From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id ED33B1B1B8 for ; Wed, 20 Dec 2017 19:06:38 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Dec 2017 10:06:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,432,1508828400"; d="scan'208";a="3471880" Received: from rnicolau-mobl.ger.corp.intel.com (HELO [10.252.3.215]) ([10.252.3.215]) by fmsmga002.fm.intel.com with ESMTP; 20 Dec 2017 10:06:35 -0800 To: Stephen Hemminger Cc: dev@dpdk.org, helin.zhang@intel.com, konstantin.ananyev@intel.com, wenzhuo.lu@intel.com, declan.doherty@intel.com References: <1511349560-12704-1-git-send-email-radu.nicolau@intel.com> <1513769571-16734-1-git-send-email-radu.nicolau@intel.com> <20171220074600.507383f8@xeon-e3> From: Radu Nicolau Message-ID: Date: Wed, 20 Dec 2017 18:06:34 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171220074600.507383f8@xeon-e3> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Subject: Re: [dpdk-dev] [PATCH v2] net/ixgbe: removed ipsec keys from private data X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2017 18:06:39 -0000 On 12/20/2017 3:46 PM, Stephen Hemminger wrote: > On Wed, 20 Dec 2017 11:32:51 +0000 > Radu Nicolau wrote: > >> All ipsec related setting are being held in the driver >> private data to allow easy add and remove of SAs. There >> is no need to keep a record of the keys, and also >> storing the keys can be a security issue. >> >> Signed-off-by: Radu Nicolau >> Acked-by: Declan Doherty >> --- >> drivers/net/ixgbe/ixgbe_ipsec.c | 78 ++++++++++++++++++----------------------- >> drivers/net/ixgbe/ixgbe_ipsec.h | 4 --- >> 2 files changed, 35 insertions(+), 47 deletions(-) >> >> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c >> index 105da11..a7ba358 100644 >> --- a/drivers/net/ixgbe/ixgbe_ipsec.c >> +++ b/drivers/net/ixgbe/ixgbe_ipsec.c >> @@ -70,6 +70,8 @@ static void >> ixgbe_crypto_clear_ipsec_tables(struct rte_eth_dev *dev) >> { >> struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); >> + struct ixgbe_ipsec *priv = IXGBE_DEV_PRIVATE_TO_IPSEC( >> + dev->data->dev_private); >> int i = 0; >> >> /* clear Rx IP table*/ >> @@ -106,6 +108,10 @@ ixgbe_crypto_clear_ipsec_tables(struct rte_eth_dev *dev) >> IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT, 0); >> IXGBE_WAIT_TWRITE; >> } >> + >> + memset(priv->rx_ip_tbl, 0, sizeof(priv->rx_ip_tbl)); >> + memset(priv->rx_sa_tbl, 0, sizeof(priv->rx_sa_tbl)); >> + memset(priv->tx_sa_tbl, 0, sizeof(priv->tx_sa_tbl)); > GCC has been known to optimize out this kind of memset. > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=8537 > Thanks for pointing it out, I will send an update.