* [dpdk-dev] [PATCH] net/ixgbe: check if security capabilities are enabled by HW @ 2018-01-17 11:19 Radu Nicolau 2018-01-17 11:34 ` Ananyev, Konstantin 2018-01-17 11:54 ` [dpdk-dev] [PATCH v2] " Radu Nicolau 0 siblings, 2 replies; 11+ messages in thread From: Radu Nicolau @ 2018-01-17 11:19 UTC (permalink / raw) To: dev Cc: wenzhuo.lu, konstantin.ananyev, xinfengx.zhao, pablo.de.lara.guarch, Radu Nicolau Check if the security enable bits are not fused before setting offload capabilities for security Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/ixgbe/ixgbe_ethdev.c | 6 ++++-- drivers/net/ixgbe/ixgbe_ipsec.c | 15 +++++++++++++++ drivers/net/ixgbe/ixgbe_ipsec.h | 1 + 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c index 43e0132..4f2ab2f 100644 --- a/drivers/net/ixgbe/ixgbe_ethdev.c +++ b/drivers/net/ixgbe/ixgbe_ethdev.c @@ -3685,8 +3685,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIBRTE_SECURITY - dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; - dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; + if (ixgbe_crypto_capable(dev)) { + dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; + dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; + } #endif dev_info->default_rxconf = (struct rte_eth_rxconf) { diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c index 97f025a8..a495679 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ixgbe/ixgbe_ipsec.c @@ -602,6 +602,21 @@ ixgbe_crypto_capabilities_get(void *device __rte_unused) int +ixgbe_crypto_capable(struct rte_eth_dev *dev) +{ + struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); + uint32_t reg_i, reg, capable = 1; + /* test if rx crypto can be enabled and then write back initial value*/ + reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0); + reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); + if (reg != 0) + capable = 0; + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i); + return capable; +} + +int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev) { struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h index acd9f3e..eeba39f 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.h +++ b/drivers/net/ixgbe/ixgbe_ipsec.h @@ -112,6 +112,7 @@ struct ixgbe_ipsec { struct rte_security_ctx * ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); +int ixgbe_crypto_capable(struct rte_eth_dev *dev); int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev); int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, const void *ip_spec, -- 2.7.5 ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dpdk-dev] [PATCH] net/ixgbe: check if security capabilities are enabled by HW 2018-01-17 11:19 [dpdk-dev] [PATCH] net/ixgbe: check if security capabilities are enabled by HW Radu Nicolau @ 2018-01-17 11:34 ` Ananyev, Konstantin 2018-01-17 11:40 ` Nicolau, Radu 2018-01-17 11:54 ` [dpdk-dev] [PATCH v2] " Radu Nicolau 1 sibling, 1 reply; 11+ messages in thread From: Ananyev, Konstantin @ 2018-01-17 11:34 UTC (permalink / raw) To: Nicolau, Radu, dev; +Cc: Lu, Wenzhuo, Zhao, XinfengX, De Lara Guarch, Pablo Hi Radu, > -----Original Message----- > From: Nicolau, Radu > Sent: Wednesday, January 17, 2018 11:19 AM > To: dev@dpdk.org > Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>; Zhao, XinfengX > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Nicolau, Radu <radu.nicolau@intel.com> > Subject: [PATCH] net/ixgbe: check if security capabilities are enabled by HW > > Check if the security enable bits are not fused before setting > offload capabilities for security In theory dev_info_get() - could be called at any stage of device configuration or even when RX/TX is active. Do you really want to assert SECRXCTRL at that moment? Probably better to do this only once at init time and then just use some stored value? Konstantin > > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> > --- > drivers/net/ixgbe/ixgbe_ethdev.c | 6 ++++-- > drivers/net/ixgbe/ixgbe_ipsec.c | 15 +++++++++++++++ > drivers/net/ixgbe/ixgbe_ipsec.h | 1 + > 3 files changed, 20 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c > index 43e0132..4f2ab2f 100644 > --- a/drivers/net/ixgbe/ixgbe_ethdev.c > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c > @@ -3685,8 +3685,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) > dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM; > > #ifdef RTE_LIBRTE_SECURITY > - dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; > - dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; > + if (ixgbe_crypto_capable(dev)) { > + dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; > + dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; > + } > #endif > > dev_info->default_rxconf = (struct rte_eth_rxconf) { > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c > index 97f025a8..a495679 100644 > --- a/drivers/net/ixgbe/ixgbe_ipsec.c > +++ b/drivers/net/ixgbe/ixgbe_ipsec.c > @@ -602,6 +602,21 @@ ixgbe_crypto_capabilities_get(void *device __rte_unused) > > > int > +ixgbe_crypto_capable(struct rte_eth_dev *dev) > +{ > + struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); > + uint32_t reg_i, reg, capable = 1; > + /* test if rx crypto can be enabled and then write back initial value*/ > + reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0); > + reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); > + if (reg != 0) > + capable = 0; > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i); > + return capable; > +} > + > +int > ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev) > { > struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h > index acd9f3e..eeba39f 100644 > --- a/drivers/net/ixgbe/ixgbe_ipsec.h > +++ b/drivers/net/ixgbe/ixgbe_ipsec.h > @@ -112,6 +112,7 @@ struct ixgbe_ipsec { > > struct rte_security_ctx * > ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); > +int ixgbe_crypto_capable(struct rte_eth_dev *dev); > int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev); > int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, > const void *ip_spec, > -- > 2.7.5 ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dpdk-dev] [PATCH] net/ixgbe: check if security capabilities are enabled by HW 2018-01-17 11:34 ` Ananyev, Konstantin @ 2018-01-17 11:40 ` Nicolau, Radu 0 siblings, 0 replies; 11+ messages in thread From: Nicolau, Radu @ 2018-01-17 11:40 UTC (permalink / raw) To: Ananyev, Konstantin, dev Cc: Lu, Wenzhuo, Zhao, XinfengX, De Lara Guarch, Pablo > -----Original Message----- > From: Ananyev, Konstantin > Sent: Wednesday, January 17, 2018 11:34 AM > To: Nicolau, Radu <radu.nicolau@intel.com>; dev@dpdk.org > Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>; Zhao, XinfengX > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com> > Subject: RE: [PATCH] net/ixgbe: check if security capabilities are enabled by > HW > > Hi Radu, > > > -----Original Message----- > > From: Nicolau, Radu > > Sent: Wednesday, January 17, 2018 11:19 AM > > To: dev@dpdk.org > > Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>; Ananyev, Konstantin > > <konstantin.ananyev@intel.com>; Zhao, XinfengX > > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo > > <pablo.de.lara.guarch@intel.com>; Nicolau, Radu > > <radu.nicolau@intel.com> > > Subject: [PATCH] net/ixgbe: check if security capabilities are enabled > > by HW > > > > Check if the security enable bits are not fused before setting offload > > capabilities for security > > In theory dev_info_get() - could be called at any stage of device > configuration or even when RX/TX is active. > Do you really want to assert SECRXCTRL at that moment? > Probably better to do this only once at init time and then just use some > stored value? > Konstantin > Yes, that's true. I will send a v2 ^ permalink raw reply [flat|nested] 11+ messages in thread
