DPDK patches and discussions
 help / color / mirror / Atom feed
From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
	pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com
Cc: dev@dpdk.org, brendan.ryan@intel.com,
	mairtin.oloingsigh@intel.com, David Coyle <david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH v1 1/2] crypto/qat: improve DOCSIS session creation
Date: Thu, 16 Jul 2020 16:32:17 +0100
Message-ID: <20200716153218.65491-2-david.coyle@intel.com> (raw)
In-Reply-To: <20200716153218.65491-1-david.coyle@intel.com>

This patch improves the DOCSIS session creation as follows:
- it validates the security action type as well as the protocol before
  creating a session and now does this validation before allocating the
  session from the mempool
- it clears the entire private session struct before populating it with
  DOCSIS session info, in case any data was left over from the last time
  it was used
- it simplifies the DOCSIS parameter setting, which was overly
  complicated

Fixes: 6f0ef237404b ("crypto/qat: support DOCSIS protocol")

Signed-off-by: David Coyle <david.coyle@intel.com>
---
 drivers/crypto/qat/qat_sym_session.c | 32 +++++++++++++---------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 717893c78..ed4d00159 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -2162,6 +2162,9 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 	struct rte_crypto_sym_xform *xform = NULL;
 	struct qat_sym_session *session = session_private;
 
+	/* Clear the session */
+	memset(session, 0, qat_sym_session_get_private_size(dev));
+
 	ret = qat_sec_session_check_docsis(conf);
 	if (ret) {
 		QAT_LOG(ERR, "Unsupported DOCSIS security configuration");
@@ -2184,23 +2187,17 @@ qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
 
 	session->min_qat_dev_gen = QAT_GEN1;
 
-	/* Get requested QAT command id */
+	/* Get requested QAT command id - should be cipher */
 	qat_cmd_id = qat_get_cmd_id(xform);
-	if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) {
+	if (qat_cmd_id != ICP_QAT_FW_LA_CMD_CIPHER) {
 		QAT_LOG(ERR, "Unsupported xform chain requested");
 		return -ENOTSUP;
 	}
 	session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id;
-	switch (session->qat_cmd) {
-	case ICP_QAT_FW_LA_CMD_CIPHER:
-		ret = qat_sym_session_configure_cipher(dev, xform, session);
-		if (ret < 0)
-			return ret;
-		break;
-	default:
-		QAT_LOG(ERR, "Unsupported Service %u", session->qat_cmd);
-		return -ENOTSUP;
-	}
+
+	ret = qat_sym_session_configure_cipher(dev, xform, session);
+	if (ret < 0)
+		return ret;
 
 	return 0;
 }
@@ -2215,16 +2212,17 @@ qat_security_session_create(void *dev,
 	struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
 	int ret;
 
+	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
+			conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+		QAT_LOG(ERR, "Invalid security protocol");
+		return -EINVAL;
+	}
+
 	if (rte_mempool_get(mempool, &sess_private_data)) {
 		QAT_LOG(ERR, "Couldn't get object from session mempool");
 		return -ENOMEM;
 	}
 
-	if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
-		QAT_LOG(ERR, "Invalid security protocol");
-		return -EINVAL;
-	}
-
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
 			sess_private_data);
 	if (ret != 0) {
-- 
2.17.1


  reply	other threads:[~2020-07-16 15:56 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-16 15:32 [dpdk-dev] [PATCH v1 0/2] " David Coyle
2020-07-16 15:32 ` David Coyle [this message]
2020-07-17 18:28   ` [dpdk-dev] [PATCH v1 1/2] crypto/qat: " Trahe, Fiona
2020-07-16 15:32 ` [dpdk-dev] [PATCH v1 2/2] crypto/aesni_mb: " David Coyle
2020-07-17 19:09   ` De Lara Guarch, Pablo
2020-07-18 21:24     ` Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200716153218.65491-2-david.coyle@intel.com \
    --to=david.coyle@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=brendan.ryan@intel.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=fiona.trahe@intel.com \
    --cc=mairtin.oloingsigh@intel.com \
    --cc=pablo.de.lara.guarch@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git