Creation of a session mempool may fail in the case of a single lcore and a low number of SA. Fixes: e30b2833c47c ("security: update session create API") Cc: akhil.goyal@nxp.com Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- examples/ipsec-secgw/ipsec-secgw.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 2219148..935829e 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -65,6 +65,7 @@ volatile bool force_quit; #define CDEV_QUEUE_DESC 2048 #define CDEV_MAP_ENTRIES 16384 #define CDEV_MP_CACHE_SZ 64 +#define CDEV_MP_CACHE_MULTIPLIER 1.5 /* from rte_mempool.c */ #define MAX_QUEUE_PAIRS 1 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */ @@ -2350,6 +2351,8 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz) "sess_mp_%u", socket_id); nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * rte_lcore_count()); + nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ * + CDEV_MP_CACHE_MULTIPLIER); sess_mp = rte_cryptodev_sym_session_pool_create( mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0, socket_id); @@ -2374,6 +2377,8 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id, "sess_mp_priv_%u", socket_id); nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * rte_lcore_count()); + nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ * + CDEV_MP_CACHE_MULTIPLIER); sess_mp = rte_mempool_create(mp_name, nb_sess, sess_sz, -- 2.7.4
Hi Vladimir, > -----Original Message----- > From: Vladimir Medvedkin <vladimir.medvedkin@intel.com> > Sent: Tuesday, October 27, 2020 7:34 PM > To: dev@dpdk.org > Cc: Akhil Goyal <akhil.goyal@nxp.com>; Radu Nicolau <radu.nicolau@intel.com> > Subject: [PATCH] examples/ipsec-secgw: fix session mempool initialisation > > Creation of a session mempool may fail in the case of a single lcore > and a low number of SA. > I am not able to understand the reason why the number need to be increased. Could you please explain? > Fixes: e30b2833c47c ("security: update session create API") > Cc: akhil.goyal@nxp.com > > Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> > --- > examples/ipsec-secgw/ipsec-secgw.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec- > secgw/ipsec-secgw.c > index 2219148..935829e 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -65,6 +65,7 @@ volatile bool force_quit; > #define CDEV_QUEUE_DESC 2048 > #define CDEV_MAP_ENTRIES 16384 > #define CDEV_MP_CACHE_SZ 64 > +#define CDEV_MP_CACHE_MULTIPLIER 1.5 /* from rte_mempool.c */ > #define MAX_QUEUE_PAIRS 1 > > #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */ > @@ -2350,6 +2351,8 @@ session_pool_init(struct socket_ctx *ctx, int32_t > socket_id, size_t sess_sz) > "sess_mp_%u", socket_id); > nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * > rte_lcore_count()); > + nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ * > + CDEV_MP_CACHE_MULTIPLIER); > sess_mp = rte_cryptodev_sym_session_pool_create( > mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0, > socket_id); > @@ -2374,6 +2377,8 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t > socket_id, > "sess_mp_priv_%u", socket_id); > nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * > rte_lcore_count()); > + nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ * > + CDEV_MP_CACHE_MULTIPLIER); > sess_mp = rte_mempool_create(mp_name, > nb_sess, > sess_sz, > -- > 2.7.4
Hi Akhil, On 28/10/2020 12:30, Akhil Goyal wrote: > Hi Vladimir, > >> -----Original Message----- >> From: Vladimir Medvedkin <vladimir.medvedkin@intel.com> >> Sent: Tuesday, October 27, 2020 7:34 PM >> To: dev@dpdk.org >> Cc: Akhil Goyal <akhil.goyal@nxp.com>; Radu Nicolau <radu.nicolau@intel.com> >> Subject: [PATCH] examples/ipsec-secgw: fix session mempool initialisation >> >> Creation of a session mempool may fail in the case of a single lcore >> and a low number of SA. >> > > I am not able to understand the reason why the number need to be increased. > Could you please explain? > Sure. Starting ipsec-secgw with 4 configured SA with single lcore fails with: CRYPTODEV: rte_cryptodev_sym_session_pool_create() line 1420: rte_cryptodev_sym_session_pool_create(name=sess_mp_0) failed, rte_errno=22 In case when there is only one lcore and number of configures SA less then (0.5 * CDEV_MP_CACHE_SZ) then creation of the mempool fails with EINVAL. This is because the number of requested items is less than (cache size * 1.5) from rte_mempool_create_empty(): /* asked cache too big */ if (cache_size > RTE_MEMPOOL_CACHE_MAX_SIZE || CALC_CACHE_FLUSHTHRESH(cache_size) > n) { rte_errno = EINVAL; return NULL; } , where n is nb_sess and CALC_CACHE_FLUSHTHRESH(cache_size) is just (1.5 * cache_size). This was mentioned in rte_mempool_create() documentation: @param cache_size ... * This argument must be lower or equal to * RTE_MEMPOOL_CACHE_MAX_SIZE and n / 1.5. ... Before https://patches.dpdk.org/patch/81245/ there was no such a problem due to multiplying nb_sess by 2. >> Fixes: e30b2833c47c ("security: update session create API") >> Cc: akhil.goyal@nxp.com >> >> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> >> --- >> examples/ipsec-secgw/ipsec-secgw.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec- >> secgw/ipsec-secgw.c >> index 2219148..935829e 100644 >> --- a/examples/ipsec-secgw/ipsec-secgw.c >> +++ b/examples/ipsec-secgw/ipsec-secgw.c >> @@ -65,6 +65,7 @@ volatile bool force_quit; >> #define CDEV_QUEUE_DESC 2048 >> #define CDEV_MAP_ENTRIES 16384 >> #define CDEV_MP_CACHE_SZ 64 >> +#define CDEV_MP_CACHE_MULTIPLIER 1.5 /* from rte_mempool.c */ >> #define MAX_QUEUE_PAIRS 1 >> >> #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */ >> @@ -2350,6 +2351,8 @@ session_pool_init(struct socket_ctx *ctx, int32_t >> socket_id, size_t sess_sz) >> "sess_mp_%u", socket_id); >> nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * >> rte_lcore_count()); >> + nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ * >> + CDEV_MP_CACHE_MULTIPLIER); >> sess_mp = rte_cryptodev_sym_session_pool_create( >> mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0, >> socket_id); >> @@ -2374,6 +2377,8 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t >> socket_id, >> "sess_mp_priv_%u", socket_id); >> nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * >> rte_lcore_count()); >> + nb_sess = RTE_MAX(nb_sess, CDEV_MP_CACHE_SZ * >> + CDEV_MP_CACHE_MULTIPLIER); >> sess_mp = rte_mempool_create(mp_name, >> nb_sess, >> sess_sz, >> -- >> 2.7.4 > -- Regards, Vladimir
> Hi Akhil,
>
> On 28/10/2020 12:30, Akhil Goyal wrote:
> > Hi Vladimir,
> >
> >> -----Original Message-----
> >> From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> >> Sent: Tuesday, October 27, 2020 7:34 PM
> >> To: dev@dpdk.org
> >> Cc: Akhil Goyal <akhil.goyal@nxp.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> >> Subject: [PATCH] examples/ipsec-secgw: fix session mempool initialisation
> >>
> >> Creation of a session mempool may fail in the case of a single lcore
> >> and a low number of SA.
> >>
> >
> > I am not able to understand the reason why the number need to be increased.
> > Could you please explain?
> >
>
> Sure. Starting ipsec-secgw with 4 configured SA with single lcore fails
> with:
>
> CRYPTODEV: rte_cryptodev_sym_session_pool_create() line 1420:
> rte_cryptodev_sym_session_pool_create(name=sess_mp_0) failed,
> rte_errno=22
>
> In case when there is only one lcore and number of configures SA less
> then (0.5 * CDEV_MP_CACHE_SZ) then creation of the mempool fails with
> EINVAL. This is because the number of requested items is less than
> (cache size * 1.5)
>
> from rte_mempool_create_empty():
>
> /* asked cache too big */
> if (cache_size > RTE_MEMPOOL_CACHE_MAX_SIZE ||
> CALC_CACHE_FLUSHTHRESH(cache_size) > n) {
> rte_errno = EINVAL;
> return NULL;
> }
>
> , where n is nb_sess and CALC_CACHE_FLUSHTHRESH(cache_size) is just (1.5
> * cache_size). This was mentioned in rte_mempool_create() documentation:
> @param cache_size
> ...
> * This argument must be lower or equal to
> * RTE_MEMPOOL_CACHE_MAX_SIZE and n / 1.5.
> ...
>
Applied to dpdk-next-crypto
Patch description updated as per the explanation.
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Thanks.