From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
by inbox.dpdk.org (Postfix) with ESMTP id 16FF2A00BE
for <public@inbox.dpdk.org>; Tue, 29 Oct 2019 09:43:36 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
by dpdk.org (Postfix) with ESMTP id D476D1BEF0;
Tue, 29 Oct 2019 09:43:35 +0100 (CET)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
by dpdk.org (Postfix) with ESMTP id B223F1BEDD;
Tue, 29 Oct 2019 09:43:32 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
29 Oct 2019 01:43:31 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.68,243,1569308400"; d="scan'208";a="211063006"
Received: from intel.sh.intel.com ([10.239.255.128])
by fmsmga001.fm.intel.com with ESMTP; 29 Oct 2019 01:43:30 -0700
From: Sun GuinanX <guinanx.sun@intel.com>
To: dev@dpdk.org
Cc: Wenzhuo Lu <wenzhuo.lu@intel.com>, Qiming Yang <qiming.yang@intel.com>,
Sun GuinanX <guinanx.sun@intel.com>, stable@dpdk.org
Date: Tue, 29 Oct 2019 16:32:11 +0000
Message-Id: <20191029163211.3254-1-guinanx.sun@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20191025092140.37288-1-guinanx.sun@intel.com>
References: <20191025092140.37288-1-guinanx.sun@intel.com>
Subject: [dpdk-stable] [PATCH v2] net/ixgbe: fix macsec setting
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
<mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
<mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>
macsec setting is not valid when port is stopped.
In order to make it valid, the patch changes the setting
to where port is started.
Fixes: 597f9fafe13b ("app/testpmd: convert to new Tx offloads API")
Cc: stable@dpdk.org
Signed-off-by: Sun GuinanX <guinanx.sun@intel.com>
---
v2:
* Modified function name
* Refactored the rte_pmd_ixgbe_macsec_enable/disable function
* Modified structure name
* Modified the data type of a structure variable
---
drivers/net/ixgbe/ixgbe_ethdev.c | 160 ++++++++++++++++++++++++++++++
drivers/net/ixgbe/ixgbe_ethdev.h | 15 +++
drivers/net/ixgbe/rte_pmd_ixgbe.c | 127 ++----------------------
3 files changed, 182 insertions(+), 120 deletions(-)
diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
index dbce7a80e..7ae7bc9ca 100644
--- a/drivers/net/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/ixgbe/ixgbe_ethdev.c
@@ -379,6 +379,11 @@ static int ixgbe_dev_udp_tunnel_port_del(struct rte_eth_dev *dev,
static int ixgbe_filter_restore(struct rte_eth_dev *dev);
static void ixgbe_l2_tunnel_conf(struct rte_eth_dev *dev);
+static void ixgbe_dev_macsec_ctrl_register_enable(struct rte_eth_dev *dev,
+ struct ixgbe_macsec_setting *macsec_contrl);
+
+static void ixgbe_dev_macsec_ctrl_register_disable(struct rte_eth_dev *dev);
+
/*
* Define VF Stats MACRO for Non "cleared on read" register
*/
@@ -2542,6 +2547,8 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
uint32_t *link_speeds;
struct ixgbe_tm_conf *tm_conf =
IXGBE_DEV_PRIVATE_TO_TM_CONF(dev->data->dev_private);
+ struct ixgbe_macsec_setting *macsec_ctrl =
+ IXGBE_DEV_PRIVATE_TO_MACSEC_CTRL(dev->data->dev_private);
PMD_INIT_FUNC_TRACE();
@@ -2794,6 +2801,9 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
*/
ixgbe_dev_link_update(dev, 0);
+ /* setup the macsec ctrl register */
+ ixgbe_dev_macsec_ctrl_register_enable(dev, macsec_ctrl);
+
return 0;
error:
@@ -2825,6 +2835,9 @@ ixgbe_dev_stop(struct rte_eth_dev *dev)
