* [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session
@ 2019-04-22 14:39 Akhil Goyal
2019-04-22 14:39 ` Akhil Goyal
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: Akhil Goyal @ 2019-04-22 14:39 UTC (permalink / raw)
To: dev; +Cc: radu.nicolau, konstantin.ananyev, Akhil Goyal, roy.fan.zhang, stable
Currently, two separate mempools are being used for creating crypto
sessions and its private data.
crypto sessions are created and initialized separately, so a separate
mempool is passed to each API, but in case of security sessions, where
only one API create and initialize the private data as well.
So if session mempool is passed to create a security session, the
mempool element size is not sufficient enough to hold the private
data as well.
As a perfect solution, the security session create API should take 2
mempools for header and private data and initiatlize accordingly,
but that would mean an API breakage, which will be done in the next
release cycle. So introducing this patch as a workaround to resolve this
issue.
Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
Cc: roy.fan.zhang@intel.com
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
examples/ipsec-secgw/ipsec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 4352cb842..7b8533077 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
set_ipsec_conf(sa, &(sess_conf.ipsec));
sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ &sess_conf, ipsec_ctx->session_priv_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
@@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
int ret = 0;
sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ &sess_conf, ipsec_ctx->session_priv_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session
2019-04-22 14:39 [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session Akhil Goyal
@ 2019-04-22 14:39 ` Akhil Goyal
2019-04-23 11:49 ` Ananyev, Konstantin
2019-04-23 12:19 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2019-04-22 14:39 UTC (permalink / raw)
To: dev; +Cc: radu.nicolau, konstantin.ananyev, Akhil Goyal, roy.fan.zhang, stable
Currently, two separate mempools are being used for creating crypto
sessions and its private data.
crypto sessions are created and initialized separately, so a separate
mempool is passed to each API, but in case of security sessions, where
only one API create and initialize the private data as well.
So if session mempool is passed to create a security session, the
mempool element size is not sufficient enough to hold the private
data as well.
As a perfect solution, the security session create API should take 2
mempools for header and private data and initiatlize accordingly,
but that would mean an API breakage, which will be done in the next
release cycle. So introducing this patch as a workaround to resolve this
issue.
Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
Cc: roy.fan.zhang@intel.com
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
examples/ipsec-secgw/ipsec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 4352cb842..7b8533077 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
set_ipsec_conf(sa, &(sess_conf.ipsec));
sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ &sess_conf, ipsec_ctx->session_priv_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
@@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
int ret = 0;
sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ &sess_conf, ipsec_ctx->session_priv_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session
2019-04-22 14:39 [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session Akhil Goyal
2019-04-22 14:39 ` Akhil Goyal
@ 2019-04-23 11:49 ` Ananyev, Konstantin
2019-04-23 11:49 ` Ananyev, Konstantin
2019-04-23 12:28 ` Akhil Goyal
2019-04-23 12:19 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2 siblings, 2 replies; 12+ messages in thread
From: Ananyev, Konstantin @ 2019-04-23 11:49 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: Nicolau, Radu, Zhang, Roy Fan, stable
Hi Akhil,
> Currently, two separate mempools are being used for creating crypto
> sessions and its private data.
> crypto sessions are created and initialized separately, so a separate
> mempool is passed to each API, but in case of security sessions, where
> only one API create and initialize the private data as well.
> So if session mempool is passed to create a security session, the
> mempool element size is not sufficient enough to hold the private
> data as well.
> As a perfect solution, the security session create API should take 2
> mempools for header and private data and initiatlize accordingly,
> but that would mean an API breakage, which will be done in the next
> release cycle. So introducing this patch as a workaround to resolve this
> issue.
>
> Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
> Cc: roy.fan.zhang@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
> examples/ipsec-secgw/ipsec.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4352cb842..7b8533077 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> set_ipsec_conf(sa, &(sess_conf.ipsec));
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> @@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> int ret = 0;
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> --
Looks good to me , but seems incomplete.
