From: "Sun, GuinanX" <guinanx.sun@intel.com>
To: "Ye, Xiaolong" <xiaolong.ye@intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>,
"Lu, Wenzhuo" <wenzhuo.lu@intel.com>,
"Yang, Qiming" <qiming.yang@intel.com>,
"stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-stable] [dpdk-dev] [PATCH v2] net/ixgbe: fix macsec setting
Date: Wed, 30 Oct 2019 03:19:14 +0000 [thread overview]
Message-ID: <05758BDAD7FC8E4BAED63D0390A8A9557DC27D@SHSMSX101.ccr.corp.intel.com> (raw)
In-Reply-To: <20191029090306.GA106706@intel.com>
Hi, Xiaolong
On 10/29, Sun GuinanX wrote:
> >macsec setting is not valid when port is stopped.
> >In order to make it valid, the patch changes the setting to where port
> >is started.
> >
> >Fixes: 597f9fafe13b ("app/testpmd: convert to new Tx offloads API")
> >Cc: stable@dpdk.org
> >
> >Signed-off-by: Sun GuinanX <guinanx.sun@intel.com>
> >---
> >v2:
> >* Modified function name
> >* Refactored the rte_pmd_ixgbe_macsec_enable/disable function
> >* Modified structure name
> >* Modified the data type of a structure variable
> >---
> > drivers/net/ixgbe/ixgbe_ethdev.c | 160 ++++++++++++++++++++++++++++++
> >drivers/net/ixgbe/ixgbe_ethdev.h | 15 +++
> >drivers/net/ixgbe/rte_pmd_ixgbe.c | 127 ++----------------------
> > 3 files changed, 182 insertions(+), 120 deletions(-)
> >
> >diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c
> >b/drivers/net/ixgbe/ixgbe_ethdev.c
> >index dbce7a80e..7ae7bc9ca 100644
> >--- a/drivers/net/ixgbe/ixgbe_ethdev.c
> >+++ b/drivers/net/ixgbe/ixgbe_ethdev.c
> >@@ -379,6 +379,11 @@ static int ixgbe_dev_udp_tunnel_port_del(struct
> >rte_eth_dev *dev, static int ixgbe_filter_restore(struct rte_eth_dev
> >*dev); static void ixgbe_l2_tunnel_conf(struct rte_eth_dev *dev);
> >
> >+static void ixgbe_dev_macsec_ctrl_register_enable(struct rte_eth_dev *dev,
> >+ struct ixgbe_macsec_setting *macsec_contrl);
> >+
> >+static void ixgbe_dev_macsec_ctrl_register_disable(struct rte_eth_dev
> >+*dev);
> >+
> > /*
> > * Define VF Stats MACRO for Non "cleared on read" register
> > */
> >@@ -2542,6 +2547,8 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
> > uint32_t *link_speeds;
> > struct ixgbe_tm_conf *tm_conf =
> > IXGBE_DEV_PRIVATE_TO_TM_CONF(dev->data->dev_private);
> >+ struct ixgbe_macsec_setting *macsec_ctrl =
> >+ IXGBE_DEV_PRIVATE_TO_MACSEC_CTRL(dev->data-
> >dev_private);
> >
> > PMD_INIT_FUNC_TRACE();
> >
> >@@ -2794,6 +2801,9 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
> > */
> > ixgbe_dev_link_update(dev, 0);
> >
> >+ /* setup the macsec ctrl register */
> >+ ixgbe_dev_macsec_ctrl_register_enable(dev, macsec_ctrl);
> >+
> > return 0;
> >
> > error:
> >@@ -2825,6 +2835,9 @@ ixgbe_dev_stop(struct rte_eth_dev *dev)
> >
> > PMD_INIT_FUNC_TRACE();
> >
> >+ /* disable mecsec register */
> >+ ixgbe_dev_macsec_ctrl_register_disable(dev);
> >+
> > rte_eal_alarm_cancel(ixgbe_dev_setup_link_alarm_handler, dev);
> >
> > /* disable interrupts */
> >@@ -8816,6 +8829,153 @@ ixgbe_clear_all_l2_tn_filter(struct rte_eth_dev
> *dev)
> > return 0;
> > }
> >
> >+/* macsec ctrl setup enable */
>
> This comment is not aligned with the function name, actually since this function
> is quite straightforward, the comment is unnecessary.