PMD_INIT_FUNC_TRACE();
+ /* disable mecsec register */
+ ixgbe_dev_macsec_ctrl_register_disable(dev);
+
rte_eal_alarm_cancel(ixgbe_dev_setup_link_alarm_handler, dev);
/* disable interrupts */
@@ -8816,6 +8829,153 @@ ixgbe_clear_all_l2_tn_filter(struct rte_eth_dev *dev)
return 0;
}
+/* macsec ctrl setup enable */
+void
+ixgbe_dev_macsec_setting_save(struct rte_eth_dev *dev,
+ struct ixgbe_macsec_setting *macsec_ctrl)
+{
+ struct ixgbe_macsec_setting *macsec =
+ IXGBE_DEV_PRIVATE_TO_MACSEC_CTRL(dev->data->dev_private);
+
+ macsec->encrypt_en = macsec_ctrl->encrypt_en;
+ macsec->replayprotect_en = macsec_ctrl->replayprotect_en;
+}
+
+/* macsec ctrl setup disable */
+void
+ixgbe_dev_macsec_setting_reset(struct rte_eth_dev *dev)
+{
+ struct ixgbe_macsec_setting *macsec =
+ IXGBE_DEV_PRIVATE_TO_MACSEC_CTRL(dev->data->dev_private);
+
+ macsec->encrypt_en = 0;
+ macsec->replayprotect_en = 0;
+}
+
+/* macsec ctrl register set */
+static void
+ixgbe_dev_macsec_ctrl_register_enable(struct rte_eth_dev *dev,
+ struct ixgbe_macsec_setting *macsec_contrl)
+{
+ struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ uint32_t ctrl;
+ uint8_t en = (uint8_t)macsec_contrl->encrypt_en;
+ uint8_t rp = (uint8_t)macsec_contrl->replayprotect_en;
+
+ /**
+ * Workaround:
+ * As no ixgbe_disable_sec_rx_path equivalent is
+ * implemented for tx in the base code, and we are
+ * not allowed to modify the base code in DPDK, so
+ * just call the hand-written one directly for now.
+ * The hardware support has been checked by
+ * ixgbe_disable_sec_rx_path().
+ */
+ ixgbe_disable_sec_tx_path_generic(hw);
+
+ /* Enable Ethernet CRC (required by MACsec offload) */
+ ctrl = IXGBE_READ_REG(hw, IXGBE_HLREG0);
+ ctrl |= IXGBE_HLREG0_TXCRCEN | IXGBE_HLREG0_RXCRCSTRP;
+ IXGBE_WRITE_REG(hw, IXGBE_HLREG0, ctrl);
+
+ /* Enable the TX and RX crypto engines */
+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXCTRL);
+ ctrl &= ~IXGBE_SECTXCTRL_SECTX_DIS;
+ IXGBE_WRITE_REG(hw, IXGBE_SECTXCTRL, ctrl);
+
+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+ ctrl &= ~IXGBE_SECRXCTRL_SECRX_DIS;
+ IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, ctrl);
+
+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXMINIFG);
+ ctrl &= ~IXGBE_SECTX_MINSECIFG_MASK;
+ ctrl |= 0x3;
+ IXGBE_WRITE_REG(hw, IXGBE_SECTXMINIFG, ctrl);
+
+ /* Enable SA lookup */
+ ctrl = IXGBE_READ_REG(hw, IXGBE_LSECTXCTRL);
+ ctrl &= ~IXGBE_LSECTXCTRL_EN_MASK;
+ ctrl |= en ? IXGBE_LSECTXCTRL_AUTH_ENCRYPT :
+ IXGBE_LSECTXCTRL_AUTH;
+ ctrl |= IXGBE_LSECTXCTRL_AISCI;
+ ctrl &= ~IXGBE_LSECTXCTRL_PNTHRSH_MASK;
+ ctrl |= IXGBE_MACSEC_PNTHRSH & IXGBE_LSECTXCTRL_PNTHRSH_MASK;
+ IXGBE_WRITE_REG(hw, IXGBE_LSECTXCTRL, ctrl);
+
+ ctrl = IXGBE_READ_REG(hw, IXGBE_LSECRXCTRL);
+ ctrl &= ~IXGBE_LSECRXCTRL_EN_MASK;
+ ctrl |= IXGBE_LSECRXCTRL_STRICT << IXGBE_LSECRXCTRL_EN_SHIFT;
+ ctrl &= ~IXGBE_LSECRXCTRL_PLSH;
+ if (rp)
+ ctrl |= IXGBE_LSECRXCTRL_RP;
+ else
+ ctrl &= ~IXGBE_LSECRXCTRL_RP;
+ IXGBE_WRITE_REG(hw, IXGBE_LSECRXCTRL, ctrl);
+
+ /* Start the data paths */
+ ixgbe_enable_sec_rx_path(hw);
+ /**
+ * Workaround:
+ * As no ixgbe_enable_sec_rx_path equivalent is
+ * implemented for tx in the base code, and we are
+ * not allowed to modify the base code in DPDK, so
+ * just call the hand-written one directly for now.