I think we also need to:
static int32_t
cryptodevs_init(void)
{
...
/* create session pools for eth devices that implement security */
RTE_ETH_FOREACH_DEV(port_id) {
if ((enabled_port_mask & (1 << port_id)) &&
rte_eth_dev_get_sec_ctx(port_id)) {
int socket_id = rte_eth_dev_socket_id(port_id);
- if (!socket_ctx[socket_id].session_pool) {
+ if (!socket_ctx[socket_id].session_priv_pool) {
char mp_name[RTE_MEMPOOL_NAMESIZE];
struct rte_mempool *sess_mp;
snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
"sess_mp_%u", socket_id);
sess_mp = rte_mempool_create(mp_name,
(CDEV_MP_NB_OBJS * 2),
max_sess_sz,
CDEV_MP_CACHE_SZ,
0, NULL, NULL, NULL,
NULL, socket_id,
0);
if (sess_mp == NULL)
rte_exit(EXIT_FAILURE,
"Cannot create session pool "
"on socket %d\n", socket_id);
else
printf("Allocated session pool "
"on socket %d\n", socket_id);
- socket_ctx[socket_id].session_pool = sess_mp;
+ socket_ctx[socket_id].session_priv_pool = sess_mp;
}
}
}
Konstantin
> 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session
2019-04-23 11:49 ` Ananyev, Konstantin
@ 2019-04-23 11:49 ` Ananyev, Konstantin
2019-04-23 12:28 ` Akhil Goyal
1 sibling, 0 replies; 12+ messages in thread
From: Ananyev, Konstantin @ 2019-04-23 11:49 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: Nicolau, Radu, Zhang, Roy Fan, stable
Hi Akhil,
> Currently, two separate mempools are being used for creating crypto
> sessions and its private data.
> crypto sessions are created and initialized separately, so a separate
> mempool is passed to each API, but in case of security sessions, where
> only one API create and initialize the private data as well.
> So if session mempool is passed to create a security session, the
> mempool element size is not sufficient enough to hold the private
> data as well.
> As a perfect solution, the security session create API should take 2
> mempools for header and private data and initiatlize accordingly,
> but that would mean an API breakage, which will be done in the next
> release cycle. So introducing this patch as a workaround to resolve this
> issue.
>
> Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
> Cc: roy.fan.zhang@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
> examples/ipsec-secgw/ipsec.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4352cb842..7b8533077 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> set_ipsec_conf(sa, &(sess_conf.ipsec));
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> @@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> int ret = 0;
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> --
Looks good to me , but seems incomplete.
I think we also need to:
static int32_t
cryptodevs_init(void)
{
...
/* create session pools for eth devices that implement security */
RTE_ETH_FOREACH_DEV(port_id) {
if ((enabled_port_mask & (1 << port_id)) &&
rte_eth_dev_get_sec_ctx(port_id)) {
int socket_id = rte_eth_dev_socket_id(port_id);
- if (!socket_ctx[socket_id].session_pool) {
+ if (!socket_ctx[socket_id].session_priv_pool) {
char mp_name[RTE_MEMPOOL_NAMESIZE];
struct rte_mempool *sess_mp;
snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
"sess_mp_%u", socket_id);
sess_mp = rte_mempool_create(mp_name,
(CDEV_MP_NB_OBJS * 2),
max_sess_sz,
CDEV_MP_CACHE_SZ,
0, NULL, NULL, NULL,
NULL, socket_id,
0);
if (sess_mp == NULL)
rte_exit(EXIT_FAILURE,
"Cannot create session pool "
"on socket %d\n", socket_id);
else
printf("Allocated session pool "
"on socket %d\n", socket_id);
- socket_ctx[socket_id].session_pool = sess_mp;
+ socket_ctx[socket_id].session_priv_pool = sess_mp;
}
}
}
Konstantin
> 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev] [PATCH v2] examples/ipsec-secgw: fix pool usage for security session
2019-04-22 14:39 [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session Akhil Goyal
2019-04-22 14:39 ` Akhil Goyal
2019-04-23 11:49 ` Ananyev, Konstantin
@ 2019-04-23 12:19 ` Akhil Goyal
2019-04-23 12:19 ` Akhil Goyal
2019-04-23 12:32 ` Ananyev, Konstantin
2 siblings, 2 replies; 12+ messages in thread
From: Akhil Goyal @ 2019-04-23 12:19 UTC (permalink / raw)
To: dev; +Cc: radu.nicolau, konstantin.ananyev, Akhil Goyal, roy.fan.zhang, stable
Currently, two separate mempools are being used for creating crypto
sessions and its private data.
