DPDK patches and discussions
 help / color / mirror / Atom feed
From: Nithin Dabilpuram <ndabilpuram@marvell.com>
To: <jerinj@marvell.com>, Nithin Dabilpuram <ndabilpuram@marvell.com>,
	"Kiran Kumar K" <kirankumark@marvell.com>,
	Sunil Kumar Kori <skori@marvell.com>,
	Satha Rao <skoteshwar@marvell.com>
Cc: <dev@dpdk.org>
Subject: [PATCH 8/8] net/cnxk: synchronize inline session create and destroy
Date: Thu, 9 Dec 2021 14:43:42 +0530	[thread overview]
Message-ID: <20211209091342.27017-8-ndabilpuram@marvell.com> (raw)
In-Reply-To: <20211209091342.27017-1-ndabilpuram@marvell.com>

Synchronize inline session create and destroy using spinlock.
Also move security related error prints outside the spinlock.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
---
 drivers/net/cnxk/cn10k_ethdev_sec.c | 35 ++++++++++++++++++++++++++++-------
 drivers/net/cnxk/cn9k_ethdev_sec.c  | 34 +++++++++++++++++++++++++++-------
 drivers/net/cnxk/cnxk_ethdev.c      |  7 +++++--
 drivers/net/cnxk/cnxk_ethdev.h      |  6 ++++++
 4 files changed, 66 insertions(+), 16 deletions(-)

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 235c168..12cec0a 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -238,6 +238,8 @@ cn10k_eth_sec_session_create(void *device,
 	struct rte_crypto_sym_xform *crypto;
 	struct cnxk_eth_sec_sess *eth_sec;
 	bool inbound, inl_dev;
+	rte_spinlock_t *lock;
+	char tbuf[128] = {0};
 	int rc = 0;
 
 	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
@@ -272,6 +274,9 @@ cn10k_eth_sec_session_create(void *device,
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
 	sess_priv.u64 = 0;
 
+	lock = inbound ? &dev->inb.lock : &dev->outb.lock;
+	rte_spinlock_lock(lock);
+
 	/* Acquire lock on inline dev for inbound */
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_lock();
@@ -287,12 +292,14 @@ cn10k_eth_sec_session_create(void *device,
 		/* Get Inbound SA from NIX_RX_IPSEC_SA_BASE */
 		sa = roc_nix_inl_inb_sa_get(&dev->nix, inl_dev, ipsec->spi);
 		if (!sa && dev->inb.inl_dev) {
-			plt_err("Failed to create ingress sa, inline dev "
-				"not found or spi not in range");
+			snprintf(tbuf, sizeof(tbuf),
+				 "Failed to create ingress sa, inline dev "
+				 "not found or spi not in range");
 			rc = -ENOTSUP;
 			goto mempool_put;
 		} else if (!sa) {
-			plt_err("Failed to create ingress sa");
+			snprintf(tbuf, sizeof(tbuf),
+				 "Failed to create ingress sa");
 			rc = -EFAULT;
 			goto mempool_put;
 		}
@@ -301,8 +308,9 @@ cn10k_eth_sec_session_create(void *device,
 
 		/* Check if SA is already in use */
 		if (inb_sa->w2.s.valid) {
-			plt_err("Inbound SA with SPI %u already in use",
-				ipsec->spi);
+			snprintf(tbuf, sizeof(tbuf),
+				 "Inbound SA with SPI %u already in use",
+				 ipsec->spi);
 			rc = -EBUSY;
 			goto mempool_put;
 		}
@@ -313,7 +321,8 @@ cn10k_eth_sec_session_create(void *device,
 		/* Fill inbound sa params */
 		rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto);
 		if (rc) {
-			plt_err("Failed to init inbound sa, rc=%d", rc);
+			snprintf(tbuf, sizeof(tbuf),
+				 "Failed to init inbound sa, rc=%d", rc);
 			goto mempool_put;
 		}
 