+ */
+ ixgbe_enable_sec_tx_path_generic(hw);
+}
+
+/* macsec ctrl register set */
+static void
+ixgbe_dev_macsec_ctrl_register_disable(struct rte_eth_dev *dev)
+{
+ struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ uint32_t ctrl;
+
+ /**
+ * Workaround:
+ * As no ixgbe_disable_sec_rx_path equivalent is
+ * implemented for tx in the base code, and we are
+ * not allowed to modify the base code in DPDK, so
+ * just call the hand-written one directly for now.
+ * The hardware support has been checked by
+ * ixgbe_disable_sec_rx_path().
+ */
+ ixgbe_disable_sec_tx_path_generic(hw);
+
+ /* Disable the TX and RX crypto engines */
+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXCTRL);
+ ctrl |= IXGBE_SECTXCTRL_SECTX_DIS;
+ IXGBE_WRITE_REG(hw, IXGBE_SECTXCTRL, ctrl);
+
+ ctrl = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
+ ctrl |= IXGBE_SECRXCTRL_SECRX_DIS;
+ IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, ctrl);
+
+ /* Disable SA lookup */
+ ctrl = IXGBE_READ_REG(hw, IXGBE_LSECTXCTRL);
+ ctrl &= ~IXGBE_LSECTXCTRL_EN_MASK;
+ ctrl |= IXGBE_LSECTXCTRL_DISABLE;
+ IXGBE_WRITE_REG(hw, IXGBE_LSECTXCTRL, ctrl);
+
+ ctrl = IXGBE_READ_REG(hw, IXGBE_LSECRXCTRL);
+ ctrl &= ~IXGBE_LSECRXCTRL_EN_MASK;
+ ctrl |= IXGBE_LSECRXCTRL_DISABLE << IXGBE_LSECRXCTRL_EN_SHIFT;
+ IXGBE_WRITE_REG(hw, IXGBE_LSECRXCTRL, ctrl);
+
+ /* Start the data paths */
+ ixgbe_enable_sec_rx_path(hw);
+ /**
+ * Workaround:
+ * As no ixgbe_enable_sec_rx_path equivalent is
+ * implemented for tx in the base code, and we are
+ * not allowed to modify the base code in DPDK, so
+ * just call the hand-written one directly for now.
+ */
+ ixgbe_enable_sec_tx_path_generic(hw);
+}
+
+
+
RTE_PMD_REGISTER_PCI(net_ixgbe, rte_ixgbe_pmd);
RTE_PMD_REGISTER_PCI_TABLE(net_ixgbe, pci_id_ixgbe_map);
RTE_PMD_REGISTER_KMOD_DEP(net_ixgbe, "* igb_uio | uio_pci_generic | vfio-pci");
diff --git a/drivers/net/ixgbe/ixgbe_ethdev.h b/drivers/net/ixgbe/ixgbe_ethdev.h
index 6e9ed2e10..6aa2cdbbc 100644
--- a/drivers/net/ixgbe/ixgbe_ethdev.h
+++ b/drivers/net/ixgbe/ixgbe_ethdev.h
@@ -365,6 +365,12 @@ struct rte_flow {
void *rule;
};
+/* MACsec Control structure */
+struct ixgbe_macsec_setting {
+ uint8_t encrypt_en; /* encrypt enabled */
+ uint8_t replayprotect_en; /* replayprotect enabled */
+};
+
/*
* Statistics counters collected by the MACsec
*/
@@ -471,6 +477,7 @@ struct ixgbe_adapter {
struct ixgbe_hw hw;
struct ixgbe_hw_stats stats;
struct ixgbe_macsec_stats macsec_stats;
+ struct ixgbe_macsec_setting macsec_ctrl;
struct ixgbe_hw_fdir_info fdir;
struct ixgbe_interrupt intr;
struct ixgbe_stat_mapping_registers stat_mappings;
@@ -523,6 +530,9 @@ int ixgbe_vf_representor_uninit(struct rte_eth_dev *ethdev);
#define IXGBE_DEV_PRIVATE_TO_MACSEC_STATS(adapter) \
(&((struct ixgbe_adapter *)adapter)->macsec_stats)
+#define IXGBE_DEV_PRIVATE_TO_MACSEC_CTRL(adapter) \
+ (&((struct ixgbe_adapter *)adapter)->macsec_ctrl)
+
#define IXGBE_DEV_PRIVATE_TO_INTR(adapter) \
(&((struct ixgbe_adapter *)adapter)->intr)
@@ -741,6 +751,11 @@ int ixgbe_action_rss_same(const struct rte_flow_action_rss *comp,
int ixgbe_config_rss_filter(struct rte_eth_dev *dev,
struct ixgbe_rte_flow_rss_conf *conf, bool add);