crypto sessions are created and initialized separately, so a separate
mempool is passed to each API, but in case of security sessions, where
only one API create and initialize the private data as well.
So if session mempool is passed to create a security session, the
mempool element size is not sufficient enough to hold the private
data as well.
As a perfect solution, the security session create API should take 2
mempools for header and private data and initiatlize accordingly,
but that would mean an API breakage, which will be done in the next
release cycle. So introducing this patch as a workaround to resolve this
issue.
Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
Cc: roy.fan.zhang@intel.com
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
v2: incorporated Konstantin's comments.
examples/ipsec-secgw/ipsec-secgw.c | 5 +++--
examples/ipsec-secgw/ipsec.c | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 2e203393d..478dd80c2 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1791,7 +1791,7 @@ cryptodevs_init(void)
rte_eth_dev_get_sec_ctx(port_id)) {
int socket_id = rte_eth_dev_socket_id(port_id);
- if (!socket_ctx[socket_id].session_pool) {
+ if (!socket_ctx[socket_id].session_priv_pool) {
char mp_name[RTE_MEMPOOL_NAMESIZE];
struct rte_mempool *sess_mp;
@@ -1811,7 +1811,8 @@ cryptodevs_init(void)
else
printf("Allocated session pool "
"on socket %d\n", socket_id);
- socket_ctx[socket_id].session_pool = sess_mp;
+ socket_ctx[socket_id].session_priv_pool =
+ sess_mp;
}
}
}
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 4352cb842..7b8533077 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
set_ipsec_conf(sa, &(sess_conf.ipsec));
sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ &sess_conf, ipsec_ctx->session_priv_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
@@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
int ret = 0;
sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ &sess_conf, ipsec_ctx->session_priv_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev] [PATCH v2] examples/ipsec-secgw: fix pool usage for security session
2019-04-23 12:19 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
@ 2019-04-23 12:19 ` Akhil Goyal
2019-04-23 12:32 ` Ananyev, Konstantin
1 sibling, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2019-04-23 12:19 UTC (permalink / raw)
To: dev; +Cc: radu.nicolau, konstantin.ananyev, Akhil Goyal, roy.fan.zhang, stable
Currently, two separate mempools are being used for creating crypto
sessions and its private data.
crypto sessions are created and initialized separately, so a separate
mempool is passed to each API, but in case of security sessions, where
only one API create and initialize the private data as well.
So if session mempool is passed to create a security session, the
mempool element size is not sufficient enough to hold the private
data as well.
As a perfect solution, the security session create API should take 2
mempools for header and private data and initiatlize accordingly,
but that would mean an API breakage, which will be done in the next
release cycle. So introducing this patch as a workaround to resolve this
issue.
Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
Cc: roy.fan.zhang@intel.com
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
v2: incorporated Konstantin's comments.
examples/ipsec-secgw/ipsec-secgw.c | 5 +++--
examples/ipsec-secgw/ipsec.c | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 2e203393d..478dd80c2 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1791,7 +1791,7 @@ cryptodevs_init(void)
rte_eth_dev_get_sec_ctx(port_id)) {
int socket_id = rte_eth_dev_socket_id(port_id);
- if (!socket_ctx[socket_id].session_pool) {
+ if (!socket_ctx[socket_id].session_priv_pool) {
char mp_name[RTE_MEMPOOL_NAMESIZE];
struct rte_mempool *sess_mp;
@@ -1811,7 +1811,8 @@ cryptodevs_init(void)
else
printf("Allocated session pool "
"on socket %d\n", socket_id);
- socket_ctx[socket_id].session_pool = sess_mp;
+ socket_ctx[socket_id].session_priv_pool =
+ sess_mp;
}
}
}
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 4352cb842..7b8533077 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
set_ipsec_conf(sa, &(sess_conf.ipsec));
sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ &sess_conf, ipsec_ctx->session_priv_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
@@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
int ret = 0;
sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ &sess_conf, ipsec_ctx->session_priv_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session
2019-04-23 11:49 ` Ananyev, Konstantin
2019-04-23 11:49 ` Ananyev, Konstantin
@ 2019-04-23 12:28 ` Akhil Goyal
2019-04-23 12:28 ` Akhil Goyal
1 sibling, 1 reply; 12+ messages in thread
From: Akhil Goyal @ 2019-04-23 12:28 UTC (permalink / raw)
To: Ananyev, Konstantin, dev; +Cc: Nicolau, Radu, Zhang, Roy Fan, stable
>
>
> Looks good to me , but seems incomplete.
> I think we also need to:
> static int32_t
> cryptodevs_init(void)
> {
> ...
>
> /* create session pools for eth devices that implement security */
> RTE_ETH_FOREACH_DEV(port_id) {
> if ((enabled_port_mask & (1 << port_id)) &&
> rte_eth_dev_get_sec_ctx(port_id)) {
> int socket_id = rte_eth_dev_socket_id(port_id);
>
> - if (!socket_ctx[socket_id].session_pool) {
> + if (!socket_ctx[socket_id].session_priv_pool) {
> char mp_name[RTE_MEMPOOL_NAMESIZE];
> struct rte_mempool *sess_mp;
>
> snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> "sess_mp_%u", socket_id);
> sess_mp = rte_mempool_create(mp_name,
> (CDEV_MP_NB_OBJS * 2),
> max_sess_sz,
> CDEV_MP_CACHE_SZ,
> 0, NULL, NULL, NULL,
> NULL, socket_id,
> 0);
> if (sess_mp == NULL)
> rte_exit(EXIT_FAILURE,
> "Cannot create session pool "
> "on socket %d\n", socket_id);
> else
> printf("Allocated session pool "
> "on socket %d\n", socket_id);
> - socket_ctx[socket_id].session_pool = sess_mp;
> + socket_ctx[socket_id].session_priv_pool = sess_mp;
>
> }
> }
> }
>
> Konstantin
Thanks,
Will be sending a v2 soon.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session
2019-04-23 12:28 ` Akhil Goyal
@ 2019-04-23 12:28 ` Akhil Goyal
0 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2019-04-23 12:28 UTC (permalink / raw)
To: Ananyev, Konstantin, dev; +Cc: Nicolau, Radu, Zhang, Roy Fan, stable
>
>
> Looks good to me , but seems incomplete.
> I think we also need to:
> static int32_t
> cryptodevs_init(void)
> {
> ...
