From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8E41E46B25 for ; Tue, 8 Jul 2025 09:15:25 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 686F740287; Tue, 8 Jul 2025 09:15:25 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id AB80340287 for ; Tue, 8 Jul 2025 09:15:23 +0200 (CEST) Received: from pps.filterd (m0431383.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 567MovZm031120 for ; Tue, 8 Jul 2025 00:15:22 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pfpt0220; bh=j Hby5AmNaYwV8PhTIUMnQ8cAGWCvAgzUtiKKFWfzhJk=; b=PY2QhjXh05LMuaEmL WLTBCGn+DCfaSBI/axiZfXCyaDZoNtpyq9DkJsKCWBsNTT6GLcZY4fAU1Eue/BQP MTXj17sC4LC6tbYANsbbs8JFVQOSDP5674URDugtkYN6XX/5uUEzYzDOt2gE7mrj XwKEgwERacarTHvpGM2CNkR/a8cxidcp+Een7oB2D8xqTD91uy+ha9APBbc1oIC+ fVquxnUmbAq2VCoinvdYnxW3XnaCAPbdyFPgCAzF4WPhUYr0pdIe99JqCdAozZgS bbuTm8vinE6ml/yUqTe0gmLf6KgnO6nI7nSh0EgH7IUe3LiXWSmliEd16tS9eAWe 9jy7g== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 47rprs8sub-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 08 Jul 2025 00:15:22 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Tue, 8 Jul 2025 00:15:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1544.4 via Frontend Transport; Tue, 8 Jul 2025 00:15:21 -0700 Received: from localhost.localdomain (unknown [10.28.36.158]) by maili.marvell.com (Postfix) with ESMTP id 817C23F70B1; Tue, 8 Jul 2025 00:15:20 -0700 (PDT) From: Rahul Bhansali To: CC: Rahul Bhansali Subject: [PATCH 22.11 v2] net/cnxk: fix lock for security session ops Date: Tue, 8 Jul 2025 12:45:12 +0530 Message-ID: <20250708071512.281892-1-rbhansali@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250703112354.57978-1-rbhansali@marvell.com> References: <20250703112354.57978-1-rbhansali@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Authority-Analysis: v=2.4 cv=cbDSrmDM c=1 sm=1 tr=0 ts=686cc58a cx=c_pps p=gIfcoYsirJbf48DBMSPrZA==:17 a=gIfcoYsirJbf48DBMSPrZA==:117 a=Wb1JkmetP80A:10 a=M5GUcnROAAAA:8 a=3-44JtZai2CPQ6laVIYA:9 a=OBjm3rFKGHvpk9ecZwUJ:22 X-Proofpoint-ORIG-GUID: KOJuhR4jhRAkI5IkLf535eb6qf9N20Ij X-Proofpoint-GUID: KOJuhR4jhRAkI5IkLf535eb6qf9N20Ij X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNzA4MDA1OCBTYWx0ZWRfX+s9CYhmhMv1x YEDmJOeEVYeVYe1/6rTkfePx3TIH4atdfocM2Oam0TpnseoIF3o9nDofe6+xWqq2d7tcwFMR46O DbyxnKK6nqjwGmh9601fAGiEVFSx2ZNn9YMHwi0jUw+pg6MgsvTz6sXlvqiWiA1Krp1LYPhOZpH hN+toAuKJ8xk8NL3IUyM8hwz7W1oGO0JJKlfT6H/XCBbnS165+2/5gyxtGPKq+GHnrgllkw3FcY u2Vl27WSlOsCD6p3S6zqS8U6vQ9iCB/VWFIS0byqPYfhtm19YxsRRkLBZVypFFx0kDOqEF0Sacp xOTiAcQ1cfcPH7c1gpsJ95aZXLeGj4mP8e6LFfDTo58eNFC7yKCP/gvUvUPm8dLeeHGctxXTv1W x0o69vpozjtujfwHG/5EYfm3wsywh0YmI8S17UD5jRKvAlT4MOUhd8vzdsgHu0+squrYqPuF X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.7,FMLib:17.12.80.40 definitions=2025-07-08_02,2025-07-07_01,2025-03-28_01 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org [ upstream commit 9bebc33703df999a405ed7103dc45230d0f1fbda ] Add fixes to have lock on security session update, write and read to prevent corruption. Fixes: 8efa348e8160 ("net/cnxk: support custom SA index") Signed-off-by: Rahul Bhansali --- Changes in v2: fix compilation failure. drivers/net/cnxk/cn10k_ethdev_sec.c | 109 +++++++++++++++++++++++----- 1 file changed, 92 insertions(+), 17 deletions(-) diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c index ed5c335787..c264f0a1cd 100644 --- a/drivers/net/cnxk/cn10k_ethdev_sec.c +++ b/drivers/net/cnxk/cn10k_ethdev_sec.c @@ -636,7 +636,6 @@ cn10k_eth_sec_session_create(void *device, return -EEXIST; } - memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess)); sess_priv.u64 = 0; lock = inbound ? &dev->inb.lock : &dev->outb.lock; @@ -646,6 +645,8 @@ cn10k_eth_sec_session_create(void *device, if (inbound && inl_dev) roc_nix_inl_dev_lock(); + memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess)); + if (inbound) { struct roc_ot_ipsec_inb_sa *inb_sa, *inb_sa_dptr; struct cn10k_inb_priv_data *inb_priv; @@ -831,7 +832,7 @@ cn10k_eth_sec_session_create(void *device, roc_nix_inl_dev_unlock(); rte_spinlock_unlock(lock); - plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u", + plt_nix_dbg("Created %s session with spi=0x%x, sa_idx=0x%x inl_dev=%u", inbound ? "inbound" : "outbound", eth_sec->spi, eth_sec->sa_idx, eth_sec->inl_dev); /* @@ -897,7 +898,7 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess) rte_spinlock_unlock(lock); - plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u", + plt_nix_dbg("Destroyed %s session with spi=0x%x, sa_idx=0x%x, inl_dev=%u", eth_sec->inb ? "inbound" : "outbound", eth_sec->spi, eth_sec->sa_idx, eth_sec->inl_dev); @@ -920,7 +921,8 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, struct rte_security_ipsec_xform *ipsec; struct rte_crypto_sym_xform *crypto; struct cnxk_eth_sec_sess *eth_sec; - bool inbound; + bool inbound, inl_dev; + rte_spinlock_t *lock; int rc; if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || @@ -935,6 +937,14 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, if (!eth_sec) return -ENOENT; + inl_dev = !!dev->inb.inl_dev; + lock = inbound ? &dev->inb.lock : &dev->outb.lock; + rte_spinlock_lock(lock); + + /* Acquire lock on inline dev for inbound */ + if (inbound && inl_dev) + roc_nix_inl_dev_lock(); + eth_sec->spi = conf->ipsec.spi; if (inbound) { @@ -944,13 +954,13 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto, true); if (rc) - return -EINVAL; + goto err; rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa, eth_sec->inb, sizeof(struct roc_ot_ipsec_inb_sa)); if (rc) - return -EINVAL; + goto err; } else { struct roc_ot_ipsec_outb_sa *outb_sa_dptr; @@ -959,15 +969,29 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto); if (rc) - return -EINVAL; + goto err; rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa, eth_sec->inb, sizeof(struct roc_ot_ipsec_outb_sa)); if (rc) - return -EINVAL; + goto err; } + if (inbound && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + plt_nix_dbg("Updated %s session with spi=0x%x, sa_idx=0x%x inl_dev=%u", + inbound ? "inbound" : "outbound", eth_sec->spi, eth_sec->sa_idx, + eth_sec->inl_dev); return 0; + +err: + if (inbound && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + return rc; } int @@ -977,20 +1001,42 @@ rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess, struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); struct cnxk_eth_sec_sess *eth_sec; + rte_spinlock_t *lock; + bool inl_dev, inb; int rc; eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); if (eth_sec == NULL) return -EINVAL; + inl_dev = !!dev->inb.inl_dev; + inb = eth_sec->inb; + lock = inb ? &dev->inb.lock : &dev->outb.lock; + rte_spinlock_lock(lock); + + /* Acquire lock on inline dev for inbound */ + if (inb && inl_dev) + roc_nix_inl_dev_lock(); + rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb, ROC_NIX_INL_SA_OP_FLUSH); if (rc) - return -EINVAL; + goto err; + + if (inb && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + rte_delay_ms(1); memcpy(data, eth_sec->sa, len); return 0; +err: + if (inb && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + return rc; } int @@ -1000,36 +1046,60 @@ rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess, struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); struct cnxk_eth_sec_sess *eth_sec; + rte_spinlock_t *lock; + bool inl_dev, inb; int rc = -EINVAL; eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); if (eth_sec == NULL) return rc; + + inl_dev = !!dev->inb.inl_dev; + inb = eth_sec->inb; + lock = inb ? &dev->inb.lock : &dev->outb.lock; + rte_spinlock_lock(lock); + + /* Acquire lock on inline dev for inbound */ + if (inb && inl_dev) + roc_nix_inl_dev_lock(); + rc = roc_nix_inl_ctx_write(&dev->nix, data, eth_sec->sa, eth_sec->inb, len); - if (rc) - return rc; - return 0; + if (inb && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + return rc; } static int cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess, - struct rte_security_stats *stats) + struct rte_security_stats *stats) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); struct cnxk_eth_sec_sess *eth_sec; + rte_spinlock_t *lock; + bool inl_dev, inb; int rc; eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); if (eth_sec == NULL) return -EINVAL; - rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb, - ROC_NIX_INL_SA_OP_FLUSH); + inl_dev = !!dev->inb.inl_dev; + inb = eth_sec->inb; + lock = inb ? &dev->inb.lock : &dev->outb.lock; + rte_spinlock_lock(lock); + + /* Acquire lock on inline dev for inbound */ + if (inb && inl_dev) + roc_nix_inl_dev_lock(); + + rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb, ROC_NIX_INL_SA_OP_FLUSH); if (rc) - return -EINVAL; + goto err; rte_delay_ms(1); stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC; @@ -1046,7 +1116,12 @@ cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess, ((struct roc_ot_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_octs; } - return 0; +err: + if (inb && inl_dev) + roc_nix_inl_dev_unlock(); + rte_spinlock_unlock(lock); + + return rc; } void -- 2.25.1