Similar useless comments had been removed
>
> >+void
> >+ixgbe_dev_macsec_setting_save(struct rte_eth_dev *dev,
> >+ struct ixgbe_macsec_setting *macsec_ctrl) {
> >+ struct ixgbe_macsec_setting *macsec =
> >+ IXGBE_DEV_PRIVATE_TO_MACSEC_CTRL(dev->data-
> >dev_private);
> >+
> >+ macsec->encrypt_en = macsec_ctrl->encrypt_en;
> >+ macsec->replayprotect_en = macsec_ctrl->replayprotect_en; }
> >+
> >+/* macsec ctrl setup disable */
>
> ditto
Similar useless comments had been removed
>
> >+void
> >+ixgbe_dev_macsec_setting_reset(struct rte_eth_dev *dev) {
> >+ struct ixgbe_macsec_setting *macsec =
> >+ IXGBE_DEV_PRIVATE_TO_MACSEC_CTRL(dev->data-
> >dev_private);
> >+
> >+ macsec->encrypt_en = 0;
> >+ macsec->replayprotect_en = 0;
> >+}
> >+
> >+/* macsec ctrl register set */
> >+static void
> >+ixgbe_dev_macsec_ctrl_register_enable(struct rte_eth_dev *dev,
> >+ struct ixgbe_macsec_setting *macsec_contrl) {
> >+ struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data-
> >dev_private);
> >+ uint32_t ctrl;
> >+ uint8_t en = (uint8_t)macsec_contrl->encrypt_en;
> >+ uint8_t rp = (uint8_t)macsec_contrl->replayprotect_en;
> >+
> >+ /**
> >+ * Workaround:
> >+ * As no ixgbe_disable_sec_rx_path equivalent is
> >+ * implemented for tx in the base code, and we are
> >+ * not allowed to modify the base code in DPDK, so
> >+ * just call the hand-written one directly for now.
> >+ * The hardware support has been checked by
> >+ * ixgbe_disable_sec_rx_path().
> >+ */
> >+ ixgbe_disable_sec_tx_path_generic(hw);
> >+
> >+ /* Enable Ethernet CRC (required by MACsec offload) */
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_HLREG0);
> >+ ctrl |= IXGBE_HLREG0_TXCRCEN | IXGBE_HLREG0_RXCRCSTRP;
> >+ IXGBE_WRITE_REG(hw, IXGBE_HLREG0, ctrl);
> >+
> >+ /* Enable the TX and RX crypto engines */
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXCTRL);
> >+ ctrl &= ~IXGBE_SECTXCTRL_SECTX_DIS;
> >+ IXGBE_WRITE_REG(hw, IXGBE_SECTXCTRL, ctrl);
> >+
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> >+ ctrl &= ~IXGBE_SECRXCTRL_SECRX_DIS;
> >+ IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, ctrl);
> >+
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXMINIFG);
> >+ ctrl &= ~IXGBE_SECTX_MINSECIFG_MASK;
> >+ ctrl |= 0x3;
> >+ IXGBE_WRITE_REG(hw, IXGBE_SECTXMINIFG, ctrl);
> >+
> >+ /* Enable SA lookup */
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_LSECTXCTRL);
> >+ ctrl &= ~IXGBE_LSECTXCTRL_EN_MASK;
> >+ ctrl |= en ? IXGBE_LSECTXCTRL_AUTH_ENCRYPT :
> >+ IXGBE_LSECTXCTRL_AUTH;
> >+ ctrl |= IXGBE_LSECTXCTRL_AISCI;
> >+ ctrl &= ~IXGBE_LSECTXCTRL_PNTHRSH_MASK;
> >+ ctrl |= IXGBE_MACSEC_PNTHRSH &
> IXGBE_LSECTXCTRL_PNTHRSH_MASK;
> >+ IXGBE_WRITE_REG(hw, IXGBE_LSECTXCTRL, ctrl);
> >+
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_LSECRXCTRL);
> >+ ctrl &= ~IXGBE_LSECRXCTRL_EN_MASK;
> >+ ctrl |= IXGBE_LSECRXCTRL_STRICT << IXGBE_LSECRXCTRL_EN_SHIFT;
> >+ ctrl &= ~IXGBE_LSECRXCTRL_PLSH;
> >+ if (rp)
> >+ ctrl |= IXGBE_LSECRXCTRL_RP;
> >+ else
> >+ ctrl &= ~IXGBE_LSECRXCTRL_RP;
> >+ IXGBE_WRITE_REG(hw, IXGBE_LSECRXCTRL, ctrl);
> >+
> >+ /* Start the data paths */
> >+ ixgbe_enable_sec_rx_path(hw);
> >+ /**
> >+ * Workaround:
> >+ * As no ixgbe_enable_sec_rx_path equivalent is
> >+ * implemented for tx in the base code, and we are
> >+ * not allowed to modify the base code in DPDK, so
> >+ * just call the hand-written one directly for now.
