Re: [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits

DPDK patches and discussions
 help / color / mirror / Atom feed

From: "Zhang, Helin" <helin.zhang@intel.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>,
	"Nicolau, Radu" <radu.nicolau@intel.com>,
	"dev@dpdk.org" <dev@dpdk.org>
Cc: "Yigit, Ferruh" <ferruh.yigit@intel.com>,
	"Lu, Wenzhuo" <wenzhuo.lu@intel.com>,
	"Zhao, XinfengX" <xinfengx.zhao@intel.com>,
	"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>
Subject: Re: [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits
Date: Tue, 23 Jan 2018 02:06:26 +0000	[thread overview]
Message-ID: <F35DEAC7BCE34641BA9FAC6BCA4A12E71AD1ADC0@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <2601191342CEEE43887BDE71AB97725886281A01@irsmsx105.ger.corp.intel.com>



> -----Original Message-----
> From: Ananyev, Konstantin
> Sent: Monday, January 22, 2018 6:24 PM
> To: Nicolau, Radu; dev@dpdk.org
> Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo; Zhang,
> Helin
> Subject: RE: [PATCH v3] net/ixgbe: check security enable bits
> 
> 
> 
> > -----Original Message-----
> > From: Nicolau, Radu
> > Sent: Thursday, January 18, 2018 12:47 PM
> > To: dev@dpdk.org
> > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo
> > <wenzhuo.lu@intel.com>; Ananyev, Konstantin
> > <konstantin.ananyev@intel.com>; Zhao, XinfengX
> > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Zhang, Helin
> > <helin.zhang@intel.com>; Nicolau, Radu <radu.nicolau@intel.com>
> > Subject: [PATCH v3] net/ixgbe: check security enable bits
> >
> > Check if the security enable bits are not fused before setting offload
> > capabilities for security
> >
> > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> > ---
> >  drivers/net/ixgbe/ixgbe_ethdev.c | 19 ++++++++++---------
> > drivers/net/ixgbe/ixgbe_ipsec.c  | 38
> > ++++++++++++++++++++++++++++++--------
> >  drivers/net/ixgbe/ixgbe_ipsec.h  |  3 +--
> >  3 files changed, 41 insertions(+), 19 deletions(-)
> >
> > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c
> > b/drivers/net/ixgbe/ixgbe_ethdev.c
> > index 43e0132..b717dda 100644
> > --- a/drivers/net/ixgbe/ixgbe_ethdev.c
> > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c
> > @@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
> >  		return 0;
> >  	}
> >
> > -#ifdef RTE_LIBRTE_SECURITY
> > -	/* Initialize security_ctx only for primary process*/
> > -	eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev);
> > -	if (eth_dev->security_ctx == NULL)
> > -		return -ENOMEM;
> > -#endif
> > -
> >  	rte_eth_copy_pci_info(eth_dev, pci_dev);
> >
> >  	/* Vendor and Device ID need to be set before init of shared code */
> > @@ -1174,6 +1167,12 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev)
> >  	/* Unlock any pending hardware semaphore */
> >  	ixgbe_swfw_lock_reset(hw);
> >
> > +#ifdef RTE_LIBRTE_SECURITY
> > +	/* Initialize security_ctx only for primary process*/
> > +	if (ixgbe_ipsec_ctx_create(eth_dev))
> > +		return -ENOMEM;
> > +#endif
> > +
> >  	/* Initialize DCB configuration*/
> >  	memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config));
> >  	ixgbe_dcb_init(hw, dcb_config);
> > @@ -3685,8 +3684,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev,
> struct rte_eth_dev_info *dev_info)
> >  		dev_info->tx_offload_capa |=
> DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM;
> >
> >  #ifdef RTE_LIBRTE_SECURITY
> > -	dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> > -	dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> > +	if (dev->security_ctx) {
> > +		dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY;
> > +		dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY;
> > +	}
> >  #endif
> >
> >  	dev_info->default_rxconf = (struct rte_eth_rxconf) { diff --git
> > a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
> > index 97f025a8..a60b29a 100644
> > --- a/drivers/net/ixgbe/ixgbe_ipsec.c
> > +++ b/drivers/net/ixgbe/ixgbe_ipsec.c
> > @@ -694,15 +694,37 @@ static struct rte_security_ops ixgbe_security_ops =
> {
> >  	.capabilities_get = ixgbe_crypto_capabilities_get  };
> >
> > -struct rte_security_ctx *
> > +static int
> > +ixgbe_crypto_capable(struct rte_eth_dev *dev) {
> > +	struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data-
> >dev_private);
> > +	uint32_t reg_i, reg, capable = 1;
> > +	/* test if rx crypto can be enabled and then write back initial value*/
> > +	reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> > +	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0);
> > +	reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> > +	if (reg != 0)
> > +		capable = 0;
> > +	IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i);
> > +	return capable;
> > +}
> > +
> > +int
> >  ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev)  {
> > -	struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops",
> > -					sizeof(struct rte_security_ctx), 0);
> > -	if (ctx) {
> > -		ctx->device = (void *)dev;
> > -		ctx->ops = &ixgbe_security_ops;
> > -		ctx->sess_cnt = 0;
> > +	struct rte_security_ctx *ctx = NULL;
> > +
> > +	if (ixgbe_crypto_capable(dev)) {
> > +		ctx = rte_malloc("rte_security_instances_ops",
> > +				 sizeof(struct rte_security_ctx), 0);
> > +		if (ctx) {
> > +			ctx->device = (void *)dev;
> > +			ctx->ops = &ixgbe_security_ops;
> > +			ctx->sess_cnt = 0;
> > +			dev->security_ctx = ctx;
> > +		} else {
> > +			return -ENOMEM;
> > +		}
> >  	}
> > -	return ctx;
> > +	return 0;
> >  }
> > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h
> > b/drivers/net/ixgbe/ixgbe_ipsec.h index acd9f3e..d13c407 100644
> > --- a/drivers/net/ixgbe/ixgbe_ipsec.h
> > +++ b/drivers/net/ixgbe/ixgbe_ipsec.h
> > @@ -110,8 +110,7 @@ struct ixgbe_ipsec {  };
> >
> >
> > -struct rte_security_ctx *
> > -ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
> > +int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
> >  int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);  int
> > ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
> >  					  const void *ip_spec,
> > --
> > 2.7.5
> 
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Applied to dpdk-next-net-intel, thanks!