* [dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are enabled by HW 2018-01-17 11:19 [dpdk-dev] [PATCH] net/ixgbe: check if security capabilities are enabled by HW Radu Nicolau 2018-01-17 11:34 ` Ananyev, Konstantin @ 2018-01-17 11:54 ` Radu Nicolau 2018-01-17 22:47 ` Ananyev, Konstantin 2018-01-18 12:46 ` [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits Radu Nicolau 1 sibling, 2 replies; 11+ messages in thread From: Radu Nicolau @ 2018-01-17 11:54 UTC (permalink / raw) To: dev Cc: ferruh.yigit, wenzhuo.lu, konstantin.ananyev, xinfengx.zhao, pablo.de.lara.guarch, Radu Nicolau Check if the security enable bits are not fused before setting offload capabilities for security Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/ixgbe/ixgbe_ethdev.c | 20 +++++++++++--------- drivers/net/ixgbe/ixgbe_ipsec.c | 31 +++++++++++++++++++++++++------ 2 files changed, 36 insertions(+), 15 deletions(-) diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c index 43e0132..67ce052 100644 --- a/drivers/net/ixgbe/ixgbe_ethdev.c +++ b/drivers/net/ixgbe/ixgbe_ethdev.c @@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) return 0; } -#ifdef RTE_LIBRTE_SECURITY - /* Initialize security_ctx only for primary process*/ - eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev); - if (eth_dev->security_ctx == NULL) - return -ENOMEM; -#endif - rte_eth_copy_pci_info(eth_dev, pci_dev); /* Vendor and Device ID need to be set before init of shared code */ @@ -1174,6 +1167,13 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) /* Unlock any pending hardware semaphore */ ixgbe_swfw_lock_reset(hw); +#ifdef RTE_LIBRTE_SECURITY + /* Initialize security_ctx only for primary process*/ + eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev); + if (eth_dev->security_ctx == NULL) + return -ENOMEM; +#endif + /* Initialize DCB configuration*/ memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config)); ixgbe_dcb_init(hw, dcb_config); @@ -3685,8 +3685,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIBRTE_SECURITY - dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; - dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; + if (dev->security_ctx) { + dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; + dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; + } #endif dev_info->default_rxconf = (struct rte_eth_rxconf) { diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c index 97f025a8..a9e501e 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ixgbe/ixgbe_ipsec.c @@ -694,15 +694,34 @@ static struct rte_security_ops ixgbe_security_ops = { .capabilities_get = ixgbe_crypto_capabilities_get }; +static int +ixgbe_crypto_capable(struct rte_eth_dev *dev) +{ + struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); + uint32_t reg_i, reg, capable = 1; + /* test if rx crypto can be enabled and then write back initial value*/ + reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0); + reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); + if (reg != 0) + capable = 0; + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i); + return capable; +} + struct rte_security_ctx * ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev) { - struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops", - sizeof(struct rte_security_ctx), 0); - if (ctx) { - ctx->device = (void *)dev; - ctx->ops = &ixgbe_security_ops; - ctx->sess_cnt = 0; + struct rte_security_ctx *ctx = NULL; + + if (ixgbe_crypto_capable(dev)) { + ctx = rte_malloc("rte_security_instances_ops", + sizeof(struct rte_security_ctx), 0); + if (ctx) { + ctx->device = (void *)dev; + ctx->ops = &ixgbe_security_ops; + ctx->sess_cnt = 0; + } } return ctx; } -- 2.7.5 ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are enabled by HW 2018-01-17 11:54 ` [dpdk-dev] [PATCH v2] " Radu Nicolau @ 2018-01-17 22:47 ` Ananyev, Konstantin 2018-01-18 0:43 ` Zhang, Helin 2018-01-20 9:45 ` Zhang, Helin 2018-01-18 12:46 ` [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits Radu Nicolau 1 sibling, 2 replies; 11+ messages in thread From: Ananyev, Konstantin @ 2018-01-17 22:47 UTC (permalink / raw) To: Nicolau, Radu, dev Cc: Yigit, Ferruh, Lu, Wenzhuo, Zhao, XinfengX, De Lara Guarch, Pablo > -----Original Message----- > From: Nicolau, Radu > Sent: Wednesday, January 17, 2018 11:55 AM > To: dev@dpdk.org > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo <wenzhuo.lu@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>; > Zhao, XinfengX <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Nicolau, Radu > <radu.nicolau@intel.com> > Subject: [PATCH v2] net/ixgbe: check if security capabilities are enabled by HW > > Check if the