> >+ */
> >+ ixgbe_enable_sec_tx_path_generic(hw);
> >+}
> >+
> >+/* macsec ctrl register set */
> >+static void
> >+ixgbe_dev_macsec_ctrl_register_disable(struct rte_eth_dev *dev) {
> >+ struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data-
> >dev_private);
> >+ uint32_t ctrl;
> >+
> >+ /**
> >+ * Workaround:
> >+ * As no ixgbe_disable_sec_rx_path equivalent is
> >+ * implemented for tx in the base code, and we are
> >+ * not allowed to modify the base code in DPDK, so
> >+ * just call the hand-written one directly for now.
> >+ * The hardware support has been checked by
> >+ * ixgbe_disable_sec_rx_path().
> >+ */
> >+ ixgbe_disable_sec_tx_path_generic(hw);
> >+
> >+ /* Disable the TX and RX crypto engines */
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXCTRL);
> >+ ctrl |= IXGBE_SECTXCTRL_SECTX_DIS;
> >+ IXGBE_WRITE_REG(hw, IXGBE_SECTXCTRL, ctrl);
> >+
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> >+ ctrl |= IXGBE_SECRXCTRL_SECRX_DIS;
> >+ IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, ctrl);
> >+
> >+ /* Disable SA lookup */
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_LSECTXCTRL);
> >+ ctrl &= ~IXGBE_LSECTXCTRL_EN_MASK;
> >+ ctrl |= IXGBE_LSECTXCTRL_DISABLE;
> >+ IXGBE_WRITE_REG(hw, IXGBE_LSECTXCTRL, ctrl);
> >+
> >+ ctrl = IXGBE_READ_REG(hw, IXGBE_LSECRXCTRL);
> >+ ctrl &= ~IXGBE_LSECRXCTRL_EN_MASK;
> >+ ctrl |= IXGBE_LSECRXCTRL_DISABLE << IXGBE_LSECRXCTRL_EN_SHIFT;
> >+ IXGBE_WRITE_REG(hw, IXGBE_LSECRXCTRL, ctrl);
> >+
> >+ /* Start the data paths */
> >+ ixgbe_enable_sec_rx_path(hw);
> >+ /**
> >+ * Workaround:
> >+ * As no ixgbe_enable_sec_rx_path equivalent is
> >+ * implemented for tx in the base code, and we are
> >+ * not allowed to modify the base code in DPDK, so
> >+ * just call the hand-written one directly for now.
> >+ */
> >+ ixgbe_enable_sec_tx_path_generic(hw);
> >+}
> >+
> >+
> >+
>
> One empty line is enough here.
had been removed
>
> > RTE_PMD_REGISTER_PCI(net_ixgbe, rte_ixgbe_pmd);
> >RTE_PMD_REGISTER_PCI_TABLE(net_ixgbe, pci_id_ixgbe_map);
> >RTE_PMD_REGISTER_KMOD_DEP(net_ixgbe, "* igb_uio | uio_pci_generic |
> >vfio-pci"); diff --git a/drivers/net/ixgbe/ixgbe_ethdev.h
> >b/drivers/net/ixgbe/ixgbe_ethdev.h
> >index 6e9ed2e10..6aa2cdbbc 100644
> >--- a/drivers/net/ixgbe/ixgbe_ethdev.h
> >+++ b/drivers/net/ixgbe/ixgbe_ethdev.h
> >@@ -365,6 +365,12 @@ struct rte_flow {
> > void *rule;
> > };
> >
> >+/* MACsec Control structure */
>
> Comment is unaligned and unnecessary.