@@ -371,7 +380,8 @@ cn10k_eth_sec_session_create(void *device,
 		/* Fill outbound sa params */
 		rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
 		if (rc) {
-			plt_err("Failed to init outbound sa, rc=%d", rc);
+			snprintf(tbuf, sizeof(tbuf),
+				 "Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
 			goto mempool_put;
 		}
@@ -409,6 +419,7 @@ cn10k_eth_sec_session_create(void *device,
 	}
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
+	rte_spinlock_unlock(lock);
 
 	plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u",
 		    inbound ? "inbound" : "outbound", eth_sec->spi,
@@ -422,7 +433,11 @@ cn10k_eth_sec_session_create(void *device,
 mempool_put:
 	if (inbound && inl_dev)
 		roc_nix_inl_dev_unlock();
+	rte_spinlock_unlock(lock);
+
 	rte_mempool_put(mempool, eth_sec);
+	if (rc)
+		plt_err("%s", tbuf);
 	return rc;
 }
 
@@ -433,12 +448,16 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
 	struct cnxk_eth_sec_sess *eth_sec;
 	struct rte_mempool *mp;
+	rte_spinlock_t *lock;
 	void *sa_dptr;
 
 	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
 	if (!eth_sec)
 		return -ENOENT;
 
+	lock = eth_sec->inb ? &dev->inb.lock : &dev->outb.lock;
+	rte_spinlock_lock(lock);
+
 	if (eth_sec->inl_dev)
 		roc_nix_inl_dev_lock();
 
@@ -468,6 +487,8 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	if (eth_sec->inl_dev)
 		roc_nix_inl_dev_unlock();
 
+	rte_spinlock_unlock(lock);
+
 	plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u",
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx, eth_sec->inl_dev);
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index b070ad5..efdce22 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -146,6 +146,8 @@ cn9k_eth_sec_session_create(void *device,
 	struct cn9k_sec_sess_priv sess_priv;
 	struct rte_crypto_sym_xform *crypto;
 	struct cnxk_eth_sec_sess *eth_sec;
+	rte_spinlock_t *lock;
+	char tbuf[128] = {0};
 	bool inbound;
 	int rc = 0;
 
@@ -174,6 +176,9 @@ cn9k_eth_sec_session_create(void *device,
 		return -ENOMEM;
 	}
 
+	lock = inbound ? &dev->inb.lock : &dev->outb.lock;
+	rte_spinlock_lock(lock);
+
 	memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
 	sess_priv.u64 = 0;
 
@@ -187,18 +192,20 @@ cn9k_eth_sec_session_create(void *device,
 		/* Get Inbound SA from NIX_RX_IPSEC_SA_BASE. Assume no inline
 		 * device always for CN9K.
 		 */
-		inb_sa = (struct roc_onf_ipsec_inb_sa *)
-			roc_nix_inl_inb_sa_get(&dev->nix, false, ipsec->spi);
+		inb_sa = (struct roc_onf_ipsec_inb_sa *)roc_nix_inl_inb_sa_get(
+			&dev->nix, false, ipsec->spi);
 		if (!inb_sa) {
-			plt_err("Failed to create ingress sa");
+			snprintf(tbuf, sizeof(tbuf),
+				 "Failed to create ingress sa");
 			rc = -EFAULT;
 			goto mempool_put;
 		}
 
 		/* Check if SA is already in use */
 		if (inb_sa->ctl.valid) {
-			plt_err("Inbound SA with SPI %u already in use",
-				ipsec->spi);
+			snprintf(tbuf, sizeof(tbuf),
+				 "Inbound SA with SPI %u already in use",
+				 ipsec->spi);
 			rc = -EBUSY;
 			goto mempool_put;
 		}
@@ -208,7 +215,8 @@ cn9k_eth_sec_session_create(void *device,
 		/* Fill inbound sa params */
 		rc = cnxk_onf_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
 		if (rc) {
-			plt_err("Failed to init inbound sa, rc=%d", rc);
+			snprintf(tbuf, sizeof(tbuf),
+				 "Failed to init inbound sa, rc=%d", rc);
 			goto mempool_put;
 		}
 
