sa_idx=0x%x, inl_dev=%u",
eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
eth_sec->sa_idx, eth_sec->inl_dev);
@@ -920,7 +921,8 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
struct rte_security_ipsec_xform *ipsec;
struct rte_crypto_sym_xform *crypto;
struct cnxk_eth_sec_sess *eth_sec;
- bool inbound;
+ bool inbound, inl_dev;
+ rte_spinlock_t *lock;
int rc;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
@@ -935,6 +937,14 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
if (!eth_sec)
return -ENOENT;
+ inl_dev = !!dev->inb.inl_dev;
+ lock = inbound ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
+ /* Acquire lock on inline dev for inbound */
+ if (inbound && inl_dev)
+ roc_nix_inl_dev_lock();
+
eth_sec->spi = conf->ipsec.spi;
if (inbound) {
@@ -944,13 +954,13 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto,
true);
if (rc)
- return -EINVAL;
+ goto err;
rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa,
eth_sec->inb,
sizeof(struct roc_ot_ipsec_inb_sa));
if (rc)
- return -EINVAL;
+ goto err;
} else {
struct roc_ot_ipsec_outb_sa *outb_sa_dptr;
@@ -959,15 +969,29 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
if (rc)
- return -EINVAL;
+ goto err;
rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa,
eth_sec->inb,
sizeof(struct roc_ot_ipsec_outb_sa));
if (rc)
- return -EINVAL;
+ goto err;
}
+ if (inbound && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ plt_nix_dbg("Updated %s session with spi=0x%x, sa_idx=0x%x inl_dev=%u",
+ inbound ? "inbound" : "outbound", eth_sec->spi, eth_sec->sa_idx,
+ eth_sec->inl_dev);
return 0;
+
+err:
+ if (inbound && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ return rc;
}
int
@@ -977,20 +1001,42 @@ rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
struct cnxk_eth_sec_sess *eth_sec;
+ rte_spinlock_t *lock;
+ bool inl_dev, inb;
int rc;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
if (eth_sec == NULL)
return -EINVAL;
+ inl_dev = !!dev->inb.inl_dev;
+ inb = eth_sec->inb;
+ lock = inb ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
+ /* Acquire lock on inline dev for inbound */
+ if (inb && inl_dev)
+ roc_nix_inl_dev_lock();
+
rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
ROC_NIX_INL_SA_OP_FLUSH);
if (rc)
- return -EINVAL;
+ goto err;
+
+ if (inb && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
rte_delay_ms(1);
memcpy(data, eth_sec->sa, len);
return 0;
+err:
+ if (inb && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ return rc;
}
int
@@ -1000,36 +1046,60 @@ rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
struct cnxk_eth_sec_sess *eth_sec;
+ rte_spinlock_t *lock;
+ bool inl_dev, inb;
int rc = -EINVAL;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
if (eth_sec == NULL)
return rc;
+
+ inl_dev = !!dev->inb.inl_dev;
+ inb = eth_sec->inb;
+ lock = inb ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
+ /* Acquire lock on inline dev for inbound */
+ if (inb && inl_dev)
+ roc_nix_inl_dev_lock();
+
rc = roc_nix_inl_ctx_write(&dev->nix, data, eth_sec->sa, eth_sec->inb,
len);
- if (rc)
- return rc;
- return 0;
+ if (inb && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ return rc;
}
static int
cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess,
- struct rte_security_stats *stats)
+ struct rte_security_stats *stats)
{
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
struct cnxk_eth_sec_sess *eth_sec;
+ rte_spinlock_t *lock;
+ bool inl_dev, inb;
int rc;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
if (eth_sec == NULL)
return -EINVAL;
- rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
- ROC_NIX_INL_SA_OP_FLUSH);
+ inl_dev = !!dev->inb.inl_dev;
+ inb = eth_sec->inb;
+ lock = inb ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
+ /* Acquire lock on inline dev for inbound */
+ if (inb && inl_dev)
+ roc_nix_inl_dev_lock();
+
+ rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb, ROC_NIX_INL_SA_OP_FLUSH);
if (rc)
- return -EINVAL;
+ goto err;
rte_delay_ms(1);
stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
@@ -1046,7 +1116,12 @@ cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess,
((struct roc_ot_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_octs;
}
- return 0;
+err:
+ if (inb && inl_dev)
+ roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
+ return rc;
}
void
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-07-08 7:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-07-03 11:23 [PATCH 22.11] net/cnxk: fix lock for security session ops Rahul Bhansali
2025-07-04 1:02 ` Luca Boccassi
2025-07-08 6:01 ` [EXTERNAL] " Rahul Bhansali
2025-07-08 7:15 ` [PATCH 22.11 v2] " Rahul Bhansali
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).