had been removed
>
> >+struct ixgbe_macsec_setting {
> >+ uint8_t encrypt_en; /* encrypt enabled */
> >+ uint8_t replayprotect_en; /* replayprotect enabled */
> >+};
> >+
> > /*
> > * Statistics counters collected by the MACsec
> > */
> >@@ -471,6 +477,7 @@ struct ixgbe_adapter {
> > struct ixgbe_hw hw;
> > struct ixgbe_hw_stats stats;
> > struct ixgbe_macsec_stats macsec_stats;
> >+ struct ixgbe_macsec_setting macsec_ctrl;
> > struct ixgbe_hw_fdir_info fdir;
> > struct ixgbe_interrupt intr;
> > struct ixgbe_stat_mapping_registers stat_mappings; @@ -523,6 +530,9
> >@@ int ixgbe_vf_representor_uninit(struct rte_eth_dev *ethdev);
> >#define IXGBE_DEV_PRIVATE_TO_MACSEC_STATS(adapter) \
> > (&((struct ixgbe_adapter *)adapter)->macsec_stats)
> >
> >+#define IXGBE_DEV_PRIVATE_TO_MACSEC_CTRL(adapter) \
> >+ (&((struct ixgbe_adapter *)adapter)->macsec_ctrl)
> >+
> > #define IXGBE_DEV_PRIVATE_TO_INTR(adapter) \
> > (&((struct ixgbe_adapter *)adapter)->intr)
> >
> >@@ -741,6 +751,11 @@ int ixgbe_action_rss_same(const struct
> >rte_flow_action_rss *comp, int ixgbe_config_rss_filter(struct rte_eth_dev
> *dev,
> > struct ixgbe_rte_flow_rss_conf *conf, bool add);
> >
> >+void ixgbe_dev_macsec_setting_save(struct rte_eth_dev *dev,
> >+ struct ixgbe_macsec_setting *macsec_ctrl);
> >+
> >+void ixgbe_dev_macsec_setting_reset(struct rte_eth_dev *dev);
> >+
> > static inline int
> > ixgbe_ethertype_filter_lookup(struct ixgbe_filter_info *filter_info,
> > uint16_t ethertype)
> >diff --git a/drivers/net/ixgbe/rte_pmd_ixgbe.c
> >b/drivers/net/ixgbe/rte_pmd_ixgbe.c
> >index 9514f2cf5..3a1474876 100644
> >--- a/drivers/net/ixgbe/rte_pmd_ixgbe.c
> >+++ b/drivers/net/ixgbe/rte_pmd_ixgbe.c
> >@@ -515,82 +515,18 @@ rte_pmd_ixgbe_set_vf_rate_limit(uint16_t port,
> >uint16_t vf, int rte_pmd_ixgbe_macsec_enable(uint16_t port, uint8_t
> >en, uint8_t rp) {
>
> I think there is usercase when dev is started, and user calls
> rte_pmd_ixgbe_macsec_enable and he expects it will take effect, so we still
> need to configure register (call ixgbe_dev_macsec_ctrl_register_enable) here
> other than just caching the macsec setting.
>
This kind of usercase processing will be added in the patch of V3.
> >- struct ixgbe_hw *hw;
> > struct rte_eth_dev *dev;
> >- uint32_t ctrl;
> >+ struct ixgbe_macsec_setting macsec_setting;
> >
> > RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
> >
> > dev = &rte_eth_devices[port];
> >
> >- if (!is_ixgbe_supported(dev))
> >- return -ENOTSUP;
> >-
> >- hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
> >+ macsec_setting.encrypt_en = en;
> >+ macsec_setting.replayprotect_en = rp;
> >
> >- /* Stop the data paths */
> >- if (ixgbe_disable_sec_rx_path(hw) != IXGBE_SUCCESS)
> >- return -ENOTSUP;
> >- /**
> >- * Workaround:
> >- * As no ixgbe_disable_sec_rx_path equivalent is
> >- * implemented for tx in the base code, and we are
> >- * not allowed to modify the base code in DPDK, so
> >- * just call the hand-written one directly for now.
> >- * The hardware support has been checked by
> >- * ixgbe_disable_sec_rx_path().
