From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 3EC207260 for ; Tue, 23 Jan 2018 03:06:30 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Jan 2018 18:06:29 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,398,1511856000"; d="scan'208";a="197939279" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga006.fm.intel.com with ESMTP; 22 Jan 2018 18:06:29 -0800 Received: from fmsmsx158.amr.corp.intel.com (10.18.116.75) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 22 Jan 2018 18:06:29 -0800 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by fmsmsx158.amr.corp.intel.com (10.18.116.75) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 22 Jan 2018 18:06:29 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by shsmsx102.ccr.corp.intel.com ([169.254.2.189]) with mapi id 14.03.0319.002; Tue, 23 Jan 2018 10:06:26 +0800 From: "Zhang, Helin" To: "Ananyev, Konstantin" , "Nicolau, Radu" , "dev@dpdk.org" CC: "Yigit, Ferruh" , "Lu, Wenzhuo" , "Zhao, XinfengX" , "De Lara Guarch, Pablo" Thread-Topic: [PATCH v3] net/ixgbe: check security enable bits Thread-Index: AQHTkFsiwO+zMnXdIEqc0VpmqiuoaqN/L1yAgAGNZGA= Date: Tue, 23 Jan 2018 02:06:26 +0000 Message-ID: References: <1516190088-1540-1-git-send-email-radu.nicolau@intel.com> <1516279600-13503-1-git-send-email-radu.nicolau@intel.com> <2601191342CEEE43887BDE71AB97725886281A01@irsmsx105.ger.corp.intel.com> In-Reply-To: <2601191342CEEE43887BDE71AB97725886281A01@irsmsx105.ger.corp.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v3] net/ixgbe: check security enable bits X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 02:06:30 -0000 > -----Original Message----- > From: Ananyev, Konstantin > Sent: Monday, January 22, 2018 6:24 PM > To: Nicolau, Radu; dev@dpdk.org > Cc: Yigit, Ferruh; Lu, Wenzhuo; Zhao, XinfengX; De Lara Guarch, Pablo; Zh= ang, > Helin > Subject: RE: [PATCH v3] net/ixgbe: check security enable bits >=20 >=20 >=20 > > -----Original Message----- > > From: Nicolau, Radu > > Sent: Thursday, January 18, 2018 12:47 PM > > To: dev@dpdk.org > > Cc: Yigit, Ferruh ; Lu, Wenzhuo > > ; Ananyev, Konstantin > > ; Zhao, XinfengX > > ; De Lara Guarch, Pablo > > ; Zhang, Helin > > ; Nicolau, Radu > > Subject: [PATCH v3] net/ixgbe: check security enable bits > > > > Check if the security enable bits are not fused before setting offload > > capabilities for security > > > > Signed-off-by: Radu Nicolau > > --- > > drivers/net/ixgbe/ixgbe_ethdev.c | 19 ++++++++++--------- > > drivers/net/ixgbe/ixgbe_ipsec.c | 38 > > ++++++++++++++++++++++++++++++-------- > > drivers/net/ixgbe/ixgbe_ipsec.h | 3 +-- > > 3 files changed, 41 insertions(+), 19 deletions(-) > > > > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c > > b/drivers/net/ixgbe/ixgbe_ethdev.c > > index 43e0132..b717dda 100644 > > --- a/drivers/net/ixgbe/ixgbe_ethdev.c > > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c > > @@ -1141,13 +1141,6 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) > > return 0; > > } > > > > -#ifdef RTE_LIBRTE_SECURITY > > - /* Initialize security_ctx only for primary process*/ > > - eth_dev->security_ctx =3D ixgbe_ipsec_ctx_create(eth_dev); > > - if (eth_dev->security_ctx =3D=3D NULL) > > - return -ENOMEM; > > -#endif > > - > > rte_eth_copy_pci_info(eth_dev, pci_dev); > > > > /* Vendor and Device ID need to be set before init of shared code */ > > @@ -1174,6 +1167,12 @@ eth_ixgbe_dev_init(struct rte_eth_dev *eth_dev) > > /* Unlock any pending hardware semaphore */ > > ixgbe_swfw_lock_reset(hw); > > > > +#ifdef RTE_LIBRTE_SECURITY > > + /* Initialize security_ctx only for primary process*/ > > + if (ixgbe_ipsec_ctx_create(eth_dev)) > > + return -ENOMEM; > > +#endif > > + > > /* Initialize DCB configuration*/ > > memset(dcb_config, 0, sizeof(struct ixgbe_dcb_config)); > > ixgbe_dcb_init(hw, dcb_config); > > @@ -3685,8 +3684,10 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, > struct rte_eth_dev_info *dev_info) > > dev_info->tx_offload_capa |=3D > DEV_TX_OFFLOAD_OUTER_IPV4_CKSUM; > > > > #ifdef RTE_LIBRTE_SECURITY > > - dev_info->rx_offload_capa |=3D DEV_RX_OFFLOAD_SECURITY; > > - dev_info->tx_offload_capa |=3D DEV_TX_OFFLOAD_SECURITY; > > + if (dev->security_ctx) { > > + dev_info->rx_offload_capa |=3D DEV_RX_OFFLOAD_SECURITY; > > + dev_info->tx_offload_capa |=3D DEV_TX_OFFLOAD_SECURITY; > > + } > > #endif > > > > dev_info->default_rxconf =3D (struct rte_eth_rxconf) { diff --git > > a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c > > index 97f025a8..a60b29a 100644 > > --- a/drivers/net/ixgbe/ixgbe_ipsec.c > > +++ b/drivers/net/ixgbe/ixgbe_ipsec.c > > @@ -694,15 +694,37 @@ static struct rte_security_ops ixgbe_security_ops= =3D > { > > .capabilities_get =3D ixgbe_crypto_capabilities_get }; > > > > -struct rte_security_ctx * > > +static int > > +ixgbe_crypto_capable(struct rte_eth_dev *dev) { > > + struct ixgbe_hw *hw =3D IXGBE_DEV_PRIVATE_TO_HW(dev->data- > >dev_private); > > + uint32_t reg_i, reg, capable =3D 1; > > + /* test if rx crypto can be enabled and then write back initial value= */ > > + reg_i =3D IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); > > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, 0); > > + reg =3D IXGBE_READ_REG(hw, IXGBE_SECRXCTRL); > > + if (reg !=3D 0) > > + capable =3D 0; > > + IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, reg_i); > > + return capable; > > +} > > + > > +int > > ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev) { > > - struct rte_security_ctx *ctx =3D rte_malloc("rte_security_instances_o= ps", > > - sizeof(struct rte_security_ctx), 0); > > - if (ctx) { > > - ctx->device =3D (void *)dev; > > - ctx->ops =3D &ixgbe_security_ops; > > - ctx->sess_cnt =3D 0; > > + struct rte_security_ctx *ctx =3D NULL; > > + > > + if (ixgbe_crypto_capable(dev)) { > > + ctx =3D rte_malloc("rte_security_instances_ops", > > + sizeof(struct rte_security_ctx), 0); > > + if (ctx) { > > + ctx->device =3D (void *)dev; > > + ctx->ops =3D &ixgbe_security_ops; > > + ctx->sess_cnt =3D 0; > > + dev->security_ctx =3D ctx; > > + } else { > > + return -ENOMEM; > > + } > > } > > - return ctx; > > + return 0; > > } > > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h > > b/drivers/net/ixgbe/ixgbe_ipsec.h index acd9f3e..d13c407 100644 > > --- a/drivers/net/ixgbe/ixgbe_ipsec.h > > +++ b/drivers/net/ixgbe/ixgbe_ipsec.h > > @@ -110,8 +110,7 @@ struct ixgbe_ipsec { }; > > > > > > -struct rte_security_ctx * > > -ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); > > +int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); > > int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev); int > > ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, > > const void *ip_spec, > > -- > > 2.7.5 >=20 > Acked-by: Konstantin Ananyev Applied to dpdk-next-net-intel, thanks! /Helin