>
> /* create session pools for eth devices that implement security */
> RTE_ETH_FOREACH_DEV(port_id) {
> if ((enabled_port_mask & (1 << port_id)) &&
> rte_eth_dev_get_sec_ctx(port_id)) {
> int socket_id = rte_eth_dev_socket_id(port_id);
>
> - if (!socket_ctx[socket_id].session_pool) {
> + if (!socket_ctx[socket_id].session_priv_pool) {
> char mp_name[RTE_MEMPOOL_NAMESIZE];
> struct rte_mempool *sess_mp;
>
> snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> "sess_mp_%u", socket_id);
> sess_mp = rte_mempool_create(mp_name,
> (CDEV_MP_NB_OBJS * 2),
> max_sess_sz,
> CDEV_MP_CACHE_SZ,
> 0, NULL, NULL, NULL,
> NULL, socket_id,
> 0);
> if (sess_mp == NULL)
> rte_exit(EXIT_FAILURE,
> "Cannot create session pool "
> "on socket %d\n", socket_id);
> else
> printf("Allocated session pool "
> "on socket %d\n", socket_id);
> - socket_ctx[socket_id].session_pool = sess_mp;
> + socket_ctx[socket_id].session_priv_pool = sess_mp;
>
> }
> }
> }
>
> Konstantin
Thanks,
Will be sending a v2 soon.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev] [PATCH v2] examples/ipsec-secgw: fix pool usage for security session
2019-04-23 12:19 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2019-04-23 12:19 ` Akhil Goyal
@ 2019-04-23 12:32 ` Ananyev, Konstantin
2019-04-23 12:32 ` Ananyev, Konstantin
2019-04-23 12:58 ` Akhil Goyal
1 sibling, 2 replies; 12+ messages in thread
From: Ananyev, Konstantin @ 2019-04-23 12:32 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: Nicolau, Radu, Zhang, Roy Fan, stable
> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, April 23, 2019 1:20 PM
> To: dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>;
> Zhang, Roy Fan <roy.fan.zhang@intel.com>; stable@dpdk.org
> Subject: [PATCH v2] examples/ipsec-secgw: fix pool usage for security session
>
> Currently, two separate mempools are being used for creating crypto
> sessions and its private data.
> crypto sessions are created and initialized separately, so a separate
> mempool is passed to each API, but in case of security sessions, where
> only one API create and initialize the private data as well.
> So if session mempool is passed to create a security session, the
> mempool element size is not sufficient enough to hold the private
> data as well.
> As a perfect solution, the security session create API should take 2
> mempools for header and private data and initiatlize accordingly,
> but that would mean an API breakage, which will be done in the next
> release cycle. So introducing this patch as a workaround to resolve this
> issue.
>
> Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
> Cc: roy.fan.zhang@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
> v2: incorporated Konstantin's comments.
>
>
> examples/ipsec-secgw/ipsec-secgw.c | 5 +++--
> examples/ipsec-secgw/ipsec.c | 4 ++--
> 2 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 2e203393d..478dd80c2 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -1791,7 +1791,7 @@ cryptodevs_init(void)
> rte_eth_dev_get_sec_ctx(port_id)) {
> int socket_id = rte_eth_dev_socket_id(port_id);
>
> - if (!socket_ctx[socket_id].session_pool) {
> + if (!socket_ctx[socket_id].session_priv_pool) {
> char mp_name[RTE_MEMPOOL_NAMESIZE];
> struct rte_mempool *sess_mp;
>
> @@ -1811,7 +1811,8 @@ cryptodevs_init(void)
> else
> printf("Allocated session pool "
> "on socket %d\n", socket_id);
> - socket_ctx[socket_id].session_pool = sess_mp;
> + socket_ctx[socket_id].session_priv_pool =
> + sess_mp;
> }
> }
> }
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4352cb842..7b8533077 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> set_ipsec_conf(sa, &(sess_conf.ipsec));
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> @@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> int ret = 0;
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> --
> 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev] [PATCH v2] examples/ipsec-secgw: fix pool usage for security session
2019-04-23 12:32 ` Ananyev, Konstantin
@ 2019-04-23 12:32 ` Ananyev, Konstantin
2019-04-23 12:58 ` Akhil Goyal
1 sibling, 0 replies; 12+ messages in thread
From: Ananyev, Konstantin @ 2019-04-23 12:32 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: Nicolau, Radu, Zhang, Roy Fan, stable
> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, April 23, 2019 1:20 PM
> To: dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>;
> Zhang, Roy Fan <roy.fan.zhang@intel.com>; stable@dpdk.org
> Subject: [PATCH v2] examples/ipsec-secgw: fix pool usage for security session
>
> Currently, two separate mempools are being used for creating crypto
> sessions and its private data.