> >- */
> >- ixgbe_disable_sec_tx_path_generic(hw);
> >-
> >- /* Enable Ethernet CRC (required by MACsec offload) */
> >- ctrl = IXGBE_READ_REG(hw, IXGBE_HLREG0);
> >- ctrl |= IXGBE_HLREG0_TXCRCEN | IXGBE_HLREG0_RXCRCSTRP;
> >- IXGBE_WRITE_REG(hw, IXGBE_HLREG0, ctrl);
> >-
> >- /* Enable the TX and RX crypto engines */
> >- ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXCTRL);
> >- ctrl &= ~IXGBE_SECTXCTRL_SECTX_DIS;
> >- IXGBE_WRITE_REG(hw, IXGBE_SECTXCTRL, ctrl);
> >-
> >- ctrl = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
> >- ctrl &= ~IXGBE_SECRXCTRL_SECRX_DIS;
> >- IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, ctrl);
> >-
> >- ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXMINIFG);
> >- ctrl &= ~IXGBE_SECTX_MINSECIFG_MASK;
> >- ctrl |= 0x3;
> >- IXGBE_WRITE_REG(hw, IXGBE_SECTXMINIFG, ctrl);
> >-
> >- /* Enable SA lookup */
> >- ctrl = IXGBE_READ_REG(hw, IXGBE_LSECTXCTRL);
> >- ctrl &= ~IXGBE_LSECTXCTRL_EN_MASK;
> >- ctrl |= en ? IXGBE_LSECTXCTRL_AUTH_ENCRYPT :
> >- IXGBE_LSECTXCTRL_AUTH;
> >- ctrl |= IXGBE_LSECTXCTRL_AISCI;
> >- ctrl &= ~IXGBE_LSECTXCTRL_PNTHRSH_MASK;
> >- ctrl |= IXGBE_MACSEC_PNTHRSH &
> IXGBE_LSECTXCTRL_PNTHRSH_MASK;
> >- IXGBE_WRITE_REG(hw, IXGBE_LSECTXCTRL, ctrl);
> >-
> >- ctrl = IXGBE_READ_REG(hw, IXGBE_LSECRXCTRL);
> >- ctrl &= ~IXGBE_LSECRXCTRL_EN_MASK;
> >- ctrl |= IXGBE_LSECRXCTRL_STRICT << IXGBE_LSECRXCTRL_EN_SHIFT;
> >- ctrl &= ~IXGBE_LSECRXCTRL_PLSH;
> >- if (rp)
> >- ctrl |= IXGBE_LSECRXCTRL_RP;
> >- else
> >- ctrl &= ~IXGBE_LSECRXCTRL_RP;
> >- IXGBE_WRITE_REG(hw, IXGBE_LSECRXCTRL, ctrl);
> >-
> >- /* Start the data paths */
> >- ixgbe_enable_sec_rx_path(hw);
> >- /**
> >- * Workaround:
> >- * As no ixgbe_enable_sec_rx_path equivalent is
> >- * implemented for tx in the base code, and we are
> >- * not allowed to modify the base code in DPDK, so
> >- * just call the hand-written one directly for now.
> >- */
> >- ixgbe_enable_sec_tx_path_generic(hw);
> >+ /* Enable macsec setup */
> >+ ixgbe_dev_macsec_setting_save(dev, &macsec_setting);
> >
> > return 0;
> > }
> >@@ -598,63 +534,14 @@ rte_pmd_ixgbe_macsec_enable(uint16_t port,
> >uint8_t en, uint8_t rp) int rte_pmd_ixgbe_macsec_disable(uint16_t
> >port) {
>
> Ditto.
>
This kind of usercase processing will be added in the patch of V3.
> Thanks,
> Xiaolong
next prev parent reply other threads:[~2019-10-30 3:19 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-25 9:21 [dpdk-stable] [PATCH] " Sun GuinanX
2019-10-29 3:24 ` [dpdk-stable] [dpdk-dev] " Ye Xiaolong
2019-10-29 16:32 ` [dpdk-stable] [PATCH v2] " Sun GuinanX
2019-10-29 9:03 ` [dpdk-stable] [dpdk-dev] " Ye Xiaolong
2019-10-30 3:19 ` Sun, GuinanX [this message]
2019-10-30 10:43 ` [dpdk-stable] [PATCH v3] " Sun GuinanX
2019-10-30 11:31 ` [dpdk-stable] [PATCH v4] " Sun GuinanX
2019-10-30 5:34 ` [dpdk-stable] [dpdk-dev] " Ye Xiaolong
2019-10-30 14:27 ` [dpdk-stable] [PATCH v5] " Sun GuinanX
2019-10-31 2:12 ` [dpdk-stable] [dpdk-dev] " Ye Xiaolong
2019-10-31 11:31 ` [dpdk-stable] [PATCH v6] " Sun GuinanX
2019-11-01 2:25 ` [dpdk-stable] [dpdk-dev] " Ye Xiaolong
2020-05-18 2:56 ` Zhao1, Wei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=05758BDAD7FC8E4BAED63D0390A8A9557DC27D@SHSMSX101.ccr.corp.intel.com \
--to=guinanx.sun@intel.com \
--cc=dev@dpdk.org \
--cc=qiming.yang@intel.com \
--cc=stable@dpdk.org \
--cc=wenzhuo.lu@intel.com \
--cc=xiaolong.ye@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).