+void ixgbe_dev_macsec_setting_save(struct rte_eth_dev *dev,
+ struct ixgbe_macsec_setting *macsec_ctrl);
+
+void ixgbe_dev_macsec_setting_reset(struct rte_eth_dev *dev);
+
static inline int
ixgbe_ethertype_filter_lookup(struct ixgbe_filter_info *filter_info,
uint16_t ethertype)
diff --git a/drivers/net/ixgbe/rte_pmd_ixgbe.c b/drivers/net/ixgbe/rte_pmd_ixgbe.c
index 9514f2cf5..3a1474876 100644
--- a/drivers/net/ixgbe/rte_pmd_ixgbe.c
+++ b/drivers/net/ixgbe/rte_pmd_ixgbe.c
@@ -515,82 +515,18 @@ rte_pmd_ixgbe_set_vf_rate_limit(uint16_t port, uint16_t vf,
int
rte_pmd_ixgbe_macsec_enable(uint16_t port, uint8_t en, uint8_t rp)
{
- struct ixgbe_hw *hw;
struct rte_eth_dev *dev;
- uint32_t ctrl;
+ struct ixgbe_macsec_setting macsec_setting;
RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
dev = &rte_eth_devices[port];
- if (!is_ixgbe_supported(dev))
- return -ENOTSUP;
-
- hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ macsec_setting.encrypt_en = en;
+ macsec_setting.replayprotect_en = rp;
- /* Stop the data paths */
- if (ixgbe_disable_sec_rx_path(hw) != IXGBE_SUCCESS)
- return -ENOTSUP;
- /**
- * Workaround:
- * As no ixgbe_disable_sec_rx_path equivalent is
- * implemented for tx in the base code, and we are
- * not allowed to modify the base code in DPDK, so
- * just call the hand-written one directly for now.
- * The hardware support has been checked by
- * ixgbe_disable_sec_rx_path().
- */
- ixgbe_disable_sec_tx_path_generic(hw);
-
- /* Enable Ethernet CRC (required by MACsec offload) */
- ctrl = IXGBE_READ_REG(hw, IXGBE_HLREG0);
- ctrl |= IXGBE_HLREG0_TXCRCEN | IXGBE_HLREG0_RXCRCSTRP;
- IXGBE_WRITE_REG(hw, IXGBE_HLREG0, ctrl);
-
- /* Enable the TX and RX crypto engines */
- ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXCTRL);
- ctrl &= ~IXGBE_SECTXCTRL_SECTX_DIS;
- IXGBE_WRITE_REG(hw, IXGBE_SECTXCTRL, ctrl);
-
- ctrl = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
- ctrl &= ~IXGBE_SECRXCTRL_SECRX_DIS;
- IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, ctrl);
-
- ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXMINIFG);
- ctrl &= ~IXGBE_SECTX_MINSECIFG_MASK;
- ctrl |= 0x3;
- IXGBE_WRITE_REG(hw, IXGBE_SECTXMINIFG, ctrl);
-
- /* Enable SA lookup */
- ctrl = IXGBE_READ_REG(hw, IXGBE_LSECTXCTRL);
- ctrl &= ~IXGBE_LSECTXCTRL_EN_MASK;
- ctrl |= en ? IXGBE_LSECTXCTRL_AUTH_ENCRYPT :
- IXGBE_LSECTXCTRL_AUTH;
- ctrl |= IXGBE_LSECTXCTRL_AISCI;
- ctrl &= ~IXGBE_LSECTXCTRL_PNTHRSH_MASK;
- ctrl |= IXGBE_MACSEC_PNTHRSH & IXGBE_LSECTXCTRL_PNTHRSH_MASK;
- IXGBE_WRITE_REG(hw, IXGBE_LSECTXCTRL, ctrl);
-
- ctrl = IXGBE_READ_REG(hw, IXGBE_LSECRXCTRL);
- ctrl &= ~IXGBE_LSECRXCTRL_EN_MASK;
- ctrl |= IXGBE_LSECRXCTRL_STRICT << IXGBE_LSECRXCTRL_EN_SHIFT;
- ctrl &= ~IXGBE_LSECRXCTRL_PLSH;
- if (rp)
- ctrl |= IXGBE_LSECRXCTRL_RP;
- else
- ctrl &= ~IXGBE_LSECRXCTRL_RP;
- IXGBE_WRITE_REG(hw, IXGBE_LSECRXCTRL, ctrl);
-
- /* Start the data paths */
- ixgbe_enable_sec_rx_path(hw);
- /**
- * Workaround:
- * As no ixgbe_enable_sec_rx_path equivalent is
- * implemented for tx in the base code, and we are
- * not allowed to modify the base code in DPDK, so
- * just call the hand-written one directly for now.
