From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Ankur Dwivedi <adwivedi@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH 3/3] net/octeontx2: clear SA valid during session destroy
Date: Tue, 13 Jul 2021 15:57:08 +0530 [thread overview]
Message-ID: <1626172028-100-3-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1626172028-100-1-git-send-email-anoobj@marvell.com>
SA table entry would be reserved for inline inbound operations. Clear
valid bit of the SA so that CPT would treat SA entry as invalid. Also,
move setting of valid bit to the end in case of session_create() to
eliminate possibility of hardware seeing partial data.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
drivers/crypto/octeontx2/otx2_ipsec_fp.h | 1 -
drivers/net/octeontx2/otx2_ethdev_sec.c | 28 ++++++++++++++++++++++++----
2 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
index a33041d..58b24a2 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
@@ -365,7 +365,6 @@ ipsec_fp_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
ctl->esn_en = 1;
ctl->spi = rte_cpu_to_be_32(ipsec->spi);
- ctl->valid = 1;
return 0;
}
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index 72298cf..c2a3688 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -455,6 +455,9 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,
goto cpt_put;
}
+ rte_io_wmb();
+ ctl->valid = 1;
+
return 0;
cpt_put:
otx2_sec_idev_tx_cpt_qp_put(sess->qp);
@@ -595,6 +598,9 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,
sa->esn_hi = 0;
}
+ rte_io_wmb();
+ ctl->valid = 1;
+
rte_spinlock_unlock(&dev->ipsec_tbl_lock);
return 0;
@@ -682,10 +688,12 @@ otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)
}
static int
-otx2_eth_sec_session_destroy(void *device __rte_unused,
+otx2_eth_sec_session_destroy(void *device,
struct rte_security_session *sess)
{
+ struct otx2_eth_dev *dev = otx2_eth_pmd_priv(device);
struct otx2_sec_session_ipsec_ip *sess_ip;
+ struct otx2_ipsec_fp_in_sa *sa;
struct otx2_sec_session *priv;
struct rte_mempool *sess_mp;
int ret;
@@ -696,9 +704,21 @@ otx2_eth_sec_session_destroy(void *device __rte_unused,
sess_ip = &priv->ipsec.ip;
- /* Release the anti replay window */
- if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
- otx2_eth_sec_free_anti_replay(sess_ip->in_sa);
+ if (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+ rte_spinlock_lock(&dev->ipsec_tbl_lock);
+ sa = sess_ip->in_sa;
+
+ /* Release the anti replay window */
+ otx2_eth_sec_free_anti_replay(sa);
+
+ /* Clear SA table entry */
+ if (sa != NULL) {
+ sa->ctl.valid = 0;
+ rte_io_wmb();
+ }
+
+ rte_spinlock_unlock(&dev->ipsec_tbl_lock);
+ }
/* Release CPT LF used for this session */
if (sess_ip->qp != NULL) {
--
2.7.4
next prev parent reply other threads:[~2021-07-13 10:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-13 10:27 [dpdk-dev] [PATCH 1/3] crypto/octeontx2: fix member overlap Anoob Joseph
2021-07-13 10:27 ` [dpdk-dev] [PATCH 2/3] net/octeontx2: add locking for inline IPsec tbl updates Anoob Joseph
2021-07-13 10:27 ` Anoob Joseph [this message]
2021-07-18 8:33 ` [dpdk-dev] [PATCH 1/3] crypto/octeontx2: fix member overlap Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1626172028-100-3-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=adwivedi@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).