From: "Xueming(Steven) Li" <xuemingl@nvidia.com>
To: "ktejasree@marvell.com" <ktejasree@marvell.com>,
"gakhil@marvell.com" <gakhil@marvell.com>
Cc: "anoobj@marvell.com" <anoobj@marvell.com>,
"stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [PATCH 20.11] crypto/octeontx2: fix lookaside IPsec IPv6
Date: Fri, 3 Dec 2021 13:31:23 +0000 [thread overview]
Message-ID: <43a2a45009d7f7ca17cc6a796b2e9fa8d5f867ba.camel@nvidia.com> (raw)
In-Reply-To: <20211202121841.3297-1-ktejasree@marvell.com>
Thanks, applied!
On Thu, 2021-12-02 at 17:48 +0530, Tejasree Kondoj wrote:
> [ upstream commit f063054f8a54ca2218bae327a252a352614671b0 ]
>
> Fixing IPv6 mixed tunnel mode support by updating
> inputs to firmware.
>
> Fixes: 4edede7bc6ee ("crypto/octeontx2: support lookaside IPsec IPv6")
> Cc: stable@dpdk.org
>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
> drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 6 +++---
> drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 13 ++++++++-----
> drivers/crypto/octeontx2/otx2_cryptodev_sec.h | 2 --
> drivers/crypto/octeontx2/otx2_ipsec_po.h | 2 --
> drivers/crypto/octeontx2/otx2_ipsec_po_ops.h | 10 +++-------
> 5 files changed, 14 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> index 5f2ccc0872..662c8bc001 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> @@ -893,10 +893,10 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
>
> if (word0->s.opcode.major == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
> data = rte_pktmbuf_mtod(m, char *);
> + ip = (struct rte_ipv4_hdr *)(data +
> + OTX2_IPSEC_PO_INB_RPTR_HDR);
>
> - if (rsp[4] == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
> - ip = (struct rte_ipv4_hdr *)(data +
> - OTX2_IPSEC_PO_INB_RPTR_HDR);
> + if ((ip->version_ihl >> 4) == 4) {
> m_len = rte_be_to_cpu_16(ip->total_length);
> } else {
> ip6 = (struct rte_ipv6_hdr *)(data +
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
> index bad9c5ca9f..c6a707c646 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
> @@ -189,9 +189,6 @@ set_session_misc_attributes(struct otx2_sec_session_ipsec_lp *sess,
> sess->auth_iv_length = auth_xform->auth.iv.length;
> sess->mac_len = auth_xform->auth.digest_length;
> }
> -
> - sess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV;
> - sess->ucmd_param2 = 0;
> }
>
> static int
> @@ -228,7 +225,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
> lp->ip_id = 0;
> lp->seq_lo = 1;
> lp->seq_hi = 0;
> - lp->tunnel_type = ipsec->tunnel.type;
>
> ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);
> if (ret)
> @@ -327,6 +323,10 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
> lp->ucmd_opcode = (lp->ctx_len << 8) |
> (OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB);
>
> + /* Set per packet IV and IKEv2 bits */
> + lp->ucmd_param1 = BIT(11) | BIT(9);
> + lp->ucmd_param2 = 0;
> +
> set_session_misc_attributes(lp, crypto_xform,
> auth_xform, cipher_xform);
>
> @@ -367,7 +367,6 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
> if (ret)
> return ret;
>
> - lp->tunnel_type = ipsec->tunnel.type;
> auth_xform = crypto_xform;
> cipher_xform = crypto_xform->next;
>
> @@ -410,6 +409,10 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
> lp->cpt_inst_w7 = inst.u64[7];
> lp->ucmd_opcode = (lp->ctx_len << 8) |
> (OTX2_IPSEC_PO_PROCESS_IPSEC_INB);
> + lp->ucmd_param1 = 0;
> +
> + /* Set IKEv2 bit */
> + lp->ucmd_param2 = BIT(12);
>
> set_session_misc_attributes(lp, crypto_xform,
> auth_xform, cipher_xform);
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> index 2849c1ab75..ff3329c9c1 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> @@ -55,8 +55,6 @@ struct otx2_sec_session_ipsec_lp {
> uint8_t iv_length;
> /** Auth IV length in bytes */
> uint8_t auth_iv_length;
> - /** IPsec tunnel type */
> - enum rte_security_ipsec_tunnel_type tunnel_type;
> };
>
> int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
> diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
> index da24f6a5d4..520daa5ff2 100644
> --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
> +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
> @@ -15,8 +15,6 @@
> #define OTX2_IPSEC_PO_MAX_INB_CTX_LEN 0x22
> #define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN 0x38
>
> -#define OTX2_IPSEC_PO_PER_PKT_IV BIT(11)
> -
> #define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB 0x20
> #define OTX2_IPSEC_PO_WRITE_IPSEC_INB 0x21
> #define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23
> diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
> index ee30131f17..887d13eb51 100644
> --- a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
> +++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
> @@ -25,8 +25,7 @@ otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess,
> }
>
> static __rte_always_inline struct cpt_request_info *
> -alloc_request_struct(char *maddr, void *cop, int mdata_len,
> - enum rte_security_ipsec_tunnel_type tunnel_type)
> +alloc_request_struct(char *maddr, void *cop, int mdata_len)
> {
> struct cpt_request_info *req;
> struct cpt_meta_info *meta;
> @@ -48,7 +47,6 @@ alloc_request_struct(char *maddr, void *cop, int mdata_len,
> op[1] = (uintptr_t)cop;
> op[2] = (uintptr_t)req;
> op[3] = mdata_len;
> - op[4] = tunnel_type;
>
> return req;
> }
> @@ -84,8 +82,7 @@ process_outb_sa(struct rte_crypto_op *cop,
> }
>
> mdata += extend_tail; /* mdata follows encrypted data */
> - req = alloc_request_struct(mdata, (void *)cop, mdata_len,
> - sess->tunnel_type);
> + req = alloc_request_struct(mdata, (void *)cop, mdata_len);
>
> data = rte_pktmbuf_prepend(m_src, extend_head);
> if (unlikely(data == NULL)) {
> @@ -149,8 +146,7 @@ process_inb_sa(struct rte_crypto_op *cop,
> goto exit;
> }
>
> - req = alloc_request_struct(mdata, (void *)cop, mdata_len,
> - sess->tunnel_type);
> + req = alloc_request_struct(mdata, (void *)cop, mdata_len);
>
> /* Prepare CPT instruction */
> word0.u64 = sess->ucmd_w0;
prev parent reply other threads:[~2021-12-03 13:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-02 12:18 Tejasree Kondoj
2021-12-03 13:31 ` Xueming(Steven) Li [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43a2a45009d7f7ca17cc6a796b2e9fa8d5f867ba.camel@nvidia.com \
--to=xuemingl@nvidia.com \
--cc=anoobj@marvell.com \
--cc=gakhil@marvell.com \
--cc=ktejasree@marvell.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).