security enable bits are not fused before setting > offload capabilities for security > > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> > --- Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are enabled by HW 2018-01-17 22:47 ` Ananyev, Konstantin @ 2018-01-18 0:43 ` Zhang, Helin 2018-01-18 14:58 ` Ferruh Yigit 2018-01-20 9:45 ` Zhang, Helin 1 sibling, 1 reply; 11+ messages in thread From: Zhang, Helin @ 2018-01-18 0:43 UTC (permalink / raw) To: Ananyev, Konstantin, Nicolau, Radu, dev Cc: Yigit, Ferruh, Lu, Wenzhuo, Zhao, XinfengX, De Lara Guarch, Pablo > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Ananyev, Konstantin > Sent: Thursday, January 18, 2018 6:48 AM > To: Nicolau, Radu; dev@dpdk.org > Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo > Subject: Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are > enabled by HW > > > > > -----Original Message----- > > From: Nicolau, Radu > > Sent: Wednesday, January 17, 2018 11:55 AM > > To: dev@dpdk.org > > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo > > <wenzhuo.lu@intel.com>; Ananyev, Konstantin > > <konstantin.ananyev@intel.com>; Zhao, XinfengX > > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo > > <pablo.de.lara.guarch@intel.com>; Nicolau, Radu > > <radu.nicolau@intel.com> > > Subject: [PATCH v2] net/ixgbe: check if security capabilities are > > enabled by HW > > > > Check if the security enable bits are not fused before setting offload > > capabilities for security > > > > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> > > --- > > Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Applied to dpdk-next-net-intel, with minor commit title changes. Thanks! /Helin ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are enabled by HW 2018-01-18 0:43 ` Zhang, Helin @ 2018-01-18 14:58 ` Ferruh Yigit 0 siblings, 0 replies; 11+ messages in thread From: Ferruh Yigit @ 2018-01-18 14:58 UTC (permalink / raw) To: Zhang, Helin, Ananyev, Konstantin, Nicolau, Radu, dev Cc: Lu, Wenzhuo, Zhao, XinfengX, De Lara Guarch, Pablo On 1/18/2018 12:43 AM, Zhang, Helin wrote: > > >> -----Original Message----- >> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Ananyev, Konstantin >> Sent: Thursday, January 18, 2018 6:48 AM >> To: Nicolau, Radu; dev@dpdk.org >> Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo >> Subject: Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are >> enabled by HW >> >> >> >>> -----Original Message----- >>> From: Nicolau, Radu >>> Sent: Wednesday, January 17, 2018 11:55 AM >>> To: dev@dpdk.org >>> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo >>> <wenzhuo.lu@intel.com>; Ananyev, Konstantin >>> <konstantin.ananyev@intel.com>; Zhao, XinfengX >>> <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo >>> <pablo.de.lara.guarch@intel.com>; Nicolau, Radu >>> <radu.nicolau@intel.com> >>> Subject: [PATCH v2] net/ixgbe: check if security capabilities are >>> enabled by HW >>> >>> Check if the security enable bits are not fused before setting offload >>> capabilities for security >>> >>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> >>> --- >> >> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> > Applied to dpdk-next-net-intel, with minor commit title changes. Thanks! Removed from next-net because new version of the patch sent [1]. [1] https://dpdk.org/dev/patchwork/patch/34016/ > > /Helin > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security capabilities are enabled by HW 2018-01-17 22:47 ` Ananyev, Konstantin 2018-01-18 0:43 ` Zhang, Helin @ 2018-01-20 9:45 ` Zhang, Helin 1 sibling, 0 replies; 11+ messages in thread From: Zhang, Helin @ 2018-01-20 9:45 UTC (permalink / raw) To: Ananyev, Konstantin, Nicolau, Radu, dev Cc: Yigit, Ferruh, Lu, Wenzhuo, Zhao, XinfengX, De Lara Guarch, Pablo > -----Original Message----- > From: Zhang, Helin > Sent: Thursday, January 18, 2018 8:43 AM > To: Ananyev, Konstantin; Nicolau, Radu; dev@dpdk.org > Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo > Subject: RE: [PATCH v2] net/ixgbe: check if security capabilities are enabled by > HW > > > > > -----Original Message----- > > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Ananyev, > > Konstantin > > Sent: Thursday, January 18, 2018 6:48 AM > > To: Nicolau, Radu; dev@dpdk.org > > Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo > > Subject: Re: [dpdk-dev] [PATCH v2] net/ixgbe: check if security > > capabilities are enabled by HW > > > > > > > > > -----Original Message----- > > > From: Nicolau, Radu > > > Sent: Wednesday, January 17, 2018 11:55 AM > > > To: dev@dpdk.org > > > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo > > > <wenzhuo.lu@intel.com>; Ananyev, Konstantin > > > <konstantin.ananyev@intel.com>; Zhao, XinfengX > > > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo > > > <pablo.de.lara.guarch@intel.com>; Nicolau, Radu > > > <radu.nicolau@intel.com> > > > Subject: [PATCH v2] net/ixgbe: check if security capabilities are > > > enabled by HW > > > > > > Check if the security enable bits are not fused before setting > > > offload capabilities for security > > > > > > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> > > > --- > > > > Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> > Applied to dpdk-next-net-intel, with minor commit title changes. Thanks! Removed from dpdk-next-net-intel, as new version was sent out. Thanks! /Helin > > /Helin ^ permalink raw reply [flat|nested] 11+ messages in thread
* [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits 2018-01-17 11:54 ` [dpdk-dev] [PATCH v2] " Radu Nicolau 2018-01-17 22:47 ` Ananyev, Konstantin @ 2018-01-18 12:46 ` Radu Nicolau 2018-01-22 10:23 ` Ananyev, Konstantin 1 sibling, 1 reply; 11+ messages in thread From: Radu Nicolau @ 2018-01-18 12:46 UTC (permalink / raw) To: dev Cc: ferruh.yigit, wenzhuo.lu, konstantin.ananyev, xinfengx.zhao, pablo.de.lara.guarch, helin.zhang, Radu Nicolau Check if the security enable bits are not fused before setting offload capabilities for security Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/ixgbe/ixgbe_ethdev.c | 19 ++++++++++--------- drivers/net/ixgbe/ixgbe_ipsec.c | 38 ++++++++++++++++++++++++++++++-------- drivers/net/ixgbe/ixgbe_ipsec.h | 3 +-- 3 files changed, 41 insertions(+), 19 deletions(-) diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c index 43e0132..b717dda 100644 --- a/drivers/net/ixgbe/ixgbe_ethdev.c +++ b/drivers/net/ixgbe/ixgbe_ethdev.c @@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) return 0; } -#ifdef RTE_LIBRTE_SECURITY - /* Initialize security_ctx only for primary process*/ - eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev); - if (eth_dev->security_ctx == NULL) - return -ENOMEM; -#endif - rte_eth_copy_pci_info(eth_dev, pci_dev); /* Vendor and Device ID need to be set before init of shared code */ @@ -1174,6 +1167,12 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) /* Unlock any pending hardware semaphore */ ixgbe_swfw_lock_reset(hw); +#ifdef RTE_LIBRTE_SECURITY + /* Initialize security_ctx only for primary process*/ + if (ixgbe_ipsec_ctx_create(eth_dev)) + return -ENOMEM; +#endif + /* Initialize DCB configuration*/ memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config)); ixgbe_dcb_init(hw, dcb_config); @@ -3685,8 +3684,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIBRTE_SECURITY - dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; - dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; + if (dev->security_ctx) { + dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; + dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; + } #endif dev_info->default_rxconf = (struct rte_eth_rxconf) { diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c index 97f025a8..a60b29a 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ixgbe/ixgbe_ipsec.c @@ -694,15 +694,37 @@ static struct rte_security_ops ixgbe_security_ops = { .capabilities_get = ixgbe_crypto_capabilities_get }; -struct rte_security_ctx * +static int +ixgbe_crypto_capable(struct rte_eth_dev *dev) +{ + struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); + uint32_t reg_i, reg, capable = 1; + /* test if rx crypto can be enabled and then write back initial value*/ + reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0); + reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); + if (reg != 0) + capable = 0; + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i); + return capable; +} + +int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev) { - struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops", - sizeof(struct rte_security_ctx), 0); - if (ctx) { - ctx->device = (void *)dev; - ctx->ops = &ixgbe_security_ops; - ctx->sess_cnt = 0; + struct rte_security_ctx *ctx = NULL; + + if (ixgbe_crypto_capable(dev)) { + ctx = rte_malloc("rte_security_instances_ops", + sizeof(struct rte_security_ctx), 0); + if (ctx) { + ctx->device = (void *)dev; + ctx->ops = &ixgbe_security_ops; + ctx->sess_cnt = 0; + dev->security_ctx = ctx; + } else { + return -ENOMEM; + } } - return ctx; + return 0; } diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h index acd9f3e..d13c407 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.h +++ b/drivers/net/ixgbe/ixgbe_ipsec.h @@ -110,8 +110,7 @@ struct ixgbe_ipsec { }; -struct rte_security_ctx * -ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); +int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev); int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, const void *ip_spec, -- 2.7.5 ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits 2018-01-18 12:46 ` [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits Radu Nicolau @ 2018-01-22 10:23 ` Ananyev, Konstantin 2018-01-23 2:06 ` Zhang, Helin 0 siblings, 1 reply; 11+ messages in thread From: Ananyev, Konstantin @ 2018-01-22 10:23 UTC (permalink / raw) To: Nicolau, Radu, dev Cc: Yigit, Ferruh, Lu, Wenzhuo, Zhao, XinfengX, De Lara Guarch, Pablo, Zhang, Helin > -----Original Message----- > From: Nicolau, Radu > Sent: Thursday, January 18, 2018 12:47 PM > To: dev@dpdk.org > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo <wenzhuo.lu@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>; > Zhao, XinfengX <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Zhang, Helin > <helin.zhang@intel.com>; Nicolau, Radu <radu.nicolau@intel.com> > Subject: [PATCH v3] net/ixgbe: check security enable bits > > Check if the security enable bits are not fused before setting > offload capabilities for security > > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> > --- > drivers/net/ixgbe/ixgbe_ethdev.c | 19 ++++++++++--------- > drivers/net/ixgbe/ixgbe_ipsec.c | 38 ++++++++++++++++++++++++++++++-------- > drivers/net/ixgbe/ixgbe_ipsec.h | 3 +-- > 3 files changed, 41 insertions(+), 19 deletions(-) > > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c > index 43e0132..b717dda 100644 > --- a/drivers/net/ixgbe/ixgbe_ethdev.c > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c > @@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) > return 0; > } > > -#ifdef RTE_LIBRTE_SECURITY > - /* Initialize security_ctx only for primary process*/ > - eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev); > - if (eth_dev->security_ctx == NULL) > - return -ENOMEM; > -#endif > - > rte_eth_copy_pci_info(eth_dev, pci_dev); > > /* Vendor and Device ID need to be set before init of shared code */ > @@ -1174,6 +1167,12 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) > /* Unlock any pending hardware semaphore */ > ixgbe_swfw_lock_reset(hw); > > +#ifdef RTE_LIBRTE_SECURITY > + /* Initialize security_ctx only for primary process*/ > + if (ixgbe_ipsec_ctx_create(eth_dev)) > + return -ENOMEM; > +#endif > + > /* Initialize DCB configuration*/ > memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config)); > ixgbe_dcb_init(hw, dcb_config); > @@ -3685,8 +3684,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) > dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM; > > #ifdef RTE_LIBRTE_SECURITY > - dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; > - dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; > + if (dev->security_ctx) { > + dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; > + dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; > + } > #endif > > dev_info->default_rxconf = (struct rte_eth_rxconf) { > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c > index 97f025a8..a60b29a 100644 > --- a/drivers/net/ixgbe/ixgbe_ipsec.c > +++ b/drivers/net/ixgbe/ixgbe_ipsec.c > @@ -694,15 +694,37 @@ static struct rte_security_ops ixgbe_security_ops = { > .capabilities_get = ixgbe_crypto_capabilities_get > }; > > -struct rte_security_ctx * > +static int > +ixgbe_crypto_capable(struct rte_eth_dev *dev) > +{ > + struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); > + uint32_t reg_i, reg, capable = 1; > + /* test if rx crypto can be enabled and then write back initial value*/ > + reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0); > + reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); > + if (reg != 0) > + capable = 0; > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i); > + return capable; > +} > + > +int > ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev) > { > - struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops", > - sizeof(struct rte_security_ctx), 0); > - if (ctx) { > - ctx->device = (void *)dev; > - ctx->ops = &ixgbe_security_ops; > - ctx->sess_cnt = 0; > + struct rte_security_ctx *ctx = NULL; > + > + if (ixgbe_crypto_capable(dev)) { > + ctx = rte_malloc("rte_security_instances_ops", > + sizeof(struct rte_security_ctx), 0); > + if (ctx) { > + ctx->device = (void *)dev; > + ctx->ops = &ixgbe_security_ops; > + ctx->sess_cnt = 0; > + dev->security_ctx = ctx; > + } else { > + return -ENOMEM; > + } > } > - return ctx; > + return 0; > } > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h > index acd9f3e..d13c407 100644 > --- a/drivers/net/ixgbe/ixgbe_ipsec.h > +++ b/drivers/net/ixgbe/ixgbe_ipsec.h > @@ -110,8 +110,7 @@ struct ixgbe_ipsec { > }; > > > -struct rte_security_ctx * > -ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); > +int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); > int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev); > int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, > const void *ip_spec, > -- > 2.7.5 Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits 2018-01-22 10:23 ` Ananyev, Konstantin @ 2018-01-23 2:06 ` Zhang, Helin 0 siblings, 0 replies; 11+ messages in thread From: Zhang, Helin @ 2018-01-23 2:06 UTC (permalink / raw) To: Ananyev, Konstantin, Nicolau, Radu, dev Cc: Yigit, Ferruh, Lu, Wenzhuo, Zhao, XinfengX, De Lara Guarch, Pablo > -----Original Message----- > From: Ananyev, Konstantin > Sent: Monday, January 22, 2018 6:24 PM > To: Nicolau, Radu; dev@dpdk.org > Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo; Zhang, > Helin > Subject: RE: [PATCH v3] net/ixgbe: check security enable bits > > > > > -----Original Message----- > > From: Nicolau, Radu > > Sent: Thursday, January 18, 2018 12:47 PM > > To: dev@dpdk.org > > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Lu, Wenzhuo > > <wenzhuo.lu@intel.com>; Ananyev, Konstantin > > <konstantin.ananyev@intel.com>; Zhao, XinfengX > > <xinfengx.zhao@intel.com>; De Lara Guarch, Pablo > > <pablo.de.lara.guarch@intel.com>; Zhang, Helin > > <helin.zhang@intel.com>; Nicolau, Radu <radu.nicolau@intel.com> > > Subject: [PATCH v3] net/ixgbe: check security enable bits > > > > Check if the security enable bits are not fused before setting offload > > capabilities for security > > > > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> > > --- > > drivers/net/ixgbe/ixgbe_ethdev.c | 19 ++++++++++--------- > > drivers/net/ixgbe/ixgbe_ipsec.c | 38 > > ++++++++++++++++++++++++++++++-------- > > drivers/net/ixgbe/ixgbe_ipsec.h | 3 +-- > > 3 files changed, 41 insertions(+), 19 deletions(-) > > > > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c > > b/drivers/net/ixgbe/ixgbe_ethdev.c > > index 43e0132..b717dda 100644 > > --- a/drivers/net/ixgbe/ixgbe_ethdev.c > > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c > > @@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) > > return 0; > > } > > > > -#ifdef RTE_LIBRTE_SECURITY > > - /* Initialize security_ctx only for primary process*/ > > - eth_dev->security_ctx = ixgbe_ipsec_ctx_create(eth_dev); > > - if (eth_dev->security_ctx == NULL) > > - return -ENOMEM; > > -#endif > > - > > rte_eth_copy_pci_info(eth_dev, pci_dev); > > > > /* Vendor and Device ID need to be set before init of shared code */ > > @@ -1174,6 +1167,12 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) > > /* Unlock any pending hardware semaphore */ > > ixgbe_swfw_lock_reset(hw); > > > > +#ifdef RTE_LIBRTE_SECURITY > > + /* Initialize security_ctx only for primary process*/ > > + if (ixgbe_ipsec_ctx_create(eth_dev)) > > + return -ENOMEM; > > +#endif > > + > > /* Initialize DCB configuration*/ > > memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config)); > > ixgbe_dcb_init(hw, dcb_config); > > @@ -3685,8 +3684,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, > struct rte_eth_dev_info *dev_info) > > dev_info->tx_offload_capa |= > DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM; > > > > #ifdef RTE_LIBRTE_SECURITY > > - dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; > > - dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; > > + if (dev->security_ctx) { > > + dev_info->rx_offload_capa |= DEV_RX_OFFLOAD_SECURITY; > > + dev_info->tx_offload_capa |= DEV_TX_OFFLOAD_SECURITY; > > + } > > #endif > > > > dev_info->default_rxconf = (struct rte_eth_rxconf) { diff --git > > a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c > > index 97f025a8..a60b29a 100644 > > --- a/drivers/net/ixgbe/ixgbe_ipsec.c > > +++ b/drivers/net/ixgbe/ixgbe_ipsec.c > > @@ -694,15 +694,37 @@ static struct rte_security_ops ixgbe_security_ops = > { > > .capabilities_get = ixgbe_crypto_capabilities_get }; > > > > -struct rte_security_ctx * > > +static int > > +ixgbe_crypto_capable(struct rte_eth_dev *dev) { > > + struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data- > >dev_private); > > + uint32_t reg_i, reg, capable = 1; > > + /* test if rx crypto can be enabled and then write back initial value*/ > > + reg_i = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); > > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0); > > + reg = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); > > + if (reg != 0) > > + capable = 0; > > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i); > > + return capable; > > +} > > + > > +int > > ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev) { > > - struct rte_security_ctx *ctx = rte_malloc("rte_security_instances_ops", > > - sizeof(struct rte_security_ctx), 0); > > - if (ctx) { > > - ctx->device = (void *)dev; > > - ctx->ops = &ixgbe_security_ops; > > - ctx->sess_cnt = 0; > > + struct rte_security_ctx *ctx = NULL; > > + > > + if (ixgbe_crypto_capable(dev)) { > > + ctx = rte_malloc("rte_security_instances_ops", > > + sizeof(struct rte_security_ctx), 0); > > + if (ctx) { > > + ctx->device = (void *)dev; > > + ctx->ops = &ixgbe_security_ops; > > + ctx->sess_cnt = 0; > > + dev->security_ctx = ctx; > > + } else { > > + return -ENOMEM; > > + } > > } > > - return ctx; > > + return 0; > > } > > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h > > b/drivers/net/ixgbe/ixgbe_ipsec.h index acd9f3e..d13c407 100644 > > --- a/drivers/net/ixgbe/ixgbe_ipsec.h > > +++ b/drivers/net/ixgbe/ixgbe_ipsec.h > > @@ -110,8 +110,7 @@ struct ixgbe_ipsec { }; > > > > > > -struct rte_security_ctx * > > -ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); > > +int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); > > int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev); int > > ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, > > const void *ip_spec, > > -- > > 2.7.5 > > Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Applied to dpdk-next-net-intel, thanks! /Helin ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2018-01-23 2:06 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-01-17 11:19 [dpdk-dev] [PATCH] net/ixgbe: check if security capabilities are enabled by HW Radu Nicolau 2018-01-17 11:34 ` Ananyev, Konstantin 2018-01-17 11:40 ` Nicolau, Radu 2018-01-17 11:54 ` [dpdk-dev] [PATCH v2] " Radu Nicolau 2018-01-17 22:47 ` Ananyev, Konstantin 2018-01-18 0:43 ` Zhang, Helin 2018-01-18 14:58 ` Ferruh Yigit 2018-01-20 9:45 ` Zhang, Helin 2018-01-18 12:46 ` [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits Radu Nicolau 2018-01-22 10:23 ` Ananyev, Konstantin 2018-01-23 2:06 ` Zhang, Helin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).