From: David Coyle <david.coyle@intel.com> To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com Cc: dev@dpdk.org, brendan.ryan@intel.com, mairtin.oloingsigh@intel.com, David Coyle <david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v1 1/2] crypto/qat: improve DOCSIS session creation Date: Thu, 16 Jul 2020 16:32:17 +0100 Message-ID: <20200716153218.65491-2-david.coyle@intel.com> (raw) In-Reply-To: <20200716153218.65491-1-david.coyle@intel.com> This patch improves the DOCSIS session creation as follows: - it validates the security action type as well as the protocol before creating a session and now does this validation before allocating the session from the mempool - it clears the entire private session struct before populating it with DOCSIS session info, in case any data was left over from the last time it was used - it simplifies the DOCSIS parameter setting, which was overly complicated Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol") Signed-off-by: David Coyle <david.coyle@intel.com> --- drivers/crypto/qat/qat_sym_session.c | 32 +++++++++++++--------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 717893c78..ed4d00159 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -2162,6 +2162,9 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform = NULL; struct qat_sym_session *session = session_private; + /* Clear the session */ + memset(session, 0, qat_sym_session_get_private_size(dev)); + ret = qat_sec_session_check_docsis(conf); if (ret) { QAT_LOG(ERR, "Unsupported DOCSIS security configuration"); @@ -2184,23 +2187,17 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, session->min_qat_dev_gen = QAT_GEN1; - /* Get requested QAT command id */ + /* Get requested QAT command id - should be cipher */ qat_cmd_id = qat_get_cmd_id(xform); - if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) { + if (qat_cmd_id != ICP_QAT_FW_LA_CMD_CIPHER) { QAT_LOG(ERR, "Unsupported xform chain requested"); return -ENOTSUP; } session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id; - switch (session->qat_cmd) { - case ICP_QAT_FW_LA_CMD_CIPHER: - ret = qat_sym_session_configure_cipher(dev, xform, session); - if (ret < 0) - return ret; - break; - default: - QAT_LOG(ERR, "Unsupported Service %u", session->qat_cmd); - return -ENOTSUP; - } + + ret = qat_sym_session_configure_cipher(dev, xform, session); + if (ret < 0) + return ret; return 0; } @@ -2215,16 +2212,17 @@ qat_security_session_create(void *dev, struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; int ret; + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL || + conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + QAT_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + if (rte_mempool_get(mempool, &sess_private_data)) { QAT_LOG(ERR, "Couldn't get object from session mempool"); return -ENOMEM; } - if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { - QAT_LOG(ERR, "Invalid security protocol"); - return -EINVAL; - } - ret = qat_sec_session_set_docsis_parameters(cdev, conf, sess_private_data); if (ret != 0) { -- 2.17.1
next prev parent reply other threads:[~2020-07-16 15:56 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-07-16 15:32 [dpdk-dev] [PATCH v1 0/2] " David Coyle 2020-07-16 15:32 ` David Coyle [this message] 2020-07-17 18:28 ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " Trahe, Fiona 2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle 2020-07-17 19:09 ` De Lara Guarch, Pablo 2020-07-18 21:24 ` Akhil Goyal
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200716153218.65491-2-david.coyle@intel.com \ --to=david.coyle@intel.com \ --cc=akhil.goyal@nxp.com \ --cc=brendan.ryan@intel.com \ --cc=declan.doherty@intel.com \ --cc=dev@dpdk.org \ --cc=fiona.trahe@intel.com \ --cc=mairtin.oloingsigh@intel.com \ --cc=pablo.de.lara.guarch@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
DPDK patches and discussions This inbox may be cloned and mirrored by anyone: git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \ dev@dpdk.org public-inbox-index dev Example config snippet for mirrors. Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.dev AGPL code for this site: git clone https://public-inbox.org/public-inbox.git