@@ -263,7 +271,8 @@ cn9k_eth_sec_session_create(void *device,
 		/* Fill outbound sa params */
 		rc = cnxk_onf_ipsec_outb_sa_fill(outb_sa, ipsec, crypto);
 		if (rc) {
-			plt_err("Failed to init outbound sa, rc=%d", rc);
+			snprintf(tbuf, sizeof(tbuf),
+				 "Failed to init outbound sa, rc=%d", rc);
 			rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
 			goto mempool_put;
 		}
@@ -300,6 +309,8 @@ cn9k_eth_sec_session_create(void *device,
 	/* Sync SA content */
 	plt_atomic_thread_fence(__ATOMIC_ACQ_REL);
 
+	rte_spinlock_unlock(lock);
+
 	plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u",
 		    inbound ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx);
@@ -310,7 +321,10 @@ cn9k_eth_sec_session_create(void *device,
 
 	return 0;
 mempool_put:
+	rte_spinlock_unlock(lock);
 	rte_mempool_put(mempool, eth_sec);
+	if (rc)
+		plt_err("%s", tbuf);
 	return rc;
 }
 
@@ -323,11 +337,15 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	struct roc_onf_ipsec_inb_sa *inb_sa;
 	struct cnxk_eth_sec_sess *eth_sec;
 	struct rte_mempool *mp;
+	rte_spinlock_t *lock;
 
 	eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
 	if (!eth_sec)
 		return -ENOENT;
 
+	lock = eth_sec->inb ? &dev->inb.lock : &dev->outb.lock;
+	rte_spinlock_lock(lock);
+
 	if (eth_sec->inb) {
 		inb_sa = eth_sec->sa;
 		/* Disable SA */
@@ -349,6 +367,8 @@ cn9k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
 	/* Sync SA content */
 	plt_atomic_thread_fence(__ATOMIC_ACQ_REL);
 
+	rte_spinlock_unlock(lock);
+
 	plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u",
 		    eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
 		    eth_sec->sa_idx);
diff --git a/drivers/net/cnxk/cnxk_ethdev.c b/drivers/net/cnxk/cnxk_ethdev.c
index 74f6255..c2e7f2f 100644
--- a/drivers/net/cnxk/cnxk_ethdev.c
+++ b/drivers/net/cnxk/cnxk_ethdev.c
@@ -1605,8 +1605,6 @@ cnxk_eth_dev_init(struct rte_eth_dev *eth_dev)
 	sec_ctx->flags =
 		(RTE_SEC_CTX_F_FAST_SET_MDATA | RTE_SEC_CTX_F_FAST_GET_UDATA);
 	eth_dev->security_ctx = sec_ctx;
-	TAILQ_INIT(&dev->inb.list);
-	TAILQ_INIT(&dev->outb.list);
 
 	/* For secondary processes, the primary has done all the work */
 	if (rte_eal_process_type() != RTE_PROC_PRIMARY)
@@ -1642,6 +1640,11 @@ cnxk_eth_dev_init(struct rte_eth_dev *eth_dev)
 	dev->configured = 0;
 	dev->ptype_disable = 0;
 
+	TAILQ_INIT(&dev->inb.list);
+	TAILQ_INIT(&dev->outb.list);
+	rte_spinlock_init(&dev->inb.lock);
+	rte_spinlock_init(&dev->outb.lock);
+
 	/* For vfs, returned max_entries will be 0. but to keep default mac
 	 * address, one entry must be allocated. so setting up to 1.
 	 */
diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
index 5bfda3d..db1fb4b 100644
--- a/drivers/net/cnxk/cnxk_ethdev.h
+++ b/drivers/net/cnxk/cnxk_ethdev.h
@@ -271,6 +271,9 @@ struct cnxk_eth_dev_sec_inb {
 
 	/* DPTR for WRITE_SA microcode op */
 	void *sa_dptr;
+
+	/* Lock to synchronize sa setup/release */
+	rte_spinlock_t lock;
 };
 
