Re: [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits

DPDK patches and discussions
 help / color / mirror / Atom feed

From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: "Nicolau, Radu" <radu.nicolau@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "Yigit, Ferruh" <ferruh.yigit@intel.com>,
	"Lu, Wenzhuo" <wenzhuo.lu@intel.com>,
	"Zhao, XinfengX" <xinfengx.zhao@intel.com>,
	"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>,
	"Zhang, Helin" <helin.zhang@intel.com>
Subject: Re: [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits
Date: Mon, 22 Jan 2018 10:23:49 +0000	[thread overview]
Message-ID: <2601191342CEEE43887BDE71AB97725886281A01@irsmsx105.ger.corp.intel.com> (raw)
In-Reply-To: <1516279600-13503-1-git-send-email-radu.nicolau@intel.com>



> -----Original Message-----
> From: Nicolau, Radu
> Sent: Thursday, January 18, 2018 12:47 PM
> To: dev@dpdk.org
> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo <wenzhuo.lu@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>;
> Zhao, XinfengX <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Zhang, Helin
> <helin.zhang@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>
> Subject: [PATCH v3] net/ixgbe: check security enable bits
> 
> Check if the security enable bits are not fused before setting
> offload capabilities for security
> 
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
>  drivers/net/ixgbe/ixgbe_ethdev.c | 19 ++++++++++---------
>  drivers/net/ixgbe/ixgbe_ipsec.c  | 38 ++++++++++++++++++++++++++++++--------
>  drivers/net/ixgbe/ixgbe_ipsec.h  |  3 +--
>  3 files changed, 41 insertions(+), 19 deletions(-)
> 
> diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
> index 43e0132..b717dda 100644
> --- a/drivers/net/ixgbe/ixgbe_ethdev.c
> +++ b/drivers/net/ixgbe/ixgbe_ethdev.c
> @@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
>  		return 0;
>  	}
> 
> -#ifdef RTE_LIBRTE_SECURITY
> -	/* Initialize security_ctx only for primary process*/
> -	eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev);
> -	if (eth_dev->security_ctx == NULL)
> -		return -ENOMEM;
> -#endif
> -
>  	rte_eth_copy_pci_info(eth_dev, pci_dev);
> 
>  	/* Vendor and Device ID need to be set before init of shared code */
> @@ -1174,6 +1167,12 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
>  	/* Unlock any pending hardware semaphore */
>  	ixgbe_swfw_lock_reset(hw);
> 
> +#ifdef RTE_LIBRTE_SECURITY
> +	/* Initialize security_ctx only for primary process*/
> +	if (ixgbe_ipsec_ctx_create(eth_dev))
> +		return -ENOMEM;
> +#endif
> +
>  	/* Initialize DCB configuration*/
>  	memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config));
>  	ixgbe_dcb_init(hw, dcb_config);
> @@ -3685,8 +3684,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
>  		dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM;
> 
>  #ifdef RTE_LIBRTE_SECURITY
> -	dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> -	dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> +	if (dev->security_ctx) {
> +		dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> +		dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> +	}
>  #endif
> 
>  	dev_info->default_rxconf = (struct rte_eth_rxconf) {
> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
> index 97f025a8..a60b29a 100644
> --- a/drivers/net/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ixgbe/ixgbe_ipsec.c
> @@ -694,15 +694,37 @@ static struct rte_security_ops ixgbe_security_ops = {
>  	.capabilities_get = ixgbe_crypto_capabilities_get
>  };
> 
> -struct rte_security_ctx *
> +static int
> +ixgbe_crypto_capable(struct rte_eth_dev *dev)
> +{
> +	struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
> +	uint32_t reg_i, reg, capable = 1;
> +	/* test if rx crypto can be enabled and then write back initial value*/
> +	reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> +	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0);
> +	reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> +	if (reg != 0)
> +		capable = 0;
> +	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i);
> +	return capable;
> +}
> +
> +int
>  ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev)
>  {
> -	struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops",
> -					sizeof(struct rte_security_ctx), 0);
> -	if (ctx) {
> -		ctx->device = (void *)dev;
> -		ctx->ops = &ixgbe_security_ops;
> -		ctx->sess_cnt = 0;
> +	struct rte_security_ctx *ctx = NULL;
> +
> +	if (ixgbe_crypto_capable(dev)) {
> +		ctx = rte_malloc("rte_security_instances_ops",
> +				 sizeof(struct rte_security_ctx), 0);
> +		if (ctx) {
> +			ctx->device = (void *)dev;
> +			ctx->ops = &ixgbe_security_ops;
> +			ctx->sess_cnt = 0;
> +			dev->security_ctx = ctx;
> +		} else {
> +			return -ENOMEM;
> +		}
>  	}
> -	return ctx;
> +	return 0;
>  }
> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h
> index acd9f3e..d13c407 100644
> --- a/drivers/net/ixgbe/ixgbe_ipsec.h
> +++ b/drivers/net/ixgbe/ixgbe_ipsec.h
> @@ -110,8 +110,7 @@ struct ixgbe_ipsec {
>  };
> 
> 
> -struct rte_security_ctx *
> -ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
> +int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
>  int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
>  int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
>  					  const void *ip_spec,
> --
> 2.7.5

Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

next prev parent reply	other threads:[~2018-01-22 10:23 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-17 11:19 [dpdk-dev] [PATCH] net/ixgbe: check if security capabilities are enabled by HW Radu Nicolau
2018-01-17 11:34 ` Ananyev, Konstantin
2018-01-17 11:40   ` Nicolau, Radu
2018-01-17 11:54 ` [dpdk-dev] [PATCH v2] " Radu Nicolau
2018-01-17 22:47   ` Ananyev, Konstantin
2018-01-18  0:43     ` Zhang, Helin
2018-01-18 14:58       ` Ferruh Yigit
2018-01-20  9:45     ` Zhang, Helin
2018-01-18 12:46   ` [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits Radu Nicolau
2018-01-22 10:23     ` Ananyev, Konstantin [this message]
2018-01-23  2:06       ` Zhang, Helin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2601191342CEEE43887BDE71AB97725886281A01@irsmsx105.ger.corp.intel.com \
    --to=konstantin.ananyev@intel.com \
    --cc=dev@dpdk.org \
    --cc=ferruh.yigit@intel.com \
    --cc=helin.zhang@intel.com \
    --cc=pablo.de.lara.guarch@intel.com \
    --cc=radu.nicolau@intel.com \
    --cc=wenzhuo.lu@intel.com \
    --cc=xinfengx.zhao@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).