/Helin

     prev parent reply	other threads:[~2018-01-23  2:06 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-17 11:19 [dpdk-dev] [PATCH] net/ixgbe: check if security capabilities are enabled by HW Radu Nicolau
2018-01-17 11:34 ` Ananyev, Konstantin
2018-01-17 11:40   ` Nicolau, Radu
2018-01-17 11:54 ` [dpdk-dev] [PATCH v2] " Radu Nicolau
2018-01-17 22:47   ` Ananyev, Konstantin
2018-01-18  0:43     ` Zhang, Helin
2018-01-18 14:58       ` Ferruh Yigit
2018-01-20  9:45     ` Zhang, Helin
2018-01-18 12:46   ` [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits Radu Nicolau
2018-01-22 10:23     ` Ananyev, Konstantin
2018-01-23  2:06       ` Zhang, Helin [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=F35DEAC7BCE34641BA9FAC6BCA4A12E71AD1ADC0@SHSMSX103.ccr.corp.intel.com \
    --to=helin.zhang@intel.com \
    --cc=dev@dpdk.org \
    --cc=ferruh.yigit@intel.com \
    --cc=konstantin.ananyev@intel.com \
    --cc=pablo.de.lara.guarch@intel.com \
    --cc=radu.nicolau@intel.com \
    --cc=wenzhuo.lu@intel.com \
    --cc=xinfengx.zhao@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).