- */
- ixgbe_enable_sec_tx_path_generic(hw);
+ /* Enable macsec setup */
+ ixgbe_dev_macsec_setting_save(dev, &macsec_setting);
return 0;
}
@@ -598,63 +534,14 @@ rte_pmd_ixgbe_macsec_enable(uint16_t port, uint8_t en, uint8_t rp)
int
rte_pmd_ixgbe_macsec_disable(uint16_t port)
{
- struct ixgbe_hw *hw;
struct rte_eth_dev *dev;
- uint32_t ctrl;
RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
dev = &rte_eth_devices[port];
- if (!is_ixgbe_supported(dev))
- return -ENOTSUP;
-
- hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
-
- /* Stop the data paths */
- if (ixgbe_disable_sec_rx_path(hw) != IXGBE_SUCCESS)
- return -ENOTSUP;
- /**
- * Workaround:
- * As no ixgbe_disable_sec_rx_path equivalent is
- * implemented for tx in the base code, and we are
- * not allowed to modify the base code in DPDK, so
- * just call the hand-written one directly for now.
- * The hardware support has been checked by
- * ixgbe_disable_sec_rx_path().
- */
- ixgbe_disable_sec_tx_path_generic(hw);
-
- /* Disable the TX and RX crypto engines */
- ctrl = IXGBE_READ_REG(hw, IXGBE_SECTXCTRL);
- ctrl |= IXGBE_SECTXCTRL_SECTX_DIS;
- IXGBE_WRITE_REG(hw, IXGBE_SECTXCTRL, ctrl);
-
- ctrl = IXGBE_READ_REG(hw, IXGBE_SECRXCTRL);
- ctrl |= IXGBE_SECRXCTRL_SECRX_DIS;
- IXGBE_WRITE_REG(hw, IXGBE_SECRXCTRL, ctrl);
-
- /* Disable SA lookup */
- ctrl = IXGBE_READ_REG(hw, IXGBE_LSECTXCTRL);
- ctrl &= ~IXGBE_LSECTXCTRL_EN_MASK;
- ctrl |= IXGBE_LSECTXCTRL_DISABLE;
- IXGBE_WRITE_REG(hw, IXGBE_LSECTXCTRL, ctrl);
-
- ctrl = IXGBE_READ_REG(hw, IXGBE_LSECRXCTRL);
- ctrl &= ~IXGBE_LSECRXCTRL_EN_MASK;
- ctrl |= IXGBE_LSECRXCTRL_DISABLE << IXGBE_LSECRXCTRL_EN_SHIFT;
- IXGBE_WRITE_REG(hw, IXGBE_LSECRXCTRL, ctrl);
-
- /* Start the data paths */
- ixgbe_enable_sec_rx_path(hw);
- /**
- * Workaround:
- * As no ixgbe_enable_sec_rx_path equivalent is
- * implemented for tx in the base code, and we are
- * not allowed to modify the base code in DPDK, so
- * just call the hand-written one directly for now.
- */
- ixgbe_enable_sec_tx_path_generic(hw);
+ /* Disable macsec setup */
+ ixgbe_dev_macsec_setting_reset(dev);
return 0;
}
--
2.17.1