 /* Outbound security data */
@@ -304,6 +307,9 @@ struct cnxk_eth_dev_sec_outb {
 
 	/* DPTR for WRITE_SA microcode op */
 	void *sa_dptr;
+
+	/* Lock to synchronize sa setup/release */
+	rte_spinlock_t lock;
 };
 
 struct cnxk_eth_dev {
-- 
2.8.4


  parent reply	other threads:[~2021-12-09  9:14 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-09  9:13 [PATCH 1/8] common/cnxk: fix shift offset for tl3 length disable Nithin Dabilpuram
2021-12-09  9:13 ` [PATCH 2/8] common/cnxk: use for loop in shaper profiles cleanup Nithin Dabilpuram
2022-01-19 16:20   ` Jerin Jacob
2021-12-09  9:13 ` [PATCH 3/8] common/cnxk: change order of frag sizes and infos Nithin Dabilpuram
2022-01-19 16:25   ` Jerin Jacob
2022-01-21 10:03   ` Ferruh Yigit
2021-12-09  9:13 ` [PATCH 4/8] common/cnxk: reset stale values on error debug registers Nithin Dabilpuram
2022-01-19 16:25   ` Jerin Jacob
2021-12-09  9:13 ` [PATCH 5/8] common/cnxk: always use single qint with NIX Nithin Dabilpuram
2022-01-19 16:28   ` Jerin Jacob
2021-12-09  9:13 ` [PATCH 6/8] common/cnxk: handle issues from static analysis Nithin Dabilpuram
2022-01-19 16:44   ` Jerin Jacob
2022-01-21 10:05   ` Ferruh Yigit
2021-12-09  9:13 ` [PATCH 7/8] net/cnxk: improve inbound inline error handling for cn9k Nithin Dabilpuram
2022-01-21 10:06   ` Ferruh Yigit
2021-12-09  9:13 ` Nithin Dabilpuram [this message]
2022-01-19 16:45   ` [PATCH 8/8] net/cnxk: synchronize inline session create and destroy Jerin Jacob
2022-01-19 16:15 ` [PATCH 1/8] common/cnxk: fix shift offset for tl3 length disable Jerin Jacob
2022-01-21 10:08   ` Ferruh Yigit
2022-01-21 10:24     ` Nithin Kumar Dabilpuram
2022-01-21 12:04 ` [PATCH v2 01/10] common/cnxk: fix shift offset for TL3 " Nithin Dabilpuram
2022-01-21 12:04   ` [PATCH v2 02/10] common/cnxk: use for loop in shaper profiles cleanup Nithin Dabilpuram
2022-01-21 12:04   ` [PATCH v2 03/10] common/cnxk: fix byte order of frag sizes and infos Nithin Dabilpuram
2022-01-21 12:04   ` [PATCH v2 04/10] common/cnxk: reset stale values on error debug registers Nithin Dabilpuram
2022-01-21 12:04   ` [PATCH v2 05/10] common/cnxk: always use single interrupt ID with NIX Nithin Dabilpuram
2022-01-21 17:16     ` Kevin Traynor
2022-01-23  7:45       ` Jerin Jacob
2022-01-21 12:04   ` [PATCH v2 06/10] common/cnxk: fix null pointer dereferences Nithin Dabilpuram
2022-01-21 12:04   ` [PATCH v2 07/10] common/cnxk: fix uninitialized variable issues Nithin Dabilpuram
2022-01-21 12:04   ` [PATCH v2 08/10] net/cnxk: improve inbound inline error handling for cn9k Nithin Dabilpuram
2022-01-21 12:04   ` [PATCH v2 09/10] common/cnxk: set UDP ports for IPsec UDP encapsulation Nithin Dabilpuram
2022-01-21 12:04   ` [PATCH v2 10/10] net/cnxk: synchronize inline session create and destroy Nithin Dabilpuram

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211209091342.27017-8-ndabilpuram@marvell.com \
    --to=ndabilpuram@marvell.com \
    --cc=dev@dpdk.org \
    --cc=jerinj@marvell.com \
    --cc=kirankumark@marvell.com \
    --cc=skori@marvell.com \
    --cc=skoteshwar@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).