> crypto sessions are created and initialized separately, so a separate
> mempool is passed to each API, but in case of security sessions, where
> only one API create and initialize the private data as well.
> So if session mempool is passed to create a security session, the
> mempool element size is not sufficient enough to hold the private
> data as well.
> As a perfect solution, the security session create API should take 2
> mempools for header and private data and initiatlize accordingly,
> but that would mean an API breakage, which will be done in the next
> release cycle. So introducing this patch as a workaround to resolve this
> issue.
>
> Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
> Cc: roy.fan.zhang@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
> v2: incorporated Konstantin's comments.
>
>
> examples/ipsec-secgw/ipsec-secgw.c | 5 +++--
> examples/ipsec-secgw/ipsec.c | 4 ++--
> 2 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 2e203393d..478dd80c2 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -1791,7 +1791,7 @@ cryptodevs_init(void)
> rte_eth_dev_get_sec_ctx(port_id)) {
> int socket_id = rte_eth_dev_socket_id(port_id);
>
> - if (!socket_ctx[socket_id].session_pool) {
> + if (!socket_ctx[socket_id].session_priv_pool) {
> char mp_name[RTE_MEMPOOL_NAMESIZE];
> struct rte_mempool *sess_mp;
>
> @@ -1811,7 +1811,8 @@ cryptodevs_init(void)
> else
> printf("Allocated session pool "
> "on socket %d\n", socket_id);
> - socket_ctx[socket_id].session_pool = sess_mp;
> + socket_ctx[socket_id].session_priv_pool =
> + sess_mp;
> }
> }
> }
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4352cb842..7b8533077 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -102,7 +102,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> set_ipsec_conf(sa, &(sess_conf.ipsec));
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
> @@ -117,7 +117,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> int ret = 0;
>
> sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> + &sess_conf, ipsec_ctx->session_priv_pool);
> if (sa->sec_session == NULL) {
> RTE_LOG(ERR, IPSEC,
> "SEC Session init failed: err: %d\n", ret);
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> --
> 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev] [PATCH v2] examples/ipsec-secgw: fix pool usage for security session
2019-04-23 12:32 ` Ananyev, Konstantin
2019-04-23 12:32 ` Ananyev, Konstantin
@ 2019-04-23 12:58 ` Akhil Goyal
2019-04-23 12:58 ` Akhil Goyal
1 sibling, 1 reply; 12+ messages in thread
From: Akhil Goyal @ 2019-04-23 12:58 UTC (permalink / raw)
To: Ananyev, Konstantin, dev; +Cc: Nicolau, Radu, Zhang, Roy Fan, stable
>
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
>
Applied to dpdk-next-crypto
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev] [PATCH v2] examples/ipsec-secgw: fix pool usage for security session
2019-04-23 12:58 ` Akhil Goyal
@ 2019-04-23 12:58 ` Akhil Goyal
0 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2019-04-23 12:58 UTC (permalink / raw)
To: Ananyev, Konstantin, dev; +Cc: Nicolau, Radu, Zhang, Roy Fan, stable
>
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
>
Applied to dpdk-next-crypto
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2019-04-23 12:58 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-22 14:39 [dpdk-dev] [PATCH] examples/ipsec-secgw: fix pool usage for security session Akhil Goyal
2019-04-22 14:39 ` Akhil Goyal
2019-04-23 11:49 ` Ananyev, Konstantin
2019-04-23 11:49 ` Ananyev, Konstantin
2019-04-23 12:28 ` Akhil Goyal
2019-04-23 12:28 ` Akhil Goyal
2019-04-23 12:19 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2019-04-23 12:19 ` Akhil Goyal
2019-04-23 12:32 ` Ananyev, Konstantin
2019-04-23 12:32 ` Ananyev, Konstantin
2019-04-23 12:58 ` Akhil Goyal
2019-04-23 12:58 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).